Fraudulent Data

One of the cornerstones of a quality management system is the integrity of the quality system records. It should go without saying how critical it is for these records to be truthful, accurate, and genuine. Fraudulent data can lead to an unsafe medical device, or a medical device that does not fully achieve its intended use. A second cornerstone is the integrity of the people performing the quality system activities. Certainly a manufacturer is responsible to properly train their employees and subcontractors in the execution of the processes, but at the end of the day it is incumbent on the people to have the integrity to follow their training and never falsify a record. If coerced to do so, one must be willing to lose their job rather than partake in such an unscrupulous activity. If coerced, one should not work for that kind of company.

In recent years, the FDA has observed that an increasing number of entities that contract with device firms to conduct testing on medical devices (“third-party test labs”) are generating testing data that are fabricated, duplicated from other device submissions, or otherwise unreliable.

The US FDA recently posted a letter (see attached) warning manufacturers of “an increase in submissions containing unreliable data generated by third-party test labs, including from numerous such facilities based in China and India.” This should cause great alarm. If FDA is now raising the flag that this has been detected, any manufacturer that has out-sourced performance testing must go back and evaluate previous testing performed by third-parties. Methods must be employed to assure the integrity of that test data. New supplier qualification methods must be employed for third-parties providing performance testing. We would suggest that manufacturers develop on-going monitoring methods to detect fraudulent activities in third-parties (e.g., defect seeding).

To reverse the trend of unreliable data being submitted to the FDA, it is incumbent on device firms to take proactive steps to qualify third-party test labs and to closely scrutinize all testing data that a firm does not perform itself, especially relating to biocompatibility and other performance testing, that are included in a submission to the FDA.

Medical devices and medical procedures have plenty of risk even when all engineering and quality management processes are fully compliant. We work very hard to bring risks to the lowest level possible. Certainly we do not want to compromise that overall process by taking short-cuts or falsifying performance testing data. Be sure of who is performing the testing of your products and their commitment to quality. I would rather have a supplier who is willing to lose my business over their commitment to quality than a supplier who promises to meet a deadline no matter what.

About the author

Brian is a biomedical software engineer - whatever that is! Started writing machine code for the Intel 8080 in 1983. Still enjoys designing and developing code. But probably enjoys his garden more now and watching plants grow ... and grandkids grow!

SoftwareCPR Training Courses:

IEC 62304 and other emerging standards for Medical Device and HealthIT Software

Our flagship course for preparing regulatory, quality, engineering, operations, and others for the activities and documentation expected for IEC 62304 conformance and for FDA expectations. The goal is to educate on the intent and purpose so that the participants are able to make informed decisions in the future.  Focus is not simply what the standard says, but what is meant and discuss examples and approaches one might implement to comply.  Special deep discount pricing available to FDA attendees and other regulators.

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Brian Pate

Next public offering:  TBD

Email to request a special pre-registration discount.  Limited number of pre-registration coupons.

Registration Link:




Being Agile & Yet Compliant (Public or Private)

Our SoftwareCPR unique approach to incorporating agile and lean engineering to your medical device software process training course is now open for scheduling!

  • Agile principles that align well with medical
  • Backlog management
  • Agile risk management
  • Incremental and iterative software development lifecycle management
  •  Frequent release management
  • And more!

2-days onsite (4 days virtual) with group exercises, quizzes, examples, Q&A.

Instructors: Mike Russell, Ron Baerg

Next public offering: March 7 & 28, 2024

Virtual via Zoom

Registration Link:

Register Now



Medical Device Cybersecurity (Public or Private)

This course takes a deep dive into the US FDA expectations for cybersecurity activities in the product development process with central focus on the cybersecurity risk analysis process. Overall approach will be tied to relevant standards and FDA guidance documentation. The course will follow the ISO 14971:2019 framework for overall structure but utilize IEC 62304, IEC 81001-5-1, and AAMI TIR57 for specific details regarding cybersecurity planning, risk characterization, threat modeling, and control strategies.

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Dr Peter Rech, 2nd instructor (optional)

Next public offering:  TBD

Corporate Office

15148 Springview St.
Tampa, FL 33624
Partners located in the US (CA, FL, MA, MN, TX) and Canada.