Digital Health Compliance


“I think the biggest innovation of the 21st century will be at the intersection of biology and technology. A new era is beginning” Steve Jobs

On the Brink of Innovation

You might not know it yet,but you are living in the digital era. You may have heard a friend talk about it, heard something on the news, or even downloaded an app. Whatever it is, digital healthcare is becoming the IT thing. More and more digital health applications are installed on smartphones, a number that is foreseen to grow exponentially. The United States alone is investing some 1.6 billion dollars in digital marketing in 2016, a number that is expected to rocket even higher in 2017. We are moving on from fitness apps to sophisticated ones that can actually measure blood pressure, blood glucose level, or even provide cure to eye diseases like Amblyopia. This can change the way we refer to “healthcare” altogether.


On 23 January 2015 the U.S. Food and Drug Administration (FDA) gave green light for the marketing of medical apps that monitor glucose. People with diabetes can now access and share data with other people in real-time using an Apple mobile device such as an iPhone. Other examples are fitness tracking devices you wear around your wrist or a health insurance card where all your patient data is saved.

So welcome to the digital health era – a cyber space that combines the digital and generics with the health and healthcare allowing for a new space called personalized medicine.

Now, we know it has been an exciting journey so far yet. Is all that glitters gold? Or should we look deeper into what goes on at the back of such applications? For instance, if these applications and wearable replace doctors and lab employees, who can ensure that the data collected by these apps and devices are correct?

Compliance Guidelines for Digital Health

For both smartphone based health applications and wearable computing devices (wearable), different compliance discussions need to be had. Information security, data privacy, classification of medical devices, Electronic Records and GxP are amongst the most imminent ones.

Different key documents have been published by the US government to address the case for compliance:
– Health Insurance Portability and Accountability Act
According to the Health Insurance Portability and Accountability Act (HIPAA) of 1996, the U.S. Department of Health and Human Services promulgates rules and regulations to regulate the privacy and security of medical information. The purpose of the law is to improve portability of health insurance coverage, reduce healthcare fraud and abuse, and to protect individual privacy of personal health records.
– Mobile Medical Applications Guidance for Industry and Food and Drug Administration Staff
This guidance informs manufacturers, distributors, and other entities on how the FDA applies its regulatory authority to select software applications intended for use on mobile platforms (i.e. mobile applications). Some mobile applications may meet the definition of a medical device under section 201 of the Federal Food, Drug, and Cosmetic Act (FD&C Act), but merely because they may pose a lower risk to the public. A majority of mobile applications either does not meet the definition of the FD&C Act or are in a category in which the FDA intends to exercise enforcement discretion.
The FDA applies its regulatory oversight on those mobile applications that are medical devices and whose functionality could pose a risk to a patient’s safety if the mobile application does not function appropriately. This guidance provides clarity and predictability for manufacturers of such mobile applications.
The guidance provides definitions for Mobile Platform, Mobile Application, Mobile Medical Application, Regulated Medical Device and Mobile Medical App Manufacturer.
One example where compliance is central is “Lab on a Chip”. This term stands for a whole laboratory integrated on a microchip. For instance, with a Lab on a Chip you can conduct different blood analyses with one little chip in a few seconds. Compliance here becomes crucial to ensure, that digital health helps patients, physicians, pharmacists, and society. This can help to reduce costs, better health care systems and provide better healthcare solution to poorer countries.
– FDASIS Health IT Report
In April 2014, The Food and Drug Administration (FDA), the Federal Communications Commission (FCC) and the Office of the National Coordinator for Health Information Technology (ONC) published a joint report that contains both strategy and recommendations for the implementation of a risk-based regulatory framework pertaining to digital health and mobile medical applications. The report seeks to implement smart compliance through innovation and patient safety, while avoiding regulatory duplication. Draft guidance and additional guidance
In late January 2015, the FDA posted two new draft guidance on digital health to outline their thinking about low-risk devices intended to promote general wellness and their risk classification approach to medical device accessories.

Compliance Areas of Digital Health

Independent of the scope and application type digital health affects different compliance areas.
A Lab on a Chip, for example, is impacted by different regulations and guidelines. If you take on the pure size argument, then it is a medical device like a blood glucose meter, ISO 13485 and all FDA 21 CFRs for Medical Devices becomes applicable .From a scope of application standpoint, it is rather a full-blown laboratory. For example, if this system transfers data to an open cloud solution, then data privacy and IT security become imperative. A worst case scenario would be the leakage of data and its subsequent use against the patient. If such a Lab on a Chip is used in a clinical trial, Good Clinical Practice (GCP) and clinical trial regulations need to be considered.

Another phenomenon to hit the markets is the 3D printer. Let us think of a 3D printer that produces medicine at home or in a hospital. 3D printers for medicine production are Good Manufacturing Practice (GMP) relevant and might even be Good Pharmacovigilance Practice (GVP) relevant, in case you produce larger quantities. GMP will be applicable here, because you produce a medicine which needs to be in an acceptable quality. GVP will be also applicable here, because you produce a medicine which is used for humans and, thus, needs to be overviewed to guarantee that are no hazards to the patient’s life occur.

Validation of Digital Health Applications

Data integrity and data accuracy are key when it comes to digital health applications. For transmitting health information via different technologies like Wi-Fi or Bluetooth it is important that no information gets lost, if the connections gets lost, which can affect the validity of the data. Therefore, the validation of such applications and devices becomes a significant practice. Health applications must be validated according to FDA 21 CFR part 820 depending on whether the application or device is seen as a medical device or not.


Compliance and digital health – how will they co-exist? Are the existing frameworks enough to secure us as consumers and patients without inhibiting innovation? We will continue to share our ideas on this emerging field. Stay tuned.

Author: KVALITO Consulting


You May Also Like…

Megan Hoo Internship Report

Megan Hoo Internship Report

Three years ago, I made a deliberate choice to pursue science, with a future I’d envisioned myself entrenched in...