recommended reading

Regulatory headache? There’s an app for that


The Food and Drug Administration is stymying innovation in the field of mobile medical applications with superfluous regulation, industry leaders said at a conservative think tank Wednesday.   

“We need regulatory structure 2.0 to deal with emerging technology,” said Joel White, president of Health IT Now. “It has to match the innovation and speed of the industry. Science fiction is moving to science fact.”

The American Enterprise Institute panel pointed to the 2011 Draft Guidance on Mobile Medical Applications released by the FDA as the impetus behind a convoluted and overbearing regulatory framework. The guidance identifies apps -- such as those found on an iPhone or iPad -- as medical devices that, under FDA’s purview, should be regulated.

The difficulty, according to the panel, is where to draw the line. Sixty-two percent of doctors are using tablets in some way to treat patients, according to White, and an increasing number of patients are using apps to clarify instructions, to make amateur diagnoses or simply to educate themselves on medical information. The panel contended an app that allows a patient to play checkers in order to keep his mind clear at the recommendation of a doctor should not be regulated in the same way as an app that helps a doctor read a CT scan.  

Jon Potter, president of the Applications Developers Alliance, said uncertainty in what will be regulated is driving away potential backers of new technologies.

“Investors are looking at regulatory challenges as impeding their interest in investing,” he said.
Erica Jefferson, an FDA spokeswoman, said “only a subset” of mobile medical applications will be regulated.

“[FDA] will continue to promote innovation in this new and expanding field,” she said. “FDA oversight would generally be limited to apps that present the greatest risk.”

White and Potter argued for a new structure for regulating these apps should involve independent software experts who verify that a program does what it is intended to do, rather than medical professionals who examine the medical value.

“It’s about 1s and 0s,” White said.

They also said the regulatory structure must be inexpensive, as the often free applications do not generate the revenue to support additional fees. White said developers will “make [the next] Angry Birds instead of a glucose app that helps diabetic patients,” because that’s where the money will be.

(Image via watcharakun /

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.