Healthcare Policy

Healthcare Policy 14(3) February 2019 : 19-28.doi:10.12927/hcpol.2019.25795
Discussion and Debate

The Regulatory Challenge of Mobile Health: Lessons for Canada

Maria Jogova, James Shaw and Trevor Jamieson


Mobile health (mHealth) is the provision of health or medical services enabled by portable devices. This field is rapidly expanding as the global market for mobile devices grows. mHealth "apps" pose benefits and risks to their users that governments have attempted to address through regulation. There is substantial variability across regulatory bodies in the scope, specificity and robustness of mHealth regulations, with Canada's regulatory framework lacking in two major domains: (1) specificity of existing regulations for mHealth and (2) regulatory clarity for what apps require regulation. If Canada is to be a leader in digital health, it requires a new framework that encourages the growth of an mHealth market that can bring innovative solutions to contemporary healthcare challenges while maximizing user benefits and minimizing harms.


Mobile health (mHealth) is the use of portable devices, such as smartphones and tablets, for the provision of health or medical services (Cortez et al. 2014). These services are defined broadly, encompassing diagnosis and management of conditions and support for general health, well-being and fitness (Cortez et al. 2014). Services tend to be provided in one of three ways: (1) software applications ("apps") that allow users to enter and receive information, (2) pre-existing hardware (e.g., microphones, cameras) installed on portable devices and (3) external devices attached to portable devices that receive/generate information of interest (e.g., an attachment allowing a smartphone to read an electrocardiogram).

As mobile device use increases worldwide, so does the use of mHealth, creating new medical and legal challenges. These challenges include the demand to protect consumers from the risks of mHealth apps while at the same time leveraging mHealth services to improve healthcare delivery, quality and safety on both personal and population levels. Despite Canada's allocation of $800 million to innovation networks and clusters to bolster market competitiveness or through more grassroots funding initiatives, such as the Canadian Medical Association's Joule Program that helps physicians develop, market and adopt new patient care technologies, Canada still lacks a dedicated regulatory framework for mHealth (CMA 2017; Morneau 2017). Not only do regulatory frameworks provide assurances of safety, they also establish credibility for tools among patients and providers and can be structured to align to other international standards; together, these facilitate market access.

In this discussion paper, we provide an overview of the emerging field of mHealth, the current mHealth regulatory landscape in Canada and a brief comparison of Canadian regulation with that of other jurisdictions, and we address the major regulatory deficiencies related to software apps in Canada, providing concrete regulatory considerations. We believe that Canada can be a leader in mHealth, but only with a specific, clear and enforced set of standards that is in concordance with international regulatory efforts.

The Rise of mHealth

By 2020, an estimated 2.6 billion people globally will use mHealth apps, generating a market estimated at US$31 billion (Research2Guidance 2016). By the end of 2016, over 259,000 apps were available on major app stores for Apple and Android (Research2Guidance 2016). In 2014, 80% of these apps targeted consumers (patients) while 46% addressed primarily fitness and wellness (Research2Guidance 2014). Adoption of this technology more broadly is expected to curtail rising healthcare costs and improve patient care, monitoring, treatment adherence and healthcare access (Research2Guidance 2016). A report commissioned by the Group Spéciale Mobile Association predicted that, by 2017, adoption of mHealth could facilitate treatment of an additional 24.5 million patients and generate €99 billion in savings for the EU (including €65 billion from disease prevention) (PriceWaterhouseCoopers 2013). Data collection via mHealth and peripheral devices has also enabled the rise of the so-called "quantified-self" movement in which users and app manufacturers collect personal biophysical data and which will ultimately become the key source of "Big Data" used to generate personalized evidence-based recommendations (Fernandes et al. 2012).

