Mobile Medical Apps as Investigational Devices


Considerations for Using a Mobile Medical App as an Investigational Device

The U.S. Food and Drug Administration (FDA) issued its final guidance on mobile medical applications (MMAs) on Sept. 25, 2013. (The draft was released on July 21, 2011). This guidance was updated on Feb. 9, 2015, to be consistent with corresponding guidance documents for medical device decision systems.[1] This was a necessary update given not only the widespread use of innovative mobile technologies, but also the need for consistency and clarity about similarities and differences among medical device data systems, medical image storage devices and medical image communication devices.

Additionally, several complementary guidance documents[2] and international and engineering standards[3] cover valuable topics that support stakeholder decisions about approaching and implementing design and development, reimbursement, clinical research and regulatory submission. Even though standards and guidance documents are supposed to provide direction to the approach and implementation of Mobile Medical Apps (MMAs) in a clinical research setting, in the experience of Theorem and Decision Driver Analytics (DDA), confusion is abundant in the industry.

In response, Theorem and DDA published their first paper, Mobile Medical Applications in May 2015 to introduce the context, history, design/development, reimbursement, clinical research and basic regulatory frameworks with examples.[4] The paper concluded with an assertion that medical device and biopharmaceutical companies are increasingly looking for avenues to innovate and improve clinical outcomes, and MMAs could offer an avenue to do so.

We also presented an educational webinar, Embracing a Mobile Medical App in a Clinical Development Strategy to Improve Clinical Outcomes, Increase ROI and Lower Costs in June 2015.[5] The webinar, attended by hundreds of stakeholders, evoked deeper questions on design/development, reimbursement, clinical research and regulatory topics. This article presents a deeper discussion of the aforementioned topics, with a total MMA product life cycle approach.



The life cycle of an MMA follows that of a medical device. As such, critical success factors from concept to market at a high level are similar to those for a regulated medical device: effective development and execution of market access strategies comprising design and development, reimbursement, clinical research and regulatory clearance or approval.

Reimbursement and Health Economic Outcomes Considerations

It’s crucial for MMA manufacturers to understand that FDA approval gives manufacturers the legal right to sell their app, but it does not give the marketplace sufficient reason to purchase or use it. For MMAs to be successful in the marketplace, manufacturers must understand the following: 

  • Who are the primary payers and users of the technology?

  • How are they currently incented to pay for or adopt the technology? How may this change in the future as reimbursement changes from a primarily volume-based proposition to one that is value-based?

  • Are there established formal reimbursement pathways currently available for the technology or must they be developed?

  • What are the MMA’s combined clinical and economic value propositions to payers and to users of the technology? 

  • What health economics and “actual use” data are necessary to substantiate the technology’s value propositions?

The current reimbursement environment is complex and evolving. It’s never been more crucial to develop parallel clinical, health economics and reimbursement strategies from the earliest phases of MMA app development. 

Design and Development Considerations

The FDA's final guidance, Content of Premarket Submissions for Software Contained in Medical Devices, issued on May 11, 2015, provides a pathway for development and documentation of the software development lifecycle of a medical app.[6] As with any software medical device, perhaps one of the first responsibilities of the manufacturer is to determine the app’s level of concern. As opposed to ordinal risk classifications of Class I, II and III,[7] level of concern follows a Likert measure of major, moderate and minor to determine the type of development documentation to be submitted with a premarket submission; this is based on how the app directly or indirectly affects the patient or operator.


The reason for bringing this guidance up under design and development considerations is that the documentation recommended for submission is generally the same as that generated during the app software device development and follows widely accepted software quality engineering practices. The design and development sections of submission documentation are a by-product of a properly managed and well-documented medical device software development environment, following sound engineering and good documentation practices, and are not fabricated in afterthought.

At a high level, the manufacturer would need to document hazard analysis, requirements specification, architecture, design specification, traceability and verification and validation information throughout the software development life cycle. At this point, the manufacturer would have determined the level of concern of its app and assessed how much (or little) documentation actually needs to be submitted. For example, documentation for a mobile app that functions simply to gather and report data from a wearable technology to effect some type of behavior modification or clinical outcome will look different than that for an app that controls administration of morphine to affect sedation.

The areas that a manufacturer would need to consider documenting are discussed below:

  • Cybersecurity: Cybersecurity is of acute interest to the FDA and regulators worldwide. The FDA held a two-day public workshop in October 2014, Collaborative Approaches for Medical Device and Healthcare Cybersecurity.[8] Day two of the workshop was dedicated to cybersecurity in medical devices. To continue the dialog, an online forum was created in which stakeholders can participate and review discussion threads on various cybersecurity issues.[9] Additionally, on Jan. 14, 2005, the FDA issued Cybersecurity for Networked Medical Device Containing Off-the-Shelf Software, a valuable reference document for manufacturers.[10] The FDA deems it the manufacturer’s responsibility to understand cybersecurity (information technology) requirements for its app.

  • Hazard Analysis: Unlike heat or electrical energy, an app is not itself a hazard; contact with an app cannot cause injury. However, an app may cause a patient, caregiver or provider to be exposed to a hazard, contributing to a hazardous situation and leading to harm (injury or death). We recommend reviewing IEC/TR 80002-1: Guidance on the Application of ISO 14971 to Medical Device Software, a technical report aimed at risk management of devices containing software.[11] While the report doesn’t specifically call out risk management of apps, recommendations therein are applicable to software medical devices; and apps, after all, are software.

