Cover Image

PAPERBACK
$71.00



View/Hide Left Panel

5
Creating an Integrated Information Infrastructure for a Risk-Based Food Safety System

Information science—a term that refers to the collection, organization, storage, retrieval, exchange, interpretation, and use of information—and information technology (IT) are critical to the success of a risk-based decision-making system.1 If the U.S. Food and Drug Administration (FDA) is to implement a risk-based approach in fulfilling its regulatory mission, it must know what is happening in the arena it regulates; that is, data from the food enterprise must be appropriately collected, integrated, and analyzed. To allocate resources, understand and prevent food safety problems, and drive continual improvements in public health, a risk-based system requires accurate, reliable, secure, and timely information that is accessible, within appropriate limits, to all stakeholders in the food safety system. The importance of information to the food safety enterprise has been recognized by the White House Food Safety Working Group as one of the three principles guiding the development of a modern, coordinated food safety system: “High-quality information will help leading agencies know which foods are at risk; which solutions should be put into place; and who should be responsible” (FSWG, 2009, p. 3).

As described in this chapter, large quantities of data related to food safety are already being collected. Yet, as has been highlighted by others, the FDA is facing an information crisis and currently lacks the necessary infrastructure to efficiently process, manage, protect, integrate, analyze, and leverage the large volume of data to which it has access. This deficiency hampers the agency’s ability to achieve its mission and increases both costs

1

In this chapter, the terms “data” and “information” are used interchangeably.



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 147
5 Creating an Integrated Information Infrastructure for a Risk-Based Food Safety System I nformation science—a term that refers to the collection, organization, storage, retrieval, exchange, interpretation, and use of information— and information technology (IT) are critical to the success of a risk- based decision-making system.1 If the U.S. Food and Drug Administration (FDA) is to implement a risk-based approach in fulfilling its regulatory mission, it must know what is happening in the arena it regulates; that is, data from the food enterprise must be appropriately collected, integrated, and analyzed. To allocate resources, understand and prevent food safety problems, and drive continual improvements in public health, a risk-based system requires accurate, reliable, secure, and timely information that is accessible, within appropriate limits, to all stakeholders in the food safety system. The importance of information to the food safety enterprise has been recognized by the White House Food Safety Working Group as one of the three principles guiding the development of a modern, coordinated food safety system: “High-quality information will help leading agencies know which foods are at risk; which solutions should be put into place; and who should be responsible” (FSWG, 2009, p. 3). As described in this chapter, large quantities of data related to food safety are already being collected. Yet, as has been highlighted by others, the FDA is facing an information crisis and currently lacks the necessary infrastructure to efficiently process, manage, protect, integrate, analyze, and leverage the large volume of data to which it has access. This deficiency hampers the agency’s ability to achieve its mission and increases both costs 1 In this chapter, the terms “data” and “information” are used interchangeably. 

OCR for page 147
 ENHANCING FOOD SAFETY and the likelihood of regulatory errors (FDA Science Board, 2007). Much of the data is “stovepiped” into stand-alone databases that are not acces- sible within and across government agencies, including the FDA (Taylor and Batz, 2008; FDA Science Board, 2009). A lack of resources, legal con- straints, nonstandardized data collection, varied data formats, incompatible IT systems, a sense of ownership by the group that collects the data, and a culture that often uses publication rather than rapid information release as the basis for evaluating performance have been identified as contributing to the persistent problems with data sharing (Taylor and Batz, 2008; FDA Science Board, 2009). For example, the FDA apparently has the regula- tory authority to require that all data be submitted electronically and to specify the format of these data submissions, but it may not have sufficient resources to implement such electronic standards (FDA Science Board, 2007). It has been noted that inspection reports are often handwritten and take a long time to enter into the electronic system, databases sometimes contain incorrect or contradictory information, and data analysis is slow (FDA Science Board, 2007; GAO, 2009). The Science Board has also stated that requirements need to be developed in conjunction with stakeholders who will be making the submissions. Finally, the FDA lacks the neces- sary tools to store, search, model, and analyze data (FDA Science Board, 2007). Generating and providing timely access to the appropriate data is chal- lenging for any food regulatory agency because of the complexity of data needs, coupled with the diverse types of information from multiple sources and scientific disciplines. Also, the committee recognizes the challenge for government officials to be expeditious about communicating with stake- holders while also ensuring accuracy. In some instances, moreover, depend- ing on the nature of the data and the needs of the user, release to others may justifiably be delayed because of the time needed to either interpret data or mask confidential information. As explained later in the chapter, however, the committee found that some delays that occur in the current system are not justifiable. Recognizing these challenges, moving forward with a risk-based food safety system will require the development of an integrated information infrastructure that provides a relatively uninhibited flow of high-quality, relevant information (see Chapter 3). In the context of this report, an inte- grated information infrastructure refers to one that is strategically designed to facilitate the systematic collection, integration, management, storage, analysis, interpretation, and communication of the information needed to support a risk-based food safety management system, and also one that has the flexibility and accessibility to meet the varied and changing information needs of a diverse set of users. This chapter outlines the key types of data needed to support risk-based decision making. In addition, it briefly illustrates the breadth of food safety

OCR for page 147
 CREATING AN INTEGRATED INFORMATION INFRASTRUCTURE data that are being collected by government and other parties as well as gaps and challenges in the collection of these data. A particular barrier to achieving an efficient, risk-based food safety system that is discussed extensively in the chapter is the lack of data sharing. Finally, the chapter describes the elements that are critical to designing and implementing an integrated information infrastructure that can support a risk-based food safety management system. These elements include strategic planning to assess data needs and plan study designs as well as data analysis and com- munication, mechanisms to allow for timely sharing of quality data, a mod- ern IT infrastructure, and the human capacity to collect, analyze, manage, and communicate the data. THE ROLE OF DATA IN A RISK-BASED FOOD SAFETY MANAGEMENT SYSTEM At its core, the FDA is a public health agency, and the ultimate goal of protecting the public health should be its highest priority. To support the achievement of this goal, the FDA’s information infrastructure should provide a foundation for risk-based decision making in all aspects of food safety management. Data will be needed to implement the steps in the risk-based approach delineated in Chapter 3. In strategic planning (Step 1 of the risk-based approach), the FDA will need access to high-quality and timely data to identify the key public health objectives on which its food safety program will be centered. At the highest level, these public health objectives will be consistent with national public health objectives, such as those articulated in Healthy People 2020, which include “reduc[ing] the number of outbreak- associated infections caused by food commodity group” (including dairy, fruits/nuts, and leafy vegetables)2 (HHS, 2009). However, the FDA will also pursue specific intermediate outcomes, such as the reduction of methyl mercury in foods, that will serve as the basis for its targeted risk manage- ment programs. The establishment of these objectives should be based on data acquired in the field, such as data on contamination or foodborne illness. The process of public health risk ranking (Step 2) will also require data. For example, as discussed in Chapter 3, foodborne illness attribu- tion models are crucial to public health risk ranking because they provide the bridge between public health impact and risk in the food continuum. However, developing such models requires a comprehensive data collec- 2 S ee http://www.healthypeople.gov/hp2020/Objectives/ViewObjective.aspx?Id=487& TopicArea=Food+Safety&Objective=FS+HP2020%e2%80%937&TopicAreaId=22 (accessed October 8, 2010).

