Authority of the Food and Drug Administration to Require Data Access and Control Use Rights in the Sentinel Data Network

摘要

The Food and Drug Administration Amendments Act of 2007 (FDAAA) authorized creation of a 100-million-person health data network, known as the postmarket risk identification and analysis system or Sentinel network.This article examines whether the Foodand Drug Administration (FDA) has authority under FDAAA to require private healthcare data environments—such as insurers, healthcare providers, pharmacists, and other entities that hold data in administrative and clinical databases—to make data available for inclusion in this network. The matter is in dispute following the May, 2009 publication of a report on Sentinel network governance (Report). The Report, which was prepared by one of FDA's private contractors rather than by the agency itself, asserted that participation of healthcare data environments in FDA's effort develop the Sentinel network is strictly voluntary and that FDA lacks authority to require them to participate. The agency itself has seemed tentative about its authority and has indicated it intends to develop Sentinel through voluntary arrangements with entities that possess relevant data.9 This article describes the legal framework for Sentinel network data access and use rights. Section II examines the scope and the limits of FDA's authority to require private data environments to make data available for inclusion in the network. Section III examines the related question of use rights: Once the Sentinel network is built, who—FDA or the data environments—has authority to control who may use it?