The Collaborating Institutions, the SOC, and the FDA are each responsible for the stewardship of Sentinel data in their possession. The Infrastructure Division and Data Core lead all activities related to the Sentinel Distributed Database.
Sentinel Distributed Data Approach and Common Data Model
Distributed Data Approach
Sentinel uses a distributed data approach in which Data Partners maintain physical and operational control over their electronic health data in their existing environments, i.e., behind their respective firewalls. Data Partners execute standardized data queries distributed by the SOC and then share the output of these queries, typically in summary form, with the SOC.
Sentinel Common Data Model
The SCDM is a data structure that standardizes administrative and clinical information across Data Partners. Data Partners maintain and provide access to data in SCDM format. The SCDM makes it possible to execute standardized programs developed by the SOC in collaboration with the Data Partners. The SCDM relies on existing standardized coding schema (e.g., ICD-9-CM, ICD-10-CM, HCPCS/CPT, and NDC) to minimize the need for ontologic mapping and enable interoperability with appropriate evolving healthcare coding standards and is compatible with other common data models using the same data types. The Infrastructure Division and Data Core coordinate and facilitate active participation by the Data Partners in the creation, implementation, updating, maintenance, enhancement, and use of the SCDM. The Infrastructure Division and Data Core work closely with the Methods and Applied Surveillance Cores and project workgroups to ensure that members fully understand the characteristics of the data and that the SCDM is designed to meet their needs. Data Partners provide knowledge and expertise to ensure appropriate use and interpretation of data in SCDM format.
Expansion of the Common Data Model
The SOC, in collaboration with FDA, may work with Data Partners to incorporate other data sources and new data elements into the SCDM. These additional data sources may represent “original source data” or “external source data,” as necessary.
Original Source Data
Data Partners possess several types of data acquired through their normal activities (referred to herein as “original source data”), including administrative claims data, outpatient and inpatient electronic health records (EHRs), demographic information, outpatient pharmacy dispensings, and registry data. Data Partners retain stewardship and possession of both original source data and data transformed into SCDM format. Data Partners manage and store the data in accordance with their own institutional policies.
External Source Data
As necessary, Data Partners may be asked to collect information from sources other than their own institution (referred to herein as “external source data”) for purposes such as identifying or confirming exposures or outcomes of interest. Healthcare data registries for particular diseases, medical procedures, or devices are one type of potential external sources. Data Partners must clearly differentiate external source data from the Data Partner’s original source data and SCDM-formatted data. Data Partners must limit access to external source data collected for Sentinel purposes to authorized individuals engaged in related Sentinel activities. Data transfer from external sources to Data Partners is done in keeping with customary standards of secure file sharing.
Sentinel Operations Center Data
In response to specific queries, Data Partners do not share direct patient identifiers with the SOC and adhere to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) minimum necessary standard.1 Data are provided by Data Partners in summary, i.e., aggregate, form, unless there is a specific need for person-level information. Such person-level information might include, for example, information (stripped of direct patient identifiers) regarding individuals who received specific vaccines on specific dates when such information is required to respond to a particular FDA query. The SOC typically shares summary results with FDA at the individual Data Partner level and aggregated across all Data Partners. Under most circumstances, Data Partners are not identified when information is provided to the FDA or project workgroups. Access to the non-summarized data is limited to authorized individuals within the SOC or others authorized by the SOC to act on its behalf, such as outside individuals participating in workgroups related to task orders. Data transfer between Data Partners and the SOC, and between the SOC and the FDA is done by means of a secure web-based file sharing system. The SOC complies with standards established by HIPAA and FISMA.
