Mobile App Medical Device Patenting and Regulatory Considerations

Healthcare has been on the cusp of a great transformation for many years. In a matter of months the pandemic overtook long-standing barriers and accelerated digital healthcare at a rate few could have predicted. As an angel investor and patent attorney for over 20 years, I see the boom in digital healthcare startups as driven by the increasing penetration of smartphones and improved internet connectivity (with the introduction of 5G), advancements in healthcare IT infrastructure, rising healthcare costs, rising prevalence of chronic diseases, and increased accessibility to virtual care and advanced applications that improve the user experience. Investors love this confluence of factors, and with the twin exclusivity protections afforded by patent and FDA regulatory approvals.

Healthcare is moving toward a consumer-centered model where people can shop for care and share data with an endless array of apps and services. Future care will not be just digital-first and convenient, but also designed around customers’ needs.

  • 25 million people are more likely now to switch providers than they were pre-COVID.
  • Consumers want a multi-touch, digitally-enabled experience and they’re willing to shop for it.
  • 27% of people surveyed have tried telehealth for the first time during the pandemic.
  • Those who are managing a chronic condition were more eager to embrace and see value in the new technology.
  • 74% of first-time telehealth users saying they’re willing to share genetic information and data.

These transformative trends have led to a boom in mobile app medical device investment.  According to Finerva’s HealthTech: 2022 Valuation Multiples, the trailing 12-month median EV/S multiple was 5.6x in the second half of 2021, up from from a 3.6x the previous period and 3x the year prior. HealthTech has the potential to make healthcare more accessible and convenient far beyond the worldwide pandemic.  Global healthcare funding grew 45% YOY in 2020, and then added a further 79% in 2021, reaching a record $57.2bn invested.  Sectors ranging from telemedicine to medical devices to AI healthcare all raised record-high fund.

These trends drive many SaaS entrepreneurs to consider the medical device space. However, medical device companies typically are experienced with FDA regulations and that is a field few software developers are comfortable with.

As they look at the market for software to help healthcare, this is a question many SaaS founders are asking themselves.  The good news is that if you survive the approvals, you may have two independent unfair advantages: FDA and Patent exclusivity.  That is why investors love software medical companies.

What is a software medical device?

The Food and Drug Administration (FDA) recognizes the many functions that software apps (apps) and mobile applications can perform, their rapid innovation rate, and the potential risks and benefits to public health.  The FDA has issued guidance on how the FDA intends use its regulatory authority on select software apps for use on mobile platforms (mobile apps or “mobile app”) or general-purpose computing platforms and has broadly covered the application of software functions on mobile platforms and other general-purpose computing platforms.

The FDA refers to software functions that can include “Software as a Medical Device” (SaMD), and “Software in a Medical Device (SiMD) ), which is software that is integral to (embedded in) a medical device as well as SaMD.

Software functions that fit the definition of a “device” may be deployed on mobile platforms or other general-purpose computing platforms. Software functions that function under the control of a hardware device or may also be used to deploy them. It is possible that your SaaS/software is considered a medical device for FDA regulations, regardless of its function.

The FDA considers a “mobile medical app” as a software function that can be deployed on a mobile platform.  The FDA documentations refer to terms like “mobile medical apps”, “mobile app manufacturers”, “device functions” and “device function manufacturers” do not specify whether the function is deployed on a general purpose-computing platform or a mobile platform.

Section 201(h) of the Federal Food, Drug, and Cosmetic Act21 U.S.C. 321(h)(1), defines a medical device as “an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including a component or accessory, which is . . . (b) intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man or other animals, or (c) intended to affect the structure or any function of the body of man or other animals.” Thus, to be considered a medical device and therefore subject to FDA regulation, your software must meet one of two criteria:

  • It must be intended for use in diagnosing or treating a patient; or
  • It must be intended to affect the structure or any function of the body

Thus, if your software is specifically designed for healthcare professionals to diagnose and treat patients or used in hospitals to manage patient information, the FDA would like view such software as medical devices subject to regulatory review.

Many software apps are not considered medical devices if they do not fall under the definition of a device in section 201(h), Federal Food, Drug, and Cosmetic Act. FDA does not regulate such functions as devices. While some software functions might be considered medical devices, FDA believes they pose a lower risk than others. FDA will therefore exercise its enforcement discretion over them (meaning that it will not enforce the FD&C Act’s requirements).

