Policy for Device Software Functions and Mobile Medical Applications
This guidance outlines FDA's regulatory approach for device software functions and mobile medical applications. It focuses on software functions that meet the definition of a medical device and are either intended to be used as an accessory to a regulated medical device or to transform a mobile platform into a regulated medical device. The guidance clarifies which software functions FDA intends to regulate and which ones will be subject to enforcement discretion based on risk level.
What You Need to Know? 👇
What is the scope of FDA’s regulatory oversight for mobile medical applications?
FDA focuses regulatory oversight only on software functions that are medical devices and whose functionality could pose patient safety risks if they fail to function as intended, regardless of platform.
Which software functions qualify as mobile medical applications under FDA regulation?
Mobile medical apps are software applications that meet the device definition and either serve as accessories to regulated medical devices or transform mobile platforms into regulated medical devices.
What software functions does FDA consider exempt from device regulation?
FDA does not regulate software for general reference (medical textbooks), educational tools, patient education, office operations, generic aids, wellness tracking, and EHR interactions that don’t perform medical device functions.
For which device software functions does FDA exercise enforcement discretion?
FDA exercises enforcement discretion for software that helps patients self-manage conditions without specific treatment suggestions or automates simple tasks for healthcare professionals, as they pose lower patient risks.
What regulatory requirements apply to device software function manufacturers?
Requirements depend on device classification but may include establishment registration, device listing, Quality System regulation, labeling requirements, premarket submissions, and medical device reporting based on risk level.
How can manufacturers determine if their software requires FDA oversight?
Manufacturers should review this guidance, use FDA’s Product Classification database, contact FDA’s Digital Health Center of Excellence, or submit a 513(g) request for official classification determination.
What You Need to Do 👇
Recommended Actions
- Determine if your software function meets the definition of a medical device
- Identify the device classification and applicable regulatory requirements
- Implement a Quality Management System compliant with QS regulation
- Develop and maintain procedures for:
- Design controls
- Risk management
- Verification and validation
- Adverse event reporting
- Corrections and removals
- Register establishment and list devices with FDA if required
- Prepare and submit appropriate premarket submission if required
- Ensure labeling compliance
- Maintain records of design, development, and any changes
- Monitor post-market performance and report issues as required
- Contact FDA for guidance if unclear about requirements for your specific software function
Key Considerations
Non-clinical testing
- Manufacturers must verify and validate their device software functions along with the computing platform
- Testing should ensure safe and effective operation of the device
Software
- Software functions must meet requirements associated with their device classification (Class I, II, or III)
- Quality System regulation applies to software development and maintenance
- Software validation and verification required
- Adequate controls needed for safe distribution, installation and operation
Labelling
- Must comply with applicable labeling regulations in 21 CFR Part 801 for medical devices
- Must comply with 21 CFR Part 809 for in vitro diagnostic products
Safety
- Must implement risk management strategies
- Must have procedures to identify, analyze, correct and prevent software-related causes of patient/user harm
- Must report adverse events under Medical Device Reporting requirements
Other considerations
- Registration and listing requirements apply
- Premarket submission may be required depending on classification
- Corrections and removals must be reported to FDA when required
- Quality System regulation compliance required
- Record keeping requirements apply
Relevant Guidances 🔗
- Content of Premarket Submissions for Device Software Functions
- Off-The-Shelf Software in Medical Devices: Documentation Requirements for Premarket Submissions
- Software Validation for Medical Device Production, Quality Systems, and Device Components
- Cybersecurity in Medical Devices: Design, Implementation, and Premarket Submissions
- Changes to Medical Device Definition for Software Functions Under the 21st Century Cures Act
- Clinical Evaluation of Software as a Medical Device (SaMD)
- Clinical Decision Support Software Functions: Device vs Non-Device Classification
- Content of Premarket Submissions and Lifecycle Management for Artificial Intelligence and Machine Learning-Enabled Medical Devices (Draft)
- Computer Software Assurance for Production and Quality System Software (Draft)
Related references and norms 📂
- ISO/IEC/IEEE 90003: Software engineering – Guidelines for the application of ISO 9001:2015 to computer software
- ISO 13485: Medical devices – Quality management systems – Requirements for regulatory purposes
- IEC 62304: Medical device software – Software life cycle processes
- ISO 14971: Medical devices — Application of risk management to medical devices
- IEEE Std 1012: IEEE Standard for System, Software, and Hardware Verification and Validation