The rise of mHealth raises concerns around app safety, efficacy and user privacy. Of the 1,500 health apps assessed by the New England Centre for Investigative Reporting, 20% claimed to treat or cure medical conditions, often with little evidence (Sharpe 2012). Examples are plentiful. Dermatological applications have come under particular scrutiny; a validation study found that three out of four apps evaluated misclassified over 30% of melanomas as "unconcerning" (Wolf et al. 2013). In systematic reviews, self-management apps for asthma and diabetes and apps serving as opioid dosing conversion calculators were deficient in measures that could adversely impact patient safety (Demidowich et al. 2012; Haffey et al. 2013; Huckvale et al. 2012). There is minimal involvement of health professionals in app development, and many apps do not adhere to public health guidelines (Cortez et al. 2014). Concerns about adequate protection of user data and privacy have also surfaced. Systematic reviews, and one study of diabetes-specific apps, have found that 30%–80% have no privacy policy or send data to undisclosed third parties – often without notifying users (Ackerman 2013; Blenner et al. 2016; Hutton et al. 2018). The regulatory challenge is to address these legitimate problems while fostering an mHealth market that lives up to its potential to benefit healthcare systems while promoting, rather than stifling, innovation.

Current Canadian Regulatory Landscape and Challenges

Canadian mHealth regulation is overseen by Health Canada (HC). HC and federal and provincial governments rely on non-profit, government-funded organizations, such as the Canadian Agency for Drugs and Technologies in Health (CADTH), to provide evidence, research and analysis and set non-binding regulatory standards to assist with decision-making around healthcare technology regulation and to adopt new digital technologies within healthcare systems (CADTH 2018).

Currently, software apps are subject to HC regulation if they meet the legal definition of a medical device (Health Canada 2015). This definition can be summarized as any technology intended for the diagnosis, cure, mitigation, treatment or prevention of disease or to affect the structure or function of a person's or animal's body (Health Canada 2015). Regulation and licensing hinges on the categorization of user risk as per HC guidelines and the app's intended use (rather than actual function) as defined by the app manufacturer (Health Canada 2015). The onus of navigating the regulatory landscape falls on app manufacturers who design, develop and label apps rather than app distributors, vendors and mobile platforms (European Commission DG Health and Consumer 2012; Health Canada 2012). Notably absent from regulatory guidelines is software-specific legislation that addresses or recognizes unique aspects of this technology and regulates these accordingly. Furthermore, even applications for certification of devices classified as being of low risk require, on average, 120 days to process (Health Canada 2012). Finally, app developers must contact HC directly to seek any clarification on existing regulations.

Two major challenges to mHealth regulation and adoption thus emerge in reviewing HC's existing regulations: (1) lack of a specific mHealth regulatory framework and (2) lack of clarity in what guidance is available. Both challenges are associated with further concerns.

Canada Lacks a Specific Regulatory Framework for mHealth

First, Canada lacks a regulatory framework specific to mHealth apps. Although the definition of a medical device encompasses mHealth technologies, the regulatory framework remains tethered to the traditional conceptualization of medical devices as hardware and fails to recognize the rapidly evolving nature of software development. It also fails to address the relationship between software performance and hardware functionality, for instance, that the same app can work differently on different versions of the iPhone or on an Android device.

Several issues stem from this. The first is the financial and opportunity costs of app development. While costs and revenues are difficult to establish, in 2012, the average price of an mHealth app was estimated at US$2 and declining, with few users willing to pay over US$10 for an app (Dolan 2012; Research2Guidance 2016). According to a 2016 mHealth market analysis, 60% of app publishers made less than US$10,000 (Research2Guidance 2016). Upfront costs of certification in Canada vary widely, starting at approximately C$8,000 for those needing a medical device establishment license in addition to C$0–$6,000 depending on the app risk classification for a medical device license (Health Canada 2018). The financial barrier to market entry is therefore evident.

Second, traditional methods of medical device evaluation to establish safety and efficacy are costly and time-intensive and assume that the approved device is relatively static (Chan and Misra 2014). Although this may work for medical equipment, apps are often updated every few weeks, cost little and may function differently on different hardware platforms (Chan and Misra 2014; Danova 2015). This poses a challenge to clinical assessment and to establishing the version of, and platform for, the app being evaluated, particularly as regulations apply to the app and not its associated device (Chan and Misra 2014). Questions arise about how updated versions are evaluated and what constitutes a meaningful alteration to an approved app. Traditional assessment methods are likely to be appropriate only for a small number of apps that function as traditional medical devices and to become a barrier to most software developments and innovations. This is not to suggest that apps should not be assessed for safety and efficacy, but rather to recognize the need for an approach to mHealth evaluation that does not stifle innovation.

Third is the issue of data security (Blenner et al. 2016; Chan and Misra 2014; He et al. 2014). Because app manufacturers and private businesses fall out side the scope of health information legislation such as Ontario's Personal Health Information Protection Act, usage of personal health information collected by app manufacturers is essentially unregulated (MOHLTC 2004). This oversight must be addressed if healthcare providers are to use this technology for patient care. Current regulations incentivize mHealth manufacturers to create apps that do not require regulation, leading to a proliferation of health and fitness apps rather than software directed at complex healthcare challenges (Research2Guidance 2014).

Canada Lacks Clarity in Its Guidance Documents for mHealth

A second major challenge is lack of clarity in existing regulations, which provide little in the way of consolidated, comprehensive, easily understandable guidance for app manufacturers who may not be well-versed in legal or regulatory language. The scope of the "medical device" definition results in apps that do little more than replace a paper and pencil to track blood sugar values, for example, being classified as medical devices (Powell et al. 2014). Consequently, many app developers may choose to forego licensing or even be unaware of its existence. The extent of this problem is unknown because of a lack of systematic tracking of available apps and their compliance with HC regulations. The "intended use" caveat for determining which apps are subject to regulation is difficult to interpret and ripe for abuse by those wishing to avoid the licensing process (Krieger 2016; Lewis and Wyatt 2014). For instance, an app that "treats depression" would be deemed a device, but one that "improves mood" may not.

Regulation in Other Jurisdictions

The deficiencies evident in Canada's current mHealth regulatory landscape are not unique, with other historically, linguistically and culturally similar jurisdictions, such as Australia and the European Union, similarly struggling to develop timely legislation specifically addressing the unique strengths and challenges of mHealth. Thus, although Canada, the US, the European Union and Australia share commonalities in their definitions of what constitutes medical devices and assessment of device risk in regulation, only the US Food and Drug Administration (FDA) has taken a truly proactive and transparent approach to developing perhaps the most robust mHealth regulatory system in the English-speaking world by releasing a plan for a Digital Health Software Precertification (Pre-Cert) Program, set to pilot in 2019 (European Commission DG Health and Consumer 2010, 2012; FDA 2018). This program recognizes the unique and rapidly changing aspects of mHealth apps and aims to streamline the regulatory oversight of software-based medical devices (FDA 2017a).

Contrary to Canada's regulatory guidelines, those of the FDA's pilot program are clearly stated in a single, comprehensive document that provides transparency and guidance to developers using software (FDA 2018). The primary difference in the US approach is their view to fast-tracking product review and market entry. Rather than regulating and assessing devices, this pilot program will look at the device manufacturer's record of producing safe, effective devices and their prior commitment to assessing and monitoring device performance once it reaches the consumer (FDA 2018). Those companies meeting pre-determined standards will qualify for a more streamlined pre-market review that in turn allows for faster market entry, regulatory simplicity and timely product availability while providing an avenue for product evaluation in a real-world setting (FDA 2018). Pre-market review will subsequently depend on a number of factors beyond an organization's pre-certification status and level, one of which is software risk stratification (FDA 2018). It is noteworthy that the FDA opted to adopt risk definitions from the International Medical Device Regulators Forum (IMDRF), which perhaps suggests a view to developing international regulatory standards.

In contrast, mobile apps in both Europe and Australia are regulated as medical devices based on their risk assessment category, much as they are in Canada (European Commission DG Health and Consumer 2012; Australian Government Department of Health Therapeutic Goods Administration 2013). Similar to previous FDA efforts, the UK has now developed a guidance document to allow app manufacturers to determine whether their apps are subject to regulation as medical devices, thus giving manufacturers greater clarity into the process (Medicines & Healthcare Products Regulatory Agency 2018). The US remains unique, however, in developing a separate regulatory schema for mHealth regulation.


It is clear that innovations in regulatory approach are taking place at both national and international levels. The absence of a dedicated regulatory framework in Canada hinders the development of solutions to current national healthcare challenges and our ability to be a leader in digital health. This situation creates concerns around patient safety and use of personal health information and is an unnecessary barrier to mHealth innovation and growth. Although there are challenges to regulating a fast-paced industry with thousands of annual new market entrants, we believe that successful mHealth regulation with devoted, simplified and clear guidelines that recognize the unique aspects of mHealth, address standards for testing app safety and efficacy and lay out expectations for personal health data use will have positive consequences for businesses and consumers alike. For businesses specifically, good regulation may reduce barriers to market entry, stimulate innovation and encourage app developers to engage in the regulatory process. Regulation may reduce consumer risk (and potential legal liabilities) and enable product export.

If mHealth is to move into mainstream medical settings, its success will rely heavily on clinician buy-in and the technology's perceived credibility, making certification worthwhile to give app manufacturers a competitive edge. While no definitive regulatory model yet exists, we endorse the FDA's approach of developing a pre-certification program as part of its Digital Health Innovation Plan to streamline pre-market approval and develop more intensive post-market surveillance with a view to developing a dedicated, comprehensive approach to mHealth regulation (FDA 2017b; Gottlieb 2017). Canada would be wise to look to this precedent to develop its own framework that recognizes the challenges of this rapidly growing market and uses government resources appropriately to determine which software to target. The rapid proliferation of mHealth apps makes it infeasible to independently assess all entries onto the market. A pre-certification program is a solution to this problem that allows for oversight combined with a requirement for post-marketing surveillance that benefits businesses, consumers and regulators alike and allows all parties to harness the benefits of this technology while creating an incentive for developers to establish a culture of safety, quality, effectiveness and product surveillance that reduces further regulatory hurdles. A local framework for a more "agile," that is, iterative, evaluation that accounts for the many differences between software and hardware has recently been proposed, and frameworks like this could also form the basis for a more rational maturity-driven approach to regulation (Wilson et al. 2018).

Even with implementation of a regulatory strategy, questions about the future of mHealth remain. This includes the major issue of regulatory enforcement, which is a particular challenge with software that can be easily downloaded across borders while avoiding regulatory oversight. This issue is difficult to solve. Support of nascent international regulatory efforts may create more regulatory and enforcement feasibility. In fact, multinational regulatory integration would allow mHealth technologies to more rapidly enter national markets without creating the need for app reassessment at each new border provided that differences in certain regulatory aspects, including differing standards for data protection in the US, Canada and the EU, can be reconciled. Such efforts are already under way, with the US FDA working with the IMDRF to develop a harmonized approach towards mHealth terminology, device risk classification, clinical evaluation of mHealth apps and quality control around mHealth and software as medical devices (FDA 2017b).

The challenges of regulating non-physical tools in a globally connected world suggests that additional approaches may also be required. There are many existing non-regulatory mechanisms that could be applied to mHealth from not-for-profit entities (e.g., Health on the Net's trustmarks for health information websites or Canada Health Infoway's certification schema for tools such as Electronic Medical Records) or from for-profit corporations (e.g., the policies and procedures governing the inclusion or exclusion of apps on the Apple Store). However, the latter is unlikely to be a viable mechanism in isolation, given the well-publicized problems with both Facebook (i.e., Cambridge Analytica) and Google (i.e., National Health Service health data breach) when corporate goals and priorities were not in alignment with those of consumers (Powles and Hodson 2017).

What is clear, however, is that Canada must expedite reform of its current regulations if it intends to be a contender in the mHealth field, let alone an innovation leader.

Key Points:

(1) mHealth is a rapidly growing field of technology reaching millions of users that has the potential to improve healthcare delivery, but that also carries risks to patients in its current form.

(2) Canada's current regulation of mHealth faces two major challenges: a lack of regulatory specificity and clarity of regulatory guidelines.

(3) For Canada to become a leader in mHealth, it must look to the regulatory steps taken by the US, the current innovator in this field, to develop its own devoted guidelines that strike a balance between protecting users and promoting innovation. It must also actively engage in nascent multinational regulatory efforts, as neither the regulation of this border-traversing technology nor the realization of its benefits with checks on its risks can feasibly be achieved in isolation.

(4) Regulation can ultimately benefit businesses by adopting standards that would reduce barriers to market entry, stimulate innovation, reduce user risk, enable product export and encourage adherence to regulations.



