Mobile medical apps: lobbying in the USA

FDAThe FDA is the responsible organisation for the regulation of medical devices in the USA. In a proactive move, the FDA published draft guidance (21 July 2011) for what it defined as “mobile medical applications”, and invited comments from industry and staff. Nearly two years on, interested parties are still waiting for formal guidance on what types of apps will be regulated and are therefore subject to FDA approval. Latest indications suggest this guidance will be published by October 2013, but don’t hold your breath.

That’s not to say the FDA have been sitting on their hands in the meantime. During hearings before a House of Representatives committee in March of this year, Christy Foreman, Director of the Office of Device Evaluation, indicated that the FDA had approved some 100 medical apps already (the equivalent figure for the UK’s MHRA could be counted on one hand). Further, in May the FDA made clear it means business by launching its first inquiry into a urinalysis app that the agency said needed, but did not have, FDA approval. We’ve yet to witness such an intervention here in the UK.

However mobile apps aren’t the only area where technology use in healthcare is evolving fast. IT more broadly represents a huge opportunity to improve patient outcomes and make healthcare more efficient. To this end, the Obama administration created a Food and Drug Administration Safety Innovation Act (FDASIA) Workgroup, charged with publishing a report by January 2014 to identify a regulatory framework for “health IT” which includes mobile medical apps. The Workgroup is under oversight of the Food and Drug Administration (FDA), Office of the National Coordinator for Health IT (ONC), and the Federal Communications Commission (FCC).

Given the potential of mHealth, and health IT more generally, there are clearly many interested parties that want their voice heard, ranging from individual patients, clinicians and developers all the way up to big business. By extension, there are some very different views on what role regulation should play (possibly reflecting the bipartisan views in the USA on the role of government as a whole). And where politics and business interests meet, lobbyists can be found.

Software Advice, a resource for medical software buyers, is currently hosting a poll seeking readers’ opinions on whether or not the FDA should regulate mobile apps. To cast your vote, visit their recent blog which summarises the views of two opposing camps; one urging that mobile medical app regulation isn’t rushed and is considered within the context of the wider FDASIA workgroup remit, the other asking the FDA not to delay in publishing guidelines that will bring further certainty and thus investment to this promising new field.

Posted in News, Policy | Tagged , , , , , , , | Leave a comment

City law firm opines on health app regulation

Simmons & Simmons logoSimmons & Simmons, a respected law firm headquartered in the City of London, have published an article on their interpretation of the regulation of health apps currently in force in the UK, as well as where future EU regulation could be heading. The full article, titled The Regulation of Smartphone Medical Software Applications as Medical Devices, has been published in Pharma magazine in three tranches (Part I, Part II, Part III).

At first glance, this looks to be consistent with our report – Regulation of health apps: a practical guide – published January 2012. Simmon & Simmons views on a potential new Medical Device Regulation that would replace both the MDD and AIMDD are particularly intriguing, and highlight two potential requirements ahead for developers and app stores alike.

One likely ramification of this is that marketers of apps whose products are classed as “medical devices” will have to ensure that they collect detailed information, at point of sale, on the identity and location of consumers purchasing their apps. At present, it is not clear whether such information is routinely gathered through online app market-places, or whether it is made available to manufacturers and suppliers. Further, each medical device would, under the proposed MDR, have to bear a unique device identifier in order to facilitate its traceability, and which will form part of the public domain by virtue of being recorded on the Commission’s database.

Regarding the first requirement, whilst app stores have long been reticent to provide a service that allows developers to identify customers directly, this is clearly technically possible through separate in-app registration processes, such as those employed by banks. However it does simply add another burden on manufacturers, particularly when you consider the EC data and privacy challenges that accompany such a requirement.

The second requirement is more trivial and just plain common sense.  The provision of a central EC database and unique identifier per medical device is long overdue. Currently an end user would need to check the database of each member state’s Competent Authority by manufacturer’s legal name in order to validate whether a CE mark has been correctly applied to a medical device to signal its conformance – a highly laborious task. In light of the PIP breast implant scandal, there is hopefully now more political will to see this important service realised, to the benefit of patient safety, and improved end user confidence in the devices themselves.

