On Tuesday, Senate Judiciary Committee ranking member Chuck Grassley (R-Iowa) sent a letter asking FDA Commissioner Margaret Hamburg to explain why her agency did not tell a contractor that the 80,000 pages of communications that the firm posted online contained sensitive and personally identifiable data, the Washington Post reports (Rein, Washington Post, 7/24).
Background
In January, six current and former FDA scientists and physicians filed a lawsuit alleging that FDA monitored their personal email after they warned congressional staffers that the agency approved medical devices that might pose risks to patients.
According to government documents gathered by the plaintiffs, FDA started intercepting personal emails between several of its employees and congressional staffers in January 2009 and continued the surveillance for two years, generating 80,000 pages of documents.
In an earlier letter to Hamburg, Grassley questioned how Quality Associates -- the external contractor that FDA hired to print and disseminate the documents generated by the surveillance program -- was able to post the documents on a public file transfer website for several months before they were taken down. FDA said it is investigating the data breach (iHealthBeat, 7/17).
FDA's Response
FDA officials said Quality Associates did not receive instructions to post any of the surveillance data on the Internet.
However, FDA did acknowledge that Quality Associates received an incorrectly filled out purchase order for the data. FDA claimed HHS was at fault for the incorrect purchase order.
Quality Associates' Response
Scott Swidersky, CEO of Quality Associates, said his firm's role in the situation was "very, very limited," adding that the firm does not look at the content of the data that it is hired to archive.
He said, "In the case of the FDA, if they're not informing us otherwise, then we're simply moving the data along" to be archived on a website that is publicly available (Washington Post, 7/24).