The long and winding road to federal regulation or oversight of mHealth still has some ground to cover, but a key Food and Drug Administration Safety Innovation Act sub-workgroup has tentative suggestions that are about three organizational layers removed from the FDA.

After a July 19 meeting, the FDSIA subgroup on regulations is sending a batch of tentative recommendations to the FDSIA Workgroup for consideration on the last Friday of July — before those and other ideas go to the ONC’s HIT Policy Committee and then the FDA.

The issues being considered by the regulation subgroup — chaired by Epstein Becker Green attorney Bradley Thompson and Partners HealthCare System’s biomedical engineering director Julian Goldman, MD — have been so complex and potentially impactful to the blossoming mHealth industry, that the exact language of recommendations are still being finalized amid subgroup member debate.

[See also: Sparks fly over mHealth regs.]

Tentatively, though, as Thompson said, HIT and mHealth “should not be subjected to FDA pre-market requirements," except "those areas where it would potentially justify premarket requirements.”

Those exceptions, as most of the subgroup agreed to, would be medical device data systems (which the FDA subjects to low-risk Class 1 regulation requiring mostly just registration and adverse event reporting), medical device accessories that could be added to smartphones, say for diagnostic uses, and “certain forms of high risk” clinical decision support software or apps.

That suggestion is generally following a recommendation by the FDASIA taxonomy subgroup — to classify all of mHealth and HIT as “unregulated” by the FDA but subject to “enforcement discretion,” with those several exceptions.

From a legal perspective, though, some members had qualms about how the “unregulated” and “discretion” portions of the suggestions would be worded.

“That statement maybe creates more problems than it solves. You must acknowledge that FDA already regulates some HIT. This may be perpetuating an ambiguity,” said Meghan Dierks, MD, a Harvard Medical School professor of clinical informatics.

“The concept of enforcement discretion is only for something that’s technically regulated by the entity,” she said.

But, as Thompson said, the charter of the FDASIA Workgroup and its subgroups is “not to design the regulatory system but to define the objectives that the agencies should consider when they design the regulatory system in the fall.”

[See also: Who should oversee mHealth regs?]

If the legal questions get so murky, it could be the federal courts determining the FDA’s regulatory scope of HIT, Thompson said. “But we can determine oversight,” he said, per Congress’ instructions in the Food and Drug Administration Safety Innovation Act, enacted last July. “The ultimate question is should the FDA actively oversee HIT?”

Legal linguistics aise, it seems the subgroup will present that “enforcement discretion” framework, with the several exceptions, to the full workgroup for discussion later this month.

Another recommendation by the FDASIA regulations subgroup is pending specification upon consensus — registration of mobile medical apps.

Registration raises several issues, as Cerner health policy executive Meg Marshall pointed out, among them is possible taxation under the Affordable Care Act, if registration means mobile apps being categorized as medical devices (although there is the exemption for medical device retail sales).

And should apps be registered before going to market or after?

“It would be helpful to require developers to register, and I think we need more active surveillance,” said David Bates, MD, medical director of Clinical and Quality Analysis at Partners Health System, and chair of the FDASIA Workgroup.

Others remain opposed to registration, at least with the pre-market framework.

“If they pose little to no risk, mobile medical apps, then forcing a company — a garage entrepreneur — to register and list their device is unduly burdensome,” said Robert Jarrin, senior director of government affairs for Qualcomm.

There does seem to be some consensus on transparency, however — such as having a federally-encouraged, private sector-run medical app database where patients and consumers can provide and share feedback.

As Anna McCollester-Slipp, a co-founder of Galileo Analytics, said: “Rather than have the FDA approve everything, there would be transparency. We have an online system by which patients or users ... can rate the software, so that you can easily identify bugs and have a much faster rate of iteration.”

Indeed, that dovetails with a tentative suggestion of the subgroup: that the FDA, ONC and Federal Communications Commission use their “collective powers of persuasion to encourage and organize private sector oversight” for the creation of standards, certification of interoperable products used in networks, and a public process for customer rating.