OCR for page 147
0 ENHANCING FOOD SAFETY tion system that integrates data from various sources and harmonizes the categorization of foods, as well as the methods used to produce, process, and distribute those foods (NRC, 2009). Data collection and subsequent analyses are the outcomes of Step 3 of a risk-based system (targeted information gathering). In carrying out this step, risk managers must identify and consider additional criteria upon which risk-based decision making will be based and, for each high-priority and/or uncertain risk, determine the need for collecting additional informa- tion. Such additional data may encompass virtually any (and all) of the data types noted below. These data then form the basis upon which intervention analysis (Step 4) can proceed, which may also involve the collection of even more information in an effort to evaluate the efficacy and feasibility of candidate control options. Finally, data must be collected to measure the efficacy of specific inter- ventions, the overall food safety system, and the risk-based approach in achieving national and agency-specific public health objectives (Step 6). Crucial to this process is the collection of information that can directly relate interventions to specific public health outcomes, including epidemio- logical data and associated attribution models. Ultimately, the FDA’s purpose in collecting food safety data is to better understand the distribution and determinants of foodborne illness, priori- tize the determinants based on their public health impact, and develop inter- ventions for the determinants and thereby control foodborne illness. In fact, understanding the epidemiology of foodborne illness is necessary to support the ability to make informed, risk-based policy decisions and allocate food safety resources appropriately. In turn, a risk-based decision-making pro- cess will improve knowledge of the epidemiology of foodborne illness and drive continual improvements in public health. As defined by Last (1995, p. 62), epidemiology is “the study of the distribution and determinants of health-related states or events in specified populations, and the application of this study to control of health problems.” As noted by Havelaar and colleagues (2006, p. 9), “epidemiology is now largely a quantitative science that extensively uses statistical (associative) models to explore the relation between risk factors and disease.” DATA NEEDS FOR A RISK-BASED SYSTEM To meet the needs of a risk-based system, data would ideally be collected at each point along the food production continuum—on the farm, in process- ing, during distribution, at retail, and in the home. A variety of data sources can contribute to an understanding of the epidemiology of foodborne illness, including data collected through surveillance, behavioral studies, analytical research, and traditional epidemiological studies. The types of data collected

OCR for page 147
 CREATING AN INTEGRATED INFORMATION INFRASTRUCTURE might include foodborne pathogen levels and transmission routes in animals, plants, food products, humans, and the environment; current industry and consumer practices, including behaviors and attitudes; and the efficacy of candidate intervention approaches at all phases of the continuum. There is also a need for epidemiological data to support estimates of the overall burden of foodborne illness and the proportion of such illness associated with specific vehicles (foods) and transmission routes (i.e., foodborne illness attribution). A regulatory agency might decide to include other factors in its risk-based approach as well, such as the costs and benefits of implementing specific interventions, even though those factors are not directly related to public health. These data types can be broadly categorized as behavioral, economic, food production, and surveillance data. The importance of each type of data for a risk-based system is discussed further in the following subsections. To maximize the utility of these diverse surveillance systems, there must be an integrated information infrastructure that, through strate- gic planning, facilitates informed data collection and promotes standards for data exchange. Effective collection of these types of data will require active research—including basic, population, and clinical research—as outlined in Chapter 6. Behavioral Data Behavioral data are critical to understanding routes of transmission, implementing intervention strategies to change behavior, developing risk communications, improving public health response, and evaluating inter- ventions. As discussed in Chapter 9, behavioral data are ultimately essen- tial for developing strategies that will enable the FDA to communicate effectively with diverse audiences under a wide range of circumstances and through multiple communication channels. For example, the attitudes, per- ceptions, and behaviors of the general public and food industry personnel can impact their compliance with recommended food safety interventions, such as safe food-handling practices (Medeiros et al., 2001; Pilling et al., 2008). Likewise, understanding the attitudes, perceptions, and behaviors of public health personnel—including physicians, laboratory personnel, and government officials—can help identify ways to improve public health response. Economic Data In a risk-based system, data on benefits and costs are combined for use in cost-effectiveness and cost–benefit analyses of alternative policy inter- ventions. Economic data can be used to measure and understand several important dimensions of a risk-based food safety system. These data may

