The Food and Drug Administration needs to develop a plan with specific milestones for addressing privacy and security challenges in its new post-market risk-analysis system, the Government Accountability Office recommended.
FDA in May 2008 launched its Sentinel Initiative, a post-market risk-identification and analysis system based on electronic health data. Although a preliminary design for making medical product safety-related queries has been developed, the FDA has yet to act on other key decisions such as a developing a governance model for oversight and enforcement of relevant policies, and setting privacy and security policies, the GAO stated.
Because Sentinel will rely on sensitive electronic health data, the FDA will likely be faced with significant privacy and security challenges, such as establishing adequate security controls to protect the personal health information associated with the Sentinel Initiative, the report concluded.
"FDA has yet to develop a plan or set milestones for addressing these challenges," according to the GAO.
In written comments, the FDA agreed with the GAO recommendation but cautioned that the report's representation of the Sentinel program could lead readers to believe their protected health information is at risk.