Assessing the Food and Drug Administration’s Risk-Based Framework for Software Precertification with Top Health Apps in the United States: Quality Improvement Study

Abstract

BACKGROUND: As the development of mobile health apps continues to accelerate, the need to implement a framework that can standardize categorizing these apps to allow for efficient, yet robust regulation grows. However, regulators and researchers are faced with numerous challenges as apps have a wide variety of features, constant updates, and fluid use cases for consumers. As past regulatory efforts have failed to match the rapid innovation of these apps, the United States Food and Drug Administration (FDA) has proposed that the Software Precertification (Pre-Cert) Program and new risk-based framework could be the solution. OBJECTIVE: The objective of this study was to determine if the risk-based framework proposed by the FDA's Pre-Cert Program could standardize categorizing top U.S. health apps. METHODS: In this quality improvement study during the summer 2019, the top 10 apps for six disease conditions (addiction, anxiety, depression, diabetes, high blood pressure, and schizophrenia) in the United States Apple iTunes and Android Google Play Store were classified using the FDA's risk-based framework. Data on the presence of well-defined apps features, user engagement methods, popularity metrics, medical claims, and scientific backing were collected. RESULTS: The FDA's risk-based framework classifies an app's risk by the disease condition it targets and what information that app provides. Out of the 120 apps tested, 95 apps were categorized as targeting a non-serious health condition, while only seven targeted a serious condition and 18 apps targeted a critical condition. Since the majority of apps targeted a non-serious condition, their risk categorization was largely determined by what information they provided. The apps that were assessed as not requiring FDA review were more likely than those assessed as requiring review to be associated with the integration of external devices (15/58, 26% vs. 5/62, 8%; P=.03) and health information collection (24/58, 41% vs. 9/62, 15%; P =.008). Apps exempt from review were less likely to offer health information (25/58, 43% vs 45/62, 72%; P <.001), to connect users with professional care (7/58, 12% vs 14/62, 23%; P =.04), and to include an intervention (8/58, 14% vs. 35/62, 55%; P <.001). CONCLUSIONS: The FDA's risk-based framework has the potential to improve the efficiency of the regulatory review process for health apps. However, we were unable to identify a standard measure that differentiated apps requiring regulatory review from those that would not. Apps exempt from review also carried concerns regarding privacy and data security. Before the framework is used to assess the need for formal review of digital health tools, further research and regulatory guidance are needed in order to ensure that the Pre-Cert Program operates in the greatest interest of the public health.