August 12, 2020

Volume X, Number 225

August 12, 2020

Subscribe to Latest Legal News and Analysis

August 11, 2020

Subscribe to Latest Legal News and Analysis

August 10, 2020

Subscribe to Latest Legal News and Analysis

The Debate Over Mobile Health Software Regulation

On November 19th, the House Energy and Commerce Subcommittee on Health held a hearing to examine the federal regulation of mobile medical applications (mobile apps) and other health software.   Earlier, on September 25, the FDA released guidance on this issue, describing how it intends to regulate mobile medical apps pursuant to its authority under the Federal Food, Drug and Cosmetic Act to regulate “medical devices.”  Lawmakers, however, are concerned with the expanse of the FDA’s authority and scope of the FDA’s interpretation of what constitutes a “medical device.”  Accordingly, some legislators are pursuing new legislation to solidify a standard for medical software and restrict the FDA’s authority.  The recent Subcommittee hearing focused on whether mobile health software should be regulated as a medical device and whether Congress or the FDA should set the rules.

The FDA’s View

While concern has arisen that the FDA’s authority over mobile medical apps is too expansive, the FDA has maintained that its intention is to regulate only a small subset of medical apps.  Jeffrey Shuren, M.D., director of the FDA’s Center for Devices and Radiological Health, defended the agency’s regulation of software (mobile apps) at the Subcommittee hearing.  Shuren emphasized the FDA’s policy of regulating mobile apps in a manner that is narrow and tailored to mitigating patient risk.   Further, Shuren assured legislators that the FDA will categorize software by function rather than platform.  Thus, whether software will become a regulated medical device will be determined through evaluation of whether it is “intended for use in the diagnosis of disease or other conditions” or “in the cure, mitigation, treatment or prevention of disease.”  Finally, Shuren assured Congress that there is minimal risk of regulatory discontinuity as the FDA could not shift its policy overnight and a change in enforcement discretion would require a “long process.”  In sum, Shuren sought to assure Congress that the FDA’s regulation was limited, consistent, and lenient on the industry.

Congress Members’ View

Some Subcommittee members were supportive of the FDA.  Specifically, Rep. Frank Pallone (D-N.J.) emphasized the importance of balancing innovation and ensuring safe technologies.  Pallone found FDA’s guidance to be “measured and risk-based.”  Pallone also noted the benefit of regulatory guidance as more adaptable than legislation to the needs of rapidly changing technology.

Many Subcommittee members, however, took issue with FDA’s decision to designate software as a medical device.  Rep. Joe Pitts (R-Pa.), chairman of the Subcommittee, said that while patients and industry agree that FDA guidance is helpful, there is still too much uncertainty in how “medical device” is defined.  Pitts expressed concern that innovation will likely be stifled because of this ambiguity.   Pitts also highlighted that the next FDA director could easily shift from the current posture of enforcement discretion and significantly expand the FDA’s authority, forcing the industry to scramble to keep up with requirements.  As an alternative remedy, certain members promoted the bipartisan SOFTWARE Act, which was introduced in October.  This bill is intended to provide more clarity for mobile app developers and a codified standard for FDA regulation.  The bill categorizes healthcare related software as either “clinical,” “general health,” or “medical” and only allows the FDA to regulate software categorized as “medical.”   While the bill is largely in line with the FDA’s guidance, the bill would remove the FDA’s ability to alter its regulatory approach down the road.


The November 19th hearing sparked what will be an ongoing debate on the regulation of health care software.  If Congress declines to legislate on the topic, the current FDA guidance will remain, allowing the FDA to continue its enforcement discretion and a rolling assessment of patient risks in medical apps.   The SOFTWARE Act has received mixed reviews from the industry and still must be evaluated in both the House and the Senate.  However, if that bill is successful, the landscape of medical app enforcement will change—specifically, by removing the FDA’s flexibility in assuring the safety and effectiveness of mobile medical devices.

© 2020 Faegre Drinker Biddle & Reath LLP. All Rights Reserved.National Law Review, Volume III, Number 339


About this Author

Mary Devlin Capizzi,Corporate Attorney, Drinker Biddle,

Mary Devlin Capizzi counsels individual corporations and consortia clients (comprised of industry, government and academia representatives) on a range of compliance matters involving regulatory, legislative, scientific and policy issues in the U.S., the EU and other countries around the world. She represents clients in the pharmaceutical, biotechnology, medical device, health, nutrition, chemical and technology sectors.

Mary serves as a managing partner of the firm. She was the first chair of the firm’s Professional Development Committee, is a...

Peter A. Blenkinsop, Drinker Biddle Law Firm, Healthcare and Data Privacy Attorney, Washington DC

Peter A. Blenkinsop advises clients on data privacy, research compliance, and e-health. He co-chairs the firm’s Information Privacy, Security & Governance practice. Peter represents clients in the life sciences, health, nutrition, and technology sectors, among others.

Peter’s focus on data privacy and security law began well over a decade ago in the run up to implementation of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Since then, his practice has expanded well beyond health information privacy to data privacy and security generally. He advises companies on compliance issues raised by US federal and state privacy laws such as the Children’s Online Privacy Protection Act (“COPPA”), the CAN-SPAM Act, the Telephone Consumer Protection Act, and the Junk Fax Prevention Act. In this role, he assists clients in identifying privacy and security risks and developing information governance programs.