According to a “Client Alert” from Pillsbury Winthrop Shaw Pittman LLP, FDA’s new draft guidance that would exempt from premarket 510(k) review many low-risk medical devices may “smooth the path to market for many medical mobile apps that the FDA’s 2013 guidance suggested would be subject to premarket approval requirements.”

By “certain devices,” the authors mean those that can convert a cell phone into a medical device, such as a thermometer or a stethoscope.

Before the 2013 guidance was released, Bradley Merrill Thompson, General Counsel for the mHealth Regulatory Coalition, thought such apps could be considered medical devices by the FDA. His case study involved a urinary analysis iPhone app — no, you don’t pee on the phone! Listen to this podcast: Beyond Mobile Medical App Guidance – What to Worry About After FDA Publishes Its “Final” Guidelines.

But Pillsbury et al touch on other issues regarding such mobile apps/medical devices:

“All app developers should consider whether their products may face other government oversight or legal challenges. In particular, health information privacy and security is an important aspect of health technology and protection against cyber threats and attacks is crucial. A digitized medical environment, while improving care and access, can be readily exploited by opportunistic hackers. Players in the health IT space should be highly cognizant of this risk and take steps necessary to limit risks to patient safety and the company’s bottom line.”

The lawyers, of course, suggest app developers seek legal counsel before marketing their products. But sooner or later Congress is going to be investigating mobile health apps to see if further regulations — not just FDA regulations — are required.

Before that happens, shouldn’t the pharmaceutical industry (e.g., via  PhRMA) differentiate itself from “wild west” developers by being pro-active in issuing mHealth Guiding Principles for Mobile Health Apps Developed by the Pharmaceutical Industry in much the same manner as it developed other self-regulatory guidelines such as the DTC Guiding Principles and the Code on Interactions With Healthcare Professionals?

IMHO, the answer is YES! Continue reading to see my list of Guiding Principles.”

Based on my reviews of pharma mobile apps to date and my experience developing the eHealth Code of Ethics back in 2000, here are a few “Guiding Principles” that I think PhRMA members should follow:

  • Full Disclosure: Pharma mobile apps must include full disclosure regarding the company that has created the app or the sponsoring pharma company. This includes contact information. The app should also include appropriate disclaimers and Terms of Use that the user MUST agree to before the app will run.
  • Assure Accuracy: If a pharma mobile app relies on algorithms or formulas, it must be validated through rigorous testing and documentation to ensure it works properly (i.e,. calculations are correct). At least one pharma app for physicians — Pfizer’s Rheumatology Calculator — had to be recalled because of “a bug in the app … gives wrong results” (for more on this, read “The First Ever ‘Dear Doctor’ Letter Regarding a Mobile Medical App Recall“).
  • Informed Consent/Good Privacy Practices: Personal health data is very sensitive, and the consequences of inappropriate disclosure can be grave. To protect users, if a pharma mobile app collects personal information, it should include a privacy policy that explains how such data is protected (Security), who owns the data, how users can access the data, where data is stored (on device or on remote web site) and instructions for opting out of data collection. For more on this, read “Many Smartphone Apps Lack Privacy Policies” and “‘Leaky’ Pharma Mobile Apps and the Brave New World of Big Data“.
  • Regulatory Compliance: BRANDED Rx Drug apps MUST comply with applicable FDA regulations such as including ISI (important safety information). Such information should be presented in an easily accessible manner (e.g., on start-up screen). In addition, such apps must be available ONLY from the appropriate U.S. app site (e.g., Apple App Store).
  • HIPAA Compliance: Pharma apps intended to be used by healthcare professionals in the U.S. that collect patient health data must be HIPAA compliant. Apps for use by non-U.S. physicians must obey similar local laws relating to patient data.

I asked readers’ opinions of these principles in my Pharma Mobile App Best Practices Survey, which I invite you to respond to as well (here). The following chart summarizes the results to date:

CLick onimage for an enlarged view.

You get up-to-date results and see more details after you complete the survey yourself. Your comments are welcome.

Soon, I hope to host a Twitter chat to discuss moving forward with drafting a set of Pharma mHealth Guiding Principles. In the meantime, please use the #mHealthEthics hashtag to discuss any issue relating to the ethics of mobile health whether or not it has to do with the pharmaceutical industry.