During a panel discussion organized by the Office of the National Coordinator and the HHS last week, Federal Trade Commission Attorney Cora Tung Han, who works in the FTC's Division of Privacy and Identity Protection and the FDA's Policy Advisor Bakul Patel, who works at the agency's Center for Devices and Radiological Health helped explain how the two organizations work together when it comes to regulating mobile health apps.
Han explained that the FTC's broad mandate is to keep an eye out for unfair or deceptive acts or practices as well as false or misleading claims. Han said that includes acts or claims that cause or are likely to cause substantial harm to consumers that is not avoidable or counterveiled by benefits to consumers or competition.
Han noted that the FTC has already taken "enforcement action" against mobile health apps before: It "involved a case against marketers of apps that claimed to treat acne through a light emitted from the device if you held it close to your face. We alleged that those claims were unsubstantiated," Han said.
MobiHealthNews covered the FTC's takedown of the two iPhone and Android acne apps last year. At the time we wondered why the FDA wasn't the agency to take action, since the FDA was on the cusp of publishing its proposed guidelines for mobile medical app regulation. It published those the following week.
"At FDA [we also] collaborate with FTC on areas that overlap in terms of the deception part that [Han] mentioned earlier," Patel said. "We have a similar charge on our end which goes back to 'misbranding' of medical devices."
Patel said that the FTC takes action when there is no "direct harm" posed by the medical apps to consumers. In those cases Patel said the FDA may "choose to have FTC take action" or do so themselves. They discuss to decide, he said.
"I'd like to echo [that]," Han said. "We do coordinate and talk and refer things back and forth. We try to reduce areas of confusion caused by overlapping jurisdiction."
Han also pointed out that the FTC actually has jurisdiction for health breaches when the entities involved are not HIPAA covered entities, which led the FTC to carefully determine how best to work with HHS on health information breaches.