Although Class I devices must meet the FDCA standards, they receive
neither clearance nor approval through a formal process and only require
registration of the organization and the device.117 Medical mobile
applications, a significant proportion of the future digital health marketplace,
may require even less scrutiny: the FDA has communicated that many
medical mobile applications will not be subject to regulatory requirements,
including premarket submissions or quality measures, at this time.118 If the
FDA determines it will regulate a type of device, then an organization’s
obligations do not end after the FDA’s review and approval of an
application.119 Organizations must report adverse effects for cleared devices,
such as safety issues and recalls.120 This information enables the FDA to
effectively share such information with consumers.121 Organizations selling
medical devices must report issues using a Medwatch form, including
individual adverse events, device-related deaths, device-related serious
injuries, malfunctions, or reportable events requiring remedial action to
prevent unreasonable risk of substantial harm to the public health.122 The
FDA then posts safety communications, recalls, bans, and emergency
situations for the general public on its Website and via email updates.123
4. Reports and Cybersecurity Guidance
Passed in 2012, the Food and Drug Administration Safety and Innovation
Act (FDASIA) required the FDA, the National Coordinator for Health
Information Technology (ONC), and the Federal Communications
(last updated Sept. 4, 2015).
117. An Overview of the US FDA Regulatory Process for Medical Devices, EMERGO
GROUP (May 5, 2011), http://www.slideshare.net/emergogroup/us-fda-medical-device-regulatory-approval-process.
118. Examples of Mobile Apps for which the FDA Will Exercise Enforcement Discretion,
U.S. FOOD & DRUG ADMIN., http://www.fda.gov/MedicalDevices/DigitalHealth/Mobile
MedicalApplications/ ucm368744.htm (last updated Aug. 1, 2016) [hereinafter Examples of
Mobile Apps] (explaining that the FDA communicated that health apps involving highly
sensitive or confidential information, such as a health condition or individual health data, do
not constitute enough risk to the public to merit FDA scrutiny).
119. 21 C.F.R. § 803.10 (2016); Medical Device Safety, U.S. FOOD & DRUG ADMIN.,
http://www.fda.gov/MedicalDevices/Safety/default.htm (last updated Dec. 16, 2016)
[hereinafter Medical Device Safety].
120. 21 C.F.R. § 803.10.
123. See infra Part II, Federal Food, Drug, and Cosmetic Act, Scope of Application and
accompanying notes. (explaining generally the quality controls imposed on organizations to
ensure consumer safety); Medical Device Safety, supra note 119. The FDA posts
communications on its Website and sends email communications to those who register to
receive them. See, e.g., Medical Device Safety, supra note 119 (referencing specific safety
communications and linking to an email notification sign-up page).