Font Size Print Download Reader HHS Home|HHS News|About HHS

Food & Drug Administration Privacy Impact Assessments

06.3 HHS PIA Summary for Posting (Form) / FDA Building Access System (BAS)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA? No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 10, 2009

2. OPDIV Name: FDA

3. Unique Project Identifier (UPI) Number: 009-10-01-10-01-0308-00-401-121

4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-10-0018

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name (Align with system Item name): FDA Building Access System (BAS)

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Karl Thrash

10. Provide an overview of the system: The FDA Building Access System (BAS), formerly known as FDA MDI Security System Network, is comprised of card access, intrusion alarms, and maps. It is utilized to provide FDA Identification/Access cards for FDA facilities. This information is provided pursuant to Public Law 93-597 (Privacy Act of 1974), December 31, 1974 for individuals applying for FDA Security Card Keys. Federal Property Management Regulations, 41 CFR 101.20.301, authorize the maintenance of systems by Government agencies for identifying individuals as employees in order to restrict access to Federal buildings after normal working hours and to areas not open to the general public.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes

21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared.

(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) There are no processes currently in place.

32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The information contained within MDI is protected by several layers of administrative, physical, and technical controls in accordance with policies and regulations from the FDA, NIST, and OMB. All applicable security controls are reviewed on a periodic basis to ensure that they are implemented correctly, operating as intended, and producing the desired result of protecting all information within MDI.

PIA Approval

PIA Reviewer Approval: Promote

PIA Reviewer Name: Lori Davis

Sr. Official for Privacy Approval: Promote

Sr. Official for Privacy Name: John R. Dyer

Sign-off Date: Aug 22, 2008

Approved for Web Publishing: Yes

Date Published: September 1, 2009

_____________________________________________________________________________

06.3 HHS PIA Summary for Posting (Form) / FDA CBER Administrative Tracking

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA? No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 10, 2009

2. OPDIV Name: FDA

3. Unique Project Identifier (UPI) Number: 009-10-01-03-02-1900-00

4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name (Align with system Item name): FDA CBER Admin Tracking

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Don Ngo

10. Provide an overview of the system: The Admin Tracking system is a collection of administrative and statistical data. It is comprised of the following components:

1) Counter Terrorism Level of Effort Reporting (CTLoE) – The CTLoE reports monthly counter-terrorism activities. It tracks the number of hours the staff is dedicating for functions related to this funding category.

2) Division of Planning, Evaluation and Budget (DPEB) – The application is accessible from the CBER menu. The DPEB system is a collection of similar forms and reports that are used to track special funding categories. To date forms have been set up to track Administrative and Financial numbers such as the S CBER transaction numbers for Requisitions numbers, K numbers (Bio-Terrorism), X numbers, and U numbers (Cooperative Research and Development Agreement -(CRADA)). Funding amounts are identified sequentially and assigned to cost centers and are associated with location codes, offices, divisions, and CAN numbers by fiscal year. The forms are able to dynamically adjust totals and track funding history by using amendments. Status reports are part of each module.

3) Resource Reporting System (RRS) – The RRS tracks time spent in various work areas for PDUFA reporting, e.g., Investigational Related Applications (IRAs), Biologics License Applications (BLAs), Research, Control Lab, Surveillance & Enforcement, misc., and other types of products: plasma, devices, vaccines, monoclonals, etc. Data is collected quarterly.

4) Account Access Information Review System (AAIR) - The system allows information owners to review their users' associated roles and basic system usage information. AAIR is not accessed through the CBER menu, but rather a web-based link provided to staff by the discretion of upper management on a quarterly basis

5) Automated Person System (APS) - The CBER Document Control Center (DCC) and Office of Information Management (OIM) use APS to record and maintain location and organization information on CBER and the Center for Drug Evaluation and Research (CDER) employees, including contractors. APS provides data to DATS to route and subsequently track CBER regulatory documents. APS provides source data for the CBER staff directory. OIM personnel use person table data for secured account management of their applications including CRMTS, RRS, BIRAMS, LRS, BLT, BLA and EDR; for issuing email from the applications and batch jobs, and removing the IT accounts for identified former CBER employees.

