Privacy and Security: Food and Drug Administration Faces Challenges in Establishing Protections for Its Postmarket Risk Analysis System, Report to Congressional Committees [open pdf - 1MB]
"The Food and Drug Administration (FDA) is responsible for assessing the safety of certain medical products after approval (a process called postmarket risk surveillance). To this end, the Food and Drug Administration Amendments Act of 2007 required that FDA establish a postmarket risk identification and analysis system based on electronic health data. In May 2008, FDA began its Sentinel initiative, intended to fulfill this requirement. Additionally, the Act established a requirement for GAO [Government Accountability Office] to review FDA's planned system. GAO's specific objectives were to (1) describe the current status of FDA's implementation of the Sentinel system and (2) identify the key privacy and security challenges associated with FDA's plans for the Sentinel system. To do so, GAO analyzed available system documentation; reviewed key privacy and security laws, guidance, standards, and practices; and obtained and analyzed the views of privacy and security experts. GAO recommends that the Commissioner of FDA develop a plan, including milestones, for developing the Sentinel system and for addressing privacy and security challenges. In written comments on this report, FDA agreed with GAO's recommendation, but noted concerns with GAO's representation of the program which FDA stated would lead readers to believe that their protected health information was at risk."
Government Accountability Office: http://www.gao.gov/