On February 20, 2024, FDA issued a letter to the medical device industry (link) warning medical device firms of recent FDA concerns related to fraudulent and unreliable laboratory testing data in premarket submissions. Unfortunately, the letter provides little new information to guide industry conduct. While the title of the letter refers to "fraudulent" data, the rest of the letter provides no explanation of the nature of the allegedly fraudulent activities that could assist industry in identifying bad labs.
It is challenging for device firms of all sizes to maintain the facilities, equipment, and deep subject matter expertise necessary to perform in-house testing necessary to satisfy all requirements for their device type, which may include testing related to sterility, microbiology, biocompatibility, electrical safety, electromagnetic compatibility, software, cybersecurity, human factors, and performance (which includes bench, animal, and clinical tests). Given this, it is common for firms to contract with independent labs ("third-party test labs") to generate data for premarket submissions.
For many firms, these third-party test labs are qualified according to the firms' procedures for purchasing controls (21 C.F.R. § 820.50) prior to the start of testing. These procedures often define a process to review the qualifications of the lab based on experience, accreditations, policies, and procedures. For firms developing their first device, these purchasing procedures may not yet be established at the time selection of labs is being performed. Even so, firms typically evaluate a prospective lab based on its experience, in addition to business considerations such as availability, turnaround time, and cost.
The letter to industry states that FDA has observed testing data from third-party labs that are "fabricated, duplicated from other device submissions, or otherwise unreliable," that such unreliable data has been generated by "numerous such facilities based in China and India," and that submission of unreliable data "calls into question the data integrity of the entire file." While we suspect that we know why FDA is not naming names—presumably because of ongoing investigation and enforcement activities—the lack of transparency is unfortunate on several levels. First, it raises the specter of guilt by association for reputable labs in China and India. While we imagine that FDA is providing specific labs an opportunity to respond to specific allegations, announcements such as this have real world consequences for reliable labs that happen to be based in those countries. Second, while not dispositive, it likely would be relevant to regulated industry for FDA to identify those labs it believes are generating fraudulent and unreliable data.
In addition to providing limited notice of these issues, the letter also provides general recommendations to the device industry, noting that it is "incumbent on device firms to take proactive steps to qualify third-party test labs and to closely scrutinize all testing data that a firm does not perform itself, especially relating to biocompatibility and other performance testing." FDA acknowledges that it may be difficult to detect if data have been copied but expects "device firms to identify testing results that are improbable or impossible on their face or do not seem consistent with known information about the device." FDA's letter further notes that even if the lab is accredited under FDA's own Accreditation Scheme for Conformity Assessment, that such accreditation "does not substitute for conducting an independent assessment of all third-party data."
As noted above, while it is typical for device firms to do some level of vetting of third-party test labs, one reason such firms often use a third-party lab in the first place is because they do not have in-house expertise. Catching obvious errors may be possible during review by a non-subject matter expert, but it is highly unlikely that these reviewers will be able to detect results that are "improbable or impossible." Engaging another third-party subject matter expert to review data provided by a third-party lab would significantly increase the burden to device firms. And if bad actors intend to provide fraudulent data in their reports, these data may appear realistic for the type of device and near impossible to detect, making any efforts to scrutinize data an added burden that provides no value. Thus, at the end of the day, with no detail from FDA as to which labs to avoid, industry is left with no actionable information.
The letter also provides no information as to how FDA will handle the identification of unreliable data in a premarket submission that is currently pending. Will the Agency notify the applicant of the issue so that it can seek to have new testing conducted?
Further, this issue is not just affecting new submissions. FDA appears to be reviewing at least some previously cleared 510(k) submissions if there is a suspicion of fraudulent data. FDA has gone so far as to rescinded at least one 510(k) based on its determination that allegedly unreliable data have been submitted, even in the case where discrepancies in the data were obvious and not caught during FDA's own review of the submission and subsequently explained as a simple mistake (Stay of Action Petition from Hyman, Phelps & McNamara, P.C. On behalf of Nautilus Gloves LLC (Nautilus), link).
The Agency's action to rescind this 510(k) is based on questionable legal authority. See our prior post of the Agency's ability to rescind a 510(k) submission here. FDA has the regulatory authority to withdraw a clearance if unreliable clinical data are submitted in a 510(k). 21 C.F.R. § 812.119(e). The labs that FDA is referring to in this letter, however, are not conducting clinical studies. They are conducting non‑clinical testing, including, for example, biocompatibility testing. FDA does not have the same regulatory or legal authority to rescind a 510(k) for unreliable non-clinical data unless such data is the result of misconduct. FDA's letter provides information on what FDA would view as misconduct in the case of a lab deceiving the sponsor by submitting fraudulent/fabricated data.
FDA's letter to industry is an important step in communicating this issue, but putting the resolution of the issue all back on individual firms to address is not the best solution. While FDA has guidance related to data integrity for the drug industry (link), such guidance has not been established for the device industry itself. Given FDA awareness of the issue, practical guidance to help firms establish and maintain data integrity across the total product lifecycle would be more valuable as a long-term solution. It is also critical for FDA to be transparent with industry as to how this issue will be handled for pending and cleared submissions. The sponsors are almost always victims that had no intention to deceive the Agency. Unless or until FDA can provide actionable guidance on how to avoid being deceived and/or how to manage the issue, if it is uncovered, we urge FDA to give sponsors the benefit of the doubt and work with them to resolve the issue.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
