**5. FDA Regulation of Digital Health Apps**

Products intended to diagnose, prevent, or treat disease must be approved by the FDA prior to marketing. FDA regulation of medical devices balances two competing goals: [1] promoting innovation and improvement in medical devices; and [2] ensuring that medical devices are safe and effective [49]. Accordingly, FDA classifies medical devices according to potential risk. Class I devices are low risk and subject to general controls, and examples include bandages and sunglasses. Class II devices are intermediate risk and are often approved subject to the abbreviated 510(k) pathway, if the devices are able to rely on the prior approval of a similar device. Examples include pregnancy test kits, hearing aids, and powered wheelchairs. Class III devices require a premarket approval application (PMA) and are subject to full FDA review of safety and efficacy. Only 10% of medical devices fall in this category, and examples include implantable pacemakers, and high-frequency ventilators.

FDA has historically struggled to fit medical software and apps into the traditional medical device classification. In recent years, however, FDA has issued more detailed guidance informing app developers when digital health products will need to undergo regulatory review, and the requirements for regulatory approval [50]. FDA takes a risk-based approach to medical software and app regulation, focusing on devices that could pose a risk to a patient's safety if the device were not to function as intended. For example, software functions that transform the mobile platform into a regulated medical device by using attachments, display screens, or sensors—such as motion tracking sensors or EKG functionality—will be subject to regulation as a medical device [51]. Apps that perform patient-specific analysis and provide patient-specific diagnosis, or treatment recommendations, such as

#### *Environmental Health*

image-processing software and radiation therapy treatment planning software, will also be subject to close regulatory scrutiny. On the other hand, FDA intends to exercise its discretion not to enforce regulations for lower risk apps that automate simple tasks for health care providers or help patients self-manage their disease without providing specific treatment suggestions. For example, FDA will not enforce its regulations on software functions that provide physicians easy access to the latest treatment guidelines, or software that coaches patients on the basics of conditions such as obesity or arthritis and provide strategies for weight reduction. Indeed, most digital health apps are not reviewed and cleared by FDA. In November 2013, only 100 of over 10,000 medical apps available on the marketplace were cleared by FDA [52].

To evaluate the clinical effectiveness and safety of software as a medical device, FDA will assess the following questions: [1] Is there a valid clinical association between the software output and the targeted clinical condition?; [2] Does the software correctly process input data to generate accurate, reliable, and precise output data?; and [3] Does use of the software's accurate, reliable, and precise output data achieve the intended purpose in the target population in the context of clinical care? [53]

Because medical-grade digital health solutions intended to diagnose, treat, or prevent a medical condition are subject to FDA scrutiny, the stamp of FDA approval is an important designation on which clinicians and organizations can rely in deciding whether to recommend or adopt digital health solutions. Conversely, lower risk consumer facing apps that do not make treatment recommendations are not subject to FDA enforcement. Thus, clinicians can use these principles, considering patient preferences, in recommending digital health apps to their patients.
