FDA-Approved Medical App Regulations 2021

As a market indicator, it’s good to know that consumers and health care professionals are using and recommending health-related mobile apps at record levels, but it’s also important to brush up on the FDA policy on mobile medical applications. Having a good grasp of these guidelines is vital to avoiding several unpleasant federal government remedies, including significant fines. 

Complying with the complicated set of laws and forms required to obtain FDA approval can feel daunting. While it’s true that the guidelines laid out by the agency are lengthy and sometimes complex, it’s important to note that many organizations working with mobile medical apps won’t need to adhere to these FDA regulations. 

Those that are required to comply with the FDA guidelines around mobile medical apps will find it relatively straightforward to work the basic process. This article will walk you through the general guidelines for how the FDA approves mobile medical apps and which categories of apps are subject to the regulations.

FDA guidance on mobile medical apps

The FDA first issued the Policy for Device Software Functions and Mobile Medical Applications Guidance, or “Mobile Medical Applications,” in 2013. 

The initial intention of this policy was to provide a framework for the oversight of software functions that could “impact the functionality or performance of traditional medical devices,” according to this 2019 FDA memo. The FDA updated the policy in 2019 to reflect changes in how devices were defined, in accordance with Section 3060 of the FDA’s 21st Century Cures Act. The FDA also clarified that the “policies for software are function-specific and apply across platforms.”


In essence, the 2019 update removed the phrase “mobile application” and replaced it with “software function,” as it is described in the policy’s current title.

Mobile medical app: A software application able to be executed on a mobile platform or a web-based software application tailored to a mobile platform but executed on a server. 

Mobile platform: A handheld, wired or wireless commercial computing platform or a web-based software application tailored to a mobile platform but executed on a server. For example, mobile phones and tablets fit into this definition. 

Medical devices: Machines, apparatus or software used to monitor or treat diseases, provide contraception, diagnose, or manage injuries or handicaps. 

Low-risk general health apps: Noninvasive apps intended to promote wellness versus treating specific diseases or conditions. 

The FDA policy centers on two “device software functions,” software as a medical device (SaMD) and software in a medical device (SiMD)

Health care worker using mobile tablet in hospital. Courtesy Adobe.

A health care worker uses a mobile tablet in a hospital. Courtesy Adobe.

FDA mobile medical app rules

From the start, the FDA’s policy on software functions and medical apps was meant to serve as a flexible document that serves to provide guidance to manufacturers, distributors and other entities. Recognizing that the software and app fields are constantly innovating, the agency updates the policy periodically.

FDA’s rules that apply to mobile health apps are classed by the “apparent level of risk” presented. Risky or invasive devices must be approved. However, devices FDA has not deemed dangerous to users may be exempted from review or completely cleared, especially if they are significantly similar to a product already available on the market. 

Mobile medical app developers must comply with various FDA regulations that overlap with other sectors. For example, developers must be careful around manufacturer claims. Wording is important — an app that supports general wellness might “promote” maintaining a healthy weight, but for a general wellness app, treatment or diagnosis of a weight-related condition is a much stronger claim. 

For instance, while an app meant to support general wellness can be said to promote maintaining a healthy weight, the maker should not claim it can treat or diagnose a medical condition like obesity or anorexia.


Enforcement of the Mobile Medical Applications policy is based on which class an app belongs to. Like other medical devices regulated by FDA, these classifications are determined by a risk-based assessment. The FDA regulates “only those mobile apps that are medical devices and whose functionality could pose a risk to a patient's safety if the mobile app were to not function as intended.”

Class I

These apps are not medical devices, as defined by FDA. Class 1 apps are generally processed within a week. Users self-register and pay the current fee set by FDA. 

Class II

The apps in Class II are similar to those that the FDA has already cleared, even if they are medical devices. Class II apps are typically reviewed within 90 days, but it can take up to 10 months for clearance. 

Class III

These apps fall under the Mobile Medical Application policy regulations, typically because they are among those that the FDA has already decided it will regulate. Class III devices usually take about 36 months, or even longer for apps that require extensive clinical trials. 

Apps exempt from Mobile Medical Application policy compliance

There are a few common categories that medical apps fall into that are not subject to the regulations:

  • Apps that simply provide electronic versions of medical texts or reference materials

  • Those used by health care providers or patients as educational tools

  • Apps that automate health care office operations that are general in scope (those not related to medical treatment or diagnosis)

Mobile Medical Application clearance process

There are five overarching steps for medical app clearance:

  1. Following the guidelines in the Mobile Medical Applications policy, determine the appropriate classification

  2. If required, complete and file FDA form 510(k)

  3. If required, comply with the “quality system requirements” (QSR) as laid out in FDA QSR-21 CFR Part 820*

  4. For organizations located outside the U.S., appoint a U.S. agent

  5. Register with FDA and pay fee

*FDA doesn’t actually certify quality systems. Instead, organizations should be prepared for random inspections to check for compliance with QSR. Also, a manufacturer outsources production of the mobile medical app, that supplier must also comply with QSR requirements. 

What FDA regulations mean for your app

In some ways, the “light touch” approach the FDA has taken with mobile medical apps has a positive impact on the market as a whole. This approach allows for innovation and experimentation. 

Still, rules around topics like manufacturer claims can be challenging to navigate. It’s also true that no matter the class, the clearance process will involve complex, time-consuming paperwork. This is especially true for app types that the FDA has not yet considered. 

Related articles