Digital Health and FDA – Part One

The FDA is an active participant in the regulation of digital health. The FDA medical device website includes numerous articles about digital health including a discussion of the Digital Health Center of Excellences. Some of the focal points of the FDA oversight of digital health include:

  • What are the benefits of digital health technologies?
  • The FDA’s focus on digital health
  • Who regulates mobile health apps?

What is digital health – according to the Food and Drug Administration?

The use of digital health is continuing to expand. According to FDA, almost every medical practice and patient use some form of digital health. Examples include mobile health (also called mHealth), telehealth and telemedicine, health information technology, and personalized medicine.  Digital health also includes the use of technology to make clinical decisions. Physicians are using artificial intelligence, machine learning, and other software tools to diagnose patients, treat diseases, and deliver individualized health care.

The technology includes hardware, software, connectivity, and sensors. Some digital health is used in the medical products themselves. Other forms of digital health are used to help develop and deliver medical products – such as drugs, biologics, and medical devices (all of which the FDA regulates). Examples of digital health include smartphones, social media and social networks, and Internet applications.

Digital health technology “can empower consumers to make better-informed decisions about their own health and provide new options for facilitating prevention, early diagnosis of life-threatening diseases, and management of chronic conditions outside of traditional health care settings.”

Some of the uses of digital technology include improving access to healthcare, cutting costs, and increasing the quality of healthcare.

What is the FDA’s role regarding digital health?

FDA is continually reviewing:

  • Medical devices that can connect with other devices or systems.
  • Devices that have already been FDA approved, authorized, or cleared – that are now being updated to include digital features.
  • Many new types of devices.

The stakeholders include:

  • Health care practitioners
  • The patients
  • Digital health companies including mobile application developers
  • Researchers
  • Standard medical device companies

A discussion of some of these new digital healthcare technologies follows:

Software as a Medical Device (SaMD)

Medical software is being integrated into numerous digital platforms that have both medical and non-medical purposes. The three main types of medical software, according to FDA, are:

  • Software that is its own medical device – Software as a Medical Device.
  • Software that is integral to a medical device – Software in a Medical Device.
  • Software used in the manufacturing process or the maintenance of a Medical Device.

The term Software as a Medical Device is defined by the International Medical Device Regulators Forum (IMDRF) as:

“Software intended to be used for one or more medical purposes that perform these purposes without being part of a hardware medical device.”

Software as a Medical Device can be used across different technology platforms including:

  • Medical device platforms
  • Commercial “off-the-shelf” platforms
  • Virtual networks

Previously, Software as a Medical Device was called “standalone software,” “medical device software,” and/or “health software.” Cohen Healthcare Law Group recognizes that the terminology can be confusing. We’ll help you understand how your product is categorized.

Regulators, worldwide, decided that there was a need to focus on:

“A common framework and principles for Software as a Medical Device that enables all stakeholders, including regulators, to promote safe innovation and protect patient safety.”

One group seeking to promote medical device regulation standards is the International Medical Device Regulators Forum (IMDRF). The IMDRF has been working to develop “internationally agreed upon documents related to a wide variety of topics affecting medical devices.” In 2013, the organization formed the Software as a Medical Device Working Group (WG) to help achieve the goal of universal safe Software as a Medical Device standards.

The WG is chaired by the FDA. The WG has approved

The FDA is concerned about Software as a Medical Device – as the devices are deployed on mobile platforms, in the function or control of a hardware device, or in general-purpose computing platforms. Generally, the FDA’s policies are “independent of the platform on which they might run, are function-specific, and apply across platforms.” The phrase “software functions” includes mobile applications (apps).


The FDA has a new proposal for approving AI and ML software that looks at the total product lifecycle from development to post-market uses and the adaptations the software learns

Device software functions, including mobile medical applications

Mobile apps provide help to patients by allowing patients to manage their own health, gain access to useful health information, and promote better health. It’s estimated that in 2017, there were 325,000 available healthcare applications – which were downloaded 3.7 billion times. Users of mobile apps include healthcare professionals as well as patients.

The FDA is interested in encouraging new apps while overseeing the effectiveness and safety of mobile devices – and mobile apps.

The FDA’s oversight of medical device software functions, including mobile apps – as devices – can be found in the Policy for Device Software Functions and Mobile Medical Applications Guidance, recently updated in 2019. FDA policy focuses on:

“Software that presents a greater risk to patients if it doesn’t work as intended and on software that causes smartphones, computers, or other mobile platforms to impact the functionality or performance of traditional medical devices.”

The 2019 guide includes updates to the definition of medical devices based on Section 3060 of the 21st Century Cures Act.

Artificial Intelligence and Machine Learning (AI/ML) in Software as a Medical Device

The FDA has issued an “Artificial Intelligence/Machine Learning (AI/ML)-Based Software as a Medical Device (SaMD) Action Plan” from the Center for Devices and Radiological Health’s (CDRH’s) Digital Health Center of Excellence. The plan is in response to feedback from an April 2019 discussion paper titled, “Proposed Regulatory Framework for Modifications to Artificial Intelligence/Machine Learning-Based Software as a Medical Device.” The Plan discusses five FDA Actions which our lawyers will review with you.

Artificial intelligence and machine learning technologies are used to analyze vast amounts of healthcare data – to help health care providers and improve patient care.

