FDA regulators crossed the line when they secretly surveilled employees in the medical device division, according to the results of a 2-year investigation initiated by a pair of high-ranking members of Congress.
The FDA "initiated an electronic surveillance program of unprecedented scope" in order to monitor a handful of medical device reviewers believed to be leaking confidential information about pending 510(k) applications, the report said. The FDA has since enacted new guidelines for conducting surveillance with greater emphasis on protecting whistleblowers, but the moves haven’t soothed lawmakers and critics who likened the spying programs to a witch-hunt.
Ranking Senate Judiciary Committee Republican Charles Grassley (Iowa) and House oversight panel chairman Rep. Darrell Issa (R-Calif.) launched the investigation in 2012 after the New York Times reported on the surveillance. The FDA reviewers subject to monitoring also filed a lawsuit claiming that the surveillance "was used to harass or dismiss at least 6 current and former FDA employees."
The employees were targeted after an unnamed medical device manufacturer complained to FDA officials that someone had inappropriately disclosed information about a pending medtech application, according to the report. Agency scientist Dr. Robert Smith and a handful of others had previously claimed that FDA management put undue pressure on reviewers to give a pass to devices that may not be safe, sending private messages to Congress and the U.S. Office of Special Counsel (OSC) to voice their concerns. The scientists had also claimed that they were mistreated by management after voicing concerns. Smith was the 1st scientists that the FDA targeted for surveillance, according to the report.
The agency enlisted a couple of security contractors to track down the source of the alleged medical device application leaks. The contractors used a monitoring program that collected screenshots every 5 seconds of employees’ computers, capturing sensitive information and communications protected under federal law. The scientists claimed that the monitoring was used primarily to harass outspoken employees and punish them for criticizing the medical device review process.
"The FDA intercepted communications with congressional staffers and draft versions of whistleblower complaints complete with editing notes in the margins," according to the report. "FDA even reconstructed files that had been deleted from personal thumb drives prior to the device being used on an FDA computer."
The documents accidentally made their way online in May 2012, with more than 80,000 pages of collected data posted publicly after an apparent miscommunication between the FDA and a contractor. The pages exposed sensitive employee data and communications, but also revealed the extent of the FDA’s surveillance.
The Grassley/Issa report stopped short of passing judgment on the reviewers’ claims regarding risky devices or inappropriate clearances, but stated that "The FDA’s surveillance was not lawful" when it breached federal whistleblower protections by monitoring emails to Congress and the OSC.
FDA medical device chief Dr. Jeffrey Shuren, however, testified before the House Committee on Oversight & Government Reform that not only did he believe that the employees’ complaints of corruption in the medtech review process were invalid, but that their claims of mismanagement and retaliation from their superiors were inappropriate.
Shuren noted that one particular device the scientists took issue with was CT colonoscopy, a screening method that has undergone widespread clinical trials and which a joint FDA panel of radiologists and gastroenterologists last year unanimously agreed was the best option for screening asymptomatic patients for colorectal cancer.
Shuren also told the committee that he personally took action to protect the whistleblowers and address their concerns, that he moved their department under entirely new management when they claimed they were being targeted and that he asked the Office of the Inspector General to look into their personnel complaints.
The OIG repeatedly failed to find signs of retaliation and the scientists’ same claims of unfair treatment cropped up under their new management, Shuren said.
In regard to the surveillance, Shuren maintained that the FDA is obligated by federal law not only to protect medical device applications and the proprietary information that companies submit while undergoing review, but to investigate and prevent potential leaks. The agency’s investigation confirmed that information had been inappropriate leaked, he testified.
"There was unauthorized disclosures to members of the public and that is, from our perspective, in violation of HHS personnel policy and probably a violation of the law," Shuren said.
In examining the FDA’s surveillance practices, the Grassley/Issa report focused primarily on the lack of proper protocols to help the agency determine how to properly and lawfully monitor employees without violating their right to private channels of communication for voicing concerns. The lawmakers called for a formal monitoring policy and additional whistleblower protections to ensure that monitoring doesn’t have a chilling effect. They also called into question the FDA’s decision to monitor suspected leakers on a forward-looking basis, rather than investigating past communications to detect evidence of a leak.
In his testimony, however, Sen. Grassley had some strong words for FDA regulators, which he claimed had attempted to dodge inquiries and hide its monitoring of protected communications.
"FDA officials gave little, if any, thought to the legal limits that might restrict their power to monitor employees," Grassley said in his testimony yesterday. "No one at the FDA made any attempt to limit the collection of legally protected communications with attorneys, with the Office of Special Counsel, or with Congress. The FDA trampled on the privacy of its employees and their right to make legally protected disclosures of waste, fraud, or abuse."