Posted in News, Policy, Research | Tagged , , , , , , , , , | Leave a comment

Less haste, more speed: Robust risk-benefit analysis needed

Rapid response to BMJ letter Doctors taking a pulse using their mobile phone can spread MRSA by our CEO.

The authors of a recent small study on the contamination risk associated with mobile phone usage in a clinical environment[1] should be congratulated for their contribution to the broader topic of appropriate use of mobile devices in healthcare. More studies like this are needed to develop a comprehensive understanding of the use of this technology, the risks involved, the mitigating actions that can be taken, and the costs associated.  This should then be balanced with the benefits that greater adoption of wireless technology can bring to the health system as a whole, with the ultimate goal of developing evidence-based, practical guidelines for its safe and proper use.

Developing such guidelines is no simple task. Bacterial contamination represents just one risk type associated with wireless device use in healthcare[2]. Wireless devices are multifunction devices amongst a plethora of high and low technology alternatives (PCs, pagers, landlines phones, wristwatches, books, paper and pen etc.) and should therefore be considered in this context.

However we agree with recent calls that guidelines should be developed as a matter of urgency. Our 2010 survey showed that over 80% of UK doctors own and use a mobile phone at work[3], and recent research has shown that between 9-25% of mobile communication devices used in hospitals are contaminated with pathogenic bacteria[4]. Further studies have shown variable knowledge and understanding of infection control protocols[5], and that 90% of healthcare professionals have never cleaned their mobile phone[6].

It would therefore seem appropriate for any such guidelines to advise healthcare professionals on how to decontaminate their wireless device, and at what frequency, especially as many devices fulfil a dual role supporting professional use at work and personal use at home. Existing literature suggests the efficacy of alcohol based solution over ultraviolet irradiation[4]. By logical extension, the use of hands free technology may be advantageous as this reduces the number of touches and the proximity of the device to the face. Further, devices that incorporate fewer switches or keys as part of their design (i.e. touchscreen technology) may prove easier to clean, while anti-microbial cases and covers may be prudent accessories.

Finally, for those readers that caught sight of the original article via the byline of “Unhelpful apps”, we recently published a report [7] that serves as a primer for those interested in producing or using health apps and how to mitigate the associated risks.

1. Morris TC, Moore LSP, Shaunak S. Doctors taking a pulse using their mobile phone can spread MRSA. BMJ 2012;344:e412
2. Visvanathan A, Gibb AP, Brady RR. Increasing clinical presence of mobile communication technology: avoiding the pitfalls. Telemed J E Health 2011;17:656-61.
3. Nolan T. A smarter way to practise. BMJ 2011;342:d1124.
4. Brady RR, Verran J, Damani NN, Gibb AP. Review of mobile communication devices as potential reservoirs of nosocomial pathogens. J. Hosp. Infect. 2009; 71:295-300.
5. Brady RR, McDermott C, Cameron F, Graham C, Gibb AP. UK healthcare workers’ knowledge of meticillin-resistant Staphylococcus aureus practice guidelines; a questionnaire study. J. Hosp. Infect. 2009;73:264-70.
6. Ulger F, Esen S, Dilek A, Yanik K, Gunaydin M, Leblebicioglu H. Are we aware how contaminated our mobile phones with nosocomial pathogens? Ann. Clin. Microbiol. Antimicrob. 2009;8:7.
7. d4. The regulation of health apps: a practical guide. January 2012.

Posted in News, Research | Tagged , , , , , , , , , , , , | Leave a comment

Insufficient clinical involvement in health app development

A new paper accepted for publication in the British Journal of Dermatology calls for greater clinical involvement in the production of health apps.

The authors of the paper, titled “Medical Professional Involvement in Smartphone Apps in Dermatology“, analyse the descriptions given for dermatology apps found in four public app stores, and find that direct references to healthcare professionals’ involvement are lacking in 67% of cases, calling into question the safety and reliability of apps for diagnostic purposes, among other risks.

