The growing significance of mobile health apps result in a need to ensure its proper regulation. Practitioners, patients, researchers and medical industries are all affected by mHealth apps. The digital health field is regulated by the FDA under four important laws.

Firstly, the Health Insurance Portability and Accountability Act (HIPAA) protects the privacy and security of certain health information. Secondly, the Federal Food, Drug and Cosmetic (FD&C) Act regulates the safety and effectiveness of medical devices. Thirdly, the Federal Trade Commission (FTC) Act prohibits misleading claims about the apps’ use. Lastly, FTC’s Health Breach Notification Rule ensures that certain businesses will notify patients when breaches of personal health record information occur.

Depending on the nature of the app, multiple, single or none of the laws may apply. HIPPA applies to apps that have transactions with identifiable health information. These includes apps that function as a health care provider, health plan or HIPAA business associate. Kony, Humana and myCigna are all examples of mobile apps that allow users to manage their health plans digitally  whether it be contacting the insurance company or keeping track of benefits and prescriptions.

If the app qualifies as a medical device  that is, it diagnoses, prevents and treats certain diseases then the FD&C Act most likely applies. For example, Dermatology assists clinicians to diagnose skin cancers with greater efficiency and accuracy. Meanwhile, Asthma tracks symptoms and trigger patterns which provide information on how to prevent an attack.

Under the FTC Act, for-profit organizations cannot make false or misleading claims about important aspects of the product, especially those that may jeopardize the safety and health of customers. Non-profit organizations are usually exempt from the FTC Act unless they are a trade association. The majority of mHealth app organizations will fall under the FTC Act.

Finally, the app may qualify as a business regulated by the FTC Health Breach Notification Rule. Personal health care providers are an example of this. For example, BodyKom tracks important symptoms of non-hospitalized cardiac patients, sharing information to their physicians and thus updating the personal healthcare records of patients. Therefore, the mobile app is covered by the FTC Health Breach Notification Rule.

Mobile health apps are a new aspect of healthcare and while they bring many benefits in a slightly less “direct” method, careful regulation is required to ensure the safety of patients. This article outlines only a rough guideline of the laws that may or may not apply to mHealth apps; for more information contact FDA or FTC sites. mHealth app regulations are complex and developing as the technology itself grows. RegDesk is a rich source of connections to many experts that can assist clients with the gray area of mobile health regulations. Additional insight is necessary for optimal development and implementation of mHealth apps.

RegDesk is an A.I.-powered regulatory intelligence software that offers 24/7 access to the latest regulatory information for over 50 markets worldwide. Our platform eliminates the need for medical device companies to spend months gathering intelligence and preparing their registration applications. Through RegDesk’s centralized platform, clients can get access to product-specific registration requirements, expert answers to their most critical regulatory questions, and real-time alerts about global regulatory changes. To experience the power of RegDesk, contact us at desk@regdesk.co or visit www.regdesk.co.