U.S. flag An official website of the United States government

U.S. Food and Drug Administration
  1. Home
  2. Regulatory Information
  3. Freedom of Information
  4. Privacy Act
  5. 09-10-0010 Bioresearch Monitoring Information System, HHS/FDA
  1. Privacy Act

09-10-0010 Bioresearch Monitoring Information System, HHS/FDA

System Name

Bioresearch Monitoring Information System, HHS/FDA.

Security Classification

None.

System Locations

Center for Biologics Evaluation and Research, Office of Compliance and Biologics Quality, Bioresearch Monitoring Team (refer to http://www.fda.gov for address specifics).

Center for Devices and Radiological Health, Office of Compliance, Division of Bioresearch Monitoring (refer to http://www.fda.gov for address specifics).

Center for Drug Evaluation and Research, Office of Compliance, Division of Scientific Investigations (refer to http://www.fda.gov for address specifics).

Center for Food Safety and Applied Nutrition, Office of Food Additive Safety, (refer to http://www.fda.gov for address specifics).

Office of Regulatory Affairs, Office of Enforcement (refer to http://www.fda.gov for address specifics), and Regional Field Offices (refer to http://www.fda.gov for address specifics).

Center for Tobacco Products (refer to http://www.fda.gov for address specifics).

Center for Veterinary Medicine, Division of Compliance, Bioresearch Monitoring Program (refer to http://www.fda.gov for address specifics).

Office of Good Clinical Practice, Office of the Commissioner (refer to http://www.fda.gov for address specifics).

Categories of Individuals Covered by the System

This notice applies to clinical investigators who are conducting, or have conducted, clinical investigations of products regulated by FDA.

Categories of Records in the System

This system includes records, regardless of format (e.g., electronic, hard copy, scanned), pertaining to clinical investigators who conduct research of products regulated by FDA, for example a clinical investigation that supports an application for a research or marketing permit for an FDA-regulated product. Records contain name, education, professional qualifications and background, and information on studies conducted. Records that contain information about certain financial arrangements with or interests in study sponsors may also be included in this system.

This system also contains records created or collected during inspections or investigations of clinical investigators for possible violations of statutes or regulations governing clinical investigations of FDA-regulated products.

Authority for Maintenance of the System

The authorities for maintaining this system are: Section 505(i) of the Federal Food, Drug, and Cosmetic Act (FD&C Act) (21 U.S.C. 355(i)(3)), 21 CFR part 312; Section 520(g) of the FD&C Act (21 U.S.C. 360j), 21 CFR part 812; Sections 512(j) and (l)(1) of the FD&C Act (21 U.S.C. 360b(j) and (l)(1)), 21 CFR part 511; Sections 409 and 721 of the FD&C Act (21 U.S.C. 348 and 379e), 21 CFR part 71, 21 CFR part 171; Section 412 of the FD&C Act (21 U.S.C. 350a); Section 910 of the FD&C Act (21 U.S.C. 387j); Section 351 of the Public Health Service Act (42 U.S.C. 262).

Purposes

The purposes of this system are to:

  • Support regulatory or procedural controls to ensure that clinical investigators meet requirements of the relevant statutes and regulations governing clinical investigations of FDA-regulated products.
  • Support the effective performance of activities necessary for the conduct of the FDA’s bioresearch monitoring program.

Routine Uses of Records Maintained in the System, Including Categories of Users and the Purposes of Such Uses: 1

The Privacy Act lists the conditions of disclosure under 5 U.S.C. 552a(b). Among the permitted disclosures is, ‘‘to those officers and employees of the Agency which maintains the record who have a need for the record in the performance of their duties’’ (5 U.S.C. 552a(b)(1)). For this system of records, this would include disclosure to appropriate FDA and Department of Health and Human Services (HHS) employees.

Permitted disclosures also include routine uses that are listed in the notice of the system of records. (See 5 U.S.C. 552a(b)(3)). The Privacy Act defines ‘‘routine use’’ as ‘‘with respect to the disclosure of a record, the use of such record for a purpose which is compatible with the purpose for which it was collected’’ (5 U.S.C. 552a(a)(7)). See also FDA’s Privacy Act Record Systems regulations, defining ‘‘routine use’’ as, ‘‘use outside the Department of Health and Human Services that is compatible with the purpose for which the records were collected and described in the [System of Records] notice * * *.’’ (21 CFR 21.20(b)(5)).

The routine uses for this system of records are listed in the following numbered items.

1. Disclosure may be made to Federal, State, and local Agencies; government institutions; state licensing authorities; foreign governments/Agencies; international organizations; and non- governmental regulatory bodies of a foreign country. Such disclosure must be relevant to that entity’s oversight, investigative, regulatory, licensing, or enforcement responsibilities for clinical investigations and/or clinical investigators. This includes referrals for investigation and possible enforcement action to the U.S. Department of Justice and other appropriate Agencies, authorities, and organizations.