Le défi de la réglementation des technologies mobiles en santé : leçons pour le Canada


On entend par «technologies mobiles en santé» la prestation de services médicaux ou de santé facilitée par les appareils portables. Ce domaine est en rapide expansion, de paire avec la croissance du marché mondial pour les appareils mobiles. Les applications mobiles en santé présentent des avantages ainsi que des risques pour les usagers, risques que les gouvernements tentent d'atténuer au moyen de réglementations. Il existe, entre les divers organismes de réglementation, d'importantes variations en matière de portée, de spécificité et de solidité des réglementations visant les technologies mobiles en santé. Au Canada, le cadre réglementaire présente des lacunes dans deux domaines d'importance : (1) la spécificité des règlements en vigueur pour les technologies mobiles en santé et (2) la clarté de la réglementation quant à savoir quelle application nécessite une réglementation. Si le Canada souhaite devenir un leader en santé numérique, il faudra un nouveau cadre de travail qui favorise la croissance d'un marché pour les technologies mobiles en santé, lequel apporterait des solutions novatrices aux défis actuels en matière de services de santé tout en maximisant les avantages et en minimisant les dommages pour les usagers.

About the Author(s)

Maria Jogova, MD, Department of Medicine, University of Toronto, Toronto, ON

James Shaw, PT, PHD, Women's College Hospital Institute for Health System Solutions and Virtual Care, Women's College Hospital, and the Institute of Health Policy, Management and Evaluation, Dalla Lana School of Public Health University of Toronto, Toronto, ON

Trevor Jamieson, MD, MBI, Women's College Hospital Institute for Health System Solutions and Virtual Care, Women's College Hospital, and the Division of General Internal Medicine, St. Michael's Hospital, Toronto, ON

Correspondence may be directed to: Maria Jogova; e-mail:


Ackerman, L. 2013. "Mobile Health and Fitness Applications and Information Privacy: Report to California Consumer Protection Foundation." Privacy Rights Clearinghouse. Retrieved October 12, 2017. <>.

Australian Government Department of Health Therapeutic Goods Administration. 2013. "Regulation of Medical Software and Mobile Medical "Apps". Retrieved October 11, 2018. <>.

Blenner, S.R., M. Köllmer, A.J. Rouse, N. Daneshvar, C. Williams and L.B. Andrews. 2016. "Privacy Policies of Android Diabetes Apps and Sharing of Health Information." JAMA 315(10): 1051–52. <>.

Canadian Agency for Drugs and Technologies in Health (CADTH). 2018. "About CADTH |" Retrieved September 10, 2018. <>.

Canadian Medical Association (CMA). 2017. "Joule, a CMA Company." Retrieved October 12, 2017. <>.

Chan, S.R. and S. Misra. 2014. "Certification of Mobile Apps for Health Care." JAMA 312(11): 1155–6. <>.

Cortez, N.G., I.G. Cohen and A.S. Kesselheim. 2014. "FDA Regulation of Mobile Health Technologies." The New England Journal of Medicine 371(4): 372–9. <>.

Danova, T. 2015. "App Update Strategy and Statistics – Business Insider." Business Insider. Retrieved June 6, 2017. <>.

Demidowich, A.P., K. Lu, R. Tamler and Z. Bloomgarden. 2012. "An Evaluation of Diabetes Self-Management Applications for Android Smartphones." Journal of Telemedicine and Telecare 18(4): 235–38. <>.

Dolan, B. 2012. "Just Launched: Our 2012 Consumer Health Apps Report." Retrieved June 6, 2017. <>.

European Commission DG Health and Consumer. 2010. "Medical Devices: Guidance Document-Classification of Medical Devices (No. MedDev 2.4/1 Rev. 9)." European Commission. Retrieved January 14, 2017. <>.

European Commission DG Health and Consumer. 2012. "Guidance Document Medical Devices – Scope, Field of Application, Definition – Qualification and Classification of Stand Alone Software. (No. MEDDEV 2.1/6). European Commission." Retrieved January 14, 2017. <>.

Fernandes, L.M., M. O'Connor and V. Weaver. 2012. "Big Data, Bigger Outcomes." Journal of AHIMA 83(10): 38–43.

Food and Drug Administration (FDA). 2017a. "Press Announcements – FDA Selects Participants for New Digital Health Software Precertification Pilot Program [WebContent]." Retrieved November 3, 2017, <>.

Food and Drug Administration (FDA). 2017b. "Digital Health Innovation Action Plan." Retrieved October 28, 2018. <>.

