21
Feb
2024

Fraudulent Data

,
,
0

One of the cornerstones of a quality management system is the integrity of the quality system records. It should go without saying how critical it is for these records to be truthful, accurate, and genuine. Fraudulent data can lead to an unsafe medical device, or a medical device that does not fully achieve its intended use. A second cornerstone is the integrity of the people performing the quality system activities. Certainly a manufacturer is responsible to properly train their employees and subcontractors in the execution of the processes, but at the end of the day it is incumbent on the people to have the integrity to follow their training and never falsify a record. If coerced to do so, one must be willing to lose their job rather than partake in such an unscrupulous activity. If coerced, one should not work for that kind of company.

In recent years, the FDA has observed that an increasing number of entities that contract with device firms to conduct testing on medical devices (“third-party test labs”) are generating testing data that are fabricated, duplicated from other device submissions, or otherwise unreliable.

The US FDA recently posted a letter (see attached) warning manufacturers of “an increase in submissions containing unreliable data generated by third-party test labs, including from numerous such facilities based in China and India.” This should cause great alarm. If FDA is now raising the flag that this has been detected, any manufacturer that has out-sourced performance testing must go back and evaluate previous testing performed by third-parties. Methods must be employed to assure the integrity of that test data. New supplier qualification methods must be employed for third-parties providing performance testing. We would suggest that manufacturers develop on-going monitoring methods to detect fraudulent activities in third-parties (e.g., defect seeding).

To reverse the trend of unreliable data being submitted to the FDA, it is incumbent on device firms to take proactive steps to qualify third-party test labs and to closely scrutinize all testing data that a firm does not perform itself, especially relating to biocompatibility and other performance testing, that are included in a submission to the FDA.

Medical devices and medical procedures have plenty of risk even when all engineering and quality management processes are fully compliant. We work very hard to bring risks to the lowest level possible. Certainly we do not want to compromise that overall process by taking short-cuts or falsifying performance testing data. Be sure of who is performing the testing of your products and their commitment to quality. I would rather have a supplier who is willing to lose my business over their commitment to quality than a supplier who promises to meet a deadline no matter what.

About the author

Partner and General Manager, Brian Pate is ISO 1385:2016 Lead Auditor certified for Medical Device Quality Management Systems (MD), and ISO 19011:2018 Management Systems Auditing (AU) and Leading Management Systems Audit Teams (TL). Brian started his medical device career in anesthesia clinical research in 1985 and has since worked both academia and industry including many years with Johnson & Johnson, Baxter Healthcare, and GE Medical. Brian’s roles have included software engineering, systems engineering, quality assurance, and regulatory affairs. Brian has served on multiple AAMI TIR working groups, including TIR32-2008 (Application of ISO 14971 Risk Management to Software; now IEC 80002-1) and TIR45-2012 (Guidance on the use of Agile practices in the development of medical device software) and served as a reviewer for the 2nd edition of TIR45. Brian serves on the AAMI Software Committee and as an AAMI instructor for the software, design controls, and agile methods courses. Brian also is a member of the Underwriters’ Laboratories (UL) Standards Technical Panel for UL1998 (Software in Programmable Components) and or UL5500 (Remote Software Updates).

SoftwareCPR Training Courses

ISO13485:2016 ISO 13485 Internal Audit(or) Training Course (Live, 3-day)

IEC 62304 and other Emerging Standards Impacting Medical Device Software (Live, 3-day)

Being Agile & Yet CompliantISO 14971 SaMD Risk Management

Software Risk Management

Medical Device Cybersecurity

Software Verification

IEC 62366 Usability Process and Documentation

Or just email training@softwarecpr.com for more info.

Corporate Office

15148 Springview St.
Tampa, FL 33624
USA
+1-781-721-2921
office@softwarecpr.com
Partners located in the US (CA, FL, MA, MN, TX) and Canada.