Search Engines, Medical Apps, and
American Health Lawyers Association
Health Information and Technology
Practice Group Annual Luncheon
Hyatt Regency Hotel
June 26, 2012
Contact: Eric D. Hargan, Shareholder 312/456
The IT Revolution and Healthcare
The continuing revolution in information technology (IT) is now clearly
permeating the health care field and transforming it, as mobile medical
applications, and the Internet (among other things) allow the ever
rapid development and proliferation of medical information.
The powerful promise of harnessing IT to diagnose and treat disease is,
however, balanced by the potential for misuse.
Several areas of health IT have been targeted by the Food and Drug
Administration (FDA) as subject to new regulatory initiatives oriented around
the broad FDA powers to regulate devices and prevent misbranding of
Of the technologies, we will deal today with Internet search engine
marketing and medical apps, as technologies that are on the edge of this
information revolution, and which may be the most affected by the FDA’s
FDA’s Broad Mandate to Regulate Medical Devices
In the case of information technology (IT), FDA has a broad mandate to
regulate medical devices. FDCA Section 201(h) defines a device as “an
instrument, apparatus, implement, machine, contrivance, implant, in vitro
reagent, or other similar or related article, including any component, part, or
accessory, which is… intended for use in the diagnosis of disease or other
conditions, or in the cure, mitigation, treatment, or prevention of disease, in
man or other animals.”.
This is a broad definition, and more or less clearly encompasses IT,
particularly IT embedded in a device, or as a “component” or “part” of
Indeed, FDA has produced a series of industry guidances for software in
What About Non
There are questions raised about diagnostics, assays, and software that are
not necessarily embedded, but produce information otherwise used in
Powerful search engine software is one example of non
being used in the healthcare field. Search engines are being used to
promote and advertise medical products, and of course, the FDA’s attention
has been drawn to this area.
The FDA drug center’s office of compliance is prosecuting Internet
advertising more vigorously than ever, and the drug center as a whole is
issuing record numbers of warnings to industry.
Recent enforcement actions make it clear that the FDA is not going to give
up its regulatory stance just because there has been technological change
that makes it much harder to police the area. At the same time, the ever
decreasing cost of information and ease of access are cutting down on the
ability of regulators to shape the information being delivered to consumers.
The Internet and Marketing
Surveys show that a clear majority of health and drug information received by
consumers is not coming from FDA
But what is FDA to do? If it gives up on enforcing labeling rules, how much remains
of its mission? And Congress has not stepped in to limit or revise that mission.
So…under current leadership, the FDA has issued more warning and untitled letters
than ever before in its history, and much of that record
setting has to do with internet
advertising. Drugs that are advertised on the internet without the full set of warnings
and labeling may be subject to censure.
Are Internet advertisements or “jumps” even capable of the kind of manipulation of
patients that concerns FDA? Or is requiring labeling to be produced in each instance
protective of the consumer? Many ads may be violations of the FDCA, to be
sure, and this leads to many prosecutions and out
sized success rates for the FDA:
But is it the best use of their time?
FDA can say that: The fundamental requirements of the regulations are not obviated
by the medium.
For now, the regulatory regime seems to be focused on ensuring that the ads on the
Internet are subject to the same requirements as those anywhere else.
FDA’s 2011 Draft Guidance on Medical Apps
Market for mhealth and mobile medical apps is growing quickly. The market
size is already over $200 million and estimates on the size of the market in the
near term range from $700M to $1.6B.
The FDA issued draft guidance in July 2011. The Draft Guidance defines a
“mobile medical app” as a software application that runs on or is tailored to a
mobile platform (i.e. a commercial, off
shelf handheld computing device) if
that software meets the definition of “device” in section 201(h) of the Food, Drug
and Cosmetic Act (“FDCA”) and either a) is used as an accessory to a medical
device, or b) transforms a mobile platform into a regulated medical device.
The intended use of the mobile medical app is everything here. Even
something that doesn’t work can get you in trouble. The FDA determines intent
by labeling, advertising, and statements by the manufacturers.
If you intend for an app to perform a medical function, like help with
diagnostics, and market it like that, it may be a device even if it doesn’t work.
This is why some genetic tests are now listed as “entertainment.”
FDA’s 2011 Draft Guidance on Medical Apps
Under the Draft Guidance, a mobile medical app manufacturer includes entities that
create, design, and host functionality for mobile medical apps, as well as “authors” of
the specifications of mhealth apps that are developed by a software manufacturer.
Distributors of app platforms, such as the Android Market and the Apple App Store
are excluded, as are the makers of smartphones and tablets.
If a mobile medical app makes a mobile device into a regulated medical device, the
requirements must be met associated with the app’s (or device’s) applicable device
classification. The mobile medical app is a regulated medical device and is a class I
(general controls), class II (special controls as well as general controls), or class III
(premarket approval). The manufacturers of the apps must meet the requirements of
that classification. For example, a mobile medical app that transforms an iPhone into
an electronic stethoscope (a class II device) would be subject to class II
regulations (i.e. 510k approval).