In accordance with FDA’s current oversight approach, which considers the functionality of the software more than the platform, FDA will apply its regulatory oversight only to medical devices that have functionality that could pose a danger to patient safety. Examples of Device Software and Mobile Medical Apps that FDA is focusing on includes:

  • Software functions that help patients with diagnosed psychiatric conditions (e.g., post-traumatic stress disorder (PTSD), depression, anxiety, obsessive compulsive disorder) maintain their behavioral coping skills by providing a “Skill of the Day” behavioral technique or audio messages that the user can access when experiencing increased anxiety;
  • Software functions that provide periodic educational information, reminders, or motivational guidance to smokers trying to quit, patients recovering from addiction, or pregnant women;
  • Software functions that use GPS location information to alert asthmatics of environmental conditions that may cause asthma symptoms or alert an addiction patient (substance abusers) when near a pre-identified, high-risk location;
  • Software functions that use video and video games to motivate patients to do their physical therapy exercises at home;
  • Software functions that prompt a user to enter which herb and drug they would like to take concurrently and provide information about whether interactions have been seen in the literature and a summary of what type of interaction was reported;
  • Software functions that use patient characteristics such as age, sex, and behavioral risk factors to provide patient-specific screening, counseling and preventive recommendations from well-known and established authorities;
  • Software functions that use a checklist of common signs and symptoms to provide a list of possible medical conditions and advice on when to consult a health care provider;
  • Software functions that guide a user through a questionnaire of signs and symptoms to provide a recommendation for the type of health care facility most appropriate to their needs;
  • Mobile apps that are intended to allow a user to initiate a pre-specified nurse call or emergency call using broadband or cellular phone technology;
  • Mobile apps that enable a patient or caregiver to create and send an alert or general emergency notification to first responders;
  • Software functions that keep track of medications and provide user-configured reminders for improved medication adherence;
  • Software functions that provide patients a portal into their own health information, such as access to information captured during a previous clinical visit or historical trending and comparison of vital signs (e.g., body temperature, heart rate, blood pressure, or respiratory rate);
  • Software functions that aggregate and display trends in personal health incidents (e.g., hospitalization rates or alert notification rates);
  • Software functions that allow a user to collect (electronically or manually entered) blood pressure data and share this data through e-mail, track and trend it, or upload it to a personal or electronic health record;
  • Mobile apps that provide oral health reminders or tracking tools for users with gum disease;
  • Mobile apps that provide prediabetes patients with guidance or tools to help them develop better eating habits or increase physical activity;
  • Mobile apps that display, at opportune times, images or other messages for a substance abuser who wants to stop addictive behavior;
  • Software functions that provide drug-drug interactions and relevant safety information (side effects, drug interactions, active ingredient) as a report based on demographic data (age, gender), clinical information (current diagnosis), and current medications; and
  • Software functions that provide the surgeon with a list of recommended intraocular lens powers and recommended axis of implantation based on information inputted by the surgeon (e.g., anticipated surgically induced astigmatism, patient’s axial length and preoperative corneal astigmatism, etc.)
  • Software, typically mobile apps, that converts a mobile platform to a regulated medical device.
  • Software that connects to a mobile platform using a sensor or a lead to measure and display the electrical signals produced by the heart (electrocardiograph, ECG).
  • Software that attaches a sensor to the mobile platform, or other tools within the platform, to view, record, and analyze the eye movements in order to diagnose balance disorders
  • Software that asks potential donors about their donor history and records and/or transmits those answers to a blood collection facility. This software is used to determine whether a donor is eligible before collecting blood or other components.
  • Software that connects with an existing device type to control its operation, function or energy source.
  • Software that alters the settings or function of an infusion pump
  • Software that regulates the inflation or deflation a blood pressure cuff
  • Software used to calibrate hearing devices and evaluate the electroacoustic frequency, sound intensity characteristics, and emanating from hearing aids, master hearing aids, group hearing aids, or group auditory trainers.

Even though your product isn’t a medical device it can still be regulated by an FDA office or department. For example, the Center for Biologics Evaluation and Research regulates biological products.  The Center for Drug Evaluation and Research regulates drugs for humans. The product can be classified as a drug if it is used in the body’s primary purpose.  Products intended for animal use are regulated by the Center for Veterinary Medicine. The Center for Tobacco Regulation (CTP), regulates tobacco products.

What does it mean if your software/SaaS is classified as a medical device?

The FDA regulates software/SaaS medical device in the same way as other medical devices. If your software/SaaS has been classified by the FDA as a medical device, it will be subject to all applicable regulations, including pre-market approval and approval, postmarket surveillance and labeling requirements. The type of premarketing submission/application required for FDA clearance to market depends on the classification of the medical device (and any applicable exemptions).

FDA classes medical devices according to their risk. This is based on the degree of control required to ensure safety and effectiveness. These classifications include:

1. General Controls of Class I (With or without Exemptions)

2. Class II General Controls and Specific Controls (With or without Exemptions).

3. Premarket Approval and Class III General Controls

SaaS founders need to be aware of the compliance risks that medical devices pose. Data breaches are one of the biggest risks. Medical devices often contain sensitive patient data, which is why they are subject to strict regulations. This data could lead to devastating consequences if it were to become unprotected. SaaS companies who develop medical devices need to take extra precautions to ensure their products are safe.

