Compliant Cloud Hosting for Mobile Medical Applications

Posted by Rebecca Santorios on January 7, 2016


Compliant cloud hosting gives mobile medical app manufacturers a reliable, secure way to deploy their applications in alignment with FDA and HIPAA regulations.  Software manufacturers entering the digital health marketplace may worry about regulatory requirements, which can be complex and subject to interpretation, especially for newer technologies.  Partnering with a compliant hosting provider, like ByteGrid, can help make this easier.  Our technical staff can bring your product online quickly in our GxP compliant datacenter, while our compliance team makes sure everything is carried out and documented to agency standards. 

What mobile apps are subject to FDA regulations?

The updated Guidance for Mobile Medical Applications, finalized last year, is intended to help companies understand what the FDA expects for mobile apps.  We’ll give a quick overview here, and see how this might impact a company’s search for the right cloud hosting provider.  Some of the document’s highlights:

  • The guidance clarifies what types of mobile apps meet the definition of a medical device, and thus fall under the FDA’s purview
  • Mobile apps include software that is intended to run on a mobile device, as well as web-based applications running on a server and accessed via mobile device (like SaaS running in the cloud)
  • The intended use of a mobile app determines whether it meets the definition of a “device.”  Per the regulations, intended use may be shown by labeling claims, advertising materials, etc.
  • The FDA intends to apply oversight authority only to those mobile apps that are medical devices and whose functionality could pose a risk to a patient’s safety if the mobile app were to not function as intended
  • Even if the app is a medical device, if it is low-risk FDA will exercise enforcement discretion (see also the draft guidance General Wellness:  Policy for Low Risk Devices, released last month) 
  • However, the guidance recommends that all manufacturers of mobile medical apps that may be devices adhere to the Quality System Regulations (QSR), even if they are low-risk

The guidance states that cloud hosting service providers are not considered device manufacturers.  However, a creator of a software system that provides users access to the medical device through such a service (e.g. SaaS), is.  Medical device manufacturers will need to evaluate their cloud hosting provider’s services in accordance with the QSR.  ByteGrid meets all of the supplier quality requirements for regulated companies.  We operate under a mature Quality Management System, have documented policies, procedures and training, and we’re always audit-ready.

Remember, even if your application isn’t subject to FDA oversight, it still needs to comply with HIPAA regulations, if it stores or transmits your users’ personal health information.  ByteGrid has you covered here, too, as our EHNAC accreditation attests.

Contact us today to find out more about how our compliant cloud services can help get your mobile app in the marketplace without regulatory snags.