Skip to Main Content

When people seek health information, they expect what they get to be reliable and accurate. But these expectations can be dashed, especially by digital health devices, many of which are not reviewed the Food and Drug Administration or other regulatory body.

Here are a few examples drawn from the medical literature and the news:

John has bipolar disorder. He downloads a few apps to help him manage and track his symptoms. During a manic phase, John has trouble sleeping, so he turns to the apps for advice. One tells him to “take a shot of liquor” an hour before bed. The other advises him that his bipolar disorder is contagious and can be caught by people spending too much time with him.


Linda has type 1 diabetes and downloaded a free app to help calculate her insulin dosage. After following its recommendation, she experiences severe hypoglycemia, which would have been preventable with an accurate app. She is among the one-quarter of application users who have reported incorrect results from the app’s insulin dosage calculation.

Nancy is using a pregnancy tracking application that she got as part of her employer’s wellness program. After giving birth to her first child, she used it to log her baby’s personal medical data. Now that she is pregnant with her second child, she is using the application to track her bodily functions, medications, and sex drive. Although she expects this information to be private to her, her employer has paid to get aggregated data on its employees using the app.


While John, Linda, and Nancy aren’t real people, the advice from the apps and their risks to health and privacy are real. These three vignettes show how dangerous inaccurate digital health applications can be. There are countless examples — from period tracker apps offering incorrect clinical information to applications using artificial intelligence algorithms incorrectly diagnosing people of color with skin cancers.

The rising use of digital health products over the last few years has led to a patchwork of laws and regulations that have serious weaknesses. The FDA regulates some of these products as medical devices, but the majority of apps that are meant to be used only for monitoring and recording symptoms — not treating disease — are not regulated. Many other applications are considered low-risk by the FDA and therefore are subject to enforcement discretion, meaning the FDA effectively chooses not to enforce its authority on these devices. As described earlier, this may put users at risk.

Another problem is that the iterative nature of digital health apps does not lend itself to existing regulatory paradigms. Medical knowledge and advice can change rapidly, as we have seen during the Covid-19 pandemic, and applications require frequent updates. But the FDA regulates and approves devices as final products. While it widely permits — and sometimes requires — post-market studies, it does not easily provide for the frequent post-approval updates and modifications required for software, artificial intelligence algorithms, and clinical recommendations.

In addition, some aspects of critical concern to digital health app users, like privacy and usability, are outside the scope of traditional FDA review and may not be considered by other agencies or companies in the development or review of these applications.

4 key metrics for digital health apps

The concept of digital health applications offers a great opportunity for individuals to take control of their own health care, but their reality leaves much to be desired. The current regulatory landscape for digital health apps needs to be reformed.

Since the fall of 2020, working with a team of 19 student researchers at Yale’s business, law, medical, and public health schools, we have reviewed the literature on digital health applications and met with patient groups and patient advocates. From this work, we developed a user-centered approach that should guide the development of a successful regulatory scheme for digital health applications that focuses on improving four key metrics: accuracy, usability, accessibility, and privacy. While not all of these are regulated under the federal Food, Drug, and Cosmetic Act, they are nonetheless integral to successful regulation and should be considered in broader digital health regulatory reform. The four principles we propose are:

  • Accuracy. Digital health applications must be accurate, reviewed for accuracy, and disclose areas of inaccuracy.
  • Usability. Digital health applications must be usable and understandable for users.
  • Accessibility. Diverse groups must be included in the development and review of digital health applications to promote accessibility for all users.
  • Privacy. Users’ private information must be protected and they must be able to opt in and out of key privacy options.

While these may seem simple and straightforward, the current regulatory environment does not adequately protect users of digital health apps in these areas. Many are inaccurate, putting users at risk of adverse outcomes. Users’ needs and preferences are commonly not taken into account in the development of applications, limiting their usability and causing many to stop using apps after the first few weeks. The needs and preferences of diverse users are not included in the development of many digital health applications, in particular artificial intelligence algorithms, limiting their effectiveness and accessibility for many people of color, people with disabilities, and people with limited or no proficiency in English. And many health apps do not have privacy policies and do not adequately protect users’ data, resulting in many notable health data breaches.

While the FDA has recently taken steps to begin regulating digital health technologies, including establishing a pilot program and a Center of Excellence, much work remains to be done. Broadly, the FDA needs more resources and authority to regulate and review digital health apps.

As Congress, the FDA, industry, patients, providers, and other stakeholders work to develop an appropriate pathway for digital health applications, we must ensure that the system keeps users’ needs top of mind.

Ryan Knox is an attorney, health policy scholar, and senior research fellow at the Solomon Center for Health Law and Policy at Yale Law School. Cara Tenenbaum is a health policy expert and owner of Strathmore Health Strategy.

Create a display name to comment

This name will appear with your comment