Mobile Medical Apps In a Regulatory World

Mobile medical apps are related to implantable medical devices such as insulin pumps, yet there may be many other applications that have a broader application and appeal to the general population, not just “sick” patients.

Many mobile app developers from the largest IT firms in the world, like Apple, Google, Microsoft and Amazon, are past masters of data collection, processing and storage. For many of these firms, the creation and management of data center infrastructure is a core element of their business, even if many physical locations of these assets are not owned by the firms themselves. Large firms have perfected the design of their facilities and environments down to the doorknobs. Smaller app developers and new entrants to the mobile app community may also have sophisticated data center companies and infrastructure capabilities for the scope of their apps.

And yet…the word “medical” has introduced a new series of stakeholders, regulators, requirements and responsibilities that cannot simply bolt on to current data center environments and architecture.

There are two categories of mobile medical apps:

The first category includes the apps that the US Food and Drug Administration (FDA) will regulate because they meet the definition of a device preventing, diagnosing or treating a disease — e.g, mobile apps that monitor fetal heart rate (at home) during pregnancy and apps that monitor blood pressure. These apps are subject to FDA requirements and generate large amounts of data that must be stored in a HITRUST-compliant environment.

The second category includes the “wellness” apps that FDA generally does not currently regulate, such as FitBit, Apple Health app, and others. These apps generate large amounts of data that can be handled more like traditional customer data.

FDA-regulated apps pose a new challenge and an invitation for app makers large and small to house data in environments that are FDA and HITRUST compliant on day one and do not require large retrofitting of many facilities that handle much larger amounts of data not subject to these same requirements.

Access to a compliance-focused, purpose-built data environment for mobile medical app data will save developers significant cost and compliance approval delays.

DP Facilities, Inc. is 100% U.S.-citizen-owned and operated. Our flagship data center, Mineral Gap — located in Wise, Virginia (also known as “The Safest Place on Earth”) — is HITRUST CSF® certified, demonstrating that Mineral Gap’s BMS, EPMS, SOC, and NOC systems have met key regulations and industry-defined requirements in colocation, including hybrid cloud, for healthcare and is appropriately managing risk, including HIPAA compliance. Mineral Gap is the first concurrently maintainable designed and constructed Tier III data center in Virginia, certified by Uptime Institute for 99.98-percent availability. Mineral Gap is simply one of the top data centers in the US.