Data privacy and security are important to the FDA and Sentinel Collaborating Institutions. We adhere to federal and state privacy-related laws and regulations.
The Sentinel System is a partnership of health care organizations. We answer FDA's safety questions with medical billing information and electronic health records.
The Sentinel Operations Center (SOC) sends computer programs called queries to each organization. As an example, a query counts the number of people exposed to a medication who had a particular outcome. Then, each organization can choose whether to return the query results to the SOC.
Transfer of summary information uses one of the following connections:
- Hypertext Transfer Protocol (HTTP)
- Secure Sockets Layer (SSL)
- Transport Layer Security (TLS)
This method allows the SOC to transfer queries and results in a secure way. Individual information that directly identifies patients is not shared. This includes names, addresses, and phone numbers.
The Sentinel System has policies and procedures to ensure data security. There is an annual policy assessment to ensure compliance.
The Sentinel System adheres to the Federal Information Security Management Act of 2002 (FISMA). FISMA compliance requires many security policies and procedures.
- Physical access controls and 24/7 monitoring of data center access points
- Clear separation of operational responsibilities
- Active intrusion detection
- Secure firewalls
- Regular scanning for points of potential vulnerability
- Encryption of all data held within the data center
- Encryption of data when transmitted to a browser or other computer system
- Stringent password standards and forced password expiration dates
- Logging of all network and database activity, with regular reviews of the logs
FDA and the Sentinel System continuously monitor possible security issues. We also continue to improve the rigorous security controls already in place.
Want to read more on privacy and security?