Summary

The Food and Drug Administration (FDA) is responsible for assessing the safety of certain medical products after approval (a process called postmarket risk surveillance). To this end, the Food and Drug Administration Amendments Act of 2007 required that FDA establish a postmarket risk identification and analysis system based on electronic health data. In May 2008, FDA began its Sentinel initiative, intended to fulfill this requirement. Additionally, the Act established a requirement for GAO to review FDA's planned system. GAO's specific objectives were to (1) describe the current status of FDA's implementation of the Sentinel system and (2) identify the key privacy and security challenges associated with FDA's plans for the Sentinel system. To do so, GAO analyzed available system documentation; reviewed key privacy and security laws, guidance, standards, and practices; and obtained and analyzed the views of privacy and security experts.

The Sentinel system is still in the early planning stages, with key decisions about development and milestones yet to be made. In planning for Sentinel, FDA has held outreach meetings with stakeholders, established a senior management team to solicit input from agency components; established a working group to share information with federal partners; and sought input from projects involving both public and private sector entities that are meant to refine research approaches and identify challenges and concerns. Although FDA has developed a preliminary design of the Sentinel process for making medical product safety-related queries, key decisions such as developing a governance model for oversight and enforcement of relevant policies, establishing an architecture, and setting privacy and security policies have not yet been made. Further, FDA has not yet developed a plan or set of milestones for when it expects to have these issues addressed. Because the Sentinel system will rely on sensitive electronic health data, FDA will likely be faced with several significant privacy and security challenges as it continues to develop the Sentinel system including (1) ensuring that appropriate legal mechanisms are established to protect privacy and implement security consistently across the Sentinel system; (2) defining a clear and specific purpose for the system and ensuring that partners use personal health information only for specified purposes; (3) ensuring public involvement and effectively informing the public of the program's planned uses of their personal health information; (4) ensuring that de-identified information--data stripped of fields that uniquely identify individuals--is not re-identified; (5) establishing adequate security controls to protect the personal health information associated with Sentinel; and (6) establishing sufficient oversight and enforcement mechanisms to ensure that privacy and security requirements are consistently implemented. FDA has yet to develop a plan or set milestones for addressing these challenges.

Recommendations

Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.

Recommendations for Executive Action