6) Account Database Management System (ADM) - A tool to assist in the assignment of Oracle Database roles to users. This module can be selected in two ways. Access can get granted via the CBER menu or by clicking an icon on the desktop. After which the user will need a username and password to access this module.

7) Director’s View - CBER Menu selection that originally allowed for validated user sign-on to a number of Cold Fusion applications which serve as facilitated queries across CBER regulatory systems. Also allows for validated entry to several other Cold Fusion applications.

8) Contact List - Maintains the list of COOP and Pandemic Flu business contact information.

9) Scientific Computing - CBER Research Central (http://research.cber.fda.gov) supports CBER's goal of maintaining a high-quality research program which contributes directly to the regulatory mission, and it is a component of CBER's Laboratory Quality Assurance program (http://intranet.fda.gov/cber/qa/qa.htm). Scientific Computing has information related to CBER's Research Programs, including annual reports, publications and presentations, scientific equipment, and scientific computing. CBER Research Central also supports the submission, review, approval, and maintenance of information needed for animal research to be conducted at the Center, as well as the ordering system for CBER's Core Facility.

10) CBER Menu – A Selection Portal

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

1) Counter Terrorism Level of Effort Reporting (CTLoE) – tracks the number of hours the staff is dedicating for functions related to this funding category.

2) Division of Planning, Evaluation and Budget (DPEB) – forms and reports that are used to track special funding categories.

3) Resource Reporting System (RRS) – The RRS tracks time spent in various work areas for PDUFA reporting, e.g, Investigational Related Applications (IRAs), Biologics License Applications (BLAs), Research, Control Lab, Surveillance & Enforcement, misc., and other types of products: plasma, devices, vaccines, monoclonals, etc. Data is collected quarterly.

4) Account Access Information Review System (AAIR) - allows information owners to review their users' associated roles and basic system usage information.

5) Automated Person System (APS) – used to record and maintain location and organization information on CBER and the Center for Drug Evaluation and Research (CDER) employees, including contractors.

6) Account Database Management System (ADM) - assists in the assignment of Oracle Database roles to users.

7) Director’s View - allows for validated user sign-on to a number of Cold Fusion applications which serve as facilitated queries across CBER regulatory systems.

8) Contact List - Maintains the list of COOP and Pandemic Flu business contact information.

9) Scientific Computing - has information related to CBER's Research Programs, including annual reports, publications and presentations, scientific equipment, and scientific computing. CBER Research Central also supports the submission, review, approval, and maintenance of information needed for animal research to be conducted at the Center, as well as the ordering system for CBER's Core Facility.

10) CBER Menu – A Selection Portal to most CBER applications.

11) MS Access - Multiple access tables are created for various users needs.

12) Pandemic Flu Level of Effort (PFluLOE) - Time reporting system for Pandemic Flu-related tasks and Level of Effort usage.

(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) N/A

32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A

PIA Approval

PIA Reviewer Approval: Promote

PIA Reviewer Name: Lori Davis

Sr. Official for Privacy Approval: Promote

Sr. Official for Privacy Name: John R. Dyer

Sign-off Date: Aug 22, 2008

Approved for Web Publishing: Yes

Date Published: September 1, 2009

_____________________________________________________________________________

06.3 HHS PIA Summary for Posting (Form) / FDA CBER Biologic Adverse Event System

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA? No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 10, 2009

2. OPDIV Name: FDA

3. Unique Project Identifier (UPI) Number: 009-10-01-03-02-1960-00

4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-20-0136 - CDC VAERS PIA

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name (Align with system Item name): FDA CBER Biologics Adverse Events System (BAES)

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Robert P. Wise, MD, MPH (subject matter, not IT)

10. Provide an overview of the system: BAES is comprised of several sub-systems: the Vaccine Adverse Events Reporting System (VAERS) Datamart, the CBER Adverse Events Reporting System (CBAERS), and the Vaccine Adverse Events Reporting System Explorer 2 (VE2). CBER VAERS receives data from CDC’s VAERS system and FDA CBAERS obtains data from the FDA/CDER Adverse Event Reporting System (AERS).