The paper concludes that simple measures should be introduced to improve the accountability of health apps, including authorship, regulatory approval, quality marks and external review.

The paper is certainly well timed, following the recent publication of the d4 paper “Regulation of health apps: a practical guide“, a new MEDDEV regarding standalone software as a medical device, the appointment of a new Dirctor of Medical Devices at the MHRA and the annoucement that Happtique plans to provide an independent review process and quality mark for health apps.

Posted in Education, Evidence, Research | Tagged , , , , , , , , | Leave a comment

O2 privacy failure: is your mobile number being shared when browsing online?

An alarming story has emerged over the last 24 hours for mobile phone customers on the O2 network (potentially including MVNOs GiffGaff and Tesco Mobile that piggy back on O2):

Your mobile phone number may be disclosed to internet servers when browsing websites from your phone.

Check out this page to test this for yourself (make sure you turn off WiFi so that you’re definitely connected via your provider’s network).  It’s not believed to impact Vodafone, Orange, T-mobile or 3 customers, and may be dependent on which APN you use for your data connection (e.g. pre-pay vs. contract customers).

Expect more news on the story from Charles Arthur at the Guardian and via Lewis Peckover’s Twitter feed.

[Update at 3pm UK time: story now covered by BBC, Guardian, Wired etc. – you heard it here first!]

[Update 2 at 7pm UK time: O2 apology and FAQ via their blog and Information Commissioner’s Office pursuing alleged data breach]

Posted in News | Tagged , , , | Leave a comment

Tech frustrations of a NHS surgeon – guest blog

[This week's blog is from a surgeon working in the NHS who has kindly agreed to share (vent?) his technology frustrations.]

A little bit of back ground first. I am a 32 year old, born in the era before the internet, very much before Twitter and Facebook, when a modem was analogue and for hacking in to the Pentagon in movies! My first piece of proper computer technology was an old Compaq 386 desktop with a VGA monitor that could display 256 colours. How everything has changed! We take it all for granted: I am typing this on a tablet with a Bluetooth keyboard.

I am a self confessed technology lover, the more complex it is and the more I can tinker, the more I want it. My current obsessions are (even if I don’t understand them!) Android everything, XBOX Kinect, arduino and 3D printing. Now you probably think I’m some IT geek or something like that, but alas no… I am a doctor.

Medicine and the NHS are a bit like an old National Trust house: something to be proud of, with people who love it and work hard to keep it going. Unfortunately just like an old house, it often costs us more to keep it up to date than we can afford.

This is where the juxtaposition of cutting edge technology and the NHS collide. I am an orthopaedic surgeon, and as far as medical specialties go, we love our gadgets. It’s all power tools and mechano sets! A great place for innovation and new technology. But this is where I get frustrated. Like any huge expansive organisation with too many people ‘in charge’, red tape is everywhere. Let me give you a recent example.

I had an idea after much internet trawling and research to take a Microsoft XBOX Kinect and use it to control our computer in theatre to manipulate digital X-rays hands-free whilst sterile. I bought all the bits myself and trialed it at home to make sure I could do what I wanted to do. Bingo! It worked. All in it only cost me £100. The next day I stepped in to the operating theatre and proceeded to plug in the Kinect to the rather ancient looking Dell Pentium D desktop with a 17inch LCD monitor (bear in mind this is a brand new hospital open just 6 months). Security policies reject the USB connection to the Kinect. My USB memory stick is not encrypted and therefore rejected.

First hurdle and I’m on my face! Next I get a word in my ear that even if it had worked I would not physically be allowed to plug in the Kinect power-supply in to the wall socket. A commercial product made by one of the biggest companies in the world and I need to get it safety tested first. It’s a wonder I have not burnt my own house down thus far without getting every product I own safety tested!

Not wanting to give up I went ahead and attempted to jump through the hoops put before me. First stop IT. To my shock they were very helpful and found a fellow geek who agreed to set everything up and circumvent the security policies and install my drivers.

[Ridiculously, he also highlighted that security in the hospital network was 'perceived security': pointless barriers to those who are the least computer savvy. Anyone really wanting to do bad things to the network with an ounce of tech knowledge could have the run of the system, as he highlighted by plugging his own Macbook in to an ethernet port in the wall. Completely unrestricted, unproxied, non MAC filtered internet from an NHS connection. You didn’t need to even get at technical as that. Simply un-clicking the “Use proxy” in Internet Explorer settings turns off the filtering!]

Back to my story. Drivers now installed and USB ports unblocked, I still had to make sure the Kinect would not somehow short circuit the hospital and tried to get it safety tested. Easy? NO. The hospital had no obligation to safety test as it was not a device owned by the hospital. So the fact I had not asked for funds from the NHS to buy this device for research, actually hindered me using it. Eventually I convinced someone to look at it: this involved the case going in front of a group of managers to decide if it needed to be safety tested. After this meeting, I was given the all clear and the device was then adorned with a little green sticker with TESTED on it! Whoop!

The research has gone on to be a success and works well. It was just a very convoluted and overly complicated process to have to navigate through. I understand the NHS, when dealing with patient information, has to be very careful, but I don’t believe it really is. It looks like it is, but as my example of the network restrictions above shows, it’s all a bit superficial, blocking things that don’t need to blocked and not those that do.  Here are a few more examples:

  1. No USB sticks that are unencrypted can be plugged in to a computer in the NHS. I think this is a pretty standard circumstance across most of the country – it stops data being taken off the network and lost or left on trains. I would be happy to comply with this if I really thought it made things secure.  BUT, guess what?  This preventative technology doesn’t work on NHS Pentium Ds running Windows XP…
  2. Cloud storage anyone? You can happily upload on to Dropbox, Google Docs etc. – IT know you can, but as long as it seems secure, it’s ok…
  3. It’s not permitted to make digital copies of clinical images and send these to another hospital over the NHS network.  But you can put a printed photo in the post instead! Where did I put my carrier pigeon…

It has now got to the point with security in the NHS that there is an assumption that we are all evil doers just lurking to send patient information out of the system! It’s ironic that I am trusted to cut someone open and listen to all their most intimate problems, but not allowed to put a USB stick in to a computer just in case I feel the need to upload the X-ray archive to Facebook. The world is moving on: smartphones are everywhere and we need to embrace this technology and use it.

The rest of the world is as I observed at the eHealth Live show in 2011. To be able to have a tablet on a ward round with access to the patients GP records, their medications, X-rays and blood results would be such an advantage. Why don’t we? Because of money.

I think an “integrate your own technology at work” scheme should be born. Now with open web standards, platform independent applications and VNC we should be allowed to utilize our own technology for the patients benefit. Almost every orthopaedic surgeon I know has an iPhone or Android phone. We have more technology in our pockets every day than that dusty Dell PC in the corner.

Now where’s that National Trust sticker, I might just put it on the entrance to the hospital…

Posted in Education, Evidence, Use Cases | Tagged , , , , , | Leave a comment

App regulation one week on: MHRA, MDD and NHS in the spotlight

So it’s been a week since we published our document Regulation of health apps: a practical guide alongside the news that the Mersey Burns app has been released – the first app manufactured and CE marked as a Class I Medical Device in the UK.

And what a week it’s been.  On the whole our report garnered some positive press and the report has been downloaded over 500 times already – thanks to some great coverage on TechCrunch, MobiHealthNews, GPonline, PharmaPhorum and PMlive to name just a few.

But what we didn’t anticipate two separate but somewhat related stories occurring immediately afterwards.

What is the role of the MHRA, and does the MDD go far enough?

The PIP breast implant scandal, which has been rumbling some time now, has turned to focus on the role of the MHRA under the EU Medical Devices Directive.  For more see the Lancet (A serious regulatory failure, with urgent implications and The scandal of device regulation in the UK), the Telegraph (Breast implant scandal ‘inevitable’ due to MHRA failings: Lancet) or listen to yesterday’s Today program on BBC Radio 4 (Medical device rules ‘not fit for purpose’).