2. Disclosure may be made to sponsors, institutional review boards, and other non-government entities if the information disclosed is relevant to the receiving entity’s responsibility for the initiation, oversight, monitoring, compliance, or other regulatory requirement associated with the conduct of clinical investigations and/or oversight of clinical investigators.

3. Disclosure may be made to an individual research subject of information obtained or developed through a research misconduct proceeding if, in FDA’s judgment, the information may have implications for that subject’s rights, safety, or welfare, or participation in a research study.

4. Disclosure may be made to the public of information related to a clinical investigator’s financial arrangements with or interest in a study sponsor, to the extent disclosure is not an unwarranted invasion of personal privacy or is not otherwise protected from disclosure under FDA’s regulations or applicable statutes. Examples of the financial arrangements that FDA may disclose include but are not limited to outcome payments (i.e., where the payment to the clinical investigator is dependent on the outcome of the study) and proprietary interests (e.g., where the clinical investigator holds a patent).

5. Disclosure may be made to the public of regulatory information and/or correspondence, including untitled letters, Notice of Initiation of Disqualification Proceedings and Opportunity to Explain (NIDPOE) letters, Notice of Opportunity for Hearing (NOOH) letters, and warning letters issued to clinical investigators, and summary information from inspections of clinical investigators, to the extent disclosure is not an unwarranted invasion of personal privacy or is not otherwise protected from disclosure under FDA’s regulations or applicable statutes.

6. Disclosure may be made to persons who require access to the records to perform services for FDA, for example, persons appointed to serve on FDA research misconduct inquiry committees or investigative committees, and FDA contractors, if such persons need access to the records to perform their assigned task. Provided, however, in each case FDA determines whether limitations on disclosures or confidentiality agreements are needed to protect the privacy of respondents, complainants, witnesses, research subjects or others who may be identified in the records to be disclosed; and FDA determines that the disclosure is for a purpose compatible with the purpose for which FDA collected the records.

7. Disclosure may be made to appropriate Federal Agencies and HHS contractors that have a need to know the information for the purpose of assisting the Department’s efforts to respond to a suspected or confirmed breach of the security or confidentiality of information maintained in this system of records, and the information disclosed is relevant and necessary for that assistance.

8. Disclosure may be made to the U.S. Department of Justice (DOJ) when: (a) the Agency or any component thereof; or (b) any employee of the Agency in his or her official capacity; or (c) any employee of the Agency in his or her individual capacity where the DOJ has agreed to represent the employee; or (d) the United States Government, is a party to litigation or has an interest in such litigation and, by careful review, the Agency determines that the records are both relevant and necessary to the litigation and the use of such records by the DOJ is therefore deemed by the Agency to be for a purpose that is compatible with the purpose for which the Agency collected the records.

9. Disclosure may be made to a court or other tribunal, when: (a) The Agency or any component thereof; or (b) any employee of the Agency in his or her official capacity; or (c) any employee of the Agency in his or her individual capacity where the DOJ has agreed to represent the employee; or (d) the United States Government, is a party to the proceeding or has an interest in such proceeding and, by careful review, the Agency determines that the records are both relevant and necessary to the proceeding and the use of such records is therefore deemed by the Agency to be for a purpose that is compatible with the purpose for which the Agency collected the records.

10. Disclosure may be made to the National Archives and Records Administration and/or the General Services Administration for the purpose of records management inspections conducted under authority of 44 U.S.C. 2904 and 2906.

11. Disclosure may be made to contractors and other persons who perform services for the agency related to this system of records and who need access to the records to perform those services. Recipients shall be required to comply with the requirements of the Privacy Act of 1974, as amended, 5 U.S.C. 552a.

12. When a record on its face, or in conjunction with other records, indicates a violation or potential violation of law, whether civil, criminal, or regulatory in nature, disclosure may be made to the appropriate public authority, whether federal, foreign, state, local, or tribal, or otherwise, responsible for enforcing, investigating or prosecuting such violation, if the information disclosed is relevant to the responsibilities of the agency or public authority.

13. In the event HHS/FDA deems it desirable or necessary, in determining whether particular records are required to be disclosed under the Freedom of Information Act, disclosure may be made to the Department of Justice for the purpose of obtaining its advice.

Policies and Practices for Storing, Retrieving, Accessing, Retaining, and Disposing of Records in the System

Storage:

Files may be maintained in various formats including hard copy paper in manual files, microfilm, magnetic disk or tape, computer disks, hard drives and file servers and other types of data storage devices.

Retrievability:

Records may be indexed by name or code number, but can be retrieved by manual or computer search of the case- tracking system using the name of the individual.

