MEMORANDUM OF AGREEMENT
THE DEFENSE HEALTH AGENCY
THE UNITED STATES FOOD AND DRUG ADMINISTRATION
DATA SHARING AND INFORMATION COLLABORATION
DHA Agreement #: DHA-2023-S-2440
a) The Food and Drug Administration (FDA) as part of the Department of Health and Human Services, and the Defense Health Agency (DHA) under the authority, direction, and control of the Department of Defense Office of the Assistant Secretary of Defense (Health Affairs), both United States Federal Government entities and hereinafter also referred to as a “Party” or collectively as the “Parties,” agree to collaborate to share information and expertise in furtherance of public health and promotion of safety.
2) Purpose and Goals
a) The purpose of the MOA is to enhance knowledge and efficiency by providing for the sharing of information and expertise between the Parties. The goals of the collaboration are to explore ways to:
i) Further enhance information sharing efforts through more efficient and robust inter-agency activities.
ii) Promote efficient utilization of tools and expertise for product risk identification, validation and analysis.
iii) Collaborate on the development of methodologies that can be used to evaluate the safety, efficacy, and utilization of drugs, biologics, and medical devices, as well as the safety and use of other regulated products.
b) Potential areas and example projects include, but are not limited to:
i) Pandemic response and preparedness. Potential areas and example projects related to pandemic response and preparedness might include:
(1) Utilization of COVID-19 therapeutics approved and under emergency use authorization (EUA).
(2) Patient characteristics in the following groups: patients with positive test for COVID-19, patients with and without virus sequencing data, patients by SARS-COV2 variant type (e.g., Alpha, Delta), patients with and without monoclonal antibody (mAb) treatment after tested positive for COVID-19, and mAb users by SARS-COV2 variant type.
(3) Linkage of SARS-COV2 variants data to patient level electronic health records to evaluate the safety and efficacy of vaccines and therapeutics in patients with a variety of SARS-COV2 variants if such data are available.
(4) Obtain estimates of the incidence of hospitalization after mAb treatments across SARS-COV2 variant types.
c) Biosimilar products. Potential areas and example projects related to biosimilar products might include real world studies to evaluate utilization patterns and health outcomes for biosimilar products.
d) Pregnancy and lactation. Potential areas and example projects related to pregnancy and lactation might include evaluation of maternal tumor necrosis factor inhibitors exposure and pregnancy outcomes.
e) Therapeutics efficacy and safety. Potential areas and example projects related to therapeutics efficacy and safety might include:
i) A comparison of venous thromboembolism rates associated with elagolix containing projects, with chart review for validation of cases.
ii) Using a target trial emulation approach to estimate thrombotic risks in women initiating gonadotropin-releasing hormone antagonists with estrogen/progestin add-back to treat heavy menstrual bleeding due to uterine fibroids.
f) Method development and evaluation. Potential areas and example projects related to method development and evaluation might include a methodologic evaluation of the comparability of the cardiac safety of testosterone replacement therapy, evaluating quality of vital data and results across data sources (clinical trial conducted under a post-marketing requirement, DOD electronic medical records and DOD claims data).
g) Drug utilization. Potential areas and example projects related to drug utilization might include obtaining data on drug utilization, provider characteristics, settings (e.g., Theater), medication errors, and adverse events involving drugs subject to Risk Evaluation and Mitigation Strategies (REMS) or with DoD exemptions from REMS requirements.
3) Authorities and References
a) FDA has authority to enter into this MOA pursuant to sections 1003(b) and (c) of the FD&C Act (21 U.S.C. §§ 393(b) and (c)).
b) DHA has authority to enter into this MOA under Title 10 U.S.C. §1073c.
c) DoD Directive (DoDD) 5136.01, “Assistant Secretary of Defense for Health Affairs (ASD(HA)),” September 30, 2013, as amended.
d) DoDD 5136.13, "Defense Health Agency (DHA)," September 30, 2013, as amended.
e) DoDD 6200.04, “Force Health Protection (FHP),” October 9, 2004, as amended.
f) DoD Instruction (DoDI) 6200.02, “Application of Food and Drug Administration (FDA) Rules to Department of Defense Force Health Protection Programs,” February 27, 2008.
g) DoD Instruction 4000.19, "Support Agreements," December 16, 2020.
h) The Health Insurance Portability and Accountability Act of 1996, Public Law 104-191.
i) DoDI 6025.18, " Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule Compliance in DoD Health Care Programs," March 13, 2019.
j) DoDI 5400.11, “DoD Privacy and Civil Liberties Programs,” January 29, 2019, as amended.
k) Office of the Assistant Secretary of Defense (Health Affairs), “Reporting a Breach as Defined by Health Information Technology for Economic and Clinical Health Act Provisions of the American Recovery and Reinvestment Act of 2009,” April 28, 2010.
l) DoD Regulation 5400.11-R, “Department of Defense Privacy Program.” May 14, 2007.
m) DoD Memorandum (DoDM) 6025.18, “Implementation of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule in DoD Health Care Programs,” March 13, 2019.
n) DoDI 8500.01, “Cybersecurity,” March 14, 2014, as amended.
o) DoDI 8580.02, “Security of Individually Identifiable Health Information in DoD Health Care Programs,” July 12, 2007.
4) Substance of the Agreement
a) Each participating Center or Office will establish a liaison (Liaison) to facilitate the actions carried out under this MOA. A list of liaisons, current as of the implementation of this MOA appears in Appendix A of this document. Any liaison changes should be promptly communicated to all Parties. Replacement liaisons assume the full obligations and responsibilities of their predecessors.
b) The Parties agree to attend an initial meeting to establish the specific procedures and safeguards necessary to implement this MOA. An initial meeting will take place within 60 days of signing of this MOA by both Parties. Periodic and project meetings will be scheduled thereafter.
c) The Parties agree that either Party may decide, in response to a particular request for information from the other Party, to not to share information or expertise, or to limit the scope of information and expertise sharing. A decision not to share information in response to a specific request may be based on several factors, including, for example, the amount of resources necessary to fulfill the request, the reasonableness of the request, the responding Party’s priorities, or legal restrictions. There is, however, agreement to share information to the maximum extent possible in furtherance of the purposes of this MOA.
d) The Parties agree to establish reasonable timelines for responding to information requests and to refer instances of delays to the liaisons for resolution. As stated in Section 4.C. of this MOA, each party retains discretion to share or not share information as resources and other factors permit.
e) The Parties agree to promptly notify each other of any actual or suspected unauthorized disclosure of information shared under this MOA.
f) Each Party shall ensure that its personnel and contractors who manage, use or handle Controlled Unclassified Information (CUI), Protected Health Information (PHI), and Personally Identifiable Information (PII) under that Party’s supervision, successfully complete annual training in security awareness, security policies, Health Information Portability and Accountability Act, Privacy Act, Cyber Awareness, and accepted security practices.
5) General Provisions
a) Safeguarding & Limiting Access to Shared Information:
i) The Parties recognize and acknowledge that all non-public information exchanged between the Parties that contains any of the following types of information must be protected from unauthorized use and disclosure: (1) confidential commercial information, such as the information that would be protected from public disclosure pursuant to Exemption 4 of the Freedom of Information Act (FOIA); (2) personal privacy information, such as the information that would be protected from public disclosure pursuant to Exemption 6 or 7(C) of the FOIA; or (3) information that is otherwise protected from public disclosure by Federal statutes and their implementing regulations (e.g., Trade Secrets Act (18 U.S.C. §1905)), the Privacy Act (5 U.S.C. §552a), other FOIA exemptions not mentioned above (5 U.S.C. §552(b)), the FD&C Act (21 U.S.C. §301 et seq.), the Health Insurance Portability and Accountability Act (HIPAA), P.L. 104-191), Section 319L(e) of the Public Health Service (PHS) Act (42 U.S.C. §247d-7e(e)), and disclosure restrictions subject to 41 U.S.C. §2101-2107 (Procurement Integrity Act) and 48 CFR §3.104 (Federal Acquisition Regulation). Additionally, all federal agencies and contractors supporting them are subject to the Federal Information Security Management Act (FISMA), E-Government Act of 2002 (P.L. 107-347, 116 Stat. 2899, 44 U.S.C. §3541 et seq.). Pursuant to section 30l(j) of the FD&C Act (21 U.S.C. §33l(j)), the FDA will not reveal to DoD representatives information entitled to protection as a trade secret unless there is in place a written authorization from the owner of that information that permits the FDA to reveal such information to representatives of DoD. Such authorization may be obtained by having the owner of that information submit the authorization to the FDA with terms similar to the model authorization in Appendix B.
ii) Each Party will establish proper safeguards to ensure that information shared under this MOA shall be used and disclosed solely in accordance with applicable laws and regulations. Access to such information shared under this MOA shall be restricted to authorized FDA and DoD employees, agents, and officials who require access to perform their official duties in accordance with the uses of information as authorized by this MOU. Such personnel shall be advised of (1) the confidential nature of the information; (2) safeguards required to protect the information; and (3) the administrative, civil, and criminal penalties for noncompliance contained or discussed in applicable Federal laws, regulations, and other materials, including, but not limited to, 45 CFR 164 Subpart E, Privacy of Individually Identifiable Health Information, March 17, 2022, and DoDM 6025.18, "Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule Compliance in DoD Health Care Programs," March 13, 2019, and Privacy Act of 1974, as amended.
iii) Contractors, their subcontractors, and agents requiring access to the information shared under this MOA will be required to sign an agreement by which they will commit to keep the information confidential.
The Parties agree to promptly notify each other of any actual or suspected unauthorized disclosure of information shared under this MOA. Each Party is similarly under an affirmative obligation to report breaches of PII, which might include PHI or Individually Identifiable Health Information (IIHI), under appropriate authorities and time frames, such as FISMA, HIPAA, and the Privacy and Health Information Technology for Economic and Clinical Health (HITECH) Acts. If a breach—as defined in OMB Memorandum M-17-12—occurs or is suspected, the discovering Party shall report such breach to the DHA Privacy Office within 24 hours, at email@example.com or 703-275-6363. Written notification must be made within 24 hours via email using the DD Form 2959 (Breach Report found at the following: https://www.health.mil/Military-Health-Topics/Privacy-and-Civil-Liberties/Breaches-of-PII-and-PHI). In addition, if an information security incident where the confidentiality, integrity, or availability of a federal information system is potentially compromised,
(1) DHA representatives will Report all confirmed and suspected cyber-related breaches involving PII and PHI to the Naval Information Warfare Center Cybersecurity Service Provider (NIWC CSSP) within one hour via email to: firstname.lastname@example.org. Confirmed and suspected cybersecurity incidents are to be reported to NIWC CSSP within 1 hour of discovery. NIWC CSSP will notify USCYBERCOM, as required.
(2) FDA discovering Party will report: attempts to gain unauthorized access to a system or its data, unwanted disruption or denial of service, or abuse or misuse of a system or data in violation of policy to https://www.cisa.gov/forms/report, within 48 hours of discovery of a suspected or confirmed cyber-related incident.
iv) If a Party that has received information shared under this MOA receives a FOIA request for information shared by the other Party pursuant to this MOA, the receiving Party will refer the request to the information-sharing Party for that agency to respond directly to the requestor regarding whether or not the release of the information at issue is permissible. In such cases, the Party making the referral will notify the requestor that a referral has been made and that a response will be issued directly from the other agency.
v) The Parties further agree that nothing in this MOA shall be construed to prevent a disclosure required by law or legal process. Notwithstanding this provision, should information shared pursuant to this MOA be subpoenaed or otherwise ordered through a legal process, the Party to whom the subpoena or order is directed will immediately notify a liaison of the other Party that shared the information to provide an opportunity to seek to intervene and block the disclosure. This MOA does not prohibit disclosure of information that is available publicly or when authorized in writing by the information owner.
vi) The Parties agree that termination of this MOA does not relieve them of their confidentiality obligations established under this MOA, including their obligations to safeguard and limit access to all information provided pursuant to this MOA.
vii) Both parties agree to obtain a DHA Data Sharing Agreement (DSA) or Data Use Agreement (DUA) if contractors or non-government researchers seek to obtain Military Health System (MHS) data, available at https://health.mil/Military-Health-Topics/Privacy-and-Civil-Liberties/Data-Sharing-Agreements, managed by DHA, to perform a government-sponsored initiative. Government personnel conducting research must also obtain a DHA DSA or DUA. These individuals are required to submit a DSA Application (DSAA) or a Prerequisite Checklist (PRC), which must be approved before a DSA or Business Associate (BA) No Action Letter will be executed. The parties shall ensure that the data requestors agree to adhere to the privacy and security requirements of protected health information and personally identifiable information under the HIPAA and the Privacy Act of 1974 in accordance with the following as applicable: DoDM 6025.18, “Implementation of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule in DoD Health Care Programs,” March 13, 2019; DoDI 8580.02, “Security of Individually Identifiable Health Information in DoD Health Care Programs,” August 12, 2015; DoD 8580.02 Health Information Security of July 2007, section C2.10” to “DoDI 8580.02, Security of Individually Identifiable Health Information in DoD Health Care Programs, Enclosure.
6) Conflicts of Interest
a) Executive Order 12674 (as modified in Executive Order 12731), Standards of Ethical Conduct for Employees of the Executive Branch, and individual agencies’ standards of conduct set out ethical obligations applicable to Federal Government employees. Federal law generally prohibits a Federal employee from participating personally and substantially in any particular matter in which the employee has a financial interest (18 U.S.C. §208). The restriction also applies to financial interests of an employee's spouse; minor child; partner; organization in which he or she is serving as officer, director, trustee, partner or employee; and any person or organization with whom the employee is negotiating or has any arrangement concerning prospective employment. Ethics requirements applicable to Federal personnel also broadly prohibit employees from engaging in a financial transaction using nonpublic information and prohibit the improper use of nonpublic information to further his or her own private interest or that of another, whether through advice or recommendation, or by knowing unauthorized disclosure. In addition, HHS Supplemental Standards of Ethical Conduct impose additional conditions, such as unique prohibited-holdings regulations for certain FDA personnel. Likewise, DoD 5500.07-R, "Joint Ethnics Regulation (JER)," August 1993 provides supplemental guidance for DoD personnel and employees.
b) Representatives to any discussion under this MOU must not have a prohibited financial conflict of interest through personal or family investments in an applicant /sponsor/owner of information contained in a master file, or a competitor to the applicant/sponsor/ information-owner, who will be affected by FDA decisions. If at any time prior to or during the performance of activities under this MOA, a person becomes aware that a potential or actual conflict exists, that person must notify the appropriate authorities within his or her own agency, including the designated Liaison(s) listed in this MOA.
7) Integrity of the Regulatory Decision-Making Process
FDA participation is predicated on a mutual understanding that DoD-FDA meetings under this MOA provide a forum for a mutual exchange of opinions and ideas, and that DoD-FDA meetings must avoid any appearance that procurement or investment considerations may influence FDA regulatory decision-making concerning product licensure, clearance, approval or authorization. FDA employees generally will not participate in discussions or decision-making regarding the terms of procurement of or investment in a medical product. FDA representatives may participate in discussions under this MOA to provide FDA's current thinking on scientific or regulatory issues within FDA's areas of responsibility and expertise.
8) Effects on Existing Statues and Regulations
The Parties agree to take actions under this collaboration that are consistent with existing laws and regulations, and nothing in the MOA shall be construed as changing the current requirements under the statutes and regulations administered and enforced by DoD and FDA, including but not limited to: Title 10 of the United States Code, the Public Health Service Act, and the Federal Food, Drug, and Cosmetic Act. Further, nothing contained in this MOA constitutes a mandate or a requirement imposed on FDA or DoD that is additional to the mandates or requirements imposed on DoD or FDA by Federal statutes and regulations. This MOA does not amend or supersede any existing agreements or arrangements between the Partners. This MOA does not create binding, enforceable obligations against any Party or against other Federal Agencies or third -party beneficiaries. This MOA and all associated agreements will be subject to the applicable policies, rules, regulations, and statutes under which FDA and DoD operate.
9) Resource Obligations
a) This MOA represents the broad outline of the Parties’ intent to enter into specific agreements for collaborative efforts in intellectual areas of mutual interest to FDA and DoD. All activities undertaken pursuant to the MOA are subject to the availability of personnel, resources, and funds.
b) This agreement neither documents nor provides for the exchange of funds or manpower between the Parties, nor does it make any commitment of funds or resources. No provision in this MOA will be interpreted to require obligation or payment of funds.
c) Each Party is responsible for all costs of its personnel, including pay and benefits, support, and travel. Each Party is responsible for supervision and management of its personnel.
10) Liaison Officers
As noted in Section 4)A) of this MOA, a list of liaisons, current as of the signing of this MOU appears in Appendix A of this document. Any liaison changes should be promptly communicated to all Parties. Replacement liaisons assume the full obligations and responsibilities of their predecessors.
11) Additional Terms (Termination, Modification, Understanding and Dispute)
a) This MOA will be effective beginning on the day after the last Party signs and remain in effect for ten years unless terminated or superseded. This agreement may be modified or terminated by mutual written consent of the Parties or may be terminated by either Party upon a 60 day advance written notice to the other Party.
b) This agreement is not transferable except with the written consent of the Parties.
c) It is expressly understood and agreed that this agreement embodies the entire understanding between the Parties regarding the agreement's subject matter.
d) Any disputes relating to this MOA will, subject to any applicable law, Executive order, or regulatory guidance, be resolved by consultation between the Parties.
The undersigned are authorized to and hereby agree to the foregoing MOA.
Approved and Accepted for the Food and Drug Administration
Robert M. Califf, MD
Commissioner of Food and Drugs
Approved and Accepted for the Defense Health Agency
Dr. Brian Lein
Assistant Director, Health Care Administration
Mid-Point Review Due Date: _______________
Mid-Point Review completed by: _____________________________
For the Food and Drug Administration:
Wei Hua, Associate Director of the Division of Epidemiology
Center for Drug Evaluation and Research (CDER)
Office of Surveillance and Epidemiology (OSE)
10903 New Hampshire Avenue
Building 22, Room 2414
PHONE: (240) 402-8658
BACK-UP EMAIL: email@example.com
For the Department of Defense:
Chief, Patient Safety Program
Clinical Quality Management
Medical Affairs, Clinical Support Division
Assistant Director for Healthcare Administration
Julia F. Gannon
Patient Safety Operations Lead,
Deputy, Patient Safety Program
Clinical Quality Management
Medical Affairs/Clinical Support Division
Assistant Director Healthcare Administration
Defense Health Agency
Office: (703) 681-5885
Cell: (303) 378-2093
PROCESSS FOR INFORMATION SHARING
When, under the current MOAs, staff at the FDA, or the DoD request from the other agency information that may contain confidential material, the request should be in writing, which includes an informal email, and need only identify the subject for which information is requested. Although a more specific description of the information asked for may be helpful, it would not be required for purposes of making a request. However, the following language should be included in the request:
"Information that is shared under this request will be under the 2021 FDA--DoD Memorandum of Understanding to Share Information. We agree not to disclose any shared information in any manner without your written permission." With the inclusion of this statement, requestors would not have to use a particular format or include other pre-specified text.
A response to a request should also be in writing, but it, too, can be an informal email that acknowledges transmission of information in response to the request. Although identifying each piece of information/document provided may be helpful, it would not be required for purposes of responding to a request. However, the following language should be included in the response:
"Pursuant to the 2021 FDA--DoD Memorandum of Understanding to Share Information this communication may contain privileged and/or confidential information exempt from public disclosure. It may not be disclosed or shared in any manner without express written consent." With the inclusion of this statement, responders would not have to use a particular format or include other pre-specified text.