The avenues for discontent with the current state of affairs can be summarised as follows:

  1. The UK’s Medical Devices Agency (a pre-cursor to the MHRA) should never have been disbanded in the first place
  2. The delegation of certifying Class II and above medical devices from a Competent Authority to Notified Bodies has proven unsatisfactory
  3. The Medical Device Directive results in regulation that is too reactive in approach (i.e. intervene only when problems with medical devices are reported), rather than proactive (i.e. intervene when potential problems with medical devices are identified).  The FDA certainly wields power in the latter form – the Mobile MIM app is a good case in point.

It will be very interesting to see how the MHRA and the Department of Health respond given the power of the PIP story – watch this space for a knee-jerk reaction.

Data security and information governance

Our mission at d4 is to improve patient care by placing modern technology in the hands of doctors, nurses and health professionals.  We recognise that data security and information governance are critical topics in IT – placing this in the context of healthcare and mobile raises the importance further.  One of the aspects of this is therefore how organisations manage risk – our latest report looks at the risks presented by apps in particular and provides ways to mitigate these.

Therefore you can understand why last week’s headline in the Guardian (NHS warns staff over tablet security risks) caught our eye.  According to the article, NHS Connecting for Health have advised staff that “these devices are inherently less secure than more traditional technology.” The ‘Good Practice Guidance’ lays out various considerations according to the article – we’re asked the CfH for a copy so that we can understand the guidance in full, but are yet to receive a reply.

All very well, until you recognise that in the very same week Brighton and Sussex University Hospitals Trust are fined £375,000 by the the Information Commissioner’s Office for failing to destroy hard drives containing sensitive patient data.  It’s hard to take the NHS seriously on preaching information governance standards for personal devices when it can’t even get the basics right.

Updated guidance on standalone software under the MDD

We referenced in our report that new formal guidelines (a MEDDEV) are expected soon.  The BSi have now confirmed this, but the document itself is yet to be formally named, numbered and published.  We’ll keep you posted. [Hat tip to Erik Vollebregt at the medicaldeviceslegal blog.]


Posted in News | Tagged , , , , , , , , | Leave a comment

How safe is that app? Mersey Burns is the first app to be registered as a Class I medical device by the MHRA


UK charity draws attention to the regulation of health apps and publishes guidance document to help health professionals, organisations, patients and industry

10 January 2012, London – A new app, Mersey Burns, has been released on to the market that represents a first in the UK – it has been registered with the MHRA as a Class I medical device as per the EU Medical Device Directive.   To coincide with this, d4 have simultaneously published a new guidance document to help draw further attention to the issue of health app regulation and provide practical guidance to both users and manufacturers of apps for the healthcare market.

Health professionals make considerable use of mobile phones during their working day, as do their patients.  As the popularity of running software applications on mobile devices continues to increase, we anticipate that the use of apps to aid medical diagnosis and treatment will gain in popularity with a corresponding increase in risk to the general public.  Specific regulations that accompany this nascent technology are in their infancy, but should not be ignored.

For all stakeholders concerned, it is in our collective interest to support responsible use of this new technology. It will take one high profile failing to cause a loss of trust that can take months, if not years, to rebuild.  In their guidance document, Regulation of health apps: a practical guide, d4 make the following recommendations:

  1. Health professionals should carefully consider the risks when using apps to determine a patient’s care.
  2. Developers should test their apps thoroughly and maintain adequate technical documentation to evidence this.
  3. Publishers should ensure compliance with the necessary regulations before releasing apps on to the market.
  4. Organisations should investigate ways to manage the use of apps by their employees, and put in place mechanisms to identify those apps that are deemed fit for professional use.
  5. Patients should examine carefully the source of the apps they use to manage their health.  Within Europe, health apps that influence a patient’s treatment should carry the CE mark to demonstrate their conformity with the appropriate regulation.

“mHealth is a new industry and the regulatory environment is evolving,” said James Sherwin-Smith, CEO of d4. ”Regulators are necessary to safeguard the public and uphold confidence in markets that would otherwise be open to potential abuse. But regulations also need to support, and not stifle, innovation. The regulatory issues that surround health apps are complex and open to interpretation. We hope that this guide provides a useful steer for individuals and organisations alike.”