- 1Direct identifiers are those excluded in the creation of Limited Data Sets, as specified by law. Specifically, this list includes the following direct identifiers of the individual or of relatives, employers, or household members of the individual: (i) Names; (ii) Postal address information, other than town or city, State, and zip code; (iii) Telephone numbers; (iv) Fax numbers; (v) Electronic mail addresses; (vi) Social security numbers; (vii) Medical record numbers; (viii) Health plan beneficiary numbers; (ix) Account numbers; (x) Certificate/license numbers; (xi) Vehicle identifiers and serial numbers, including license plate numbers; (xii) Device identifiers and serial numbers; (xiii) Web Universal Resource Locators (URLs); (xiv) Internet Protocol (IP) address numbers; (xv) Biometric identifiers, including finger and voice prints; and (xvi) Full face photographic images and any comparable images (45 CFR Part 164.514(e)(2)).
Data Use Limitations
Original Source Data
Data Partners may use their own original source data transformed into SCDM format for other purposes, such as research, as long as they comply with applicable state and federal laws and regulations, including HIPAA and the Common Rule.
External Source Data
Data Use Agreements are not required for Sentinel activities. However, Collaborators and the Sentinel Coordinating Center, including all its components, may only use data obtained from sources other than their own institution in the conduct of Sentinel activities for Sentinel’s public health purposes, unless authorized by the external source in keeping with all applicable data privacy regulations. Such data may not be reused, re-disclosed, altered, or sold for any purposes other than those defined in the base contracts and subsequent task order contracts without specific authorization. In the future, if additional uses of Sentinel are explored, the FDA, the SOC, and the Collaborating Institutions may review and revise this provision. Unauthorized use will be reported to the SOC. The user will be allowed an opportunity to remedy the situation on terms that are satisfactory to the Sentinel Principal Investigator and those institutions whose data was used for the unauthorized purpose. Failure to reach agreement may result in exclusion of the user from future participation in Sentinel activities.
FDA Access to Data
The FDA obtains unlimited rights to access and to use all Sentinel data in the possession of the SOC and first generated in performance of the contract for Sentinel’s public health purposes. In keeping with the Confidentiality sections of the prime contract and these Principles and Policies, confidential proprietary data and information submitted by or pertaining to specific institutions or organizations will not be publicly disclosed without the written consent of the respective institutions, except to the extent required by law. Access to this data is governed by relevant laws and regulations.
Use of Data for Other Sentinel Activities
Data originally obtained for a specific Sentinel purpose and subsequently identified as useful for another Sentinel activity may only be reused with the express permission of each participating Data Partner.
Data Partners will retain original source data in the SCDM format used to assess exposures to medical products, exposure-outcome relationships, or the impact of FDA regulatory actions, in keeping with the Sentinel System Data Retention Standard Operating Procedure,2 ; unless instructed otherwise by the SOC at the direction of the FDA. The SOC will provide instructions to the Data Partners regarding retention requirements for all data activities, including exactly what data must be retained. Data Partners will retain data obtained from external sources to meet the needs of specific projects, and data derived from these external sources, in keeping with the Sentinel System Data Retention Standard Operating Procedure, unless instructed otherwise by the SOC at the direction of the FDA. External source data will be subsequently destroyed in accordance with standards set by the National Institute of Standards (NIST) in place at that time. The FDA, the SOC, and the Collaborating Institutions may review and revise this provision if it is determined that these data retention requirements do not adequately meet the scientific needs of Sentinel activities.
Sentinel Operations Center
The SOC will keep data resulting from assessments of exposure-outcome relationships, the impact of FDA regulatory actions, and FDA queries, at both the individual Data Partner and aggregate levels, for at least three years from the time the project is deemed complete by the FDA,2 unless instructed otherwise by the FDA. The SOC will retain data obtained from external sources to meet the needs of specific projects, and data derived from these external sources, for no longer than seven years after the project is deemed complete by the FDA, unless instructed otherwise by the FDA. External source data will subsequently be destroyed in accordance with standards set by NIST in place at that time. The FDA, the SOC, and the Collaborating Institutions may review and revise this provision if it is determined that these data retention requirements do not adequately meet the scientific needs of Sentinel activities. Access the Sentinel Data Retention Requirements Standard Operating Procedure below for additional insights into data retention principles and requirements by specific data types.