The FDA specifies some mobile medical apps that WOULD be regulated under the
Draft Guidance. Examples include:
a) apps controlling or displaying patient
specific data gathered from an
underlying medical device (like a remote smartphone display of a bedside
monitor or smartphone control of a blood pressure cuff or insulin pump);
FDA’s 2011 Draft Guidance on Medical Apps
b) apps that enable their host device with the functionality of an existing medical
device (such as attaching a transducer to transform an iPhone to a stethoscope
or attaching electrocardiograph electrodes to gather and transmit ECG signals);
c) apps that analyze data for a patient
specific result or diagnosis (such as an
app that computes drug dosage based on a patient’s specific chart data).
The more an app functions like a non
app medical device, the more likely it is a
regulated device. The Draft Guidance also lists some examples of apps that WOULD
NOT BE regulated as mobile medical apps. These include:
a) electronic copies of textbooks, teaching aids, and references that contain no
b) apps focused on logging, tracking, or evaluating general health and wellness
(such as calorie counters, appointment reminders, or exercise suggestions);
c) apps to assist with “general office operations” such as billing, inventory,
appointments, or insurance transactions;
d) apps that offer general assistance but are
specifically intended for medical
uses (such as voice recorders or note
taking apps); and
e) electronic health records apps.
HIPAA, Advertising and Other Issues
HIPAA and OCR
OCR enforces HIPAA, and it clearly applies to the transmission of
protected health information by smartphone
The loss of a smartphone may trigger breach notification requirements
ONCHIT notes that mobile phones on the market meet no more than
40% of the security requirements of HIPAA or meaningful use Stage 2
standards; after manual configuration, compliance runs as high as 60%,
according to some experts
ONCHIT to publish series of best practices later in 2011
Regulates communication by smartphone or app
In September 2011, FTC fined AcneApp and AcnePwner for claiming to
treat acne with colored light from the smartphone
HIPAA, Advertising and Other Issues
Not in the regulatory game yet
Congressional Republicans have indicated to FCC that they expect FCC to work
with FDA to ensure that “needed innovations in wireless medical technology may
In the ongoing debate over certain recent guidances, FDA has informally
espoused the view that some programs and algorithms are “devices”
because they are “black boxes” to doctors
that is, the algorithms of the
devices and how they were balanced to produce a particular result is
invisible to the average doctor. Because the doctor could not independently
weigh the variables, he or she has to take the result on faith. This meant
that the device was a regulatable by the FDA, not a procedure which is part
of the practice of medicine.
However, algorithms that lay at the center of some devices are not, by
definition, inaccessible to the doctor. Instead, results are based on widely
available information and judgments by other physicians who worked on the
development of the algorithm. This kind of algorithm may be something
impossibly mysterious; instead, it is just a computer making calculations
faster than any particular physician can. If this is a “black box”, many
everyday devices used by physicians as part of their practice are as well.
And their numbers are growing, propelled by multiplying demands from the
payer and patient communities.
Reactions from Industry
As a result of the growing number of enforcement actions, companies may:
withdraw products or services
withdraw advertising and outreach
go out of business, or
concentrate efforts outside the United States.
These investigations also reduce retailers’ access to products. For example, one large retailer
withdrew a consumer genetic test from rollout earlier this year because of FDA unhappiness with
The FDA typically notifies companies of a claim or investigation by sending a letter stating that the
FDA believes their product is a device under Section 201(h) of the FDCA. When this letter
arrives, it is important to be proactive and contact the FDA staff.
In related areas (not yet directly tested with medical apps) companies have evolved a myriad of
removing devices from the market to
altering or removing health claims, to
developing supporting data, to
seemingly ignoring the FDA, and
everything in between.
Companies can most easily avoid these events by no longer making a medical claim about the
However, eventually, data provision (without direct claims) may become so good that it alters
consumer behavior, and the FDA may move to regulate this practice as well.
Algorithms and Software
Regulating formulas in software might turn into an impossible task for FDA.
Doctors make small programs or applications regarding disease state
analysis all the time.
Genome analysis has moved from requiring a decade to sequence one
human genome to sequencing 1,600 human genomes a day
machine! These technological changes have created the possibility of
having, and now the desire for, personal genetic information on the part of
the public. Indeed, the therapeutic promise of such information is possibly
the most exciting area of medical research today.
It is, however, an information technology, not a drug or a hearing aid, a
prosthetic, a biological or a pacemaker. Instead, algorithms and diagnostic
tools that are applied to the data, are information and not the classic
medical devices set forth above.
Medical Apps and Health IT May Not Survive Contact With
In the current breakneck world of IT development, information analysis and
techniques go from being cutting edge to mainstream to old news with a
rapidity not found elsewhere in healthcare.
Each gain in diagnosis is evanescent, each new assay, test or algorithm
possessed of a fleeting utility, and therefore “not worth much” on a
To regulate these “temporary” algorithms, which are valuable but “not worth
much”, to heavy regulation is to shut this area down. It is possible that
these programs, tests and apps will just by and large not continue to exist if
made to work through the years
long, expensive gauntlet of FDA oversight.