OCR for page 147
 ENHANCING FOOD SAFETY be thought of as measuring factors that affect the demand for safer food by individuals and by society as a whole on the one hand and factors that affect the supply of safer foods on the other. The demand for food safety arises in part from the costs of foodborne illness in terms of medical treatment, lost productivity due to mortality and morbidity, and other costs, such as loss of leisure time or burden on family members due to illness (Majowicz et al., 2004; Frenzen et al., 2005; Kemmeren et al., 2006; USDA/ERS, 2009). In addition to avoiding these costs, individuals or society may be willing to pay for (i.e., demand) improved safety based on the well-being or peace of mind associated with safer foods (Shogren et al., 1999). On the supply side, economic data can be used to measure the potential and actual costs of actions intended to supply safer foods, as well as to gain insight into incentives for countries and companies to invest in food safety. These data on incentives include domestic and international market impacts from the incidence of foodborne pathogens, from outbreak incidents in total, and as distributed across the supply chain. Examples of such impacts include the loss of market share by food producers in domestic markets due to the loss of reputation for safety and loss of export markets. Data that can help in understanding these effects include farm cash receipts, total value at retail, value of exports, value of imports, proportion of domestic consumption of food products produced domestically, and information on key export and import markets (Ruzante et al., 2009). Food Production Data To support risk-based decision making, the FDA needs to have infor- mation that relates to the production, processing, and storage of foods, including the size of the regulated industry and the distribution channels. For example, the FDA needs to understand current industry practices, including best practices, intervention strategies, and emerging technologies. The agency also needs to know the prevalence of foodborne pathogens throughout the food production, processing, and distribution chain. In fact, in support of the functions of the Office of Regulatory Affairs (ORA), including routine inspection activities, the FDA collects a large amount of data for both regulatory and nonregulatory purposes that may address these types of questions. Data are also collected by the industry in support of safety control systems such as Hazard Analysis and Critical Control Points and routine microbiological monitoring. In addition, industry data collected by the academic and government research sectors are a rich source of information that can be used to estimate the prevalence and levels of pathogens and toxins in the food supply, evaluate the efficacy of intervention strategies, model risk and its mitigation, and identify consumer behaviors and market trends. All these data collected throughout the food production continuum

OCR for page 147
 CREATING AN INTEGRATED INFORMATION INFRASTRUCTURE can be used to inform attribution and risk models, aid in the allocation of agency resources, and provide evidence of data gaps to inform future data collection efforts, among many other purposes. Surveillance Data For purposes of this report, “surveillance” refers to the ongoing, sys- tematic3 collection and analysis of contaminant, public health, and molecu- lar data throughout the farm-to-fork continuum for use in preventing and controlling foodborne illness. Surveillance is a critical component of a risk-based food safety system in that it improves overall understanding of the epidemiology of foodborne illness. Specifically, surveillance can be used to establish a baseline level of foodborne illness, identify goals for its reduction, and provide a means by which to measure the impact of inter- ventions on its control. Given resource limitations, the risk-based approach recommended in this report is essential as a tool to prioritize surveillance efforts. Animal, food, environmental, human, public health, molecular, and behavioral (see p. 151) surveillance are all needed to respond to food safety crises, monitor food safety outcomes, and assess the effectiveness of the food safety system. Surveillance of animal populations, the food supply, and the environment is almost always undertaken with an eye to identifying sources of contamination and their subsequent transmission from a food animal to product(s) that will ultimately be consumed by people. Surveil- lance of human populations is used to better characterize the burden of foodborne illness and identify the relative importance of particular expo- sures (e.g., foods, transmission routes). Public health surveillance provides important insights into current medical, laboratory, and general public health practices, such as reporting and outbreak investigations. Molecular surveillance systems, such as PulseNet and VetNet, combine the methods of molecular biology with those of epidemiology to establish associations between contaminated food and illness when they are separated in space or time. GAPS AND CHALLENGES IN THE CURRENT DATA COLLECTION SYSTEMS Implementing an effective risk-based system, and developing the food- borne illness attribution models needed to support such a system, will require a comprehensive information infrastructure that integrates data 3 In this context, the term “systematic” means that the surveillance is conducted in an or- derly fashion, not haphazardly. For example, under certain circumstances, passive surveillance can be considered systematic, if it is conducted under some minimum established standards.

OCR for page 147
 ENHANCING FOOD SAFETY from various sources, harmonizes the data collected through the use of data standards, and finally analyzes, interprets, and disseminates those data in such a manner that they can be used to monitor and evaluate the overall food safety system. As evidenced by the following discussion, such a comprehensive system does not currently exist in the United States, compromising the FDA’s capacity to fulfill its mission of protecting public health from hazards transmitted through the food supply. Current efforts to develop a risk-based food safety system are significantly limited, despite the fact that vast amounts of food safety data are already being collected. In recent years, several studies have evaluated the state of the FDA’s sci- ence and information infrastructure and identified a number of problems (see Appendix B). While these problems have been well documented, it has been suggested that they persist because of a lack of commitment and inadequate investment that stem from legislative and policy inaction (FDA Science Board, 2007; Taylor and Batz, 2008). A detailed description of the complexity and challenges of the data col- lection systems currently used to ensure food safety in the United States is given in the report Harnessing Knowledge to Ensure Safe Food: Opportuni­ ties to Improe the Nation’s Food Safety Information Infrastructure (Taylor and Batz, 20084). These challenges are discussed briefly below. Fragmented Data Collection The data needs of the nation’s food safety system are currently being met through a patchwork of diverse data collection systems and networks that generate vast amounts of food safety data (for an extensive review see Taylor and Batz, 2008). Often, the collection of data is not comprehensive or designed to support a risk-based approach. Table 5-1 illustrates the breadth of the salient data by listing examples of U.S. public health–related data collection programs and networks in which the FDA is the lead or par- ticipates. Table 5-2 shows examples of the systems currently used to collect the different types of data outlined in the previous section, including some of the systems listed in Table 5-1, as well as shortcomings of these systems identified by the committee. As part of its food regulatory function, the FDA collects some data, including microbiological samples, for the food products it regulates. With coverage in every state and territory, the FDA’s field personnel and delegates are well positioned to generate and provide data that could be used in the agency’s risk-based decision making. However, because field personnel do not have a daily presence in the regulated facilities, the FDA has limited opportunities to collect data outside of its routine regulatory efforts. With 4 See www.thefsrc.org.

