FDA's Sentinel Initiative

• Introduction |
• Sentinel and Privacy |
• EPIC's Involvement |

Introduction

The U.S. Food and Drug Administration ("FDA") is responsible for assuring the safety, efficacy, and security of drugs and medical devices. It does this in part by continuously monitoring the performance of drugs and medical devices that are on the market to identify potential safety and efficacy problems.

In September 2005, Health and Human Services ("HHS") Secretary Mike Leavitt asked FDA to expand its system for monitoring medical product performance. The following year, the Institute of Medicine suggested that FDA develop a system to access other health-related databases so as to support more complex studies of product safety and efficacy.

In 2007, FDA began exploring the feasibility of creating a national electronic system for monitoring medical product safety. In September of that year, the Food and Drug Administration Amendments Act of 2007 ("FDAAA") was signed into law. The FDAAA calls for active postmarket safety surveillance and analysis, requiring that the HHS Secretary develop methods to obtain access to disparate data sources and to establish a postmarket risk identification and analysis system to link and analyze healthcare data from multiple sources.

In 2008, FDA launched the Sentinel Initiative in accordance with calls to streamline monitoring of medical product safety and as part of efforts to comply with the FDAAA. In its official announcement, FDA described the Sentinel System as "a national, integrated, electronic system for monitoring medical product safety." Sentinel will "enable [FDA] to access the capabilities of multiple, existing data systems (e.g., electronic health record systems, medical claims databases)."

Sentinel and Privacy

In June 2009, FDA issued a Request for Proposals ("RFP") inviting private parties to submit proposals for a project entitled "Efforts to Develop the Sentinel Initiative" in anticipation of awarding a five-year contract. The RFP explained that the contractor would directly access electronic health record systems, administrative claims databases, and registries containing patient data. The RFP further described "continuous direct access to various regularly updated automated healthcare data sources containing patient-level health encounter data" and "a computerized system able to link each patient to all relevant medical care data including enrollment status, medical product exposure data, and coded medical procedures and outcomes." On September 25, 2009, FDA awarded the contract to Harvard Pilgrim.

At an event in January 2010, Janet Woodcock, director of the Center for Drug Evaluation and Research at FDA, reported that at that time FDA was already implementing "Mini Sentinel - or the start-up for Sentinel." At that same event, Richard Platt, Harvard Pilgrim's project manager on the Sentinel contract, described Harvard Pilgrim as "the effecter arm for FDA." Platt reported that the data environments participating in Mini Sentinel at that time included 60 million individuals, with 10 million linked to electronic medical records; Platt also reported the participation of "88 inpatient facilities and a large number of device and disease registries."

In the future, Sentinel's uses may expand beyond monitoring of medical privacy safety. Among other things, documentation indicates that Sentinel may be used to facilitate data mining for a variety of purposes, among them outcomes studies, comparative effectiveness research, and health system quality reporting. Electronic medical health records connected through Sentinel will not be moved to a centralized database; instead, they will reside separately in a variety of distributed databases. Sentinel will facilitate targeted queries of all of these data sources, with only summarized results, rather than complete patients' records, to be returned in responses to the queries. However, documents also suggest that FDA will not be the only party entitled to query the system. Sentinel will likely also complete queries originating from data source partners.

As an integrated electronic system designed to query and analyze vast amounts of potentially sensitive patient health data, the Sentinel System may have important implications for patient privacy. Indeed, in anticipation of arising privacy concerns, legislators included provisions in the FDAAA mandating that no later than 18 months after the date of its enactment the Government Accountability Office (GAO) evaluate privacy, confidentiality, and security issues relating to FDA's new system. In accordance with these provisions, GAO provided a briefing to Congressional Committees on March 24, 2009, and published a related report in June of that year. GAO stated that FDA would likely face significant challenges in the field of privacy and security protections and that, as of the date of the report, "FDA [had] not yet developed a plan or set milestones for when it expect[ed] to have these issues addressed." In particular, GAO noted that "protecting the privacy of [medical] information has long been recognized as an essential element in the administration of health care systems."

Much of the data involved in the Sentinel Initiative will be covered by the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), which provides a floor of privacy protections for health information in the United States. However, at a December 2008 public workshop on the Sentinel Initiative, Marcy Wilder, a data protection lawyer who specializes in health information law, stated that "FDA will have a great deal of discretion in terms of how to put privacy policies and prtections in place for the Sentinel Program." She added, "HIPAA is going to permit and the law is going to permit disclosure of de-identified, identifiable data and data that falls in between."

Research on data mining shows that even where data is "de-identified" before it is shared, personal details can often be matched back to true identities in a process known as "re-identification." For more information, see EPIC's page on re-identification.

EPIC's Involvement

As an organization working to protect the public from privacy threats and focus public attention on emerging privacy issues, EPIC has an interest in monitoring how electronic management of medical records may impact patient privacy values and concerns. Indeed, EPIC actively participates in research concerning patient privacy issues. For example, in the past few years, Marc Rotenberg participated in an Institute of Medicine committee studying the HIPAA Privacy Rule and ongoing privacy-related challenges in health technologies. The committee released a report in early 2009. For more information on EPIC's involvement in medical records privacy issues, see EPIC's page onmedical record privacy.

EPIC's interest in the Sentinel Initiative dates from the outset of development. In June 2009, EPIC submitted a FOIA request to FDA regarding the Sentinel Initiative. In response, FDA provided records describing the early planning stages of the Sentinel system; however, the system had not yet been implemented, and few details were available.

In June 2010, EPIC submitted another FOIA request to FDA, this time requesting a copy of any contracts between FDA and Harvard Pilgrim relating to the Sentinel Initiative. Later that month, EPIC received a copy of a five year contract awarded by the U.S. Food and Drug Administration to Harvard Pilgrim Health Care, Inc. on September 25, 2009. Under the contract, Harvard Pilgrim is to spearhead development of the Sentinel Initiative. The contract obtained by EPIC places responsibility for privacy protections in the hands of Harvard Pilgrim, ordering it to ensure that "the uses of the data are compliant with HIPAA and any applicable state and local laws."

FDA's hands-off approach to privacy issues raised by Sentinel is of particularly great concern in light of additional details revealed by the contract. The contract states that Sentinel will access and utilize data "primarily for active medical product surveillance," leaving open the possibility that the system may also be used for other purposes. Additionally, the contract indicates that Sentinel will operate on an ambitious scale, linking not only to "health record systems, administrative claims databases, and patient registries," but also, ideally, to "vital records, chronic disease and/or cancer registries, birth defect registries, and medical device registries." The scope of information to be included in Sentinel is astounding, covering such details as race/ethnicity, body mass index, smoking status, alcohol use, blood and tissue product use, special diets, and family health history.