- Overview
- Digital Health Technologies
- IRB Submission and Reporting Requirements
- UCSF Device Checklist
- NIH Funded Studies
- Versa
- Resources
Overview
Proposed research involving mobile medical applications (apps) may require additional regulatory determinations if the intended use of the app meets the FDA’s definition of a medical device. The guidance below provides the following:
- FDA Regulatory background for these requirements.
- Steps to take before submitting your proposal for IRB review.
- Best practices for submitting your application for review.
Per the FDA’s guidance, and specifically per the FDA’s Policy for Device Software Functions and Mobile Medical Applications (9/27/2019):
A “mobile medical app” is a mobile app that incorporates device software functionality that meets the definition of device in section 201(h) of the FD&C Act11; and either is intended:
- to be used as an accessory to a regulated medical device; or
- to transform a mobile platform into a regulated medical device.
The intended use of a mobile app determines whether it meets the definition of a “device.” As stated in 21 CFR 801.4,12, intended use may be shown by labeling claims, advertising materials, or oral or written statements by manufacturers or their representatives. When the intended use of a mobile app is for the diagnosis of disease or other conditions, or for the cure, mitigation, treatment, or prevention of disease, or is intended to affect the structure or any function of the body of man, the mobile app is a device under section 201(h) of the FD&C Act if it is not a software function excluded from the device definition by section 520(o) of the FD&C Act.
FDA defines a medical device as "an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including a component part, or accessory which is
- Recognized in the official National Formulary, or the United States Pharmacopoeia, or any supplement to them,
- Intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man or other animals, or
- Intended to affect the structure or any function of the human body or other animals, and which does not achieve any of its primary intended purposes through chemical action within or on the human body or other animals and which is not dependent upon being metabolized for the achievement of any of its primary intended purposes.”
Medical devices may include software applications that run on a desktop computer, laptop computer, remotely on a website or “cloud,” or on a handheld computer, and would be subject to these regulations.
If the mobile app is intended to be used in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, it likely meets the definition of a mobile medical app.
If you are unsure whether the app meets the definition of a Mobile Medical App, contact UCSF’s Regulatory Support Office at [email protected] or submit a Consultation Request Form for a consultation with Regulatory Support.
See “Appendix C. Examples of Software Functions that are the focus of FDA’s regulatory oversight (Device Software Functions and Mobile Medical Apps),” starting on page 24 of Policy for Device Software Functions and Mobile Medical Applications.
Please review the UCSF Device Checklist to determine what regulatory determinations your mobile health app needs.
Digital Health Technologies
The FDA defines digital health technologies (DHTs) as systems that use computing platforms, connectivity, software, and/or sensors for healthcare and related uses. These technologies span a wide range of uses, from applications in general wellness to applications as a medical device. They include technologies intended for use as a medical product, with, or as an adjunct to other medical products (devices, drugs, and biologics). They may also be used to develop or study medical products. Some DHTs may meet the definition of a medical device, while others do not.
To understand whether FDA regulatory requirements apply to a digital health product, Investigators must understand whether the digital health or software product is a device.
Determining regulatory applicability:
If you are unsure whether the app or digital health technology must comply with FDA regulatory requirements, contact UCSF’s Regulatory Support Office at [email protected] or submit a Consultation Request Form for a consultation with Regulatory Support.
See “Appendix C. Examples of Software Functions that are the focus of FDA’s regulatory oversight (Device Software Functions and Mobile Medical Apps),” starting on page 24 of Policy for Device Software Functions and Mobile Medical Applications.
Please review the UCSF Device Checklist to determine what regulatory determinations your mobile health app needs.
IRB Submission and Reporting Requirements
Before you submit to the IRB:
For apps and DHTs that transmit or receive UCSF patient data, please submit the software to the ITS Data Security Group for approval prior to submitting your IRB application. Review the instructions to begin the ITS data security submission process
Please take the following into consideration when submitting research involving mobile health apps and DHTs for IRB review:
Recipients of NIH funds are reminded of their vital responsibility to protect sensitive and confidential data as part of proper stewardship of federally funded research, and take all reasonable and appropriate actions to prevent the inadvertent disclosure, release or loss of sensitive personal information. NIH advises that personally identifiable, sensitive, and confidential information about NIH-supported research or research participants not be housed on portable electronic devices. If portable electronic devices must be used, they should be encrypted to safeguard data and information. These devices include laptops, CDs, disc drives, flash drives, etc. Researchers and institutions also should limit access to personally identifiable information through proper access controls such as password protection and other means. Research data should be transmitted only when the security of the recipient’s systems is known and is satisfactory to the transmitter. Refer to the links below for more information.
Versa
UCSF Versa – a UCSF IT-supported Artificial Intelligence (AI) ecosystem that connects AI tools with UCSF data and systems.
For initial applications:
- If the investigator expects to analyze data on the Versa platform, we’d like to know, but just so we have an idea of how widespread the use is.
- Not applicable to new aims
Already Approved Protocols Now Using Versa Platform:
- There is no need to submit a modification if the study is approved to collect and analyze Electronic Health Record (EHR) or Personally Identifiable Information (PII) data and subsequently the investigator decides to leverage Versa for additional analyses.
Resources
Regulatory Guidance and Policies
- Federal Trade Commission: Developing a Mobile Health App?
- US. Food and Drug Administration (FDA): What is Digital Health?
- U.S. Food and Drug Administration (FDA): Digital Health Criteria
- U.S. Food and Drug Administration (FDA): Digital Health Frequently Asked Questions
- U.S. Food and Drug Administration (FDA): Digital Health Technologies for Remote Data Acquisition in Clinical Investigations