The transition phase for the implementation of the EU-MDR ends in May 2020. The pressure is great to make physical medical devices, business processes as well as existing and future mobile medical applications compliant or even to certify them.
Mobile apps are immensely popular and are quickly becoming the main communication and interaction channel for private and business purposes alike. It is therefore no surprise that most MedTech and Life Science companies have created, and are creating, mobile apps for patients and healthcare professionals (HCPs) to digitize and improve business processes and the overall customer experience, as well as to provide new and innovative services.
Such medical apps can for example serve informational purposes, support a diagnosis and clinical decision-making, assist in treatments and behavioral change, or monitor progress. These apps could provide a stand-alone service, or be used in connection with medication or a physical medical device (sometimes directly connected via Bluetooth or other means).
There are many apps in the App Stores that support patients in keeping daily journals on their activities and medication intake, often giving them advice based on the entered data. Other apps monitor the use of medical devices like insulin pumps or blood pressure meters, sometimes also reading out and storing the measurement data. Yet other apps give recommendations to HCPs on possible treatments, medications or their dosage, based on a few entered parameters.
With the abundance and overall popularity of such medical apps, many creators don’t realize that their apps may be affected by EU medical device regulations (EU MDR), forcing them to fulfill a multitude of regulatory requirements all the way to needing to obtain a CE mark.
EU MDR 2020, the clock is ticking
With the EU MDR implementation and transition period ending in May 2020, the pressure is on to not only get physical medical devices and business processes compliant or even certified, but also existing and upcoming medical mobile apps. These however are often overlooked in the general roadmap and activities to achieve EU MDR compliance. This bears the risk that apps will have to be removed from the App Stores, digital services can no longer be offered, and entire app-device-combos will become non-compliant in May 2020.
Is my app a medical device?
The decision whether a mobile application is a medical app or even a medical device (and if so, which class) can be tricky. The described and advertised purpose of the app is a key factor, but it also greatly depends on its exact features and contents, where definitions are often unclear and a matter of interpretation.
As a generalization, an app is a medical device if it is intended to be used for diagnostic or therapeutic purposes. This is to say that its functionalities go beyond simple storage, archiving and compression of data, or beyond conducting simple search queries (such as interpreting entered data, making calculations, and giving advice to patients and/or HCPs), or otherwise support the diagnosis, prevention, monitoring, treatment or alleviation of diseases, injuries or handicaps. It hereby needs to produce results for specific persons, patients or patient groups, whereas simply producing overall statistics and giving general advice will not make it fall under the regulation.
Apps also can be classified as medical devices even if the app itself is not a medical device according to the characteristics mentioned above, when it is used in connection with a physical medical device, such as by wirelessly reading out its data.
What to do now?
With May 2020 approaching fast, it is imperative to get mobile apps immediately on the radar of EU MDR activities. The initial step is to analyze the portfolio of existing apps and the ones in production or planning, followed by the assessment of their likelihood of falling under the regulations, as well as their suspected classification. Then decisions must be taken as to which of the affected apps should be retired and which should be made compliant.
The correct process of making an app compliant heavily depends on its classification. This can range from adjusting the feature set and improving documentation, to changing its architecture, to implementing new processes in software development, to full software validation and certification.
Considerations include basics like the ease of use, data privacy and security, but also topics like content assurance (incl. quality, actuality, and clinical relevance), risk mitigation, quality assurance, documentation and support structure. For obtaining the CE mark, a full certification process with a governing body, just like for physical medical devices, will be needed.
Given the ambiguity in assessment and classification, as well as the many possible pitfalls in app design, development and certification, the support of subject matter experts on all levels –regulatory and technical alike – will be more than helpful on the road to EU MDR compliance.
Our services and further information: