• Decrease font size
  • Return font size to normal
  • Increase font size
U.S. Department of Health and Human Services

Regulatory Information

  • Print
  • Share
  • E-mail

Section Contents Menu

Freedom of Information

09-10-0010 Bioresearch Monitoring Information System, HHS/FDA

System Name

Bioresearch Monitoring Information System, HHS/FDA.

Security Classification

None.

System Locations

Center for Biologics Evaluation and Research, Office of Compliance and Biologics Quality, Bioresearch Monitoring Team (refer to http://www.fda.gov for address specifics).

Center for Devices and Radiological Health, Office of Compliance, Division of Bioresearch Monitoring (refer to http://www.fda.gov for address specifics).

Center for Drug Evaluation and Research, Office of Compliance, Division of Scientific Investigations (refer to http://www.fda.gov for address specifics).

Center for Food Safety and Applied Nutrition, Office of Food Additive Safety, (refer to http://www.fda.gov for address specifics).

Office of Regulatory Affairs, Office of Enforcement (refer to http://www.fda.gov for address specifics), and Regional Field Offices (refer to http://www.fda.gov for address specifics).

Center for Tobacco Products (refer to http://www.fda.gov for address specifics).

Center for Veterinary Medicine, Division of Compliance, Bioresearch Monitoring Program (refer to http://www.fda.gov for address specifics).

Office of Good Clinical Practice, Office of the Commissioner (refer to http://www.fda.gov for address specifics).

Categories of Individuals Covered by the System

This notice applies to clinical investigators who are conducting, or have conducted, clinical investigations of products regulated by FDA.

Categories of Records in the System

This system includes records, regardless of format (e.g., electronic, hard copy, scanned), pertaining to clinical investigators who conduct research of products regulated by FDA, for example a clinical investigation that supports an application for a research or marketing permit for an FDA-regulated product. Records contain name, education, professional qualifications and background, and information on studies conducted. Records that contain information about certain financial arrangements with or interests in study sponsors may also be included in this system.

This system also contains records created or collected during inspections or investigations of clinical investigators for possible violations of statutes or regulations governing clinical investigations of FDA-regulated products.  

Authority for Maintenance of the System

The authorities for maintaining this system are: Section 505(i) of the Federal Food,  Drug, and  Cosmetic Act (FD&C Act) (21 U.S.C. 355(i)(3)),  21 CFR part 312; Section 520(g) of the FD&C Act (21 U.S.C. 360j), 21 CFR part  812; Sections 512(j) and  (l)(1) of the FD&C Act (21 U.S.C. 360b(j) and  (l)(1)), 21 CFR part 511; Sections 409 and  721 of the FD&C Act (21 U.S.C. 348 and  379e), 21 CFR part  71, 21 CFR part  171; Section 412 of the FD&C Act (21 U.S.C. 350a); Section 910 of the FD&C Act (21 U.S.C. 387j); Section 351 of the Public Health Service Act (42 U.S.C. 262).

Purposes

The purposes of this system are to:

  1. Support regulatory or procedural controls to ensure that clinical investigators meet requirements of the relevant statutes and regulations governing clinical investigations of FDA-regulated products.
  2. Support the effective performance of activities necessary for the conduct of the FDA’s bioresearch monitoring program.

 

Routine Uses of Records Maintained in the System, Inclufing Categories of Users and the Purposes of Such Uses

The Privacy Act lists the conditions of disclosure under 5 U.S.C. 552a(b). Among the permitted disclosures is, ‘‘to those officers and employees of the Agency which maintains the record who have a need for the record in the performance of their duties’’ (5 U.S.C. 552a(b)(1)). For this system of records, this would include disclosure to appropriate FDA and Department of Health and Human Services (HHS) employees.

Permitted disclosures also include routine uses that are listed in the notice of the system of records. (See 5 U.S.C. 552a(b)(3)). The Privacy Act defines ‘‘routine use’’ as ‘‘with respect to the disclosure of a record, the use of such record for a purpose which is compatible with the purpose for which it was collected’’ (5 U.S.C. 552a(a)(7)). See also FDA’s Privacy Act Record Systems regulations, defining ‘‘routine use’’ as, ‘‘use outside the Department of Health and  Human Services that  is compatible with the purpose for which the records were  collected and described in the [System of Records] notice *   *  *.’’ (21 CFR 21.20(b)(5)).

The routine uses for this system of records are listed in the following numbered items.

  1. Disclosure may be made to Federal, State, and local Agencies; government institutions; state licensing authorities; foreign governments/Agencies; international organizations; and non- governmental regulatory bodies of a foreign country. Such disclosure must be relevant to that entity’s oversight, investigative, regulatory, licensing, or enforcement responsibilities for clinical investigations and/or clinical investigators. This includes referrals for investigation and possible enforcement action to the U.S. Department of Justice and other appropriate Agencies, authorities, and organizations.
  2. Disclosure may be made to sponsors, institutional review boards, and other non-government entities if the information disclosed is relevant to the receiving entity’s responsibility for the initiation, oversight, monitoring, compliance, or other regulatory requirement associated with the conduct of clinical investigations and/or oversight of clinical investigators.
  3. Disclosure may be made to an individual research subject of information obtained or developed through a research misconduct proceeding if, in FDA’s judgment, the information may have implications for that subject’s rights, safety, or welfare, or participation in a research study.
  4. Disclosure may be made to the public of information related to a clinical investigator’s financial arrangements with or interest in a study sponsor, to the extent disclosure is not an unwarranted invasion of personal privacy or is not otherwise protected from disclosure under FDA’s regulations or applicable statutes. Examples of the financial arrangements that FDA may disclose include but are not limited to outcome payments (i.e., where the payment to the clinical investigator is dependent on the outcome of the study) and proprietary interests (e.g., where the clinical investigator holds a patent).
  5. Disclosure may be made to the public of regulatory information and/or correspondence, including untitled letters, Notice of Initiation of Disqualification Proceedings and Opportunity to Explain (NIDPOE) letters, Notice of Opportunity for Hearing (NOOH) letters, and warning letters issued to clinical investigators, and  summary information from inspections of clinical investigators, to the extent disclosure is not an unwarranted invasion of personal privacy or is not otherwise protected from disclosure under FDA’s regulations or applicable statutes.
  6. Disclosure may be made to persons who require access to the records to perform services for FDA, for example, persons appointed to serve on FDA research misconduct inquiry committees or investigative committees, and FDA contractors, if such persons need access to the records to perform their assigned task.  Provided, however, in each  case FDA determines whether limitations on disclosures or confidentiality agreements are needed to protect the privacy of respondents, complainants, witnesses, research subjects or others who  may be identified in the records to be disclosed; and  FDA determines that  the disclosure is for a purpose compatible with the purpose for which FDA collected the records.
  7. Disclosure may be made to appropriate Federal Agencies and HHS contractors that have a need to know the information for the purpose of assisting the Department’s efforts to respond to a suspected or confirmed breach of the security or confidentiality of information maintained in this  system of records, and  the information disclosed is relevant and  necessary for that  assistance.
  8. Disclosure may be made to the U.S. Department of Justice (DOJ) when: (a) the Agency or any component thereof; or (b) any employee of the Agency in his or her official capacity; or (c) any employee of the Agency in his or her individual capacity where the DOJ has agreed to represent the employee; or (d) the United States Government, is a party to litigation or has an interest in such litigation and, by careful review, the Agency determines that  the records are both  relevant and  necessary to the litigation and  the use of such records by the DOJ is therefore deemed by the Agency to be for a purpose that  is compatible with the purpose for which the Agency collected the records.
  9. Disclosure may be made to a court or other tribunal, when: (a) The Agency or any component thereof; or (b) any employee of the Agency in his or her official capacity; or (c) any employee of the Agency in his or her individual capacity where the DOJ has agreed to represent the employee; or (d) the United States Government, is a party to the proceeding or has an interest in such proceeding and, by careful review, the Agency determines that  the records are both  relevant and  necessary to the proceeding and  the use of such records is therefore deemed by the Agency to be for a purpose that  is compatible with the purpose for which the Agency collected the records.

 

Policies and Practices for Storing, Retrieving, Accessing, Retaining, and Disposing of Records in the System

Storage:

Files may be maintained in various formats including hard copy paper in manual files, microfilm, magnetic disk or tape, computer disks, hard drives and file servers and other types of data storage devices.

Retrievability:

Records may be indexed by name or code number, but can be retrieved by manual or computer search of the case- tracking system using the name of the individual.

Safeguards:

  1. Authorized users: Records in FDA’s system are available to the Commissioner of Food and Drugs, FDA’s System Managers, and to other appropriate FDA and HHS officials when there is a need to know in the performance of their duties. All authorized users are informed that the records are confidential and are not to be further disclosed.
  2. Procedural safeguards: Access is strictly controlled by FDA’s System Managers in compliance with the Privacy Act and this system notice. Access to the records is limited to ensure confidentiality. All questions and inquiries from any party should be addressed to FDA’s Office of Good Clinical Practice.
  3. Physical safeguards:  All records (such as diskettes, computer listings, or documents) are kept in a secured area, locked rooms, and locked building. The facility has a 24-hour guard service, and access to the building is further controlled by an operational card key system. Access to the files, which are generally hard copy, are limited to a subset of persons with general access to the building. Access to individual offices is controlled by simplex locks.  Records are kept in locked file cabinets in a room that is locked during non-working hours.  Access to this room is restricted to specific personnel. Access to computer files is strictly limited through passwords and user-invisible encryption. Special measures commensurate with the sensitivity of the record are taken to prevent unauthorized copying or disclosure of the records.

Retention and Disposal:

The records are maintained in accordance with FDA’s Records Control Schedule, applicable General Records Schedule (accessions), and disposition schedule approved by the National Archives and Records Administration (cases).

System Managers and Addresses:

Division of Inspections and Surveillance, Center for Biologics Evaluation and Research, Office of Compliance and Biologics Quality (refer to http://www.fda.gov for address specifics).

Division of Bioresearch Monitoring, Center for Devices and Radiological Health, Office of Compliance (refer to http://www.fda.gov for address specifics).

Division of Scientific Investigations, Center for Drug Evaluation and Research, Office of Compliance (refer to http://www.fda.gov for address specifics).

Office of Food Additive Safety, Center for Food Safety and Applied Nutrition (refer to http://www.fda.gov for address specifics).

Office of Enforcement, Office of Regulatory Affairs, and Regional Field Offices (refer to http://www.fda.gov for address specifics).

Center for Tobacco Products (refer to http://www.fda.gov for address specifics).

Division of Compliance, Center for Veterinary Medicine, Bioresearch Monitoring Program (refer to http://www.fda.gov for address specifics).

Office of Good Clinical Practice, Office of the Commissioner (refer to http://www.fda.gov for address specifics).

Notification Procedures:

In accordance with 21 CFR part 21 subpart D, an individual may submit a request to the FDA Privacy Act Coordinator, with a notarized signature, to confirm whether records exist about that individual. Requests should be directed to the FDA Privacy Act Coordinator (refer to http://www.fda.gov for the address specifics). Investigative records are exempt from this provision (see the following sentences: Records Exempted from Certain Provisions of the Act). In addition, some records may be exempt under 5 U.S.C. 552a(d)(5), if they are "compiled in reasonable anticipation of a civil action or proceeding." See also 21 CFR 21.41.  Requests may be mailed to the FDA Privacy Act Coordinator (refer to http://www.fda.gov for the address specifics).

Record Access Procedures:

Same as notification procedures.  Requesters should specify the record contents being sought. Access to record systems which have been granted an exemption from the Privacy Act access requirement may be made at the discretion of the system manager. If access is denied to requested records, an appeal may be made to the FDA Commissioner. A request can also be made for an accounting of disclosures that have been made of a record, if any.

Contesting Record Procedures:

In accordance with 21 CFR 21.50, contact the FDA Privacy Act Coordinator (refer to http://www.fda.gov), and  reasonably identify the record, specify the information being contested, the corrective action sought, and  your  reasons for requesting the correction, along  with supporting information to show how  the record is inaccurate, incomplete, untimely, or irrelevant. As stated previously, investigative records are exempt from this provision (see the following paragraphs of this document: Records Exempted from Certain Provisions of the Act). In addition, some records may be exempt under 5 U.S.C. 552a(d)(5) if they are "compiled in reasonable anticipation of a civil action or proceeding."

Record Source Categories:

Individual on whom the record is maintained. Some material is obtained from third parties (e.g., a study sponsor, publication, or institutional review board), or is developed by FDA.

Records Exempted From Certain Provisions of the Act:

Investigatory records compiled for law enforcement purposes in this system are exempt from the notification, access, correction and  amendment provisions of the Privacy Act (21 CFR 21.61).


Note: FDA published a Privacy Act System of Records Notice for this system in the Federal Register, Vol. 77, No. 5, Monday, January 9, 2012 (pages 1073-1076). The publication is available online at http://www.gpo.gov/fdsys/pkg/FR-2012-01-09/pdf/2012-114.pdf

Related Resources: