Out-Law News | 21 Mar 2014 | 2:35 pm | 4 min. read
The UK regulator said manufacturers and suppliers of such software, including app stores, would be unable to use disclaimers in their terms and conditions to avoid falling subject to those rules where that software could be said to constitute a 'medical device'.
The new guidance issued by the MHRA on 'stand-alone software' and when such software qualifies as a medical device. The MHRA defined stand-alone software as "software which has a medical purpose which at the time of it being placed onto the market is not incorporated into a medical device". It said that such software can cover mobile apps.
Whether something qualifies as a medical device is important because strict rules, set at EU level, have been laid out to control the safety and marketing of such devices.
Under EU law, a 'medical device' can be software, instruments, apparatus, appliances or other material used by people in specified circumstances.
According to the definition, software can be classed as a medical device where people use it for purposes such as the diagnosis, prevention, monitoring treatment or alleviation of disease or injury or handicap, or for investigation, replacement or modification of the anatomy or of a physiological process, or to control conception.
However, in those cases software only qualifies as a medical device where the purpose of its use by people "does not achieve its principal intended action in or on the human body by pharmacological, immunological or metabolic means, but which may be assisted in its function by such means".
In its guidance the MHRA said that software that supports individuals' decision making by applying "some form of automated reasoning" to data input or sourced from health records are the most likely to fall within the definition of a 'medical device'. It also said that software that uses algorithms to make "a more complex series of calculations" based on that data, for example to calculate dosage, track symptoms or give clinical guidance is another category of software likely to be subject to medical device regulation.
The regulator cited some examples of software likely to be subject to the regulatory regime. These include apps that act as "accessories to medical devices such as in the measurement of temperature, heart rate, blood pressure and blood sugars could be a medical device as are programmers for prosthetics".
"Software that monitors a patient and collects information entered by the user, measured automatically by the app or collected by a point of care device may qualify as a medical device if the output affects the treatment of an individual," the MHRA added.
Software that "provides general information but does not provide personalised advice" is unlikely to be classed as a medical device, even where it targets one particular "user group", it said. Similarly, software that is used for booking appointments, requesting prescriptions or having virtual consultations are "also unlikely to be considered a medical device if it only has an administrative function".
"Some decision support software may not be considered to be a medical device if it exists only to provide information to enable a healthcare professional to make a clinical decision as they ultimately rely on their knowledge," the MHRA said. "However, if the software or app performs a calculation or interprets or interpolates data and the healthcare professional does not review the raw data, then this software may be considered a medical device. Increasingly apps are being used by clinicians who will rely on the outputs from this software and may not review the source/raw data."
The MHRA said that even if stand-alone software is not classed as a medical device it may still have to conform to other rules on product safety and liability, such as the General Product Safety Regulations.
"Any medical device could fail in its purpose, and this, coupled with the inherent uncertainty concerning regulatory issues, means that the potential to cause medical injury should be a significant consideration for any mobile health (mHealth) developer," product liability specialist Manoj Vaghela of Pinsent Masons, the law firm behind Out-Law.com, said.
"According to the MHRA, manufacturers need to comply with various rules in order to circulate their product on the market. For instance, manufacturers need to ensure that the mHealth app meets the definition of a medical device, submit an application to a Notified Body for assessment of the product, register products with the MHRA and apply the CE mark (essentially a stamp of safety which gives a product an EU 'passport')," he said. "Manufacturers and publishers also need to ensure that statements pertaining to 'appropriate use' of the app and watertight terms and conditions, are marketed competently."
"Perhaps the most important consideration is the implementation of an insurance policy which aims to cover any new potential liabilities that may result from a defective mHealth app," Vaghela added. "Given how new the mHealth industry is, sourcing an insurer that understands the risk, and moreover one that is willing to insure the risk, will be important – it may well be that specialist insurance brokers are required to find coverage in some circumstances. Further, the relationship between risks assumed and the insurance available to cover such risks needs to be carefully investigated."
"In the same vein, some of the standard warranties may require revision – so again, mHealth device developers should be aware of what an app is licensed to do, especially if it concerns diagnoses or calculations," the expert added.
Vaghela's comments were originally published within a broader article into the legal framework in the EU for mobile health apps in the E-Health Law & Policy journal (subscription required). The regulation of medical devices within the EU is currently subject to reform.