When is an app not an app? (When it’s a conundrum)

It all started so simply. In DHACA under the leadership of Rob Turpin (BSI) we produced the definitive guide to app regulation in the UK. Sure it was 44 pages long (and will shortly need updating) however we all knew that an app was standalone software and that none other than MEDDEV 2.1/6, the ultimate definitive guide to when an app is a medical device defined software as:

…a set of instructions that processes input data and creates output data.

However doubts began to creep into this editor’s mind when he heard that app developers in the US were avoiding (US/FDA) medical device classification as that would rule them out as service providers, which can reduce future  reimbursement benefits – as we quoted Ralph-Gordon Jahns of research2guidance in 2014 “profitable developers… rely on service sales as their primary source of revenue.”

Things got more complicated when it emerged at the UK Health Show this autumn that PHE was considering listing digital GP services as part of what the just-finalised Accelerated Access Review calls the “Paperless 2020 simplified app assessment process”. These are regulated by the CQC – and both Babylon Health and Dr Now recently received favourable CQC verdicts on their services. It has however been hinted that some of these services have recently been providing extensive triaging without human intervention: software alone it is suggested can provide the service.

The recent draft IMDRF document Software as a Medical Device (SaMD): Clinical Evaluation appears to add weight to this, that standalone software (“SaMD”) can indeed provide a service. To quote from page 13 (please refer for all the references):

In limited cases — where SaMD may have the functionality to accept user inputs or to “treat” using general purpose computer peripherals to impart sound, light, pictures on a display or in some cases low energy vibrations — such SaMD can be considered to provide therapy to patients (e.g., SaMD used for cognitive behavioral therapy).

(As an aside Page 27 onwards of this IMDRF document has some really useful material on evidence requirements, including how app developers can use continuous learning from real time evidence to raise the functionality of their mHealth devices.)

This editor is no lawyer (so nothing in this blog should be construed as legal advice). However from his strictly non-legal viewpoint, there does seem to be something unstable about a position where a patient is unable to tell whether they are receiving a purely machine-based treatment or a machine plus human intervention treatment (the Dr Turing test?), yet the two have very different regulatory frameworks, with very different timetables (medical devices – if they are designated as such – requiring prior approval; full CQC inspection only taking place some time after establishment).

Julian Hitchcock of Denoon Legal, a lawyer very experienced in this field contacted by this editor confirmed that the position is indeed confused at present. He pointed out that an even greater complication might arise if the app and the service are used in another country to that from which they are being provided.

It will be fascinating to see how this plays out, and who sorts it – in the meantime we all need to take extreme care to ensure that nothing inadvertently slips between these two regulatory regimes and results in actual or potential harm.

Categories: Latest News.