Are mHealth Apps Safe? The Intended Purpose Rule, Its Shortcomings and the Regulatory Options Under the EU Medical Device Framework

  • Eugenio Mantovani
  • Pedro Cristobal Bocos
Part of the Human–Computer Interaction Series book series (HCIS)


This chapter discusses the legality of operating commercially available applications or ‘apps’ for medical purposes in Europe. The meticulous certification process established in the Medical Device Directive (MDD) is seldom applied to mHealth apps. This is due to the application of the concept of “intended purpose”, which allows app developers to create apps that are analogous to medical devices (i.e. having similar functions) but, because they have not been intended by their manufacturers to attain a medical purpose, they do not need to satisfy the stringent safety checks foreseen in the MDD. The chapter highlights two vulnerabilities of this regulatory framework, concerning the reliability of the apps and the traceability of “bad apps”. In response to these concerns, the EU has taken a mixed approach-combining top down regulation with stakeholders’ participation and “self-assessment”. A comparison with the regulation of borderline apps in the United States allows the authors to make a recommendation for future research and policies concerning mHealth apps in Europe.


EU medical device law Intended purpose mHealth apps safety US medical device law 



The authors acknowledge the support of the IRIS project – Interoperable platform for Remote monitoring and Integrated e-Solutions (Grant agreement Nr. BRGEOZ234), funded by INNOVIRIS, the Brussels Institute for Research & Innovation.


