Australians are adjusting to mobile health (mHealth) applications (apps) being used in clinical care. The nature of apps presents unique challenges (e.g. rapid lifecycle) to mHealth regulation. The risks they pose are mainly through the information they provide and how it is used in clinical decision-making. This study explores the international regulation of mHealth apps. It assesses whether the approach used in Australia to regulate apps is consistent with international standards and suitable to address the unique challenges presented by the technology.

A policy analysis was conducted of all nine member jurisdictions of the International Medical Device Regulator's Forum (IMDRF), to determine if their regulatory agencies addressed the IMDRF recommendations relevant to the clinical evaluation of mHealth apps. Case-studies (submission to regulatory agencies) were also selected on varying types of regulated apps (standalone, active implantable, etc.) and assessed relative to the principles in the IMDRF's software as a medical device (SaMD): Clinical evaluation (2017) guidance document.

All included jurisdictions evaluated the effectiveness of mHealth apps, assessing the majority of the key sub-categories recommended by SaMD: Clinical evaluation. The submissions and jurisdictional regulatory bodies did not address the IMDRF safety principles in terms of the apps’ information security (cybersecurity). Furthermore, by failing to use the method recommended by the IMDRF (risk-classification), none of the submissions or jurisdictions recognized the potential dangers of misinformation on patient safety.

None of the approaches used by global regulatory bodies adequately address the unique challenges posed by apps. Australia's approach is consistent with app regulatory procedures used internationally. We recommend that mHealth apps are evaluated for cybersecurity and are also classified using the IMDRF risk-categories so as to fully protect the public.