How to Prepare Your Mobile Health App for 510(k) Clearance

If you’re developing a digital health app or other medical device, you’ll need to complete the 510(k) process to have it cleared by the FDA. However, the regulatory pathway for health apps can be confusing. In this guide, we’ll cover how 510(k) clearance for digital health apps works and provide some tips for formulating your submission.

What Is a 510(k) Submission?

The 510(k) submission process is something all medical device developers must complete to bring their product to market in the United States. Under the 510(k) pathway, mobile health app developers must submit a premarket notification to the FDA explaining what their app does, what it should be used for, and how it performs compared to a predicate device.

You need a 510(k) if a medical device is “substantially equivalent” to a device that’s already on the market. Mobile apps are classed as a medical device if they use light, vibrations, or a camera to perform medical functions, or they connect to a separate hardware device designed to perform a medical function.

Do You Need 510(k) Clearance?

The FDA provides detailed guidance on which types of software should be classified as medical devices. Some examples of apps considered to have a medical function include wireless remote controls for cochlear implants, hearing aids, insulin pumps, and apps that monitor cardiac function.

Other regulated digital health apps include clinical monitoring and remote diagnostic tools. The FDA also states that it exercises enforcement discretion for some medical applications. For example, it considers apps that automate simple tasks for health care professionals or help users manage a medical condition without providing specific medical suggestions individually. 

These apps technically meet the criteria of mobile software as a medical device (SaMD) but are unlikely to present a risk to users, so the developers won’t be required to submit a premarket review application.

The FDA’s policies don’t apply to mobile device manufacturers, even if the devices have hardware that could be used for medical purposes. They focus on the developers of the applications themselves. If you’re developing a new health application or making extensive changes to one that’s already on the market, you’ll need to go through the clearance process.

There are three 510(k) types. The standard submission process is comprehensive and suitable for most devices, including those with technological differences from their predicate device.

If the application you’re building matches some preexisting standards, you may be able to use the abbreviated version of the 510(k). This version follows a simpler process, making it easier to demonstrate substantial equivalence.

There’s a special 510(k) for developers who modify an existing application and need to prove their changes won’t alter the safety or effectiveness of the device.

Key Steps in the Submission Process

The 510(k) mobile app submission process aims to confirm that the device is substantially equivalent to something that has already received approval. If a developer meets these criteria, they’ll receive a clearance letter that permits them to market their software in the United States. This clearance isn’t the same as FDA approval. It simply means the FDA agrees the device is equivalent to another one that’s already being sold in the country.

To receive 510(k) clearance, the developer must show that, in addition to being substantially equivalent to an existing approved product, it:

• Hasn’t been banned by the FDA, withdrawn from sale, or had restrictions placed on it
• Hasn’t been rejected for 510(k) approval
• Doesn’t pose an unreasonable risk to public health or safety
• Meets the applicable performance standards for that kind of device

Only certain types of devices are eligible for 510(k) clearance. If the device is intended for use as a component of another product or as a custom device, it won’t be eligible for 510(k) clearance. Devices designed for investigational purposes also aren’t eligible for the 510(k) process.

The FDA will assess the risk level of the device. There are three different risk levels, each of which is subject to a different level of oversight:

• Low-risk devices may sometimes be exempt from premarket notification. Mobile applications that pose a low risk are called Class I devices. If a 510(k) is required, proving substantial equivalence is usually a simple process that doesn’t require clinical data.
• Medium-risk devices are subject to the 510(k) process. Devices and apps in this category fall into Class II, and some clinical data may be required. However, developers are permitted to use data from their predicate device to support their 510(k) submission.
• High-risk devices require premarket approval rather than premarket notification. Class III devices go through a more extensive approval process. Developers must demonstrate that their application or device is safe and effective, which may require extensive clinical data. The FDA also considers the availability of alternative treatments and the level of risk associated with the new app/device when deciding the burden of proof.

It’s unlikely that a mobile application would fall under the high-risk category, as it’s intended for devices that sustain or support life, are implanted, or present a potentially unreasonable risk of injury.

If a mobile application falls into the medium risk category and is substantially equivalent to a predicate application, it would need to go through the premarket notification process.