BAES was formerly identified as part of the ABLE system. It meets the Congressional requirement for FDA to perform Adverse Event monitoring. It also satisfies National Childhood Vaccine Injury Act of 1986 (NCVIA), Food and Drug Administration Modernization Act of 1997 (FDAMA), and 21 CFR Parts 1271, 310.305, 312.32, 314.80, 312.32 and 600.80.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

Only the information required to perform adverse event monitoring is stored. The information contained within BAES does contain IIF. The submission of personal information is mandatory

(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) The BAES system obtains data from CDC’s VAERS system and FDA/CDER AERS system. FDA staff use BAES as part of their Adverse Event monitoring duties. The BAES system hypothetically relies on VAERS and AERS to notify and obtain consent from the individuals.

32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The information contained within BAES is protected by several layers of administrative, physical, and technical controls in accordance with policies and regulations from the FDA, NIST, and OMB. All applicable security controls are reviewed on a periodic basis to ensure that they are implemented correctly, operating as intended, and producing the desired result of protecting all information within BAES.

PIA Approval

PIA Reviewer Approval: Promote

PIA Reviewer Name: Lori Davis

Sr. Official for Privacy Approval: Promote

Sr. Official for Privacy Name: John R. Dyer

Sign-off Date: Aug 22, 2008

Approved for Web Publishing: Yes

Date Published: September 1, 2009

_____________________________________________________________________________

06.3 HHS PIA Summary for Posting (Form) / FDA CBER Biologics Investigational and Related Applications Management System

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA? No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 10, 2009

2. OPDIV Name: FDA

3. Unique Project Identifier (UPI) Number: 009-10-01-03-02-1940-00

4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A.

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name (Align with system Item name): FDA CBER Biologics Investigational and Related Applications Management System (BIRAMS)

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Joy Feng

10. Provide an overview of the system: The Center for Biologics Evaluation and Research (CBER) is charged with protecting and enhancing public health through the regulation of biological products including blood, vaccines, therapeutics and related drugs and devices. This requires CBER to receive, review and act on IRAs (Investigational Related Applications), IDE’s (Investigational Device Exemptions) and Master Files. The Authority/Mandate for this is 21 CFR 312, 21 CFR 812, 21 CFR 314.420

The Biologics Investigational and Related Applications Management System (BIRAMS) supports high-level tracking and summarization of CBER regulatory efforts associated with IRAs, Master Files (MF), and Investigational Device Exemptions (IDEs). Emergency Use Authorizations (EUAs), which are required to allow drug, device, or biological products to be used in case of a chemical, biological, radiological, or nuclear emergency, are also supported. It is intended to replace the existing Biologics Investigational New Drug Management System (BIMS) as well as related modules added in recent years.

BIRAMS is comprised of the following modules:

1) BIRAMS Module;

2) Gene Therapy (GT) Module;

3) Clinical Trials (CT) Module;

4) Pre-Application Tracking System (PTS).

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

All information in BIRAMS was provided by the sponsors of IRA/IDE submissions. It is extracted from FDA Form 1571, 1572 and from within the submissions itself. Other information is added to this from CBER generated actions such as the act of FDA issuing an IRA hold letter or telecon. BIRAMS hold name, business phone number, and business address of company representatives for the purpose of business communication. This information is provided by these business representatives for this very purpose. Other than the business contact name and credentials (M.D., PhD, etc.) no personal phone numbers, addresses, or other personal information is maintained. Business contact information and information shared within the Department is not considered IIF as directed by the FDA ISSO.

Certain information related to the performance of CBER’s review of IRA/IDE submissions is reported to Congress. There are no links to BIRAMS data from outside the Agency. Presently, any information provided outside the agency is through formal reporting.

(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) N/A

32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A

PIA Approval

PIA Reviewer Approval: Promote

PIA Reviewer Name: Tim Stitely

Sr. Official for Privacy Approval: Promote

Sr. Official for Privacy Name: John R. Dyer

Sign-off Date: Aug 22, 2008

Approved for Web Publishing: Yes

Date Published: September 1, 2009

_____________________________________________________________________________

06.3 HHS PIA Summary for Posting (Form) / FDA CBER Electronic Document Room

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA? No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 10, 2009

2. OPDIV Name: FDA

3. Unique Project Identifier (UPI) Number: 009-10-01-03-02-1020-00-204-079

4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name (Align with system Item name): FDA CBER Electonic Document Room (EDR)

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Michael Fauntleroy

10. Provide an overview of the system: The Electronic Document Room (EDR), also known as Electronic Submission Program, is a collection of systems that e-business-enables the regulatory process for industry and CBER. The EDR stores, retrieves, and distributes electronic submissions to reviewers. The EDR is integrated with the CBER regulatory databases to allow for advanced searches based on data in the CBER databases. The EDR automates processing of submissions and automatically sends notifications to reviewers. The EDR also serves as a repository for CBER generated final documents.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

No IIF is collected.

