Trends in digital health: Health apps as software medical devices

This article is the sixth in our "Trends in digital health" series.

Anyone who has spent more than a passing moment browsing a smartphone app store will know that health apps have never been more prevalent. All kinds of software which could be described as a “health app” can be found on your app store of choice.

Many health apps are sold perfectly lawfully. However, many are not.

The reason for this is that some health apps cross a crucial regulatory line. Instead of stopping at being mere consumer apps which do health-related things, they are medical devices, and so are subject to a host of regulatory requirements.

What makes a medical device?

Broadly speaking, UK and EU medical device regulations define a “medical device” as a product (including standalone software) which does not achieve its principal intended action by pharmacological, immunological or metabolic means and which is intended by its manufacturer to be used for one of a closed list of medical purposes:

• diagnosis, prevention, monitoring, prediction, prognosis, treatment or alleviation of disease;
• diagnosis, monitoring, treatment, alleviation of, or compensation for, an injury or disability;
• investigation, replacement or modification of the anatomy or of a physiological or pathological process or state;
• providing information by means of in vitro examination of specimens derived from the human body, including organ, blood and tissue donations.

Certain types of product, including products to control or support conception, are also deemed to be medical devices even though they do not have a medical purpose.

A product does not have a medical purpose if it is not intended to be used for the benefit of an individual patient.[1]  Counterintuitively, this means that a contact tracing app which estimates the prevalence of a disease in a community for public health purposes is unlikely to be a medical device because it does not have a medical purpose. Meanwhile, an app which estimates the likelihood that an individual is suffering from a disease based on their reported symptoms is likely to be a medical device because it has a medical purpose, namely diagnosis of disease.

The intended use of a device is judged objectively, based on the presentation of the device in its instructions for use and its advertising materials and the apparent functionality of the device. As a result:

1. A health app can be a medical device because of the claims which the manufacturer makes about the health app. For instance, if a manufacturer claims that its health app can diagnose Parkinson’s disease, the health app will likely be a medical device even if it does not have this functionality.
2. Disclaimers such as “this app should not be used to diagnose Parkinson’s disease” are generally ineffective. Disclaimers can sometimes clarify the intended use of the health app, but not if the disclaimer is clearly inconsistent with the broader presentation of the health app.

In other words, a health app will be a medical device where an objective third party would consider that the health app is intended to be used for a medical purpose for the benefit of an individual patient, based on its presentation and apparent functionality.

Unsurprisingly, it can require detailed analysis to determine whether or not a health app is or is not a medical device in the UK and in the EU. Due to slight differences in law and guidance, there can be instances where a particular app is considered a medical device in the EU but not in the UK, and vice versa.

However, there are certain categories of health app which tend to be medical devices, and certain categories which tend not to be medical devices:

There are also certain words and phrases which tend to indicate that a health app is a medical device, such as: triage, spots, detects, measures, finds, prognosis, predicts, screen, symptom checker, risk of or reduce doctor time.

What requirements does a software medical device have to comply with?

Medical devices are subject to strict regulatory requirements in the EU and in the UK. One such requirement is that a medical device must undergo a process to demonstrate compliance with applicable requirements (known as a conformity assessment) and be labelled with a marking (either a CE Mark or a UKCA Mark) indicating that it complies with medical device regulations before it is placed on the market.

The purpose of the conformity assessment is to confirm that the medical device is safe and that it performs in the manner intended by the manufacturer. Where a medical device is considered to present a low risk, the manufacturer can conduct the conformity assessment itself and then self-certify that the medical device is compliant. All other medical devices must be conformity assessed by an independent third party (known as a Notified Body).[2] In practice, virtually all software medical devices must undergo conformity assessment by a Notified Body.

Many health apps which are available on app stores appear to have been correctly labelled with a conformity marking and so seem to have undergone conformity assessment. However, without naming any names, there are plenty of others which do not bear a conformity marking, in spite of clearly having an intended medical purpose. There are also other health apps which have been labelled with a conformity marking, but which have incorrectly been self-certified as low risk by the manufacturer, when they should have undergone conformity assessment by a Notified Body.

For more information and insight on this topic, watch the recording from our "Is my health app illegal?" webinar here.

===================================

[1] This is confirmed by authoritative guidance from the European Commission and the MHRA, including MDCG 2019-11 on Qualification and Classification of Software and the MHRA guidance on medical device stand-alone software.

[2] Under UK medical device regulations, the third party bodies which conduct conformity assessments are called “Approved Bodies”. The institutional role of an Approved Body is virtually identical to that of a Notified Body.