Last week the FDA issued a warning about certain applications and wearables that claim to measure blood glucose levels. The warning was clear: if the application is not FDA approved, it’s not safe. Since 2014, numerous applications have emerged (and sold well) that claim to monitor health concerns that the public is interested in like glucose, heart rhythm, blood pressure etc. Some of these achieved FDA clearance, but the vast majority did not.
A class of application that is particularly concerning are so called heart-health checkers. These involve placing your finger over the camera lens of your phone, or wearing a ring or other wearables that talk to your phone and claim to tell you if your “heart is healthy”. These are (for the very large part) making false claims. Like blood glucose level, heart health measurement is a sophisticated process that depends on diagnostically rich underlying data. Your ring may be able to sense a rough pulse (about the same as what you could do with your finger and a stopwatch), but you should not rely on it to tell you (for instance) anything about having a heart attack. Heart attacks are something that people have been trained to worry about, so many of us are attracted to the idea that we can purchase a device or application that will tell us if we are having one. This is why we see false claims or misleading wording about cardiac health detection in ads promoted on social all the time. Similarly, unless you are wearing a high-quality blood pressure cuff attached to your phone, there is almost no chance any phone application is providing anything more than a guess at your blood pressure, and this low fidelity measurement certainly won’t be an indicator of any kind for overall heart health. Once again the easiest thing to look for is FDA approval for the claims that are being made.
An app that collects diagnostic data for the purpose of medical assessment requires that it be cleared by the FDA as a class II medical device. An app that provides medical reports or feedback of any kind about your physical health most definitely requires FDA clearance through a rigorous and lengthy process. Not only do the producers of these applications need to prove the science behind their device works, but they must also validate it with clinical studies. Even then, they need to prove their companies have rigorous risk assessment and quality management controls to ensure that their device continues to work safely and as indicated, even after being sold.
The mandate is to ensure that people are in no way harmed by the use of the device, or app, or test. For instance an application cannot claim to tell you if you are having a heart attack or not. For the FDA to approve such a claim, the producer of the application would have to prove that accuracy of the device (for heart attack detection) is extremely high. The provider would need to clinically demonstrate a very low probability of producing a false negative result. A false negative, might erroneously convince a user that they are in fact NOT having a cardiac issue and prevent them from otherwise seeking immediate care they actually need. Diagnosing heart attacks is something that needs to be done by qualified doctors using specialized tests and equipment in a diagnostic path. These tests often involved multi-lead ECGs, blood tests, echocardiograms, CTs MRIs or angiograms. In most cases no single test is definitive and there are multiple classes of heart attack that can manifest differently. Protecting the patient is not just limited to the accuracy of a device or the underlying science, it also increasingly involves considerations for cyber security: If electronic devices can be hacked, or the data stolen, or the device functionality compromised, that also represents a risk to the public. The FDA has clear (and equally rigorous) guidelines for such things.
A properly cleared device or application makes specific, clear, and carefully worded statements about what is can and cannot do. The ability of any application to make such claims is limited by the data it can reliably collect. For instance an ECG on your watch, is good at collecting a small slice of your hearts electrical activity, but it can’t claim to replicate the diagnostic ability of a multi-lead system wired to your chest with an expert to interpret the output. Responsible producers of these devices make this clear. The FDA has a webpage where they publish some of the warning letters to companies who are making misleading, unproven or false claims https://www.fda.gov/inspections-compliance-enforcement-and-criminal-investigations/compliance-actions-and-activities/warning-letters