In spite of exceptions for platforms and devices; in spite of some approvals;
it’s not clear that either the industry or the FDA is ready for the other.
FDA has cleared several apps (an ECG device and a vital sign monitor), but
both of these more clearly resemble existing technologies. So mhealth
devices can be approved.
Conflict in Governmental Goals: the Case of Artificial
Intelligence, Electronic Health Records and Best Practices
Another type of health IT has been around for sometime: the tickler
or reminder program. In pharmacies, programs automatically
remind pharmacists about generic drug possibilities; doctors in fields
as disparate as oncology and emergency medicine use programs
that remind them of alternate therapies.
These programs often ease the burdens of pharmacists and
physicians, and they are also a boon to payers and patients.
The whole drive by CMS to require best practices, to punish “never
events” (such as leaving a sponge in a patient after surgery) and to
regularize medical practice for participating physicians, to be
effectively implemented, must rely on a combination of adequate
electronic health records and programs that keep track of and
Are the suggestions and alternatives themselves part of programs
and algorithms regulatable as devices by the FDA? If not, why not?
Conflict in Governmental Goals: the Case of CMS, Medical
Homes, Continuum of Care and IT
Beyond the immediate tickler programs, there is also the promise of
“medical homes”, the latest instantiation of which is seen in the accountable
care organization regulations issued by CMS.
The idea of providing a seamless continuum of care without the inefficiency
of moving from system to system has long appealed to policy makers
directing CMS and other payers.
This continuum requires an inter
operable electronic health record, and it
may require an intelligent computer system capable of maintaining ticklers
and reminders carried over from one system to another.
In its proposed guidance on mobile medical applications issued in July
2011, the FDA proposed to exempt from clearance requirements both
electronic health records and applications making suggestions related to
general health and wellness. This differentiation makes sense, but one
wonders where the line runs between exempted unregulated software, an
electronic medical record, and a system that uses that record to diagnose
disease and direct care.
Clinical Trials, Medical Devices and the Costs and Benefits
FDA rightly sees the U.S. healthcare system (of which it is an
integral part) as having helped produce a trustworthy cornucopia of
The clinical trial has been the cornerstone of that system, and is
FDA’s “gold standard.” But the increasing expense of product
approval is more and more being cited as a main reason why
healthcare product approvals are declining.
The FDA has already promulgated several less expensive alternate
routes for certain product approvals such as the ANDA and 510(k)
processes. Although the ANDA and 501(k) systems provide a break
for products with antecedents and precedents, it is unclear what can
be done with algorithms and programs.
The benefits of such information products are real but temporary,
always giving ground to the latest and greatest, and the successor
product follows on its predecessor’s heels with a rapidity unknown in
the rest of the world of healthcare innovations. This is due to its
nature as information.
The Dilemma: Which Unstoppable Force Prevails?
Requiring the “gold standard” of clinical trials for these devices may
practically eliminate them. Not regulating them at all means ceding FDA
oversight over a field that will become an increasingly large part of medical
The FDA has proposed regulating mobile medical applications that use
algorithms that produce patient
What will happen if these algorithms are released for free in a platform
How will the FDA view non
US companies that distribute diagnostics over
Benign neglect may not be possible anymore, because particular
companies are vying for FDA endorsement of programs, algorithms, and
Therefore, the FDA must have a plan for regulation, but it is difficult to see
how any plan will withstand the changing pressures in this area of
technology among patients, providers, payers and product companies.
The FDA and Moore’s Law
Every statement about IT comes with its own time stamp. However,
between the crushing societal burden of health care costs and ongoing
innovation in computing, software, and healthcare information, it is
becoming increasingly clear that health IT is at the forefront of solving or
ameliorating some of the worst dilemmas in US health care. But the use of
this power is fraught with problems for patient safety and the provision of
useless or even harmful information.
Health IT is taking on the rapidly evolving aspect of IT, and it is not working
at the relatively slow pace of technological change in other parts of medical
technology. The clash between the culture of Silicon Valley and that of
Washington in this area of medical IT is inevitable.
On one side is the seemingly unstoppable force of IT advancements,
bringing information cheaply and universally to consumers. On the other
hand is the demand by our political system for accountability and protection
of patients from devices that have the potential to harm them.
Eric D. Hargan
is a Shareholder in Greenberg Traurig, LLP, based in
its Chicago office.
He focuses his practice on transactions, health
care regulations and government relations. For health industry
companies and investors, his experience as a senior official at the
U.S. Department of Health and Human Services, combined with
almost two decades of experience as a transactional attorney, allow
him to provide unique and advantageous insights to his clients.
Previously, Eric served in the position of Deputy Secretary of the
U.S. Department of Health and Human Services. He also served as
Regulatory Policy Officer of the Department, overseeing the
development and approval of all HHS,
and significant guidances. He also served as Deputy General
Counsel of HHS.