Safeguards:

  1. Authorized users: Records in FDA’s system are available to the Commissioner of Food and Drugs, FDA’s System Managers, and to other appropriate FDA and HHS officials when there is a need to know in the performance of their duties. All authorized users are informed that the records are confidential and are not to be further disclosed.
  2. Procedural safeguards: Access is strictly controlled by FDA’s System Managers in compliance with the Privacy Act and this system notice. Access to the records is limited to ensure confidentiality. All questions and inquiries from any party should be addressed to FDA’s Office of Good Clinical Practice.
  3. Physical safeguards: All records (such as diskettes, computer listings, or documents) are kept in a secured area, locked rooms, and locked building. The facility has a 24-hour guard service, and access to the building is further controlled by an operational card key system. Access to the files, which are generally hard copy, are limited to a subset of persons with general access to the building. Access to individual offices is controlled by simplex locks. Records are kept in locked file cabinets in a room that is locked during non-working hours. Access to this room is restricted to specific personnel. Access to computer files is strictly limited through passwords and user-invisible encryption. Special measures commensurate with the sensitivity of the record are taken to prevent unauthorized copying or disclosure of the records.

Retention and Disposal:

The records are maintained in accordance with FDA’s Records Control Schedule, applicable General Records Schedule (accessions), and disposition schedule approved by the National Archives and Records Administration (cases).

System Managers and Addresses:

Division of Inspections and Surveillance, Center for Biologics Evaluation and Research, Office of Compliance and Biologics Quality (refer to http://www.fda.gov for address specifics).

Division of Bioresearch Monitoring, Center for Devices and Radiological Health, Office of Compliance (refer to http://www.fda.gov for address specifics).

Division of Scientific Investigations, Center for Drug Evaluation and Research, Office of Compliance (refer to http://www.fda.gov for address specifics).

Office of Food Additive Safety, Center for Food Safety and Applied Nutrition (refer to http://www.fda.gov for address specifics).

Office of Enforcement, Office of Regulatory Affairs, and Regional Field Offices (refer to http://www.fda.gov for address specifics).

Center for Tobacco Products (refer to http://www.fda.gov for address specifics).

Division of Compliance, Center for Veterinary Medicine, Bioresearch Monitoring Program (refer to http://www.fda.gov for address specifics).

Office of Good Clinical Practice, Office of the Commissioner (refer to http://www.fda.gov for address specifics).

Notification Procedures:

In accordance with 21 CFR part 21 subpart D, an individual may submit a request to the FDA Privacy Act Coordinator, with a notarized signature, to confirm whether records exist about that individual. Requests should be directed to the FDA Privacy Act Coordinator (refer to http://www.fda.gov for the address specifics). Investigative records are exempt from this provision (see the following sentences: Records Exempted from Certain Provisions of the Act). In addition, some records may be exempt under 5 U.S.C. 552a(d)(5), if they are "compiled in reasonable anticipation of a civil action or proceeding." See also 21 CFR 21.41. Requests may be mailed to the FDA Privacy Act Coordinator (refer to http://www.fda.gov for the address specifics).

Record Access Procedures:

Same as notification procedures. Requesters should specify the record contents being sought. Access to record systems which have been granted an exemption from the Privacy Act access requirement may be made at the discretion of the system manager. If access is denied to requested records, an appeal may be made to the FDA Commissioner. A request can also be made for an accounting of disclosures that have been made of a record, if any.

Contesting Record Procedures:

In accordance with 21 CFR 21.50, contact the FDA Privacy Act Coordinator (refer to http://www.fda.gov), and reasonably identify the record, specify the information being contested, the corrective action sought, and your reasons for requesting the correction, along with supporting information to show how the record is inaccurate, incomplete, untimely, or irrelevant. As stated previously, investigative records are exempt from this provision (see the following paragraphs of this document: Records Exempted from Certain Provisions of the Act). In addition, some records may be exempt under 5 U.S.C. 552a(d)(5) if they are "compiled in reasonable anticipation of a civil action or proceeding."

Record Source Categories:

Individual on whom the record is maintained. Some material is obtained from third parties (e.g., a study sponsor, publication, or institutional review board), or is developed by FDA.

Records Exempted From Certain Provisions of the Act:

Investigatory records compiled for law enforcement purposes in this system are exempt from the notification, access, correction and amendment provisions of the Privacy Act (21 CFR 21.61).

Note: FDA published a Privacy Act System of Records Notice for this system in the Federal Register, Vol. 77, No. 5, Monday, January 9, 2012 (pages 1073-1076). The publication is available online at http://www.gpo.gov/fdsys/pkg/FR-2012-01-09/pdf/2012-114.pdf.

Federal Register notices regarding the exemptions for this system are available online: Notice of Proposed Rulemaking and Final Rule.

Related Resources:

1In a June 27, 2014 Federal Register Notice FDA added certain standard routine uses to this and other FDA SORNs. The Federal Register Notice of this action describes the routine uses in more detail and is available online at http://www.gpo.gov/fdsys/pkg/FR-2014-06-27/pdf/2014-15022.pdf. The routine uses added to this SORN appear as routine uses number 10 through 13 below.

 
Back to Top