  1. Article 29 Data Protection Working Party (2013) Opinion 02/2013 on apps on smart devices. Accessed 21 Dec 2016
  2. Bijker WE (2010) How is technology made?—that is the question! Camb J Econ 34:63–76CrossRefGoogle Scholar
  3. Black J (2002) Critical reflections on regulation 27 Australian Journal of Legal Philosophy 1Google Scholar
  4. Brandon R (2013) Body blow: how 23andMe brought down the FDA’s wrath. Accessed 21 Dec 2016
  5. Callens S (2010) The EU legal framework on E-health. In: Mossailos E, Permanand G, Baeten R, Hervey T (eds) Health systems governance in Europe. Cambridge University Press, CambridgeGoogle Scholar
  6. Chrisafis A (2011) French government “to order women to remove defective breast implants”. Accessed 21 Dec 2016
  7. Cortez N (2014) The mobile health revolution? Accessed 2 Jan 2017
  8. Danzis SD, Pruitt C (2013) Rethinking the FDA’s regulation of mobile medical apps. Accessed 1 Jan 2017
  9. DigitalTrends (2016) Maintain your health and mind with these 15 medical apps. Accessed 5 Dec 2016
  10. European Commission (1994) MEDDEV 2.1/2 guidelines rrelating to the application of: the council directive 90/385/EEC on active medical devices and the council directive 93/42 on medical devices. Accessed 21 Dec 2016
  11. European Commission (2010) 2010/227/: Commission Decision of 19 April 2010 on the European Databank on Medical Devices (Eudamed) (notified under document C (2010) 2363) (Text with EEA relevance) Accessed 11 Dec 2016
  12. European Commission (2011) Manual on borderline and classification in the community regulatory framework for medical devices. Accessed 21 Dec 2016
  13. European Commission (2012a) Proposal for a regulation of the European parliament and of the council on medical devices, and amending directive 2001/83/EC, regulation (EC) No. 178/2002 and regulation (EC) No. 1223/2009. Accessed 15 Oct 2016
  14. European Commission (2012b) Evaluation of the “European databank on medical devices”. Accessed 21 Dec 2016
  15. European Commission (2013) Commission recommendation on a common framework for a unique device identification system of medical devices in the union text with EEA relevance. Accessed 17 Dec 2016
  16. European Commission (2014a) Green paper on mobile health. Accessed 21 Dec 2016
  17. European Commission (2014b) EU consultation on mHealth. Accessed 5 Dec 2016
  18. European Commission (2016a) Market surveillance and vigilance. Available at: Accessed 1 Nov 2016
  19. European Commission (2016b) MEDDEV 2.1/6 guidelines on the qualification and classification of stand alone software used in healthcare within the regulatory framework of medical devices. Accessed 13 Dec 2016
  20. European Commission (2016c) EU guidelines on assessment of the reliability of mobile health applications. Accessed 13 Dec 2016
  21. European Commission (2016d) Code of conduct on privacy in mHealth. Accessed 13 Dec 2016
  22. European Communities (1990) Directive 90/385 on the approximation of the laws of the member states relating to active implantable medical devices. Accessed 10 Oct 2016
  23. European Communities (1993) Directive 93/42 concerning medical devices. Accessed 21 Dec 2016
  24. European Communities (1998) Directive 98/79/EC of the European parliament and of the council of 27 October 1998 on in vitro diagnostic medical devices. Accessed 13 Nov 2016
  25. European Court of Justice (2012) C129/11 Brain Products GmbH v. BioSemi VOF. Accessed 12 Oct 2016
  26. European Union (2000) Directive 2000/31/EC of the European parliament and of the council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the internal market (‘Directive on electronic commerce’). Accessed 16 Nov 2016
  27. European Union (2001) Directive 2001/83/EC of the European parliament and of the council of 6 November 2001 on the community code relating to medicinal products for human use. Accessed 16 Nov 2016
  28. European Union (2003) Commission directive 2003/94/ECof 8 October 2003 laying down the principles and guidelines of good manufacturing practice in respect of medicinal products for human use and investigational medicinal products for human use. Accessed 16 Nov 2016
  29. European Union (2005) Directive 2005/29/EC of the European parliament and of the Council of 11 May 2005concerning unfair business-to-consumer commercial practices in the internal market and amending council directive 84/450/EEC, directives 97/7/EC, 98/27/EC and 2002/65/EC of the European parliament and of the council and regulation (EC) No 2006/2004 of the European parliament and of the council(‘Unfair Commercial Practices Directive’). Accessed 16 Nov 2016
  30. European Union (2007) Directive 2007/47/EC of the European parliament and of the council of 5 September 2007 amending council directive 90/385/EEC on the approximation of the laws of the member states relating to active implantable medical devices, council directive 93/42/EEC concerning medical devices and Directive 98/8/EC concerning the placing of biocidal products on the market. Accessed 17 Nov 2016
