The Food and Drug Administration (FDA) evaluates scientific data to determine the safety and effectiveness of medical devices. This regulatory review is only meaningful if the data is trustworthy. If the FDA identifies falsified or otherwise invalid data in a premarket submission, the FDA will reject such data.
This issue has been highlighted in the recent series of FDA letters to Mid-Link Technology Testing Co., Ltd., a Chinese company providing a wide range of nonclinical testing services for medical devices. The FDA identified significant concerns about data integrity, leading to the rejection of all study data from Mid-Link. The FDA’s decision not only impacts Mid-Link but all the applicants that engaged Mid-Link in developing and submitting applications to obtain FDA authorization for their medical devices.
History of FDA’s Oversight on Mid-Link
Applicants frequently depend on third-party testing labs to generate essential nonclinical data, such as sterility, biocompatibility, electrical safety, electromagnetic compatibility, MRI compatibility, and mechanical testing data, which are submitted to the FDA for review. In February 2024, the FDA issued an advisory letter to the medical device industry, emphasizing the critical importance of scrutinizing third-party-generated data in premarket submissions. The FDA has observed a growing trend of results that are “fabricated, duplicated from other device submissions, or otherwise unreliable.” This trend has significantly impacted the FDA’s ability to authorize medical devices since unreliable data calls into question the integrity of the entire submission file.
In the February 2024 advisory letter, the FDA highlighted its ongoing efforts to identify and address data integrity violations in medical device submissions, including through its Bioresearch Monitoring (BIMO) program. Through the BIMO program, the FDA conducts on-site inspections, data audits, and remote regulatory assessments to monitor all aspects of the conduct and reporting of FDA-regulated research, ensuring compliance and integrity in the data submitted for regulatory review.
In September 2024, the FDA issued a press release on data quality and integrity concerns. The press release referenced two warning letters issued to two Chinese testing laboratories: Mid-Link and Sanitation & Environmental Technology Institute. In the warning letters, the FDA identified significant concerns about data quality and integrity at these facilities. The FDA inspection revealed “pervasive failures with data management, quality assurance, staff training and oversight.” The FDA emphasized that, because the data is unreliable, it would not authorize submissions using data from these facilities when such data is necessary in making a marketing authorization decision.
The FDA issued a general correspondence letter (GCL) to Mid-Link on February 26, 2025. The FDA’s own analysis revealed that Mid-Link had copied results from other studies or created falsified data, which included identical or nearly identical results in cytotoxicity studies and implausible data in animal safety and performance studies.
The February 2025 FDA letter also revealed that the FDA had sent another GCL to Mid-Link in December 2024. Mid-Link’s response to that GCL was unsatisfactory, leading the FDA to state, “Put simply, because you have been responsible for the copying of results of another study or creation of falsified or otherwise invalid data that was submitted to FDA in the studies discussed in the GCL, we have no reason to believe that any data that you have produced are reliable.” Mid-Link requested a meeting with the FDA, only to have its request declined.
Takeaway
In the September 2024 press release, the FDA emphasized that “while a device sponsor may use a third-party lab for nonclinical studies, doing so does not relieve the device sponsor of the responsibility to ensure the accuracy of data included in their regulatory submission.” To mitigate the risk of using unreliable third-party labs, the FDA encourages medical device sponsors to use labs accredited under the Accreditation Scheme for Conformity Assessment (ASCA) program.
Under the ASCA program, the FDA grants ASCA recognition to qualified accreditation bodies, which then accredit testing laboratories to perform premarket testing for medical device companies. The FDA’s website for the ASCA recognition program notes that when an applicant includes a declaration of conformity with an ASCA summary test report in its premarket submission, the FDA will have confidence in the testing laboratories’ methods and results and does not intend to request additional information regarding testing methodologies. The list of ASCA-accredited testing laboratories can be found here.
However, even if applicants use ASCA-accredited labs for their testing data, they should independently assess all third-party data for quality and integrity. Relying on third-party testing labs whose data is determined to be unreliable can substantially slow applicants’ progress toward obtaining appropriate marketing authorization or cause market disruptions, supply chain issues, or even shortages when data integrity lapses are identified after authorization. It is therefore imperative that applicants using such third-party testing data make every effort to ensure the reliability of the data submitted in regulatory submissions.
