Health Apps and the Requirements Imposed By the Law

March 6, 2019

If you check Apple’s App Store or Google’s Play Store you will find an overwhelming list of health and fitness apps. This list only gets longer, if you include the number of people who use these apps, as exemplified by the Deloitte 2018 Health Care Consumer Survey. If you are a software developer, is your app on this list?

Medical devices are not by definition only tangible or physical, but can also be intangible like software. In general, software used in health environments can be grouped into four categories, as shown below. Health apps can be found in the two lower categories; they can be either a medical device or for other health use. The term “Software as Medical Device” is often abbreviated to “medical app”.

Software as a medical device infographic

For medical apps, you cannot develop such an app without being subject to government overview, ensuring you comply with the requirements in the law. This article will examine medical app considerations based on European regulatory requirements. Based on a recent report written by the National Institute for Public Health and the Environment (RIVM), it was remarkable to discover that these requirements are not known to all medical app developers.

Difference between the two categories of apps

So, think of your application and determine its functionality. Has it anything to do with disease or a condition of a patient? Does it capture data and state whether you suffer from a certain illness? Is it connected with another apparatus that is controlled by a physician? Does it help to indicate the day with a higher chance of fertility? If your answer to any of these questions is yes, your app will likely be considered a medical device. If all of the questions above can be answered with no, it is likely you do not have a medical device. Unfortunately, this question can be difficult to answer as it depends on the functionality that you assign to your app and the wording that you use in relation to the law, which is complex and difficult to understand. For apps for other health use, the legal requirements are much less rigorous.


The applicable law for medical apps is the Medical Device Regulation, in short, the MDR. It replaces the Medical Device Directive and has become more stringent than its predecessor. It defines the requirements for medical devices in general, and medical apps specifically, in more than 170 pages full of legal language. A correct understanding of these requirements is only favored to those having ample experience and expertise. ProPharma Group’s standard approach in these situations is to apply the following first steps:

  1. Determine whether your health app falls within the scope of the MDR
  2. If so, classify the risk class of your medical app (= medical device)
  3. Decide on the route of conformity assessment

Due to the more stringent demands as described in the MDR, we urge you to ensure that you take the right steps. Because of the report by RIVM and its conclusion that the majority of medical apps studied did not clearly indicate fulfillment of legal requirements, the government, i.e. the inspection, will keep a close eye on this topic.


July 6, 2017

How to Write an Effective Quality Investigation Report

In 2016, the FDA issued hundreds of 483 observations across the Drug and Device industries for failing to thoroughly review or investigate issues. This topic consistently hits the top five most...

July 22, 2014

The Difference Between Quality and Compliance, Part II

In a blog earlier this month, I mentioned that there are recent initiatives underfoot that FDA hopes will create FDA-industry partnerships, increase transparency, utilize data more effectively, and...

A person scanning a prescription medication into the computer

August 15, 2023

What is the Drug Supply Chain Security Act (DSCSA)?

Update: The FDA has recently granted a one-year extension until November 27, 2024, for the enforcement of system-wide electronic interoperable systems that track products throughout the supply chain....