  31. European Union (2011) Directive 2011/83/EU of the European parliament and of the council of 25 October 2011on consumer rights, amending council directive 93/13/EEC and Directive 1999/44/EC of the European parliament and of the council and repealing council directive 85/577/EEC and directive 97/7/EC of the European parliament and of the council. Accessed 15 Nov 2016
  32. European Union (2012) Treaty on the functioning of the European union. Accessed 3 Aug 2016
  33. Fiedler BA (2016) Managing medical devices within a regulatory framework. Elsevier, Cambridge, MAGoogle Scholar
  34. Forsström J (1997) Why certification of medical software would be useful? Int J Med Inform 47(3):143–151CrossRefGoogle Scholar
  35. Google Play (2013) COPD – NHS decision aid. Accessed 5 Dec 2016
  36. Google Play (2016) Telemed. Accessed 5 Dec 2016
  37. Hanlon B, Thiel S (2016) The mobile health application revolution: tapping its potential. Accessed 3 Jan 2017
  38. Hildebrandt M (2015) Smart technologies and the end(s) of law: novel entanglements of law and technology. Edward Elgar Publishing, CheltenhamCrossRefGoogle Scholar
  39. Huckvale P, Tilney B, Car (2015) Unaddressed privacy risks in accredited health and wellness apps: a cross-sectional systematic assessment. BMC Med 13:214CrossRefGoogle Scholar
  40. IHS report (2013) The world market for sports & fitness monitors—2013 EditionGoogle Scholar
  41. International Telecommunications Union (2014) Filling the gap: legal and regulatory challenges of mobile health (mHealth) in Europe. Accessed 21 Dec 2016
  42. Itunes (2015) Self-help for anxiety management. Accessed 20 Dec 2016
  43. Keogh B (2012) Poly implant Protheses(PIP) breast implants: interim report of the expert group. Accessed 22 Dec 2016
  44. Kramer DB, Xu S, Kesselheim AS (2012) Regulation of medical devices in the United States and European Union. N Engl J M 366(9):848–855CrossRefGoogle Scholar
  45. Lurie J (2003) Error-free software is in reach, but is anyone reaching?. Accessed 1 Aug 2016
  46. Mantovani E, Guihen Barry B, Quinn P, Habbig A-K, De Hert P (2013) eHealth to mHealth. A journey precariously dependent upon apps? Eur J ePractice 21:48–66Google Scholar
  47. McFarlane B (2014) FDA regulation ofmobile medical apps. Accessed 21 Dec 2016
  48. Medical Device and Diagnosis Industry (2015) Consumer mHealth app or regulated medical device? Accessed on 14 Nov 2016
  49. Pew Research (2013) Tracking for health. Available at Accessed 2 Sept 2017
  50. Pfizer UK (2011) Dear doctor letter: “Pfizer rheumatology calculator” iPhone/android application — important information. Available at: Accessed 20 July 2016
  51. Prainsack B (2014) The powers of participatory medicine. PLoS Biol 12(4):e1001837CrossRefGoogle Scholar
  52. Quinn P (2013) Medical apps and accountability – where can the patient/consumer find protection? European Journal of Health Law. Fourth Conference on European Health Law, Book of AbstractsGoogle Scholar
  53. Rübsamen K, Sakellariou S (2015) Mobile health apps: are they a regulated medical device?. Accessed 1 Jan 2017
  54. Sorenson C, Drummond M (2016) Improving medical device regulation: the United States and Europe in perspective. Milbank Q 92(1):145–150Google Scholar
  55. United States Congress (1938) Federal Food, Drug, and Cosmetic Act. Accessed 8 Aug 2016
  56. United States Congress (1976) Medical device amendment. Accessed 8 Aug 2016
  57. US Food and Drugs Administration (2013a) Mobile medical Applications. Accessed 6 Dec 2016
  58. US Food and Drugs Administration (2013b) 23andMe, Inc. 11/22/13. Available at: Accessed 6 Dec 2016
  59. US Food and Drugs Administration (2013c) Unique device identification system-final rule. Accessed 6 Dec 2016
  60. US Food and Drugs Administration (2015a) Mobile medical applications. Available at: Accessed 6 Dec 2016
  61. US Food and Drugs Administration (2015b) Medical device data systems, medical image storage devices, and medical image communications devices. Accessed 6 Dec 2016
  62. US Food and Drugs Administration (2015c) Draft guidance for industry and food and drug administration staff. Accessed 6 Dec 2016.
  63. US Food and Drugs Administration (2016a) Examples of mobile apps for which the fda will exercise enforcement discretion. Available at: Accessed 9 Dec 2016
  64. US Food and Drugs Administration (2016b) Medical device accessories–describing accessories and classification pathway for new accessory types. Available at: Accessed 6 Dec 2016
  65. US Food and Drugs Administration (2016c) General wellness: policy for low risk devices. Available at: Accessed 6 Dec 2016
  66. Wired (2014) These medical apps have doctors and the FDA worried. Accessed 8 Aug 2016
  67. Wolf J, Moreau J, Akilov O et al (2013) Diagnostic inaccuracy of Smartphone applications for melanoma detection. JAMA Dermatol 149(4):422–426CrossRefGoogle Scholar
  68. 23andMe (2013) A look At 23andMe’s DNA revolution. Accessed 8 Aug 2016
  69. 23andMe (2016) Order. Accessed 8 Aug 2016

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.LSTS – VUBBrusselsBelgium

Personalised recommendations