  • Verification and Validation: The FDA's final guidance, General Principles of Software Validation, issued Jan 11, 2002, provides a context and describes the benefits provided by verification and validation and other related good software engineering practices, which help prevent defective apps and recalls.[12] Documentation required for verification and validation activities depends on the app’s level of concern.

  • Traceability: Regardless of the app’s level of concern, documentation must exist demonstrating traceability between system requirements, software requirements, software system test, risk control measures implemented in the app and verification and validation.

  • Human Factors and Usability: The FDA draft guidance, Applying Human Factors and Usability Engineering to Optimize Medical Device Design, issued on June 22, 2011, is a fitting reference, and recommends that manufacturers also review various international standards involving human factors and usability engineering.[13] While ISO/IEC 62366:2007 Medical Devices – Application of Usability Engineering to Medical Devices (updated in 2015) is the primary go-to standard,[14] several other standards may also be examined in parallel to understand overall app life cycle context. Human factors and usability testing can mitigate or entirely eliminate risks surrounding errors due to usability (or lack thereof) of the app.


Clinical Research Considerations

If an MMA is used in research as an investigational device, applicable 21 CFR 812 provisions must be considered. Manufacturers would need to consider FDA guidance on investigational device exemption and follow recommendations and requirements stipulated therein.[15]

  • Transitioning App From Design and Development Into Research: When the app transitions from the development phase into clinical research, it effectively becomes an investigational device. As such, those utilizing an investigational device are very different than those developing it. The manufacturer must ensure that an accurate and understandable translation of device documentation, such as app features and functionality, training manuals and instructions for use, are available to the research team.

  • Development and Implementation of Research Protocol: It’s the manufacturer’s responsibility to ensure the clinical research protocol includes considerations specific to the app investigational device. One example is ownership of a particular mobile device. Will the manufacturer make possession of that particular mobile device (model and platform) an inclusion criteria or will it provision the devices to patients? While most patients may own a mobile device, they may not necessarily own a smartphone mobile device. One possible recommendation in this example would entail including patients who not only possess smartphone mobile devices but also have experience downloading at least one app.

  • Training: Because the app investigational device will be used by various types of individuals, with varying skill sets and comfort levels, multiple levels of training are critical. The manufacturer needs to make help desk staff available to answer questions from the research team, patients and sites. Different training manuals catering to the subjects and sites may need to be developed.



Using a mobile medical app as an investigational device in a clinical research setting - and subsequently achieving clearance or approval - requires manufacturers to pay attention to activities throughout the design/development, reimbursement, clinical research and regulatory submission phases. Following recommendations presented in the available guidance documentation and standards sets the manufacturer up for success. Consulting with professionals with experience in clinical research, securing FDA clearance or approval and developing and implementing comprehensive health economics and reimbursement strategies can further accelerate time to commercial success.

Prithul Bom, MBA, RAC, CSQE, is Senior Director of Medical Device and Diagnostics Development, Chiltern; and Elizabeth Brooks, PhD, is President of Decision Driver Analytics

[1] “Mobile Medical Applications,” Feb. 9, 2015, U.S. Food and Drug Administration,

[2] There are numerous guidances related to MMA development. For a list of many of the basic regulatory guidance documents manufacturers should consider, please see “Mobile Medical Applications (MMA),” a white paper available at:

[3] Some of these standards include: IEC 62304:2006 “Medical device software-Software life cycle processes, available at:; ISO 14155:2011 “Clinical investigation of medical devices for human subjects,” available at:; ISO 13485:2003 “Medical devices – quality management systems – requirements for regulatory purposes,” available at:; ISO 14971:2007 “Medical devices – Application of risk management to medical devices,” available at:; IEC 60601-1-11:2015 “Medical electrical equipment – Part 1-11: General requirements for basic safety and essential performance – Collateral standard: Requirements for medical electrical equipment and medical electrical systems used in the home healthcare environment,” available at:

[4] Bom P, Brooks E, “Mobile Medical Applications,”

[5] “Embracing a Mobile Medical App in a Clinical Development Strategy to Improve Clinical Outcomes, Increase ROI and Lower Costs,” webinar,

[6] “Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices,” U.S. Food and Drug Administration,

[7] Classify Your Medical Device, U.S. Food and Drug Administration,

[8] U.S. Food and Drug Administration,

[9] Handshake,

[10] “Cybersecurity for Networked Medical Devices Containing Off-the-Shelf Software,” U.S. FDA,

[11] IEC/TR 80002-1: “Guidance on the Application of ISO 14971 to Medical Device Software,”

[12] “General Principles of Software Validation,” U.S. Food and Drug Administration, Jan. 11, 2002,

[13] “Applying Human Factors and Usability Engineering to Optimize Medical Device Design,” U.S. Food and Drug Administration,

[14] IEC 62366-1: 2015 “Medical devices-Part 1: Application of usability engineering to medical devices,”

[15] IDE Guidance, U.S. Food and Drug Administration,

© 2024 MJH Life Sciences

All rights reserved.