OCR for page 147
 CREATING AN INTEGRATED INFORMATION INFRASTRUCTURE TABLE 5-1 Examples of U.S. Public Health–Related Data Collection Programs and Networks Aflatoxin Testing Under memorandums of understanding (MOUs), the U.S. Program Department of Agriculture’s (USDA’s) Food Safety and Inspection Service (FSIS) provides appropriate U.S. Food and Drug Administration (FDA) district offices with the results of aflatoxin analysis for domestic and imported peanuts, imported in-shell pistachios, and imported in-shell brazil nuts in lots that may be subject to action under the Federal Food, Drug, and Cosmetic Act (FDCA) and with an analysis certificate on any lot upon request. The FDA will also notify the Agricultural Marketing Service (AMS) of the criteria it will use concerning total aflatoxin levels in lots to determine whether they may be subject to action under the FDCA. CAERS (CFSAN Adverse The Center for Food Safety and Applied Nutrition (CFSAN) Events Reporting System) Adverse Events Reporting System (CAERS) team monitors all individual postmarketing surveillance adverse event reports related to CFSAN-regulated products. Reviewers in CFSAN’s program offices assess these reports and work closely with program experts and researchers throughout CFSAN and the FDA. CAERS tracks what products and ingredients may be harmful and conveys this information to industry, consumers, and other interested parties. The CAERS adverse event data permit CFSAN to do trend analysis on multiple adverse events and to track rarer product-related adverse events that may occur over several years. CIFOR (Council to CIFOR is a working group that seeks to improve performance Improve Foodborne and coordination among federal, state, and local agencies with Outbreak Response) respect to routine surveillance of foodborne illness, foodborne outbreak detection and response, laboratory methods for detecting and measuring foodborne pathogens, and foodborne illness prevention, communication, and education at the state and local levels. The council includes representatives of the U.S. Centers for Disease Control and Prevention (CDC), the FDA, USDA, the Association of Food and Drug Officials, the Association of Public Health Laboratories, the Association of State and Territorial Health Officials, the Council of State and Territorial Epidemiologists, the National Association of County and City Health Officials, the National Environmental Health Association (NEHA), and the National Association of State Departments of Agriculture. CIFOR also includes an industry workgroup composed of 16 leaders from food production, restaurant, and retail companies. continued

OCR for page 147
 ENHANCING FOOD SAFETY TABLE 5-1 Continued EHS-Net (Environmental EHS-Net is a CDC-coordinated collaborative forum Health Specialists of environmental health specialists who work with Network) epidemiologists and laboratories to identify and mitigate environmental factors that contribute to foodborne illness and other disease outbreaks. Its goals include translating investigatory findings into improved food safety prevention efforts using a systems-based approach and strengthening relations among epidemiology, laboratory, and environmental health programs. eLExNET (Electronic This web-based information network, coordinated by the FDA, Laboratory Exchange allows federal, state, and local food safety officials to compare, Network) share, and coordinate laboratory analysis findings. It is also the data capture and communication system for the Food Emergency Response Network (FERN). eLEXNET provides the necessary infrastructure for an early warning system that identifies potentially hazardous foods and enables health officials to assess risks and analyze trends. Epi-Ready This nationwide team-training initiative, led by CDC and NEHA, provides up-to-date foodborne illness outbreak investigation and surveillance training to public- and private- sector environmental health professionals, as well as other professionals who collaborate in conducting foodborne illness outbreak investigations. Epi-x (Epidemic Run by CDC, Epi-X is a web-based surveillance Information Exchange) communication tool for public health professionals. It enables public health professionals to access and share preliminary health surveillance information and notifies them rapidly of health events as they occur. Key features of Epi-X include scientific and editorial support, controlled user access, digital credentials and authentication, rapid outbreak reporting, and support for multijurisdictional peer-to-peer consultation. FERN (Food Emergency FERN is a network of local, state, and federal food-testing Response Network) laboratories that responds to emergencies involving biological, chemical, or radiological contamination of food. It provides a national surveillance capability designed to offer an early means of detecting threat agents in the American food supply, prepares the nation’s laboratories to respond to food-related emergencies, and offers surge capacity for responding to widespread, complex food contamination emergencies. FERN is coordinated by both the FDA and USDA/FSIS.

OCR for page 147
 CREATING AN INTEGRATED INFORMATION INFRASTRUCTURE TABLE 5-1 Continued FoodNet (Foodborne A collaboration among CDC, the FDA, USDA, and the ten Diseases Active states participating in CDC’s Emerging Infections Program, Surveillance Network) FoodNet has the goal of providing more accurate estimates of foodborne illness associated with pathogens by conducting active, population-based surveillance for foodborne illness cases at ten sites. FoodNet has contributed to the standardization of methods among laboratories and performs targeted case control studies to identify risk factors for pathogen-specific illnesses. FoodSHIELD FoodSHIELD’s mission is to support federal, state, and local government regulatory agencies and laboratories through web- based tools that enhance threat prevention and response, risk management, communication, asset coordination, and public education. MDP (Microbiological MDP is a national foodborne pathogen database program Data Program) implemented in 2001. Through cooperation with state agriculture departments and relevant federal agencies, MDP is meant to collect, analyze, and report data on foodborne pathogens for selected agricultural commodities. The FDA provides technical assistance to enhance methods used by MDP participants. Additionally, USDA/AMS informs the FDA of any positive pathogenic findings detected through MDP. NARMS (National NARMS was established in 1996 to monitor changes in Antimicrobial Resistance the susceptibility of select bacteria to antimicrobial agents Monitoring System) of human and veterinary importance among foodborne isolates collected from humans, animals, and retail meats. NARMS is a collaboration between three federal agencies including FDA’s Center for Veterinary Medicine (CVM), CDC and USDA. NARMS also collaborates with antimicrobial resistance monitoring systems in other countries, including Canada, Denmark, France, Mexico, the Netherlands, Norway, and Sweden, so that information can be shared on the global dissemination of antimicrobial resistant foodborne pathogens. Molecular fingerprints of select foodborne bacteria (Salmonella and Campylobacter) recovered via NARMS are deposited into the CDC PulseNet databank for use in identifying sources and spread of foodborne outbreaks. The information from NARMS forms the basis for public health recommendations for the use of antimicrobial drugs in both food producing animals and humans. NARMS data also are vital in disease outbreak investigations and can be used to help create treatment guidelines for foodborne pathogens, thereby ensuring better health outcomes. continued