Notes for editors:

d4 is a non-profit organisation with registered charity status in England and Wales. Founded on the belief that better communication means better care, d4 aims to improve patient care by placing modern technology in the hands of doctors, nurses and other health care professionals. For more information please contact James Sherwin-Smith on 0845 686 3434 or visit the d4 website at

Posted in News, Policy, Press Releases, Research | Tagged , , , , , , | Leave a comment

Regulation of health apps: a practical guide

Doctor with mobile phoned4 have published a new guidance document today on the regulation of health apps (press release).  The document is available for download for free from our website.

Download the guide for free:
Regulation of health apps: a practical guide

The primary purpose of this guide is to highlight the challenges that surround the provision and use of health apps from a regulatory standpoint, whether as a patient, health care professional, application developer, healthcare organisation, pharmaceutical or medical devices company.

As an independent, non-profit organisation, d4 are neither resourced nor qualified to give opinions on legal matters, but we hope that this guide will serve as a useful reference to direct further research and advice.  We also hope that this document will provoke further debate on this topic from interested parties in the UK and across the world.

There are three key questions we wanted to address in this guide:

  1. How are health apps regulated, and how do I know if they are safe to use?
  2. What other issues should I consider if I’m developing a health app?
  3. How can I support the use of health apps across my organisation?

We believe this document will be useful for a variety of different audiences

  • Health professionals and executives
  • Organisations representing the interests of health professionals and patients
  • Policy makers and regulators
  • Healthcare employers, managers and governors
  • Manufacturer and distributors of pharmaceutical products
  • Medical device companies
  • Mobile device manufacturers
  • Mobile network operators
  • Software developers
  • Patients and the general public as a whole

Posted in News, Research | Tagged , , , , , , | 6 Comments

A UK first: Mersey Burns app is registered with the MHRA as a Class I medical device

To mark this important milestone for UK health app regulation, d4 asked Rowan Pritchard-Jones MD FRCS(Plast), the clinician behind the app, to tell us more.

Mersey Burns is a clinical tool for estimating burn area percentages, prescribing fluids using Parkland, background fluids and recording patients’ details. The app works on the Apple iPad™, iPhone® and iPod Touch®, and was developed within the Mersey Plastic Surgery Unit.

The inspiration for the app came after supervising junior doctors’ calculation of fluid protocols for burn patients, which requires the calculation of a complex formula under different scenarios.  One of the principal difficulties in these cases is accurately calculating the percentage of the body surface area burned.

With the Mersey Burns app, a doctor can graphically highlight the areas of the patient that are burned and enter some basic statistics such as their age, height and weight.  The app then calculates the necessary fluids protocol to be administered over the 24 hours following burn injury.  The information entered and the results calculated can then be emailed for example, from an outlying hospital to a specialist Burns Unit

Mersey Burns was developed by plastic surgeons at Whiston Hospital with a PhD Computer Scientist.  Once a prototype of the app was made, it was tested against current paper-based methods of burn assessment to confirm accuracy and reproducibility.

Twenty staff, ten from each of plastic surgery/A&E departments at Whiston Hospital were given a photograph of a burn-injured child and asked to calculate total body surface area (TBSA), Fluid Resuscitation and maintenance fluids using paper or app.  There was no significant difference between the app or paper TBSA assessment, but there was significantly less variance in the app assessment compared to paper assessment with respect to total fluid, and background fluid requirements.

The research confirmed that the Mersey Burns Tool App is an appropriate tool for calculating the TBSA and fluid management of burn injured patients. Furthermore, it delivers improved accuracy with respect to resuscitation and background fluid calculation.  It is hoped therefore that the app will improve patient outcomes.

A declaration of conformity has been accepted by the MHRA to demonstrate that the software medical device is compliant with the essential requirements and other relevant provisions of Medical Devices Directive 93/42/EEC.  Medicapps Ltd can therefore be found listed on the MHRA register as the manufacturer of the Burns Assessment medical device.

Posted in News, Use Cases | Tagged , , , , | 4 Comments