mHealth Laws and Regulations

A relatively new and rapidly evolving aspect of technology-enable health care is mobile health or mHealth, the provision of health care services and personal health data via mobile devices.

Smart phones and portable monitoring sensors that transmit information to providers, as well as dedicated application software (apps), which are downloaded onto devices are used in mHealth. Given its recent emergence into this field, policies governing the use of this technology is continually being shaped.

The Food and Drug Administration (FDA), the Federal Trade Commission (FTC), the Federal Communication Commission (FCC) and the Department of Health and Human Services (HHS) all have some jurisdiction and will be establishing federal policies for this newest telehealth modality.


The FDA is has the responsibility for regulating equipment or software intended for use in the diagnosis or treatment of a disease or other condition. It has made strides in developing policy on mHealth. With passage of the Food and Drug Administration Safety and Innovation Act in 2012, the FDA was given approval to go forward with its regulatory work on medical apps.

If a device is classified as a medical device, FDA requires registration and listing, premarket notification and/or approval, good manufacturing practices, and post-market surveillance. FDA also regulates the software used in telehealth systems. The FDA does make a distinction and provides guidance on distinguishing what is considered a medical device and what is not.

The FDA has focused much of its attention on the regulation of mobile apps, and is in the process of developing  guidelines for them. The yet-to-be-finalized regulations essentially view apps as an accessory to a medical device, or would “transform” a mobile platform into a medical device that would be subject to the FDA’s regulations.


The FTC protects consumers from unfair or deceptive acts or practices as well as false or misleading claims. Where mHealth is concerned, it has focused on the claims companies have made about the effectiveness of their devices or apps. The FTC also has jurisdiction for health data breaches when the entities involved are not HIPAA-covered entities. The FTC has already been active, taking enforcement action against several mobile health app marketers that have not met the requirements of the FTC. The FTC collaborates closely with both the FDA and FCC on areas where there is jurisdictional overlap.


FCC regulates devices that utilize electromagnetic spectrum, or broadcast devices. FCC regulates the device as a communications device, not as a medical device. With potential overlapping jurisdictions, the FCC and FDA entered into a Memorandum of Understanding, where they would collaborate with each other within the areas of their respective agencies.

In 2012, the FCC approved its mobile body area network (MBAN), which allocates an electromagnetic spectrum for personal medical devices. The allocated spectrum would be used to form a personal wireless network, within which data from numerous body sensors could be aggregated and transmitted in real time. This dedicated spectrum would allow for faster and more reliable transmission of information from patient monitoring devices to practitioner.


Having less to do with the regulatory side of mHealth, HHS has been more interested in how mHealth will be used to improve the health of the population and in the delivery of health care services.
Recently, HHS launched its mHealth Initiative. Projects include:

  • The National Cancer Institute (NCI) at the National Institutes of Health’s SmokeFreeTXT program, a mobile smoking cessation service designed for teens and young adults across the United States.
  • HHS Office of Minority Health has launched a collaborative effort in partnership with American Association of Diabetes Educators, AT&T, and Baylor University to investigate the use of smart phones’ secure video streaming by demonstrating live clinician-community health worker directed diabetes self-management education courses.
  • HHS has partnered with the White House to launch the Apps Against Abuse developer's challenge. This national competition calls upon technology developers to create innovative applications that will offer young adults a way to connect with trusted friends in real-time to prevent abuse or violence from occurring.

The rapid pace of development of this field and the wide range of applications available on the market today have also been the source of a number of legal and ethical questions regarding their use.  Questions are being raised regarding privacy protection, and with the vast amount of individual health data being generated by remote monitoring and mhealth devices, determining what are actionable health data, who monitors the data, and where it gets stored are challenges that we will need to address as the field evolves. For an interesting discussion on the subject, read Ethical Issues in mhealth: What is Good Enough? on the South Central Telehealth Resource Center Website.