OCR for page 147
0 ENHANCING FOOD SAFETY with whom it shares confidential information will disclose that information inappropriately. Under 21 CFR 20.84, commissioned officials are “subject to the same restrictions with respect to the disclosure of such data and infor- mation as any other [FDA] employee.” Nevertheless, CFSAN, in its answers to the committee’s questions, noted that “due to their sunshine [openness] laws, certain states are unable to keep such information confidential, which limits FDA’s ability to share such information.” With regard to the provision of information by state and local govern- ments to the FDA, CFSAN told the committee that: [t]here are legal restrictions on the sharing by state and local governments of epidemiological data that may contain patient information that is con- sidered confidential. This occurs with every outbreak investigation. . . . We understand that these restrictions derive from state and federal patient privacy laws. . . .14 Federal law may in fact limit information sharing by state and local government entities in at least some instances. For example, the FDA public information regulations, 21 CFR 20.63(b), state that: [t]he names and other information which would identify patients . . . should be deleted from any record before it is submitted to the [FDA]. If the [FDA] subsequently needs the names of such individuals, a separate request will be made.15 The committee does not know whether this regulation has prevented or delayed the sharing of vital food safety information by state and local governments with the FDA. One oft-cited federal statute that, regardless of perception, does not in fact appear to greatly inhibit the sharing of food safety information between state and local governments and the FDA is the Health Insurance Portabil- ity and Accountability Act (HIPAA). The HHS Privacy Rule implementing HIPAA, 45 CFR Part 160 and Part 164, Subparts A and E, applies only to “covered entities” specified in the statute, namely “health plans,” “health- care clearinghouses,” and “healthcare providers.”16 Many state and local agencies possessing epidemiological data do not fall within any of these categories. To the extent that a state or local agency is a “covered entity,” the Privacy Rule contains an explicit public health exception that would 14 Personal communication, Chad Nelson, FDA, July 25, 2009. 15 21 CFR 20.63(b). 16 The Health Insurance Portability and Accountability Act of , Public Law 104-191, section 1172.

OCR for page 147
 CREATING AN INTEGRATED INFORMATION INFRASTRUCTURE apply in the context of a food safety emergency.17 HIPAA prevents the disclosure only of patient-identifying information, so even when the statute applies, it does not prohibit the dissemination of appropriately redacted data (although the redaction process may cause delay). However, it should be noted that state privacy laws may present a greater barrier to the sharing of food safety information by state and local governments. They may cover more types of entities and impose more stringent privacy requirements than does HIPAA.18 Access to Industry Data Many food companies have carefully designed science-driven food safety systems that produce a substantial amount of data that would be of great value for risk-based decision making. Industry has, however, been reluctant to share its data with the FDA. Barriers that limit the ease with which data from industry could flow to the FDA include the proprietary nature of such data, the absence of an appropriate information infrastruc- ture to manage the data, and potential regulatory ramifications, the latter of which is often cited as the most significant concern. In short, the FDA has generally not been successful in accessing industry data, and although the concept periodically arises as a point of discussion, the agency has made no coordinated effort to overcome the barriers involved. MOVING FORWARD: DESIGNING AND IMPLEMENTING AN INTEGRATED INFORMATION INFRASTRUCTURE Designing and implementing the integrated information infrastructure necessary to support a risk-based food safety system will require an invest- ment in information science, as well as an infrastructure that improves data availability and quality and facilitates data standardization, harmonization, and analysis. In 2007, the FDA Science Board recommended that the agency collaborate with other government agencies to develop data standards and large-scale sustainable data-sharing infrastructures that would allow the timely integration and analysis of data critical to the agency’s mission (FDA Science Board, 2007). Such an investment would reduce data gaps and facilitate risk-based decision making while improving communication, the integration of business processes, and interoperability. In the committee’s 17 45 CFR 164.512(j). See also 45 CFR 164.512(f) (law enforcement exception). 18 HIPAA itself does not limit how strictly states may protect patient privacy. The HIPAA Privacy Rule, by its own terms, does not preempt state law regarding the privacy of patient health information to the extent that the state law is more stringent than the federal regula- tions (45 CFR 160.203(b)). Moreover, some state laws may impose patient privacy limitations on state and local government entities not covered by HIPAA.

OCR for page 147
 ENHANCING FOOD SAFETY opinion, key elements necessary to initiate the transition to an integrated information infrastructure include (1) strategic data collection, (2) the accessibility of data, (3) the availability of a modern IT system, and (4) the analytic capacity to design and maintain the system as well as to analyze, interpret, and disseminate data generated by the system. These elements are discussed briefly below. Chapter 11 examines potential organizational changes to ensure that these elements are in place. Strategic Data Collection Accurate, reliable, secure, and timely data are the backbone of any risk- based decision-making system. The types of data collected and the methods employed in data collection should, ultimately, be driven by the specific objectives and goals of the system. The data that could be collected are virtually endless, making the strategic planning process critical. Strategic planning is readily applicable to data collection and analysis; in fact, it is necessary for the development of an integrated information infrastructure. The strategic plan must address the following: • the goals and ultimate uses of the data (attribution, public health response, development of targeted interventions); • the types of data needed to achieve those goals; • an assessment of what data are currently being collected, as well as their limitations and appropriateness; • the data issues and gaps that must be addressed to achieve the stated goals; • the priorities for collecting additional data; • the data collection methods and standards necessary for accessing, integrating, and analyzing the various sources of data; • the analytic capabilities necessary for collecting, integrating, and analyzing the data; and • the performance metrics that will be used to evaluate the data col- lection and analysis system, including a quality assurance system. The first step in the strategic planning process should be a compre- hensive inventory and review of existing data collection systems without regard for interinstitutional boundaries. Each data collection system should be reviewed by FDA and non-FDA scientists to evaluate its relevance, fund- ing, productivity, and programmatic benefits as they relate to the agency’s mission. Such an approach would provide valuable information for the strategic planning process and would, in essence, make data collection part of the set of risk management tools available for agency use. To be effec- tive, the strategic planning process will require input from multiple federal,