“Artificial Intelligence has been broadly defined as the science and engineering of making intelligent machines, especially intelligent computer programs. Artificial intelligence can use different techniques, including models based on statistical analysis of data, expert systems that primarily rely on if-then statements, and machine learning.”

“Machine Learning is an artificial intelligence technique that can be used to design and train software algorithms to learn from and act on data. Software developers can use machine learning to create an algorithm that is:

  • ‘Locked’ so that its function does not change, or
  • ‘Adaptive’ so its behavior can change over time based on new data.”

A few examples of AI and ML technologies include:

  • An imaging system that provides diagnostic information to skin care patients – using algorithms
  • Estimating the probability of a heart attack by using a smart sensor device


Developers are working on new AI programs that enhance, support, or enable telemedicine. New uses include diagnostic tools and online tools that have legal compliance pitfalls

Why are AI and ML considered transforming medical devices?

FDA states that AI and ML can provide valuable insights because the software can:

  • Learn from real-world experiences
  • Improve its performance based on new data and new software advances

The FDA normally uses an “approved premarket pathway” (such as premarket clearance, premarket approval, and De Novo classification) to review medical devices. The FDA may also “review and clear modifications to medical devices, including Software as a Medical Device, depending on the significance or risk posed to patients of that modification.” For example, companies can learn about decisions about when to submit a 510(k) for a change to an existing device.

The traditional FDA model for regulating medical devices was not designed for adaptive AI and ML. Currently, FDA anticipates that a premarket review will be necessary for AI and LM software changes to a current medical device. The FDA’s foundation for this type of premarket review of AI and ML is discussed in the Proposed Regulatory Framework Plan discussed above. The Framework

“Envisions a ‘predetermined change control plan’ in premarket submissions. This plan would include the types of anticipated modifications—referred to as the ‘Software as a Medical Device Pre-Specifications’—and the associated methodology being used to implement those changes in a controlled manner that manages risks to patients —referred to as the ‘Algorithm Change Protocol.’”

This type of framework could help the FDA and manufacturers “evaluate and monitor a software product from its premarket development to postmarket performance.” The approach balances the need for patient safety with the ability of AI and ML to iteratively improve the software.

Cybersecurity and the FDA

The FDA emphasizes that hospitals, medical practices, and manufacturers will need to work together to monitor and manage cybersecurity risks. Medical devices, like other computer technology, are subject to security breaches that can affect the safety of a medical device and its effectiveness.

Digital health and telemedicine

One of the fastest-growing uses of digital health is telemedicine. Telemedicine was increasing in popularity before the pandemic. During the height of the pandemic, both medical practices and patients relied on remote communications to provide and receive medical services. We’ve written numerous articles about the laws that regulate telemedicine within states and across states – along with the concerns of various medical boards and agencies.

A key issue that doctors and medical practices need to review with our lawyers is whether an in-person consultation is required before electronic consultations can be used. There are many other issues such as the need for a doctor to supervise or run the consultation as opposed to nurses and other staff members.

The Health Resources and Services Administration (HRSA) of the U.S. Department of Health and Human Services defines telehealth as:

The use of electronic information and telecommunications technologies to support and promote long-distance clinical health care, patient and professional health-related education, public health and health administration. Digital health platforms include:

  • Videoconferencing – Live (synchronous) two-way links between the medical care provider and the patient.
  • Store-and-forward imaging (asynchronous) videoconferencing. The sending and receiving of a patient’s health history to and from another health care practitioner – often a specialist.
  • Remote patient monitoring (RPM). “The use of connected electronic tools to record personal health and medical data in one location for review by a provider in another location, usually at a different time.”
  • Mobile Health (mHealth). This type of digital health includes health care information and public health information that is provided through mobile devices. The information can include notifications about disease outbreaks and general health care educational information.

Digital health platforms also include:

  • The Internet
  • Streaming media
  • Terrestrial and wireless communications

The FDA also regulates Wireless Medical Devices:


Today, I’d like to talk about some key questions related to telehealth. Does telehealth use the MSO model, and are telemedicine companies and platforms essentially MSOs, and who cares? why does […]

Digital Health Care Center of Excellence

The aim of the FDA’s Digital Health Care Center of Excellence (DHCCE) is to empower stakeholders (developers, medical practices, hospitals, and others) to develop better health care through responsible and high-quality digital health innovation. The goals of the DHCCE include:

  • Forging relationships to advance digital health in the medical profession.
  • Sharing information to “increased awareness and understanding, drive synergy, and advance best practices.”
  • Creating innovative regulatory approaches to minimize oversight while meeting the agency’s standards for quality and safe products.

Developers of medical health apps need to understand how the FDA regulates digital health. Medical practices that use medical health apps also need to understand when digital health applications qualify as medical devices and, in particular, when those apps may be deemed unsafe by the FDA. Doctors also need to understand that there are federal and state laws that may govern the use of some technologies such as telemedicine. There are laws that govern whether doctors or staff can use digital health and how digital health should be monitored.

Developers and doctors should contact Cohen Healthcare Law Group, PC to review their digital health compliance requirements. Our experienced healthcare attorneys help medical businesses and medical practices understand what proactive steps to consider and what types of digital health devices and applications may be considered unsafe by the FDA.

Contact Us

    Book your Legal Strategy Session now
    Cohen Healthcare Law Logo

    Contact our healthcare law and FDA attorneys for legal advice relevant to your healthcare venture.

    Start typing and press Enter to search