(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) N/A

32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A

PIA Approval

PIA Reviewer Approval: Promote

PIA Reviewer Name: Lori Davis

Sr. Official for Privacy Approval: Promote

Sr. Official for Privacy Name: John R. Dyer

Sign-off Date: Aug 22, 2008

Approved for Web Publishing: Yes

Date Published: September 1, 2009

_____________________________________________________________________________

06.3 HHS PIA Summary for Posting (Form) / FDA CBER Integrated Quality System

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA? No

If this is an existing PIA, please provide a reason for revision: Initial PIA Migration to ProSight

1. Date of this Submission: Aug 10, 2009

2. OPDIV Name: FDA

3. Unique Project Identifier (UPI) Number: None

4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name (Align with system Item name): FDA CBER Integrated Quality System (IQS)

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Deborah Jansen

10. Provide an overview of the system: The Integrated Quality System (IQS) is neither a Capital Planning and Investment Control (CPIC) system nor a major application. Its primary function is to maintain and disseminate laboratory protocols, reports, manufacturer’s product information, product requirements, product characterization data, general maintenance and staff training records. IQS also stores product test plans, documents such as instructions, procedures, and policies. IQS is intended to manage all aspects of quality and business management including revision control for documents, customer processes, equipment, devices, etc. The patient’s information might be present in emails which is stored in the database.

IQS is used as an automated information system to aid FDA, and mainly the Center for Biologics Evaluation and Research (CBER) and the Center for Drug Evaluation and Research (CDER) in complying with ISO quality standard 17025, to facilitate enforcement of uniform quality standards in the product testing laboratory.

In terms of data exchange with other systems outside of the IQS accreditation boundary, IQS pulls data from Regulatory Management System – Biologics License Application (RMS-BLA) and Lot Release System (LRS) in the CBER and Center for Drug Evaluation and Research (CDER) environment to bring in supplier, manufacturer, and Submission Tracking Number (STN) information.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

IQS collects contact information volunteered by individuals (outside HHS) seeking FDA publicly available information.

(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) N/A

32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A

PIA Approval

PIA Reviewer Approval: Promote

PIA Reviewer Name: Lori Davis

Sr. Official for Privacy Approval: Promote

Sr. Official for Privacy Name: John R. Dyer

Sign-off Date: Aug 22, 2008

Approved for Web Publishing: Yes

Date Published: September 1, 2009

_____________________________________________________________________________

06.3 HHS PIA Summary for Posting (Form) / FDA CBER Prescription Drug User Fee Act Tracking

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA? No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 10, 2009

2. OPDIV Name: FDA

3. Unique Project Identifier (UPI) Number: 009-10-01-03-02-1950-00

4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name (Align with system Item name): FDA CBER Prescription Drug User Fee Act Tracking (PDUFA Tracking)

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Richard Zhang

10. Provide an overview of the system: Under FDAMA/PDUFA, the FDA is required to meet specific performance goals related to regulatory meetings with industry. The PDUFA Tracking system enables users to capture the information necessary to measure performance by fulfilling three meeting management goals outlined in the PDUFA regulations: response to meeting requests, scheduling meetings, and issuing meeting minutes. The Center for Biologics Evaluation and Research (CBER) also uses the system to track non-User Fee product-related regulatory meetings.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

1) Animal Components Database (ACD) points to Investigational Related Applications (IRAs) and BLAs, then tries to determine animal components in the product; from BSE regulations.

2) CBER Regulatory Meetings Tracking System (CRMTS) fulfills the requirements of FDAMA/PDUFA to track industry's requests for formal meetings with the Center and to capture the information necessary to measure performance.

3) Document Tracking System (DTS) fulfills PDUFA requirements for location tracking of regulatory submissions (interfaced with the RMS-DATS investment).

