Review Of The Food And Drug Administration's Computer Monitoring Of Certain Employees In Its Center For Devices And Radiological Health

This report reviews the monitoring of electronic communications of certain employees in the Food and Drug Administration (FDA) Center for Devices and Radiological Health (CDRH). CDRH suspected these employees were sending trade secrets or confidential commercial information outside FDA in possible violation of FDA regulations and criminal statutes. OIG found that despite the reasonableness of CDRH's concerns and the explicit language in FDA's network log-on banner regarding monitoring, CDRH failed to fully assess beforehand, and with the timely assistance of legal counsel, whether the scope of potentially intrusive monitoring would be consistent with constitutional and statutory limitations on Government searches and consistent with whistleblower protections. OIG recommends that HHS ensure that its operating divisions draft and implement policies and related procedural internal controls that provide reasonable assurance of compliance with laws and regulations, particularly those governing current and prospective employee monitoring. In September 2013, FDA issued an interim computer-monitoring policy that addresses our recommendations.

---