Many new software applications are being developed for use on mobile platforms (smart phones, tablets, etc.). Before delving into the steps to be taken to develop such an application, we should first consider what it takes to consider the application a medical device. According to the FDA Guidance, Mobile Medical Device Applications (Apps) have special FDA considerations including:
- The mobile application can run on a mobile platform or, it can be a web-based application tailored to a mobile device but is executed on a server.
- The mobile application meets the FDA definition of “device” and either:
- is used as an accessory to an already-approved medical device
- transforms a mobile device (smartphone, etc) into an actual medical device
The FDA Guidance document for Mobile Medical Device Apps can be found here (FDA.gov)
Other special FDA considerations include:
Software Validation: A mobile application that controls the intended use, function, modes, or energy source of a connected medical device, or that creates alarms, recommendations or new information by analyzing or interpreting data from that connected medical device is considered an accessory to the connected device and is required to comply with the controls applicable to that connected device.
Cybersecurity: Security is a concern in the use of RF wireless technology because of the possibility of unauthorized eavesdropping on patient data or access to hospital networks. FDA recommends that electromagnetic compatibility (EMC) considerations be an integral part of the design and testing of RF wireless medical devices in compliance with voluntary consensus standards such as IEC 60601-1-2:2001.
Off-The-Shelf (OTS) Software: OTS software is subject to the same security considerations as RF wireless technology. Device manufacturers who use OTS software in a medical device bear the responsibility for the continued safe and effective performance of that device, including the performance of OTS software that is part of the device itself.
Premarket Approval Application (PMA): According to an article in Emergency Medicine News, Class 1 devices do not need premarket review, although they must comply with general manufacturing and registration requirements. High-risk Class II devices, however, will require a PMA.
Special ISO considerations include:
ISO 62304: FDA has recognized ISO 62304 as a software development standard. The Article “Developing Medical Device Software to ISO 62304” gives a nice overview.
ISO 14971: ISO 14971 specifies a process for a manufacturer to identify the hazards associated with medical devices, including in vitro diagnostic (IVD) medical devices, to estimate and evaluate and control the associated risks and to monitor the effectiveness of the controls. Its requirements are applicable to all stages of the life-cycle of a medical device.