Food and Drug Administration (FDA). 2018. "Developing Software Precertification Program: A Working Model." U.S. Food & Drug Administration. Retrieved September 10, 2018. <>.

Gottlieb, S. 2017. "Fostering Medical Innovation: A Plan for Digital Health Devices | FDA Voice." Retrieved July 8, 2017. <>.

Haffey, F., R.R.W. Brady and S. Maxwell. 2013. "A Comparison of the Reliability of Smartphone Apps for Opioid Conversion." Drug Safety 36(2): 111–17. <>.

He, D., M. Naveed, C.A. Gunter and K. Nahrstedt. 2014. "Security Concerns in Android mHealth Apps." AMIA Annual Symposium Proceedings 2014: 645–54.

Health Apps. 2016. Retrieved October 28, 2018. <>.

Health Canada. 2012. "Frequently Asked Questions – Medical Device Establishment Licensing and Fees [frequently asked questions]." Retrieved June 6, 2017. <>.

Health Canada. 2015. "Guidance Document – Guidance on the Risk-based Classification System for Non-In Vitro Diagnostic Devices (non-IVDDs) [guidance]." Retrieved September 10, 2018. <>.

Health Canada. 2018. "Medical Device Licence Application Review [Guidance]." Retrieved August 20, 2018. <>.

Huckvale, K., M. Car, C. Morrison and J. Car. 2012. "Apps for Asthma Self-Management: A Systematic Assessment of Content and Tools." BMC Medicine 10: 144. <>.

Hutton, L., B.A. Price, R. Kelly, C. McCormick, A.K. Bandara, T. Hatzakis et al. 2018. "Assessing the Privacy of mHealth Apps for Self-Tracking: Heuristic Evaluation Approach." JMIR MHealth and UHealth 6(10): e185. <>.

Krieger, W.H. 2016. "When Are Medical Apps Medical? Off-Label Use and the Food and Drug Administration." Digital Health 2: 1–12. <>.

Lewis, T.L. and J.C. Wyatt. 2014. "mHealth and Mobile Medical Apps: A Framework to Assess Risk and Promote Safer Use." Journal of Medical Internet Research 16(9): e210. <>.

Medicines & Healthcare Products Regulatory Agency. 2018. "Guidance: Medical Device Stand-Alone Software Including Apps (including IVDMDs) (No. v1.05)." MHRA. Retrieved October 27, 2018. <>.

Ministry of Health and Long-Term Care (MOHLTC). 2004. "Personal Health Information Protection Act 2004." Retrieved June 7, 2018. <>.

Morneau, W. 2017. "Building a Strong Middle Class #Budget2017 (Federal Budget) (p. 280)." Department of Finance Canada. Retrieved June 6, 2017. <>.

Powell, A.C., A.B. Landman and D.W. Bates. 2014. "In Search of a Few Good Apps." JAMA 311(18): 1851–52. <>.

Powles, J. and H. Hodson. 2017. "Google DeepMind and Healthcare in an Age of Algorithms." Health and Technology 7(4): 351–67. <>.

PriceWaterhouseCoopers. 2013. "Socio-Economic Impact of mHealth: An Assessment Report for the European Union." Groupe Spéciale Mobile Association. Retrieved February 27, 2017. <>.

Research2Guidance. 2014. "mHealth App Developer Economics 2014: The State of the Art of mHealth App Publishing (Market Analysis) (p. 43)." Retrieved June 7, 2017. <>.

Research2Guidance. 2016. "mHealth App Developer Economics 2016: The Current Status and Trends of the mHealth App Market." Retrieved November 3, 2017. <>.

Sharpe, R. 2012. "Many Health Apps Are Based on Flimsy Science at Best, and They Often Do Not Work." Washington Post. Retrieved October 12, 2017. <>.

Wilson, K., C. Bell, L. Wilson and H. Witteman. 2018. "Agile Research to Complement Agile Development: A Proposal for an mHealth Research Lifecycle." Npj Digital Medicine 1(1): 46. <>.

Wolf, J.A., J.F. Moreau, O. Akilov, T. Patton, J.C. English, J. Ho et al. 2013. "Diagnostic Inaccuracy of Smartphone Applications for Melanoma Detection." JAMA Dermatology 149(4): 422–26. <>.


Be the first to comment on this!

Note: Please enter a display name. Your email address will not be publically displayed