1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Mobile Medical Applications & Platform Validation

Discussion in 'US Medical Device Regulations' started by MarkMeer, May 31, 2016.

  1. MarkMeer

    MarkMeer Well-Known Member

    Joined:
    Dec 3, 2015
    Messages:
    138
    Likes Received:
    62
    Trophy Points:
    27
    Hi,

    Wondering if anyone has any advice (or can direct me to some formal guidance) with respect to how to adequately validate mobile medical application software if it is intended for use on a range of generic devices?

    For example, we have specified some basic system-requirements (e.g. screen-resolutions, memory), and the intent is for users to be able to use the app on their generic Android device (meeting these minimum system requirements).

    In this case, what would be the FDA's expectation of software validation on all the various permutations and combinations of platform manufacturers (e.g. LG, Samsung, HTC...), hardware models (e.g. Galaxy C7, Galaxy S7, Galaxy S7 Edge....), and operating system versions (Android 4.1, 4.4, 5.0, 5.1.1, 6.0,...)?

    On the one hand, such an expectation would be impossible to manage. But on the other hand, I don't know how the software could be properly validated if the specifics of the hardware/OS are not controlled...

    Any suggestions?
    MM
     
  2. Vintage Goose

    Vintage Goose Active Member

    Joined:
    Oct 6, 2015
    Messages:
    70
    Likes Received:
    38
    Trophy Points:
    17
    Hi Mark,

    There us an FDA guidance document on Mobile Medical Applications, http://www.fda.gov/downloads/MedicalDevices/.../UCM263366.pdf.

    On reading, it doesn't answer your question, but does say:"Furthermore, mobile medical app manufacturers are required, as part of the QS regulation (21 CFR 820.30), to appropriately verify and validate their mobile medical apps along with the mobile platform to ensure safe and effective operation of the mobile medical app." I guess this is where you got to in your research.

    Sorry, I can't help any further :(
     
  3. MarkMeer

    MarkMeer Well-Known Member

    Joined:
    Dec 3, 2015
    Messages:
    138
    Likes Received:
    62
    Trophy Points:
    27
    Yup. That was the first place I looked for guidance. ...and overall, I must say, it's not very reassuring. They say things like:

    "Some mobile apps may meet the definition of a medical device but because they pose a lower risk to the public, FDA intends to exercise enforcement discretion over these devices (meaning it will not enforce requirements under the FD&C Act).", and "...we intend to apply this oversight authority only to those mobile apps whose functionality could pose a risk to a patient’s safety if the mobile app were to not function as intended."

    Our risk analysis has not identified any risks to patient safety should the mobile app fail...however, the FDA's continual use of the words "intends", "discretion", and "nonbinding recommendations", doesn't really give much assurance that our risk-analysis will mean anything...

    As far as the statement you quoted: "Furthermore, mobile medical app manufacturers are required, as part of the QS regulation (21 CFR 820.30), to appropriately verify and validate their mobile medical apps along with the mobile platform to ensure safe and effective operation of the mobile medical app.", isn't "appropriately" intended to mean commensurate with risk? Otherwise, for an app intended to be installed on generic Android devices, you'd be conducting validations on a weekly basis!

    Anyway, appreciate your input. I've put in an inquiry to the FDA on this matter. We'll see what they have to say...
     
  4. Ronen E

    Ronen E Well-Known Member

    Joined:
    Jul 31, 2015
    Messages:
    133
    Likes Received:
    70
    Trophy Points:
    27
    Mark,

    Don't read too much into the guidance. The vague language you highlighted is directed, in my opinion, more at legislators than at manufacturers. In plain English, it's saying that the FDA doesn't have the resources to keep up with the flood of mobile medical apps so they're making a rational decision not to regulate (de-facto) the lower-risk ones. Strictly speaking, the FDA has to regulate all non-exempt devices so they have to provide an explanation why they don't, and I guess they can't just say "it's too much for us". If your app is indeed low risk I think you have no reason to worry, at least under the current paradigm. And yes, a documented and updated risk analysis is a proper first line of defence.

    Did you have a look at IEC 62304? There's also this one:

    http://www.fda.gov/downloads/Medica...onandGuidance/GuidanceDocuments/ucm085371.pdf

    Cheers,
    Ronen.
     
  5. MarkMeer

    MarkMeer Well-Known Member

    Joined:
    Dec 3, 2015
    Messages:
    138
    Likes Received:
    62
    Trophy Points:
    27
    Thanks for the reassurance Ronen, but I wish I could be so confident.

    In my experience (with 510(k) submissions & FDA inspections), wherever there is room for interpretation, you can never be sure if what you're doing is "good enough".

    I'm familiar with the FDA guidance you linked to, but it doesn't say much with respect to the variety of hardware/platform combinations possible in the case of Mobile Apps. I think it was developed, assuming that a particular platform has already been established.

    IEC 62304, I'm not familiar with....

    With respect to my inquiry to the FDA, their response is:
    "Your validation process does not have to encompass all possible hardware/operating systems. You should list in the device labeling which hardware or operating systems you have validated with your device/application. That way, users of other platforms will be aware that they should validate your device with their hardware or operating systems." + links to standard guidances + standard disclaimer that it "does not constitute an advisory opinion, does not necessarily represent the formal position of FDA, and does not bind or otherwise obligate or commit the agency to the views expressed".

    So, on the one hand this is positive. ...but also cryptic.
    If we put on our labelling, for example: "validated on Samsung Galaxy S7 running Android v6.0", can we still tell customers they should be able to install and run it on any Android device?