Technical Considerations for 510(k)-Bound Apps

The FDA software validation process considers several criteria to protect patients and their data. Developers must ensure that robust data handling procedures are in place and their application has a secure architecture to prevent data leaks and tampering.

Erroneous inputs, poor error handling, and insecure data transfer processes can put patients at risk. By following security best practices and thoroughly testing the application to confirm how it handles edge cases, unexpected inputs, and errors from connected devices, developers can ensure users are protected.

Traceability features and detailed logs are also important. They enable care providers to look through data and understand the user’s previous interactions with the application. Traceability can be a key component of your quality management system, helping prove your app is reliable and provides consistent results.

If an application is intended for use by a health care provider, it must meet stringent clinical data requirements, including complying with encryption and data protection regulations. Devices aimed at consumers may have different requirements, but you still need to take steps to protect end-users.

Some key considerations include:

• HIPAA compliance for apps used by health care professionals
• End-to-end encryption
• Secure authentication protocols
• Role-based access controls

If your application transmits data to a server, a full risk assessment and proper security testing are essential. Keep in mind that if you plan to release an application in more than one country, you may also be bound by the regulatory requirements in the other territories in which you intend to operate.

Common Mistakes to Avoid

Many developers underestimate how complex the regulatory pathway for health apps can be. This is especially true for those focused on health apps for consumers, rather than clinical decision support tools or diagnostic devices.

Some common mistakes made by developers include:

• Underestimating the documentation burden: The 510(k) documentation requirements are stringent. Unlike other consumer applications, which are often released with little to no documentation, health applications can’t be learned by trial and error. Developers must provide exhaustive documentation that explains the application’s features and highlights its limitations.
• Skipping usability testing: The FDA requires mobile health apps to be thoroughly tested to ensure they’re reliable and easy to use. If a health care application is overly complex, it may present a risk to users who don’t understand how to configure it or read the results. Medical app usability testing is an essential part of the development process. Before submitting an app to the 510(k) process, carry out extensive testing and be sure to document the results.
• Limited clinical data: Providing clinical data helps increase the likelihood of approval. The extent of clinical data required depends on the risk class of your application. However, even lower-risk devices benefit from thorough tests validated with U.S. patients. If you’re developing a Class II application, you may be able to use data that relates to the predicate device, as long as you haven’t made extensive changes in the development of your own software.
• Poor alignment with predicate: The substantially equivalent requirement is a cornerstone of the 510(k) clearance process. If an application deviates from the predicate’s design in features, underlying workings, or benefits, it may be considered a different kind of device. Review the design of your application carefully and ensure you can prove the application is equivalent to an existing approved product.
• Waiting until it’s too late to start the process: It’s best to start preparing for the submission process well in advance so you can meet the testing and documentation requirements. Depending on the type of application, there may be some revisions required to obtain clearance. 
• Not partnering with an experienced team: If you haven’t navigated the 510(k) process before, it’s best to work with an experienced team so you can avoid common pitfalls. Working with someone who understands the FDA requirements in depth helps prevent mistakes and reduces the likelihood of being declined.

It’s essential to complete the submission process carefully. If you submit a product for 510(k) approval and it’s declined, getting it reviewed by the FDA for approval in the future might be difficult. The FDA clearance process for digital health apps is exacting, and you may need to make significant changes to have your app reconsidered.

How Dogtown Helps You Navigate FDA Compliance

At Dogtown Media, we specialize in mobile-first application development and work with iPhone, iPad, and Android devices. We have experience in many industries, including the medical space, and we can help you navigate the FDA compliance process.

Our developers collaborate with legal and clinical teams to develop applications that meet the requirements of the SaMD submission checklist. Whether you’re looking to develop an application that’s a diagnostic aid for clinicians or a Class I consumer-focused app that wouldn’t require 510(k) clearance, we can work with you to ensure your app meets the relevant FDA mobile health app guidelines.

Our mHealth team understands the strict HIPAA requirements for healthcare applications and has experience with wearables, data validation, and more. We can develop applications to support mental and behavioral health, general wellness, condition management, and remote monitoring.

Ready to Plan Your 510(k) Strategy?

If you have an idea for a mobile health application and want to ensure your app meets the criteria for release and marketing in the United States, contact Dogtown Media today. We’re ready to help you build a product designed to support the 510(k) clearance process.

Contact us now to tell us about your project.