Evaluation of Mobile Health Applications: Is Regulatory Policy Up to the Challenge?

Abstract

The aim of this study is to determine whether the approach used in Australia to regulate mobile medical applications (MMA) is consistent with international standards and is suitable to address the unique challenges of these technologies. The policies of members of the International Medical Device Regulator's Forum (IMDRF) were analyzed, to determine whether these regulatory bodies address IMDRF recommendations for the clinical evaluation of software as a medical device (SaMD). Case-studies of varying types of regulated MMAs in Australia and the United States were also reviewed to determine how well the guidance in the IMDRF's SaMD: Clinical Evaluation (2017) document was operationalized. All included jurisdictions evaluated the effectiveness of MMAs and addressed the majority of the key sub-categories recommended in the IMDRF guidance document. However, safety principles concerning information security (cybersecurity) and potential dangers of misinformation (risk-classification) were generally not addressed in either the case-studies or in the policy documents of international regulatory bodies. Australia's approach was consistent with MMA regulation conducted internationally. None of the approaches used by global regulatory bodies adequately addressed the risk of misinformation from apps and the potential for adverse clinical consequences. The risks posed by MMAs are mainly through the information they provide and how this is used in clinical decision-making. Policy in Australia and elsewhere should be adjusted to follow the IMDRF risk-classification criteria to address potential harms from misinformation. Australian regulatory information should also be updated so the harm posed by cybersecurity and connectivity can be comprehensively evaluated.