4) Regulatory Management Systems (RMS) Lot Release System (LRS) supports the FDA Lot Release Program for biologic products. CBER is required to oversee sample lots in support of licensure and for purposes of product approval and the redistribution of lots for regulated products that require lot release and surveillance (21CFR601.2.c). The system conforms to the RMS model and interfaces with the RMS/BLA system as well as the Electronic Document Room (EDR). The nature of Lot Release requires that LRS be flexible enough to allow the assignment of a Lot to a Product/ Establishment relationship that may not be licensed or pending. The system consists of Data Entry/Update, Report, and Maintenance forms.

5) Regulatory Management Systems (RMS) Document Accountability and Tracking System (DATS) supports the CBER Network Control Center (NCC) staff with receipt and routing of drug Tracking System (RMS-DATS) manufacturer submissions to reviewers and incoming and outgoing communications. These include submissions related to IRAs, IDEs, BLAs, NDAs, 510(k)s, PMAs, and labeling submissions. Functionality includes the logging of shipment information, data entry of regulatory application information, support for document routing, circulation, inventory controls and management, and the generation of reports and queries. RMS-DATS interfaces with other CBER systems for the tracking of Licensing Applications, pre-market submissions, electronic submissions and related documents, and a system for the maintenance of valid person names and associated information. DATS, P2P and CIAD are all logically connected to the DATS data. CIAD is a subsystem of DATS, which tracks non-regulatory documents being routed P2P tracks login IDs and where and when documents are being routed.

6) GUI Biologics Regulatory Management System (GBRMS) is the legacy system that was replaced by RMS-BLA. Although most of the data have been migrated to RMS-BLA, it is still essential for review staff and management to have this legacy system available in read-only mode for the foreseeable future. The software running the user interface of the legacy system and the operating system that runs the software have been upgraded to current versions. No further development is anticipated at this time.

7) CBER On-Line Analytical Processing (OLAP) is a small pilot using Business Objects against the product business area of RMS/BLA for ad hoc reporting, including GUI and web-based reporting and querying against RMS/BLA and RMS/LRS data. OLAP does not connect to the FDA CBER network and it is dependent on the CBER Database.

No IIF will be collected by by the system.

(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) N/A

32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A

PIA Approval

PIA Reviewer Approval: Promote

PIA Reviewer Name: Lori Davis

Sr. Official for Privacy Approval: Promote

Sr. Official for Privacy Name: John R. Dyer

Sign-off Date: Aug 22, 2008

Approved for Web Publishing: Yes

Date Published: September 1, 2009

_____________________________________________________________________________

06.3 HHS PIA Summary for Posting (Form) / FDA CBER Product Quality and Registration

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA? No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 10, 2009

2. OPDIV Name: FDA

3. Unique Project Identifier (UPI) Number: 009-10-01-03-02-1920-00

4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name (Align with system Item name): FDA CBER Product Quality and Registration (PQR)

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Don Ngo

10. Provide an overview of the system: Product Quality Registration (PQR) is comprised of the following subsystems:

Biologics Compliance Information System - BCIS is comprised of modules that are used to support various CBER Office of Compliance and Biologics Quality (OCBQ) activities. One module tracks and records data about BPD reports, to include electronic Biological Product Deviation Reporting (eBPDR) and non-blood reports. Other modules track and record data about recalls alerts (Recalls), recall tracking (RTS), and enforcement actions (ENFACT). In addition, there is a module to show the Compliance History of a facility. As of May 2007, BCIS will automatically exchange recall data with the ORA MARCS RES system.

Electronic Biological Product Deviation Reporting – eBPDR is an Internet form that feeds into Biologics Compliance Information System (BCIS). It is used by manufacturers to enter error reports. Data entered into eBPDR is then loaded into BCIS.

Human Cell and Tissue Establishment Registration System – HCTERS captures and reports on facilities that have registered with FDA/CBER in compliance with various CFR and Federal Register Notifications for Human Cells, Tissues, and Cellular and Tissue-Based Products Establishment Registration

Electronic Human Cell and Tissue Establishment Registration System Internet Query - Internet interface for HCTERS. It is used by manufacturers to electronically register biological human parts. Data from eHCTERS is stored into HCTERS. There is a publicly available Internet query for HCTERS.

