Digital health includes a wide range of spheres, such as healthcare IT, mHealth, wearables, telehealth, and personalized medicine. These technologies listed have a great impact on the patients’ health and therefore are severely regulated by the US legislation.


To begin with, the Food and Drug Administration (FDA) and its Center for Devices and Radiological Health (CDRH) and Center for Biologics Evaluation and Research (CBER) are the organizations responsible for medical device premarket review and the regulation of devices associated with blood collection and processing procedures, cellular products and tissues.


The FDA provides clarity to establish the balance between the risks and benefits of digital healthcare and works with the following topics: wireless medical devices, mobile medical apps, health IT, telemedicine, medical device data systems, medical device interoperability, software as a medical service, general wellness, and cybersecurity.


The FDA has established the Digital Health Program that promotes collaboration and outreach to digital health customers; it develops and implements regulations and policies for digital health technologies. The FDA defines the three main categories for the medical devices according to the risk to patients are posed by the devices — low, moderate, and high: Class I, Class II, Class III respectively. This classification results in what regulations impact the device.


Before marketing, a medical device producer has to obtain the FDA’s clearance or approval. The procedure requires registration of the medical producer’s facilities, listing of the devices, and following the requirements. There are several ways to get the product onto the market with the FDA’s permission: premarket approval application (PMA) and 510(k) notification. PMA includes clinical studies and evidence proving that a device is safe and effective. It is usually applicable to the new or high-risk devices. FDA permission, in this case, is called approval. It is usually applied to the new devices or the high-risk ones. 510(k) notification is a demonstration that the new product is equivalent to the device already present on the market (has the same intent and technological characteristics). The final conclusion, in this process, is called FDA clearance.


The Office for Civil Rights (OCR), being a part of the U.S. Department of Health & Human Services (HHS), implements Health Insurance Portability and Accountability Act (HIPAA). It regulates the privacy and security of the health data and enforces notifications of health information breaches. It also controls frauds and abuses in the healthcare system. According to the HIPAA requirements, HHS declares five rules: the Privacy Rule (regulates Protected health Information), the Transactions and Code Sets Rule (standardizes and simplifies healthcare transactions), the Security Rule (complements the Privacy Rule, dealing specifically with Electronic Protected Health Information, defining standards for the administrative, physical, and technical spheres), the Unique Identifiers Rule (identifies healthcare providers with the unique National Provider Identifier), and the Enforcement Rule (sets penalties for breaking HIPAA rules).


In addition, there is Healthcare Information Technology for Economic and Clinical Health Act (HITECH Act) that enables HHS to spend $25.9 billion for promotion and expanding the healthcare IT. It sets EHR adoption and implementation in the national scope as a critical goal. Federal Food, Drug, and Cosmetic Act (FD&C Act) regulates healthcare apps that pose a higher risk to the users if they do not function properly. FTC’s Health Breach Notification Rule ensures the provision of notification following personal health record info breaches.


To sum up, there are many laws and regulations for the healthcare devices, wearables, applications, and other technologies. It is quite hard to figure out which one can be applied to your product. Here is a great interactive tool provided by the Federal Trade Commission that can help you answer this question:
Glorium Technologies, having been present on the healthcare software development market for more than six years, delivers solutions in compliance with all the regulations mentioned. And we are always ready to provide you with the necessary information.