OCR for page 147
 CREATING AN INTEGRATED INFORMATION INFRASTRUCTURE state, and local government agencies, as well industry and nongovernmental organizations (NGOs). Data collection should not be performed simply for its own sake. Decisions on data collection systems and the exact nature of the data to be collected must be driven by the needs of the underlying risk-based decision- making process. As discussed further in Chapter 11, the development of appropriate and cost-effective data collection systems should, ideally, be done in collaboration with other agencies and departments involved in work with food safety, potentially through a single, unified center focused on data collection and analysis. Data collection systems should be devel- oped and evaluated within the risk-based decision-making process outlined in this report. In the absence of a single food agency, it will be challenging to formulate a strategic vision for developing and implementing the inte- grated information infrastructure necessary to support a risk-based food safety system. The FDA can and should take an active leadership role in the development and implementation of a system that is designed to suit its needs in the years to come. Access to Data Many different groups collect food safety data for different purposes that could be valuable to the regulatory mission of the FDA. The system should leverage data collected for a variety of purposes by various federal, state, and local government agencies, as well as by the food industry, the academic sector, and NGOs. To this end, it is essential that data be acces- sible to all stakeholders in a timely manner. The FDA’s ability to effectively identify, investigate, and respond to food safety issues—including outbreaks, emerging pathogens, and the choice of intervention strategies—is dependent on timely access to quality data that are often collected by others. As described above, substantial barriers to data sharing must be addressed before a risk-based system can be implemented effectively. Rel- evant government agencies should examine whether they currently with- hold more food safety information than is required by law, and they should correct any current misunderstandings of the law. The FDA should take a leadership role in implementing the recommendations of Taylor and Batz (2008) for improving access to currently available data necessary to fulfill its mission. Chapter 11 outlines some approaches, such as a centralized risk-based analysis and data management center, that might alleviate some of the barriers to data sharing mentioned in this section. Regardless of the establishment of these approaches, many of the actions suggested below will still be needed to overcome data-sharing barriers. To the extent that legal changes are needed to allow sufficient data sharing, especially in the case of emergencies, Congress should consider amending the law.

OCR for page 147
 ENHANCING FOOD SAFETY To facilitate the sharing of food safety data relevant to protecting the public health, the Secretary of HHS should publish guidelines, including answers to frequently asked questions, concerning data sharing between different HHS agencies. In addition, the FDA and CDC should jointly pro- vide training to their food safety employees regarding the actual limits on such data sharing imposed by federal law. There would be some benefit in having FDA and CDC employees present at the same training sessions. This training should address in detail the data-sharing MOU entered into by the two agencies. The FDA should also assist state and local food safety agen- cies regarding the provision of such training to state and local employees. Further, the FDA should, as recommended elsewhere in this report, consider greatly expanding the use of its commissioning authority to create a cadre of state and local commissioned officers throughout the nation, which, in addition to increasing the size of the agency’s inspectional force, would facilitate data sharing between the FDA and state and local governments. Entering into formal data-sharing agreements with other federal agencies with which the FDA has shared or might share food safety information (e.g., EPA) is also advisable. In terms of legal barriers to sharing data, the FDA should determine whether federal law preempts state openness laws with respect to information provided to FDA-commissioned state and local officers and, if necessary, ask Congress to revise the relevant statutes and regulations to ensure that the agency can share confidential data without concern that those data will later be made public under state openness laws. The FDA should also determine whether its public information regulations, such as 21 CFR 20.63(b), have prevented or delayed state and local govern- ments’ sharing of vital food safety information with the agency. If necessary, the regulations should be revised to permit state and local governments, as well as other entities, to submit records to the FDA in emergency situations or when there is a legitimate need without first redacting patient-identifying information. In terms of accessibility of industry data, the Public Health Security and Bioterrorism Preparedness and Response Act of 2002 gives the FDA access to industry records only when they are related to food that “presents a threat of serious adverse health consequences or death to humans or animals.”19 In Chapter 10, the committee recommends that the FDCA be amended to require that every food facility prepare a food safety plan and that this plan and its implementation records be made available to FDA inspectors. The FDA should identify the kinds of industry data that are needed for risk-based decision making and develop mechanisms for collecting and ensuring the quality of those data. The FDA should also 19 Public Health Security and Bioterrorism Preparedness and Response Act of 00 (Bio­ terrorism Act), Public Law 107-188, 107th Cong., 2nd sess. (January 23, 2002).

OCR for page 147
 CREATING AN INTEGRATED INFORMATION INFRASTRUCTURE consider regulatory changes, to the extent necessary to ensure food safety, that would authorize it to release some trade secret and confidential com- mercial information under the Trade Secrets Act. To help promote the trust and cooperation of industry, advances in tracking, masking, and analyz- ing information should be explored to enable the FDA and its partners to protect such information while sharing information that specifically helps protect public health. Information Technology and Personnel Needs Information Technology A critical component of the implementation of a risk-based decision- making system is the underlying technology necessary for the collection, processing, and delivery of information. The inability to collect, integrate, and deliver information can result in inefficient use of resources, redun- dancy, ineffective information sharing, and delayed or inappropriate regu- latory decision making, all of which impact public health (FDA Science Board, 2007; GAO, 2009). The ability to access, integrate, and analyze numerous and varied data sources depends on the development, harmoniza- tion, evaluation, and adoption of an electronic data exchange environment that supports data standards. Several recent reports have found critical gaps in the FDA’s centralized IT infrastructure, which has been described as obsolete, redundant, and unstable (FDA Science Board, 2007; GAO, 2009). In 2007, the FDA Science Board described the agency’s IT situation as “problematic at best—and at worst it is dangerous” (FDA Science Board, 2007, p. 5).The FDA’s IT work- force has been deemed insufficient to meet the agency’s needs (FDA Sci- ence Board, 2007). Further, the FDA’s IT infrastructure lacks the necessary backup systems to provide continuity of operation in case of system failures (FDA Science Board, 2007). During the 2006 spinach-related outbreak, for example, failures in the FDA’s e-mail system contributed to delays in responding to the outbreak (FDA Science Board, 2007). Recent evidence suggests that the FDA is making progress, albeit slowly, in improving its information infrastructure (FDA Science Board, 2009). In 2008, the agency began an effort to consolidate its IT infrastructure and centralize its IT management with the creation of the Office of Information Management (GAO, 2009). As of this writing, the development of a com- prehensive strategic plan for this office was under way and was expected to be completed by the end of fiscal year 2009 (GAO, 2009). Progress appears to have been made on developing an IT architecture design and on build- ing the foundation for data standards and harmonization (FDA Science Board, 2009). Several initiatives to modernize the FDA’s information infra-

