FDA Mobile Health App Compliance

Evaluate mobile medical app compliance with FDA guidance, 21 CFR Part 11, data security, clinical validation, and app store requirements

MedtechBiotechHealthcareTechnology25 minutes18 questions

1. FDA Regulatory Determination

Have you determined if your app is a medical device per FDA guidance?*

FDA regulates apps that: diagnose disease, treat/cure disease, prevent disease, affect structure/function of body

Is your app classified as Class I, II, or III medical device?*

Classification determines regulatory pathway: Class I (general controls), Class II (510k), Class III (PMA)

Are wellness/fitness features clearly distinguished from medical claims?*

FDA enforcement discretion for wellness apps (general fitness, healthy eating) vs. medical device apps

2. Clinical Validation & Evidence

Is clinical validity demonstrated through peer-reviewed studies?*

Algorithm validation, accuracy studies, clinical outcomes data for intended use

Are intended use and indications for use clearly defined?*

Labeling specifies patient population, clinical conditions, intended use statement

Is clinical decision support (CDS) evidence-based and cited?*

Algorithms based on clinical guidelines, peer-reviewed literature, expert consensus

3. Data Security & Privacy

Is patient health data encrypted at rest and in transit?*

AES-256 encryption for stored data, TLS 1.2+ for network transmission

Are HIPAA Business Associate Agreements executed with cloud providers?*

BAA with AWS, Azure, Google Cloud, or other hosting/storage providers handling PHI

Is user authentication multi-factor for healthcare provider access?*

MFA for clinician accounts, biometric or strong passwords for patients

4. 21 CFR Part 11 Compliance

Are electronic signatures validated and audit-trailed per Part 11?*

21 CFR Part 11: E-signatures legally binding, audit trail of signer identity, date/time

Are electronic records tamper-proof with audit trails?*

Part 11.10: Audit trail for record creation, modification, deletion; immutable timestamps

Is system validation documented per Part 11 requirements?*

Validation protocol, test scripts, validation report demonstrating system performs as intended

5. Quality System & Risk Management

Is a Quality Management System (QMS) established per ISO 13485 or FDA QSR?*

21 CFR Part 820: Design controls, CAPA, document control, management review

Is risk management performed per ISO 14971?*

Risk analysis, risk evaluation, risk control measures, residual risk acceptance

Are software updates validated before release?*

Regression testing, validation protocol, traceability to requirements, release notes

6. Post-Market Surveillance

Is adverse event reporting system in place per FDA requirements?*

MDR reporting (deaths, serious injuries within required timeframes), complaint handling

Are app performance metrics monitored continuously?*

Crash analytics, error rates, user feedback, clinical accuracy monitoring

Are app store compliance requirements met (Apple Health, Google Play)?*

App store privacy policies, data use disclosures, age ratings, medical device registration

Please answer all required questions to see your results