Questions About The FDA’s New Framework For Digital Health

Nathan G. Cortez, Nicolas Terry, and I. Glenn Cohen | Health Affairs Blog | August 16, 2017

In June 2017, the new Food and Drug Administration (FDA) commissioner Scott Gottlieb pre-announced his agency’s Digital Health Innovation Action Plan that indicates notable shifts in the agency’s approach to digital health technologies. This plan is an important step in FDA regulation of this area, a process that began in 2011 with a draft guidance, followed by significant congressional actions. The new changes should not be surprising, given critiques published by Gottlieb prior to re-joining the FDA. In 2014, he wrote that smartphones are “purposely dumbed down” due to the “risk of unwieldy FDA regulation,” and in 2015, he argued that what most considered the FDA’s “light touch” on digital health was still too heavy-handed. The new plan signals two major shifts: first, a shift from premarket to postmarket review by the FDA; and second, a shift from oversight by the FDA to oversight by independent, nongovernment certifiers. These changes may be bellwethers for how a Trump-era FDA approaches areas far beyond digital health.

Nathan G. CortezThe FDA’s current approach to digital health began in 2011 when it reclassified some medical device software to its lowest-risk Class I category and when it published a “Draft Guidance on Mobile Medical Applications.” The guidance (which was withdrawn after passage of the 21st Century Cures Act) tried to clarify which applications, hardware, and software platforms might qualify as medical devices. For example, health trackers, disease management apps, and apps providing generalized medical information would not fall under FDA jurisdiction. Other apps that would qualify as “devices” would nevertheless be exempt, per the agency’s “enforcement discretion.” Instead, the agency’s risk-based approach would focus on apps that provided “patient-specific analysis and … patient-specific diagnosis, or treatment recommendations.”

Over the past few years, policy makers began to contemplate a new regulatory framework for digital health. In 2012, Congress passed the FDA Safety and Innovation Act, calling for key agencies, including the FDA, the Federal Communications Commission, and the Office of National Coordinator for Health Information Technology, to recommend a “risk-based regulatory framework” for mobile apps and other health information technology (IT) products. In 2014, the resulting report encouraged the FDA to maintain its circumscribed jurisdiction and made modest proposals, such as creating a new “Health IT Safety Center” to generate best practices. After the report’s publication, momentum built toward more definitive legislation. In December 2016, Congress passed the 21st Century Cures Act, which amended the definition of “device” to exclude from FDA jurisdiction any “health software” used for administrative, lifestyle, patient record, and some clinical decision support purposes...