OCR for page 147
 ENHANCING FOOD SAFETY structure and IT systems have been undertaken, with the Predictive Risk- Based Evaluation for Dynamic Import Compliance Targeting (PREDICT) model as a relevant example (see Chapter 3 and Appendix E). Workforce assessments have also been undertaken. Further, the FDA has established a Bioinformatics Board to oversee the agency’s IT investments, as well as Business Review Boards for each of the core business areas that are respon- sible for the day-to-day oversight of IT projects. It has also created a project management office, developed criteria for evaluating prospective projects, and documented project monitoring and control processes. Despite this recent progress, however, substantial challenges remain, including centralizing IT, developing a scientific computing infrastructure, addressing information security issues, and conducting strategic human capital planning. Of particular concern are the lack of a detailed, compre- hensive strategic IT plan and the agency’s segmented approach to devel- oping its enterprise architecture. For example, the FDA started building PREDICT, a component of its enterprise architecture, without having a detailed plan or establishing priorities for the development of the overall enterprise architecture (FDA Science Board, 2009). Such an approach is contrary to the concepts outlined in this report and may ultimately result in a fragmented enterprise architecture that is incompatible with future systems. The committee agrees with the recommendations in the FDA Science Board report. The committee emphasizes the importance of the develop- ment of a modern IT infrastructure and investment in the FDA’s IT work- force (see section below regarding Personnel Needs) to meeting the agency’s public health objectives and implementing its overall strategic plan. Personnel Needs The problems of fragmented data collection systems and inaccessibility of data are compounded by an inadequate pool of scientific personnel that can, even in times of emergency, effectively collect, manage, analyze, inter- pret, and disseminate the data to which they have access. Several reports have noted the problem of insufficient staff, as well as inadequate recruit- ment and retention and the failure to make an investment in professional development (FDA Science Board, 2007). Recently, the U.S. Government Accountability Office (GAO) recommended that the agency manage its workforce strategically by determining the critical skills and competencies needed to fulfill its mission, analyzing the gaps between current skills and future needs, and developing strategies for filling those gaps (GAO, 2009). While the FDA has increased its training budget and is conducting work- force assessments (FDA Science Board, 2007, 2009), however, it has not yet addressed the bulk of these GAO recommendations.

OCR for page 147
 CREATING AN INTEGRATED INFORMATION INFRASTRUCTURE The FDA is underutilizing its field personnel. For example, field assign- ments could be used for the collection of data (e.g., who uses a specific piece of equipment in processing frozen peas) or the analysis of samples (e.g., a statistically representative sampling of bagged salads for microbiologi- cal analysis). Prior to 1994, ORA’s Minneapolis Center for Microbiological Investigation conducted analyses in the field for the FDA; however, this dedicated function no longer exists. Given the agency’s limited inspection capacity, most efforts of the inspectional force are dedicated to performing legally required inspectional duties. As mentioned in Chapter 3, one way to meet the FDA’s analytical personnel needs would be to create functional teams in support of the risk-based approach. In this case, for example, a surveillance team would be responsible for interacting with other federal agencies and state and local jurisdictions and for managing centralized epidemiological databases supporting modeling efforts. Such a group would include statisticians, epidemiologists, microbiologists, behavioral scientists, economists, risk analysts, biomathematical modelers, database managers, IT personnel, risk managers, and other experts as needed. Also, the agency should start implementing the above-mentioned GAO recommendation to address its IT human resource needs (GAO, 2009). Chapter 11 describes approaches for consolidating data and risk analysis, such as a centralized risk-based analysis and data management center that would meet the needs of all agencies with responsibilities for food safety. As outlined in Chapter 11, the committee sees clear potential advantages to the creation of such a cen- ter that would have access to food safety data from multiple agencies, the analytical capacity to deal with these data, and the ability to disseminate results of its analyses to agencies for policy development. Even with such a center, however, the FDA will need to maintain a core of experts in all the disciplines noted above. KEY CONCLUSIONS AND RECOMMENDATIONS Decisions on data collection systems and the characteristics of the data to be collected must be driven by the needs of the underlying risk-based decision-making process. The FDA has not adequately assessed and articu- lated its data needs. The agency currently lacks the capability to collect and integrate the data needed for effective implementation of a risk-based approach to food safety. For example, it lacks a dedicated cadre of ana- lytical personnel to design, implement, and manage the collection of and analyze, interpret, and disseminate the data needed to support a risk-based system. It lacks a group of epidemiologists, statisticians, and data analysts that can work with risk modelers, analysts, and managers to support risk- based decisions about food safety.

OCR for page 147
 ENHANCING FOOD SAFETY In terms of sharing data with other relevant partners (e.g., CDC, the U.S. Department of Agriculture, the food industry), it appears that the legal regime now in place would permit a substantial increase in such data shar- ing. However, nonlegal obstacles, both technological (e.g., inadequate IT) and cultural (e.g., unnecessary delays in sharing data or a lack of trust), continue to limit the sharing of data among partners. To protect the public health, federal, state, and local agencies and industry must share more food safety information, and share it more rapidly, than is now the case. In support of a risk-based approach driven by data, the committee makes the following recommendations. Recommendation 5-1: Data collection by the FDA should be driven by the recommended risk-based approach and should support risk-based decision making. It is critical that the FDA evaluate its food safety data needs and develop a strategic plan to meet those needs. The FDA should review existing data collection systems for foods to identify data gaps, eliminate systems of limited utility, and develop the necessary surveil- lance capabilities to support the risk-based approach. The FDA should formulate and implement a plan for developing, harmonizing, evaluat- ing, and adopting data standards. The FDA should also establish a mechanism for coordinating, capturing, and integrating data, including modernization of its information technology systems. To coordinate, capture, and integrate data, the FDA could lead the implementation of a multiagency food safety epidemiology users group as outlined by Taylor and Batz (2008). The centralized risk-based analysis and data manage- ment center proposed in recommendation 11-3 in Chapter 11 could serve the functions of data storage and analysis in support of a risk- based approach. Mechanisms should also be instituted to build trust with industry and, in partnership, collect and analyze industry data. Recommendation 5-2: The FDA should evaluate its personnel needs to carry out its roles in collecting, analyzing, managing, and commu- nicating food safety data. The agency should establish an analytical unit with the resources and expertise (i.e., statisticians, epidemiolo- gists, behavioral scientists, economists, microbiologists, risk analysts, biomathematical modelers, database managers, information technology personnel, risk managers, and others as needed) to support risk-based decision making. Recommendation 5-3: The FDA should evaluate statutes and policies governing data sharing and develop plans to improve the collection and sharing of relevant data by all federal, state, and local food safety agen- cies. For example, in collaboration with other food safety agencies, the

