HHS Privacy Impact Assessment (PIA) Summary

Question

Response

1

System:

FDA CBER BAES

2

Is this a new PIA?

No

3

If this is an existing PIA, please provide a reason

for revision:

PIA Validation

4

Date of this Submission:

Aug 10, 2007

5

OPDIV Name:

FDA

6

Unique Project Identifier (UPI) Number:

009-10-01-02-02-0201-00-110-246

7

Privacy Act System of Records (SOR) Number:

N/A

8

OMB Information Collection Approval Number:

N/A

9

Other Identifying Number(s):

N/A

10

System Name:

FDA CBER Biologics Adverse Events System (BAES)

11

System Point of Contact (POC). The System POC

is the person to whom questions about the system

and the responses to this PIA may be addressed:

Phil Perucci

12

Provide an overview of the system:

BAES is comprised of several sub-systems: the Vaccine Adverse

Events Reporting System (VAERS) Datamart, the CBER Adverse

Events Reporting System (CBAERS), and the Lot Distribution

Database (LDD). CBAERS obtains data from the FDA/CDER

Adverse Event Reporting System (AERS).

BAES was formerly identified as part of the ABLE system. It meets

the Congressional requirement for FDA to perform Adverse Event

monitoring. It also satisfies requirements of the National Childhood

Vaccine Injury Act of 1986 (NCVIA), the Food and Drug

Administration Modernization Act of 1997 (FDAMA), and 21 CFR

Parts 1271, 310.305, 312.32, 314.80, 312.32 and 600.80.

13

Indicate if the system is new or an existing one

being modified:

Existing

14

Does/Will the system collect, maintain (store),

disseminate and/or pass through IIF within any

database(s), record(s), file(s) or website(s) hosted

by this system?

Yes

15

Is the system subject to the Privacy Act?

Yes

16

If the system shares or discloses IIF please specify

with whom and for what purpose(s):

N/A

17

Describe in detail the information the agency will

collect, maintain, or disseminate and why and for

what purpose the agency will use the information:

The system gets data from a) CDC’s VAERS system; b) FDA/CDER

AERS system; and c) CBER’s LDD system, and FDA staff use BAES

as part of their Adverse Event monitoring duties. Patient, provider,

reporter and product data is collected via AERS and VAERS systems

via Adverse Event reporting mechanisms established via the source

systems at CDC (VAERS) and CDER (AERS). The data is refreshed

at regular intervals (at least weekly) and thus data is regularly

overwritten with the latest available data from VAERS, AERS and

LDD.

Only the information required to perform adverse event monitoring is

stored.

18

Describe the consent process:

The BAES system obtains data from a) CDC’s VAERS system; b)

FDA/CDER AERS system; and c) CBER’s LDD system and FDA

staff use BAES as part of their Adverse Event monitoring duties.

The VAERS or AERS systems may have processes in place.

19

Does the system host a website?

No

20

Does the website have any information or pages

directed at children under the age of thirteen?

No

21

Are there policies or guidelines in place with regard

to the retention and destruction of IIF?

Yes

22

Are there technical controls present?

Yes

PIA-HHS-Form

Report Date: 8/13/2007

Page: 3

Note on IIF: Any question about IIF seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it

is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily

or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or

other legislation. Note: If no IIF is contained in the system, please answer the remaining required questions, then promote the PIA to the Sr. Privacy

Official who will authorize the PIA. Note: If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature

and promotion.