mHealth Laws and Regulations

Mobile health, or mHealth, is a rapidly evolving aspect of technology-enabled health care. 

Smart phones and portable monitoring sensors that transmit information to providers, as well as dedicated application software (apps) which are downloaded onto devices, are used in mHealth. Given its recent emergence into the telehealth field, policies governing the use of this technology are continually being shaped.

The Food and Drug Administration (FDA), the Federal Trade Commission (FTC), and the Federal Communication Commission (FCC) all share jurisdiction over some part of the federal regulation of mHealth.


The Federal Drug Administration (FDA) has the responsibility of regulating equipment or software intended for use in the diagnosis or treatment of a disease or other condition. With passage of the Food and Drug Administration Safety and Innovation Act in 2012, the FDA was given approval to go forward with its regulatory work on medical apps.
If a device is classified as a medical device, FDA requires registration and listing, premarket notification and/or approval, good manufacturing practices, and post-market surveillance. FDA also regulates the software used in telehealth systems. The FDA does make a distinction and provides guidance on distinguishing what is considered a medical device and what is not.
In February 2015, the FDA issued guidance to provide clarity for mobile medical app manufacturers and other interested parties, which stated the FDA’s intent to exercise enforcement discretion on mobile medical apps that pose a low risk to patients’ safety. Additionally, in February 2015, the FDA also issued guidance stating that it would practice enforcement discretion on medical device data systems (MDDS) devices.  MDDS is a device that is intended to transfer, store, convert or display medical device data without controlling or altering the functions or parameters of any connected medical devices. An MDDS may include software, electronic or electrical hardware, modems, interfaces, and a communications portal.
Notably, this definition does not include devices intended to be used in connection with active patient monitoring.  For more information, see CCHP’s factsheet on the MDDS and Mobile App guidance for more information. 


The Federal Trade Commission (FTC) protects consumers from unfair or deceptive acts or practices as well as false or misleading claims. Where mHealth is concerned, it has focused on the claims companies have made about the effectiveness of their devices or apps. The FTC also has jurisdiction over health data breaches when the entities involved are not HIPAA-covered entities. The FTC has already been active, taking enforcement action against several mobile health app marketers that have not met the requirements of the FTC. The FTC collaborates closely with both the FDA and FCC on areas where there is jurisdictional overlap.


The Federal Communications Commission (FCC) regulates devices that utilize electromagnetic spectrum, or broadcast devices. FCC regulates the device as a communications device, not as a medical device. With potential overlapping jurisdictions, the FCC and FDA entered into a Memorandum of Understanding, where they would collaborate with each other within the areas of their respective agencies.

In 2012, the FCC approved its mobile body area network (MBAN), which allocates an electromagnetic spectrum for personal medical devices. The allocated spectrum would be used to form a personal wireless network, within which data from numerous body sensors could be aggregated and transmitted in real time. This dedicated spectrum would allow for faster and more reliable transmission of information from patient monitoring devices to practitioner.

The rapid pace of development of this field and the wide range of applications available on the market today have also been the source of a number of legal and ethical questions regarding their use.  Questions are being raised regarding privacy protection. With the vast amount of individual health data being generated by remote monitoring and mhealth devices, determining what are actionable health data, who monitors the data, and where it gets stored are challenges that we will need to address as the field evolves. For an interesting discussion on the subject, read Ethical Issues in mHealth: What is Good Enough? on the South Central Telehealth Resource Center Website.