There are increasing numbers of collaborations between technology companies and traditional pharmaceutical companies to develop technology for use in all stage of the treatment pathway. This new technology is helping to solve the pressure on healthcare systems, particularly in the age of social distancing and remote consultations. However, frequently, technology companies and healthcare companies come from different perspectives, and many technology companies may not be aware of the complex regulatory environment that applies to healthcare products. We set out below some regulatory points to consider when digital health technologies are being developed, and in particular when a mobile phone app may be classified as a medical device.
What is mHealth?
Digital health technologies cover a wide range of electronic and online technology – both hardware and software – to help improve individuals’ health and wellness. This includes everything from wearables to ingestible sensors, mobile health apps to telemedicine.
mHealth is a subset of digital technologies that focuses on mobile and wireless solutions related to health and disease. It can mean slightly different things to different people – the World Health Organisation defines it as “the use of mobile and wireless technologies to support the achievement of health objectives”. The National Institutes of Health defines mHealth as “the use of mobile and wireless devices (cell phones, tablets, etc.) to improve health outcomes, health care services, and health research.” The keyword in these definitions is the word “mobile”.
mHealth and digital health technology can be standalone products, incorporated into a more complex medical technology, or may even be downloaded onto more standard hardware, such as mobile phones.
When is an app a medical device?
It can be counterintuitive to think that a mobile phone app might be a medical device. However, the definition of medical device specifically includes software. That does not mean that apps used in a healthcare setting are always medical devices. Reportedly, the AppStore contains around 54,000 healthcare apps, which range from providing basic education and information on a specific condition, to remote data collection and monitoring. It is only those apps with a medical purpose that will be regulated as medical devices. Medical purpose means that the app issused for diagnosis, prevention, monitoring, prediction, prognosis, treatment or alleviation of disease. This is quite wide, and the decision for each app will need a case-by-case review, taking into account the functionality of the software, the information about the software, and its intended purpose. One of the key factors is whether the software applies a tool for combining medical knowledge with patient-specific information, such as where the software performs a function on the data, over and above the healthcare professionals’ clinical judgment, to assist with clinical care. An app that provides a digital version of a medical text book, for example, would not be a medical device, but an app where the user inputs information and the app provides personalised medical treatment recommendations would likely be a medical device.
The current guidance on classification of software is broad, and fairly subjective, meaning the decision is not always clear cut. This is further complicated by the fact that authorities cannot legislate for all the new technologies that are emerging and are finding it hard to fit new technologies into the current legislative framework. The pace of innovation of software, frequency of updates, and how updates are pushed out to users, all pose challenges for innovators and regulators.
What happens if an app is a medical device?
A medical device must have a CE mark, to show that it meets the relevant requirements, before it can be placed on the market. What this means in practice will depend on the classification of the product, which is based on a risk assessment. To obtain a CE mark generally involves various systems being in place, which may need to be assessed by the relevant notified body, and also clinical data being generated about the product.
In addition, under the new Medical Devices Regulation (MDR), which has been applicable since May, there are increased regulatory controls for all devices, and in particular software and digital technologies. For example, the definition of medical device was expanded so that a medical purpose includes “prediction and prognosis” – this has meant that many apps on the market that were not previously classed as devices are now caught by the legislation. In addition, standalone software such as apps has been specifically “up-classified” under the MDR so it will now be placed in a higher risk classification and will require the involvement of a notified body to obtain a CE mark and be placed on the market. This had led to some backlog in the system due to the vast number of apps on the market, and to some apps being discontinued.
The new MDR does apply in Northern Ireland. However, it does not apply in Great Britain, and it is currently unclear what the new legislative framework will look like in Great Britain. There has been some discussion that the UK government may not follow the MDR and automatically up-classify all apps, but that a more case-by-case risk based assessment will be undertaken.
What other issues are there?
There are other factors that are not purely regulatory, which are causing challenges for the adoption of mHealth technologies, and uptake of paid-for digital technologies remains low in the EU, despite the hype about their “industry changing” potential. For example, the pricing and reimbursement framework is different in each member state, and is still being adapted to include mHealth, meaning that many healthcare authorities are not yet able to prescribe apps to patients. Another issue is safety, and there are cases where regulators have investigated predictive algorithms used to support medical practitioners where code mapping errors were identified that could have led to risks to patients. Finally, data privacy and security issues are particularly important for apps, and is a key area of concern for patients. There are some examples of companies being investigated for their collection and use of data, even though it was agreed that the technology was beneficial for patients.
