Mobile Health App Makers Investigated for Fraud into Settlement with the Office of the Attorney General for the State of New York
March 28, 2017
New York State Attorney General, A.G. Schneiderman, has put mobile health application developers on notice - “We won’t tolerate non-evidence-based apps that threaten the wellbeing of New Yorkers”.
On March 23, 2017, AG Schneiderman announced settlements with three mobile health application developers after a year-long investigation into the marketing of mobile health applications distributed through Apple’s App Store and Google Play. Three of the companies targeted in the investigation Cardiio, Runtastic, and Matis each entered into settlement agreements that require the companies to: (1) provide additional information about the testing of their apps; (2) change their ads to make them non-misleading; (3) post clear and prominent disclaimers informing consumers that the apps are not medical devices and are not approved by the FDA; and, (4) to pay $30,000 in combined penalties to the Office of the Attorney General.
The settlements also require the developers to make certain fundamental changes to their apps to protect consumers’ privacy. The developers are now required to (1) secure affirmative consent to their privacy policies for these apps; and (2) disclose what information they collect and share that may be personally identifying, including a users’ GPS location, unique device identifier, and “deidentified” data that third parties may be able to use to re-identify specific users.
Cardiio is an app “downloaded hundreds of thousands of times that claims to measure heart rates” during rigorous exercise, yet the accuracy of the app had not been tested for that purpose. The Runtastic app “purports to measure heart rate and cardiovascular performance under stress” and again, as noted by the N.Y. AG’s office, the developer had failed to test the apps accuracy with users who had engaged in vigorous exercise. Matis, an app downloaded hundreds of thousands of times, had previously claimed that its app could turn any smartphone into a fetal heart monitor, despite the fact that: (1) it had never been approved by the FDA; and, (2) it never conducted a comparison to an FDA approved fetal heart monitor or any other device that had been scientifically proven to amplify the sound of a fetal heartbeat.
In announcing the settlement with these three companies, AG Schneiderman noted that “Mobile health apps can benefit consumers if they function as advertised, do not make misleading claims, and protect sensitive user information”.
Although the Cardiio, Runtastic and Matis settlements primarily involved issues of fraudulent advertising and privacy --- developers of health care apps and software should take notice of the U.S. Food and Drug Administration regulations and guidance’s pertaining to certifications of “Mobile Medical Applications”. Generally speaking, the U.S. Food, Drug and Cosmetic Act prohibits manufacturers from distributing in interstate commerce any new medical device for any intended use that the FDA has not approved as safe and effective or cleared through a substantial equivalence determination. The FDA has determined that mobile medical applications, including those used on mobile phones (“MMA”), are in fact medical devices if they are intended to either: (1) be used as an accessory to a regulated medical device; or (2) to transform a mobile platform into a regulated device. Further, if a MMA is intended for use in performing a medical device function (i.e. for diagnosis of disease or other conditions, or the cure, mitigation, treatment, or prevention of disease) it is a medical device regardless of the type of platform on which it is run.
The Cardiio, Runtastic and Matis settlements are an important reminder that as technology, including the use of telemedicine, continues to integrate steadily into the provision of all manner of patient care, depending upon a health care application’s intended use, the developer of an app could quickly find itself involved in claims that go well beyond false advertising and privacy concerns. Rather, it could get caught up in more serious claims of civil and criminal health care fraud based upon the use of the MMA in treating a patient if there is a submission of a claim for reimbursement under a government health care program.