OCR for page 147
 CREATING AN INTEGRATED INFORMATION INFRASTRUCTURE FDA should develop and implement technologies and procedures that will ensure confidentiality and facilitate data sharing. Congress should consider amending the law, to the extent that legal changes are needed, to allow sufficient data sharing among government agencies. REFERENCES CDC (U.S. Centers for Disease Control and Prevention). 2009. Surveillance for foodborne disease outbreaks—United States, 2006. Morbidity and Mortality Weekly Report 58(22):609–615. FDA (U.S. Food and Drug Administration). 2003. Memorandum of Understanding Between the Food and Drug Administration and the Centers for Disease Control and Preen­ tion. MOU 225-03-8001. http://www.fda.gov/AboutFDA/PartnershipsCollaborations/ MemorandaofUnderstandingMOUs/DomesticMOUs/ucm115068.htm (accessed May 15, 2010). FDA Science Board. 2007. FDA Science and Mission at Risk. Report of the Subcommittee on Science and Technology. Rockville, MD: FDA. FDA Science Board. 2009. Science Board Subcommittee Reiew of Information Technology. Rockville, MD: FDA. http://www.fda.gov/AdvisoryCommittees/CommitteesMeetingMaterials/ ScienceBoardtotheFoodandDrugAdministration/ucm176816.htm (accessed April 14, 2010). Frenzen, P. D., A. Drake, and F. J. Angulo. 2005. Economic cost of illness due to Escherichia coli O157 infections in the United States. Journal of Food Protection 68(12):2623−2630. FSWG (Food Safety Working Group). 2009. Food Safety Working Group: Key Findings. http://www.foodsafetyworkinggroup.gov/FSWG_Key_Findings.pdf (accessed February 18, 2010). GAO (U.S. Government Accountability Office). 2009. Information Technology: FDA Needs to Establish Key Plans and Processes for Guiding Systems Modernization Efforts. Wash- ington, DC: GAO. Havelaar, A. H., J. Braunig, K. Christiansen, M. Cornu, T. Hald, M. J. Mangen, K. Molbak, A. Pielaat, E. Snary, M. Van Boven, W. Van Pelt, A. Velthuis, and H. Wahlstrom. 2006. Towards an Integrated Approach in Supporting Microbiological Food Safety Decisions. Med-Vet-Net. Report No. 06-001. http://www.medvetnet.org/pdf/Reports/Report_06-001. pdf (accessed May 15, 2010). HHS (U.S. Department of Health and Human Services). 2009. Healthy People 00: The Road Ahead. http://www.healthypeople.gov/hp2020/default.asp (accessed February 18, 2010). IOM (Institute of Medicine). 2003. Scientific Criteria to Ensure Safe Food. Washington, DC: The National Academies Press. Kemmeren, J. M., M. J. Mangen, Y. T. P. H. Van Duynhoven, and A. Havelaar. 2006. Priority Setting of Foodborne Pathogens: Disease Burden and Costs of Selected Enteric Patho­ gens. Bilthoven, The Netherlands: RIVM Ministry of Public Health, Welfare and Sports. http://www.rivm.nl/bibliotheek/rapporten/330080001.pdf (accessed January 30, 2009). . Last, J. M., ed. 1995. A Dictionary of Epidemiology, 3rd ed. New York: Oxford University Press. Majowicz, S. E., W. B. McNab, P. Sockett, S. Henson, K. Dore, V. L. Edge, M. C. Buffett, S. Read, S. McEwen, D. Stacey, and J. B. Wilson. 2004. The burden and cost of gastro- intestinal illness in a Canadian community. Journal of Food Protection 69:651–659. Medeiros, L. C., P. Kendall, V. Hillers, G. Chen, and S. DiMascola. 2001. Identification and classification of consumer food-handling behaviors for food safety education. Journal of the American Dietetic Association 101(11):1326–1339.

OCR for page 147
0 ENHANCING FOOD SAFETY Morse, D. L. 2009. Foodborne Disease Sureillance: Vignettes of a State Epidemiologist. Paper presented at Institute of Medicine/National Research Council Committee on Review of the FDA’s Role in Ensuring Safe Food Meeting, Washington, DC, March 24, 2009. NRC (National Research Council). 2009. Letter Report on the Reiew of the Food Safety and Inspection Serice Proposed Risk­Based Approach to and Application of Public­Health Attribution. Washington, DC: The National Academies Press. Osterholm, M. T. 2009. Role of Foodborne Disease Sureillance and Food Attribution in Food Safety. Paper presented at Institute of Medicine/National Research Council Com- mittee on Review of the FDA’s Role in Ensuring Safe Food Meeting, Washington, DC, March 24, 2009. Pilling, V. K., L. A. Brannon, C. W. Shanklin, A. D. Howells, and K. R. Roberts. 2008. Iden- tifying specific beliefs to target to improve restaurant employees’ intentions for perform- ing three important food safety behaviors. Journal of the American Dietetic Association 108(6):991−997. Ruzante, J. M., V. J. Davidson, J. Caswell, A. Fazil, J. A. L. Cranfield, S. J. Henson, S. M. Anders, C. Schmidt, and J. Farber. 2009. A multi-factorial risk prioritization framework for foodborne pathogens. Risk Analysis. Published online in advance of print. http:// www3.interscience.wiley.com/journal/122542673/abstract (accessed May 15, 2010). Shogren, J. F., J. A. Fox, D. J. Hayes, and J. Roosen. 1999. Observed choices for food safety in retail, survey, and auction markets. American Journal of Agricultural Economics 81(5):1192−1199. Taylor, M. R., and M. B Batz. 2008. Harnessing Knowledge to Ensure Food Safety: Opportu­ nities to Improe the Nation’s Food Safety Information Infrastructure. Gainesville, FL: Food Safety Research Consortium. USDA/ERS (U.S. Department of Agriculture/Economic Research Service). 2009. Foodborne Illness Cost Calculator: Assumption Details and Citations for Salmonella. Washington, DC: USDA. http://www.ers.usda.gov/data/FoodBorneIllness/salmAssumptionDescriptions. asp?Pathogen=Salmonella&p=1&s=4683&y=2006&n=1397187 (accessed January 30, 2009). .