There are significant consequences for submitting unreliable data in regulatory submissions under the FDA’s application integrity policy (AIP). The AIP is the FDA’s internal policy aimed at verifying the integrity of the information and data contained in applications submitted to the FDA for review and approval of a regulated product.1 Under this program, data may be deemed fraudulent when it is unreliable due to negligence, incompetence, inadequate procedures, or systemic data integrity failures. Under the AIP, an applicant that seeks to replace false data in a submission must submit a new application, and the applicant’s executive manager must certify that the new application is truthful.
The AIP outlines corrective actions that the applicant is required to take to establish the reliability of data submitted to support applications and marketed products. These corrective actions include: (1) full cooperation with federal authorities in determining the cause and scope of wrongful acts; (2) identification and removal of individuals involved in wrongful acts from any FDA-regulated activities; (3) an extensive independent review to identify all wrongful acts; and (4) a corrective action plan signed by executive management and submitted to the FDA. After the applicant has implemented its corrective action plan, the FDA will conduct a reinspection to verify that the applicant’s data is reliable, and that the applicant is operating in compliance with regulatory requirements. In addition, the FDA can request additional testing and product recalls to address concerns about safety, efficacy, or quality.
The FDA’s Center for Devices and Radiological Health (CDRH) has not developed guidance specifically addressing data integrity in manufacturing operations. However, there are well-established principles in the December 2018 FDA guidance on the role of data integrity in drug products’ compliance with current good manufacturing practice (CGMP) regulations. This guidance, Data Integrity and Compliance with Drug CGMP − Questions and Answers, provides general information on the attributable, legible, contemporaneous, original, and accurate (ALCOA+) principle, which requires that data should be complete, consistent, and accurate, and must be attributable to a specific individual, legible, contemporaneously recorded, original or a true copy, and accurate.
The guidance, which closely tracks the AIP, also provides detailed advice on specific data integrity topics, including the control of blank forms, audit trails, assessing accusations of data falsification, training requirements, the scope of CGMP records, and the FDA’s recommendations for addressing data integrity problems. Given that violations of data integrity requirements for devices, as with drugs, will hinder an applicant’s ability to obtain FDA authorizations, we suggest that applicants familiarize themselves with the principles presented in this guidance and implement them within their organizations. We note that the CDRH recently created a site dedicated to the role of data integrity in assessing medical devices, which appears to suggest that data integrity is becoming a greater focus of the CDRH’s surveillance activity.
As is always the case, management is ultimately responsible for adherence to regulatory requirements, whether they pertain to general quality management system regulation or data integrity. This means that there must be a culture of quality within the organization. Suppliers and vendors, including third-party testing labs, must be held to the same standards as the applicant, and management must be certain that its own staff, suppliers, vendors, and third-party labs adhere to data integrity requirements. This can, and should, include data-integrity-focused audits – whether internal or external – throughout the development process and supply chain.
When a data integrity lapse is suspected, the most effective solution is to perform an immediate, independent, and thorough investigation to identify the scope of the lapses. Depending on the scope, it may be necessary to use an independent third party to perform a follow-up investigation and identify any suspect data.
Ultimately, applicants must make sure that the data they have submitted to the FDA is sound and, and if there is reason to believe it is not, they must alert the FDA and take appropriate action to ensure that the FDA has not received and relied upon invalid data as the basis of a marketing authorization or is only reviewing valid data for pending authorizations.
If you have any questions regarding the FDA’s expectations related to data integrity or if we can assist you in evaluating your data integrity program, please do not hesitate to contact our team.
Endnotes
- The FDA developed the AIP following an extensive investigation that the House Subcommittee on Oversight and Investigations initiated in 1988 into illegal gratuities to government officials and the submission of falsified data in drug applications. In its own related investigation, the FDA found extensive evidence of falsified data in abbreviated new drug applications. In response to this discovery, the FDA developed a program designed to ensure data integrity in applications and to withdraw or withhold approval of fraudulent applications.
You can subscribe to future advisories and other Alston & Bird publications by completing our publications subscription form.
If you have any questions, or would like additional information, please contact one of the attorneys on our FDA/Food, Drug & Device team.