Blood Establishment Registration – BER provides access to quality information and improved efficiency in performing regulatory-mandated registration of blood establishments.

Electronic Blood Establishment Registration – eBER is a internet interface form for the Blood Establishment Registration (BER) System. It allows establishment that deal with blood products to electronically register the type of blood products they deal with and what functions they perform on the blood products. This data is then transferred into BER database.

CBER Online – Is the gateway, which needs a username and password, to get into online applications eBER, eHCTERS and eBPDR.

Lot Distribution Database (LDD) – LDD collects data submitted by manufactures under 21 CFR 600.81 and used by OBE office for analysis and research. LDD automates the manual, paper-based system for this data and enables integration of the lot-distribution data to other adverse event databases (AERS, VAERS and RMS / BLA) for safety surveillance reasons.

Industry submissions can be performed on line, but can only be accessed by FDA personnel

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

Biologics Compliance Information System - tracks and records data about BPD reports, to include electronic Biological Product Deviation Reporting (eBPDR) and non-blood reports. Other modules track and record data about recalls alerts (Recalls), recall tracking (RTS), and enforcement actions (ENFACT). In addition, there is a module to show the Compliance History of a facility.

Electronic Biological Product Deviation Reporting –used by manufacturers to enter error reports.

Human Cell and Tissue Establishment Registration System – captures and reports on facilities that have registered with FDA/CBER in compliance with various CFR and Federal Register Notifications for Human Cells, Tissues, and Cellular and Tissue-Based Products Establishment Registration

Electronic Human Cell and Tissue Establishment Registration System Internet Query - used by manufacturers to electronically register biological human parts. Data from eHCTERS is stored into HCTERS.

Blood Establishment Registration –provides access to quality information and improved efficiency in performing regulatory-mandated registration of blood establishments.

Electronic Blood Establishment Registration –allows establishment that deal with blood products to electronically register the type of blood products they deal with and what functions they perform on the blood products.

CBER Online – gateway into online applications eBER, eHCTERS and eBPDR.

Lot Distribution Database (LDD) –collects data submitted by manufactures under 21 CFR 600.81 and used by OBE office for analysis and research.

(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) N/A

32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A

PIA Approval

PIA Reviewer Approval: Promote

PIA Reviewer Name: Lori Davis

Sr. Official for Privacy Approval: Promote

Sr. Official for Privacy Name: John R. Dyer

Sign-off Date: Aug 22, 2008

Approved for Web Publishing: Yes

Date Published: September 1, 2009

_____________________________________________________________________________

06.3 HHS PIA Summary for Posting (Form) / FDA CBER Regulatory Management System-Biologics Licensing Application

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA? No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 10, 2009

2. OPDIV Name: FDA

3. Unique Project Identifier (UPI) Number: 009-10-01-03-02-1041-00

4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name (Align with system Item name): FDA CBER Regulatory Management System - Biologics Licensing Application (RMS/BLA)

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Richard Zhang

10. Provide an overview of the system: The Regulatory Management System/Biologics License Application (RMS/BLA) supports Center for Biologics Evaluation and Research (CBER’s) and Center for Drug Evaluation and Research (CDER’s) Managed Review Process for the review and approval of applications for biological derived drugs and blood products (the BLAs) that are regulated by FDA. Submission Tracking Numbers (STNs) are assigned; information about BLAs, products, and facilities are maintained and searchable; review milestone deadlines are generated and reported; and post-Approval commitments are monitored and reported.

IT solutions are essential in enabling FDA to meet its obligations under the statutes of Prescription Drug User Fee Act (PDUFA) for the licensing of biologic products and facilities, the timely review of BLAs, and the tracking of post marketing commitments. RMS/BLA is integrated with Document Accountability and Tracking System (DATS) and Electronic Document Room (EDR). Reviewers can open up electronic submissions from the EDR from within RMS/BLA.

This system is under authority of 21CFR601, 21CFR820 (for IVD test kits), and the Prescription Drug User Fee Act and later amendments to the Act.

BRMS is a legacy licensing system that was replaced by RMS-BLA in July 2000. GBRMS is an updated graphical interface to BRMS.