FDA nationwide electronic network will track safety of drugs and medical devices

Tracing back medical data to patients could be beneficial, says former FDA commissioner Mark McClellan Mannie Garcia/Landov

The Food and Drug Administration is constructing a nationwide electronic system to continuously track the safety of drugs and medical devices using anonymous patient data, but federal officials and health care specialists say its usefulness might be limited without more personal information.

The Sentinel initiative, launched in May 2008, will complement existing systems that monitor side effects and other adverse changes in health linked to FDA-regulated products. The system will tie together information from various registries, including electronic health record systems and insurance claims databases, allowing FDA workers to query an issue quickly.

To protect patient privacy, the owners of the various registries will maintain the underlying data. FDA would send questions to the data holders, who in turn would deliver summary results to the agency.

"Sentinel, sooner rather than later, might benefit by moving beyond de-identified data," said Mark McClellan, a former FDA commissioner and administrator of the Centers for Medicare and Medicaid Services during a daylong discussion of Sentinel hosted by the Engelberg Center for Health Care Reform. De-identified data is information stripped of patients' names and other identifying information.

McClellan, now director of the center -- a division of the Brookings Institution, a nonprofit think tank -- moderated the discussion in Washington.

The consensus among participants in a privacy panel, including lawyers, privacy advocates and government officials, was that the system, to be effective, eventually will have to tell FDA about adverse reactions in specific people with atypical medical conditions. But the privacy regulations are murky for information that is neither anonymous nor personally identifiable, meaning data that can be used to single out specific people.

Verne Rinker, a health information privacy specialist at the Health and Human Services Department's Office for Civil Rights, said, "You hear already the writing on the wall . . .that says we may need to link data sets together," and FDA may need personally identifiable information, so "it's important to have those discussions now."

For example, identifiable information that might help monitor side effects affecting certain populations could include a patient's blood type, unique genetic features or other distinctive biological conditions.

FDA officials say Sentinel now only will analyze large sets of data and will not access individual medical records. With Medicare data, the system will access only de-identified data.

The project, in part, will rely on the success of the administration's efforts to get most doctors to use electronic health records.

"I could see some benefit to having limited ability to trace back information," McClellan said.

Seeking consent from patients whose medical reactions are tracked in the database would not eliminate privacy concerns, said Deven McGraw, director of the health privacy project at the Center for Democracy and Technology, a civil liberties organization. She noted that individuals rarely read consent forms closely before waiving their rights, citing as an example the privacy notices that most primary care doctors make new patients sign.

When "data is presented to [officials] in aggregated form, there is law on the books that already permits this" kind of disclosure, she said. "It gets a little tricky when you start to push on those margins . . . what sort of process will be in place to ensure accountability down the chain?"