FDA Debuts a New Communications and Compliance Tool for Device Data Integrity Concerns

Yesterday, the U.S. Food and Drug Administration (FDA) updated its website to provide new information on data integrity concerns relating to medical devices. Over a year ago, FDA’s device center, the Center for Devices and Radiological Health (CDRH or Center), notified device manufacturers and the public that it had “observed that an increasing number of entities that contract with device firms to conduct testing … are generating testing data that are fabricated, duplicated from other device submissions, or otherwise unreliable.” FDA has continued to express data integrity concerns about testing labs in the intervening year and has issued warning letters to certain testing labs for violations of good laboratory practices (GLPs). CDRH officials have also confirmed that concerns about data from suspect testing labs have resulted in the agency refusing to accept, or rejecting, device submissions. More broadly, these concerns have reportedly diverted reviewer resources towards evaluating potential data integrity issues.

One challenge has been that it is not necessarily transparent which testing labs are the targets of FDA’s concern, potentially resulting in product sponsors unwittingly engaging testing labs to conduct performance testing or verify test results that may not be credited by the agency—and may even be fraudulent. FDA certainly has enforcement tools that can be used against a fraudulent testing lab; FDA can also refuse to consider fraudulent data in a product submission, although that decision is not public. Therefore, FDA’s concerns about certain testing labs may not be clear to product sponsors, whose arrangements with a testing lab begin well in advance of the product submission.

FDA’s announcement yesterday may signal a new tool for communicating compliance concerns to the regulated industry. On this page, “Notifications on Data Integrity—Medical Devices,” CDRH apparently intends to catalog letters issued by the Center on data integrity issues, along with other data integrity resources. More significantly, the first letter posted is a “General Correspondence Letter” (GCL). This letter was sent to a testing lab on February 26, 2025. The recipient of this GCL had already received a warning letter in September 2024 citing a range of GLP violations. Unlike the warning letter, this letter (along with an earlier GCL apparently sent to the testing lab on December 30, 2024) does not identify specific GLP violations. Rather, it focuses on how the concerns FDA has about the testing lab’s data affect FDA’s review of premarket submissions containing such data. Zeroing in on the implications of FDA’s concern, FDA explains “that all study data from all studies conducted at your firm will be rejected until you have demonstrated that the issues described in the December 30, 2024, GCL have been adequately addressed.” In a footnote, FDA further clarifies that, “[f]or any studies conducted for current customers, FDA would have the same concerns about your testing facility’s conduct of all biocompatibility studies and animal safety and performance testing studies and the reliability and validity of all study data from your testing facility…” In other words, product sponsors should be on notice that data from this testing lab will not be considered in the context of a marketing submission at this time, regardless of the outcome or status of the warning letter.

This webpage, and seemingly new use of GCLs that are made public, appear motivated by a desire to provide greater transparency on device data integrity issues for the regulated industry, while also balancing confidentiality protections and procedural fairness. While this may be a challenging balance to maintain, companies should consider this as an additional resource as they choose testing labs for product development and validation.