So who needs to apply for FDA clearance? Is it the entire app eco-system? The answer is no.  The FDA defines a “mobile medical app manufacturer” is any person or entity who initiates specifications, designs, labels, or creates a software system or application for a regulated medical device in whole or from multiple software components.  This term does not include persons who exclusively distribute mobile medical apps without engaging in manufacturing functions; examples of such distributors may include the app stores. Examples of mobile medical app manufacturers include any person or entity that:

  • Creates, designs, develops, labels, re-labels, remanufactures, modifies, or creates a mobile medical app software system from multiple components. This could include a person or entity that creates a mobile medical app by COTS software components and markets the product to perform as a mobile medical app;
  • Initiates specifications or requirements for mobile medical apps or procures product development/ manufacturing services from other individuals or entities (second party) for subsequent commercial distribution. For example, when a “developer” (i.e., an entity that provides engineering, design, and development services) creates a mobile medical app from the specifications that were initiated by the “author,” the “author” who initiated and developed specifications for the mobile medical app is considered a “manufacturer” of the mobile medical app and includes persons or entities who are the creators of the original idea (initial specifications) for a mobile medical app, unless another entity assumes all responsibility for manufacturing and distributing the mobile medical app, in which case that other entity would be the “manufacturer.”  Programmers or developers who implement design and development activities to transform the author’s specifications into a mobile medical app would not constitute manufacturers;
  • Creates a mobile medical app and hardware attachments for a mobile platform that are intended to be used as a medical device by any combination of the mobile medical app, hardware attachments, and the mobile platform;
  • Creates a mobile medical app or a software system that provides users access to the medical device function through a website subscription, software as a service (SaaS), or other similar means.

It is important to note that SaaS companies who develop medical devices could be exposed to greater liability. The SaaS company who developed the device may be held responsible for any damages incurred by a patient whose diagnosis or treatment is made using the device. If you develop medical devices, it is important to have comprehensive insurance coverage. You should also incorporate and comply with corporate formalities to insulate you from personal liability.  You also need to comply with HIPAA security and information management.

Intellectual Property Considerations

The good news is that investors like medical device companies which have double exclusivity obtained through FDA and US Patent and Trademark Office (USPTO) approvals.  As such, the exit point for many medical device companies is an acquisition by cash rich medical public companies.  This approach enables medical devices to skip the large and risky go-to-market (GTM) spend and work required to put products in the hands of consumers. 

Now that we have discussed the FDA review process, we will discuss IP issues for software medical device companies.  Typically, IP includes Patents, Trademarks, Copyrights, and Trade secrets.  All of these topics matter and should be considered carefully. However, we will concentrate on patents to demonstrate how careless drafting and lack of planning can lead to problems, namely unplanned disclosures of your design that can then be used as prior art against your patent application.

In general, you should file patent application(s) as soon as practicable to get the earliest priority dates.  This will help you when you talk to investors, FDA consultants, prototyping firms, and government agencies, among others.  Compliance or other documents filed with any government agency may be considered disclosure to third parties and could make the document public. In general, disclosures to third parties or public availability of an invention trigger a one year statutory bar during which you must file your patent application. Failure to file your application within the required time frame could result in you losing your right to protect your invention.

The information from your FDA application may find its way into FDA databases, including DeNovo, PMA and 510k databases and FDA summaries of orders, decisions, and other documents on products and devices currently being evaluated by the FDA.  Your detailed information may be gleaned from Freedom of Information Act requests on your application.  This risk mandates that you patent your invention quickly.

When you patent your medical device invention, have a global picture of FDA regulatory framework when you draft your patent application. Be mindful of whether your software/SaaS application discusses the diagnosing and treating patients or affecting the structure or function of the body and add language to indicate that such description in the patent application relates to only one embodiment and not to other embodiments.  That way you have flexibility in subsequent discussions with the FDA if you want to avoid classification of your software/SaaS/software as a medical device.  In this way, if you wish to avoid FDA registration and oversight, you have the flexibility to do so.

For some companies, having FDA approval via 510k pathway may be desirable for investors.  As such, the double stamp of approval from the PTO and FDA can be a ticket to increased company valuation for investors or acquirors.


An experienced attorney can assist you in navigating the regulatory landscape and ensure that you comply with all applicable laws. This area of law is complex and constantly changing. It is important that you seek legal advice if you have any questions about whether your software should be registered with FDA and the USPTO.

Patent PC is an intellectual property and business law firm that was built to speed startups.  We have internally developed AI tools to assist our patent workflow and to guide us in navigating through government agencies.  Our business and patent lawyers are experienced in software, SaaS, and medical device technology. For a flat fee, we offer legal services to startups, businesses, and intellectual property.  Our lawyers do not have to track time as there is no hourly billing and no charges for calls or emails.  We just focus on getting you the best legal work for your needs.

Our expertise ranges from advising established businesses on regulatory and intellectual property issues to helping startups in their early years. Our lawyers are familiar with helping entrepreneurs and fast-moving companies in need of legal advice regarding company formation, liability, equity issuing, venture financing, IP asset security, infringement resolution, litigation, and equity issuance. For a confidential consultation, contact us at 800-234-3032 or make an appointment here.