Digital Health Regulation

How will FDA regulate digital health?

FDA faces an near existential crisis: digital.  New digital technologies have the capability to improve the way care is delivered to patients.  The question is, how do we make sure it is safe? The FDA is certainly good at making sure drugs and devices are safe; in the case of digital however, it is less clear how they should be regulated.  Do updates to software to improve run time need to be reviewed?  What about changes to user interfaces? Or fundamental changes to underlying algorithms. 

If the FDA does not provide oversight, unsafe products will come to market.   However, providing too much oversight may decrease innovation as the cost to bring products to market may rise dramatically. 

Yesterday, FDA announced additional refinement to its guidance on digital health technology development.  One point that was made clear was that lifestyle apps will not e FDA-regulated.

We’re making clear that certain digital health technologies – such as mobile apps that are intended only for maintaining or encouraging a healthy lifestyle – generally fall outside the scope of the FDA’s regulation. Such technologies tend to pose a low risk to patients, but can provide great value to consumers and the healthcare system.

At the same time, higher risk technologies may need to be regulated.  But how would the FDA measure risk?  FDA announced that it was using the International Medical Device Regulators Forum (IMDRF) risk-based framework for categorizing products.  IMDRF uses the term Software as a Medical Device (SaMD) and finds a few key challenges unique to these products.

  • Medical device software might behave differently when deployed to different hardware platforms. 
  • Often an update made available by the manufacturer is left to the user of the medical device software to install. 
  • Due to its non-physical nature (key differentiation), medical device software may be duplicated in numerous copies and widely spread, often outside the control of the manufacture. 
  • Deployment cycles are often rapid.

The IMDRF categorization of SaMD depends on two dimensions: (i) how seriously ill the patient is and (ii) how the digital technology is being used.  The sensible categorization is in the table below.


For more specific information on how FDA will manage risk for digital, please see the list of selected FDA guidance documents below.


Leave a Reply

Your email address will not be published. Required fields are marked *