Christopher Scott, Medical Device Industry Consultant04.12.24
In late February, the FDA issued a notice reminding medical device firms to carefully evaluate the third-party laboratories they engage to conduct performance testing and to independently verify all data before submitting it to the FDA. The publication, “Fraudulent and Unreliable Laboratory Testing Data in Premarket Submissions: FDA Reminds Medical Device Manufacturers to Scrutinize Third-Party-Generated Data,” noted that the agency has seen a troubling trend of third-party laboratories generating test data that are fabricated, duplicated from other device submissions, or otherwise unreliable.
The FDA emphasizes that the responsibility for all data submitted to the agency falls on the device firm and encourages companies to carefully evaluate third-party labs and ensure the data being submitted is truthful and accurate.
Although the current communication targets medical device companies, it follows similar guidance previously directed toward the pharmaceutical industry. In December 2018, the FDA released a guidance document “Data Integrity and Compliance with Drug CGMP”. The agency reinforced this guidance with industry presentations such as the one given at the SBIA Generic Drug Forum in April 2022, which provided examples of violations the agency found in laboratory-generated data, and expectations for how pharmaceutical companies should address data integrity requirements.
Medical device companies would benefit from reviewing these earlier communications, since the current notice is light on details. Pharmaceutical companies, and the third-party laboratories that provide testing for them, have had several years to adjust to the heightened scrutiny of laboratory data, but medical device firms may find themselves in unfamiliar territory during their next inspection. They may also be disappointed by a rejection of a 510(k) or other regulatory submission due to laboratory data that is deemed unreliable.
The agency encourages device firms to utilize third-party testing laboratories that have been accredited under the Accreditation Scheme for Conformity Assessment (ASCA) which converted from its pilot program status to permanent in September 2023. The agency cautions, however, that use of an ASCA accredited lab does not alleviate medical device firms from their responsibility of conducting an independent assessment of test data generated by those labs. Device companies should also be diligent in ensuring that the testing being conducted falls within that labs ASCA accreditation. For example, some laboratories conducting biocompatibility testing may only be accredited for a single cytotoxicity method, but not sensitization or irritation studies.
Another thing medical device companies will want to consider when reviewing the agency’s latest announcement, is that this notice likely marks the beginning of a new phase of scrutiny for laboratory-generated data, in general. Although the notice focuses on third-party-generated data, device firms would be wise to anticipate that the agency may be looking more closely at in-house generated data as well. Prudent firms will begin assessing their internal controls for data integrity now to avoid headaches in the future.
Again, the experience of heightened scrutiny around data integrity that the pharmaceutical industry has become accustomed to will provide valuable lessons for medical device firms. The ALCOA+ principles that have always applied to both paper records as well as electronic data, as regulated by 21 CFR part 11, must be reevaluated within a risk-based framework to ensure data integrity is maintained. This means validation of computerized test systems and ensuring that audit trails are maintained that provide secure, time-stamped electronic records which document all events related to the creation, modification, or deletion of all test data. Processes must also prevent the abandonment of data, also known as orphan data, which may weaken the reliability of a regulatory application.
Pharmaceutical companies have been warned that management’s involvement is essential in preventing and correcting data integrity issues, and that it is the role of executive management to create a quality culture that supports data integrity as a core value and encourages employees to identify and promptly report data integrity issues. Medical device executives should take note and be proactive in upgrading their own data integrity systems and processes.
Christopher Scott is a consultant and 35-year veteran of the medical device industry. His background includes seven years running one of the world's largest networks of medical device testing laboratories. These labs also supported the pharmaceutical industry, which provided intimate visibility to regulators’ increasing expectations around data integrity.
The FDA emphasizes that the responsibility for all data submitted to the agency falls on the device firm and encourages companies to carefully evaluate third-party labs and ensure the data being submitted is truthful and accurate.
Although the current communication targets medical device companies, it follows similar guidance previously directed toward the pharmaceutical industry. In December 2018, the FDA released a guidance document “Data Integrity and Compliance with Drug CGMP”. The agency reinforced this guidance with industry presentations such as the one given at the SBIA Generic Drug Forum in April 2022, which provided examples of violations the agency found in laboratory-generated data, and expectations for how pharmaceutical companies should address data integrity requirements.
Medical device companies would benefit from reviewing these earlier communications, since the current notice is light on details. Pharmaceutical companies, and the third-party laboratories that provide testing for them, have had several years to adjust to the heightened scrutiny of laboratory data, but medical device firms may find themselves in unfamiliar territory during their next inspection. They may also be disappointed by a rejection of a 510(k) or other regulatory submission due to laboratory data that is deemed unreliable.
The agency encourages device firms to utilize third-party testing laboratories that have been accredited under the Accreditation Scheme for Conformity Assessment (ASCA) which converted from its pilot program status to permanent in September 2023. The agency cautions, however, that use of an ASCA accredited lab does not alleviate medical device firms from their responsibility of conducting an independent assessment of test data generated by those labs. Device companies should also be diligent in ensuring that the testing being conducted falls within that labs ASCA accreditation. For example, some laboratories conducting biocompatibility testing may only be accredited for a single cytotoxicity method, but not sensitization or irritation studies.
Another thing medical device companies will want to consider when reviewing the agency’s latest announcement, is that this notice likely marks the beginning of a new phase of scrutiny for laboratory-generated data, in general. Although the notice focuses on third-party-generated data, device firms would be wise to anticipate that the agency may be looking more closely at in-house generated data as well. Prudent firms will begin assessing their internal controls for data integrity now to avoid headaches in the future.
Again, the experience of heightened scrutiny around data integrity that the pharmaceutical industry has become accustomed to will provide valuable lessons for medical device firms. The ALCOA+ principles that have always applied to both paper records as well as electronic data, as regulated by 21 CFR part 11, must be reevaluated within a risk-based framework to ensure data integrity is maintained. This means validation of computerized test systems and ensuring that audit trails are maintained that provide secure, time-stamped electronic records which document all events related to the creation, modification, or deletion of all test data. Processes must also prevent the abandonment of data, also known as orphan data, which may weaken the reliability of a regulatory application.
Pharmaceutical companies have been warned that management’s involvement is essential in preventing and correcting data integrity issues, and that it is the role of executive management to create a quality culture that supports data integrity as a core value and encourages employees to identify and promptly report data integrity issues. Medical device executives should take note and be proactive in upgrading their own data integrity systems and processes.
Christopher Scott is a consultant and 35-year veteran of the medical device industry. His background includes seven years running one of the world's largest networks of medical device testing laboratories. These labs also supported the pharmaceutical industry, which provided intimate visibility to regulators’ increasing expectations around data integrity.