MOU 225-22-026
MEMORANDUM OF UNDERSTANDING BETWEEN AND AMONG
THE U.S. DEPARTMENT OF HEALTH AND HUMAN SERVICES,
THE FOOD AND DRUG ADMINISTRATION, CENTER FOR DEVICES AND RADIOLOGICAL HEALTH;
THE CENTERS FOR DISEASE CONTROL AND PREVENTION,
NATIONAL INSTITUTE FOR OCCUPATIONAL SAFETY AND HEALTH; AND
THE U.S. DEPARTMENT OF LABOR,
OCCUPATIONAL SAFETY AND HEALTH ADMINISTRATION
I. Preamble
The Food and Drug Administration (FDA) Center for Devices and Radiological Health (CDRH) protects and promotes public health. The Centers for Disease Control and Prevention (CDC) National Institute for Occupational Safety and Health (NIOSH) promotes occupational safety and health through research, criteria development for standards, education and training, approval of respiratory protective devices (RPDs), and advancements of personal protective equipment and technologies. The Occupational Safety and Health Administration (OSHA) ensures “safe and healthful working conditions.” The intersection of these missions, as related to the regulation of and guidance for personal protective equipment (PPE), including medical devices, was particularly evident during the COVID-19 response relating to emergency use authorizations (EUAs) and ensuring safe and effective devices for a broad range of activities and users, including RPDs. The continued collaboration, including the sharing of certain information, will help promote public safety and health through the agencies’ respective authorities and overlapping missions.
II. Purpose
This Memorandum of Understanding (MOU) between and among the Department of Health and Human Services’(HHS) FDA, acting through CDRH; the HHS/CDC, acting through NIOSH; and the Department of Labor (DOL), acting through OSHA (herein referred to as “the Parties”), provides a framework for continued collaboration, including the sharing of certain information, between and among the Parties to facilitate coordination, decision-making, law enforcement activities, and guidance or regulation development through the agencies’ respective authorities and overlapping missions.
III. Authority
FDA has authority to enter into this Agreement pursuant to sections 1003(b) and (c) of the Federal Food, Drug, and Cosmetic Act (FD&C Act) (21 U.S.C. §§ 393(b) and (c)).
CDC has the authority to enter into this Agreement pursuant to section 301 of the Public Health Service Act (42 U.S.C. § 241); the Occupational Safety and Health (OSH) Act of 1970, 29 U.S.C. § 651 et seq.; and the Federal Mine Safety and Health Act (Mine Act) of 1977, as amended, 30 U.S.C. § 801 et seq.
The DOL has the authority to enter into this Agreement pursuant to the OSH Act, 29 U.S.C. § 651 et seq.
IV. Definitions
A. Device: an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including any component, part, or accessory, which is—(1) recognized in the official National Formulary, or the United States Pharmacopeia, or any supplement to them, (2) intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man or other animals, or (3) intended to affect the structure or any function of the body of man or other animals, and which does not achieve its primary intended purposes through chemical action within or on the body of man or other animals and which is not dependent upon being metabolized for the achievement of its primary intended purposes. The term “device” does not include software functions excluded pursuant to section 360j(o) of this title. (21 U.S.C. § 321(h)).
B. Confidential Commercial Information (“CCI”): valuable data or information which is used in a business and is of such type that it is customarily held in strict confidence or regarded as privileged and not disclosed to any member of the public by the entity to whom it belongs. Examples of CCI include raw material supplier lists, finished product customer lists, traceback information, etc. (21 C.F.R. § 20.61).
C. Protected Critical Infrastructure Information (“PCII”): validated Critical Infrastructure Information as defined in Federal Regulation at 6 C.F.R. § 29.2(g).
D. Non-public Information: includes, but is not limited to, CCI, Trade Secret Information, and PCII.
E. Trade Secret Information: any commercially valuable plan, formula, process or device that is used for making, preparing, compounding, or processing of trade commodities, that can be said to be the end product of either innovation or substantial efforts. In order for proprietary information to be considered a trade secret, there must be a direct relationship between the trade secret and the production process. (21 C.F.R. § 20.61).
V. Background
In a report by the U.S. Government Accountability Office (GAO) titled “COVID-19: Sustained Federal Action Is Crucial as Pandemic Enters Its Second Year” (GAO-21-387), published March 31, 2021, GAO made recommendations regarding the need for information sharing among the Parties. The Parties agree with the GAO recommendation to develop a process for sharing certain information to facilitate decision-making and guidance consistency related to EUA device information. “Device” in the context of this Agreement specifically relates to personal protective equipment intended for a medical purpose (i.e., intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease and, therefore, meets the definition of “device” set forth in section 201(h)(1) of the FD&C Act), including those used in healthcare settings to prevent transmission of infectious disease (e.g., protective clothing, gloves, RPDs). Based on the Parties’ experience with EUAs during the COVID-19 pandemic, there exists an opportunity to build upon the beneficial collaborations to ensure a process for timely and consistent information-sharing for devices both during and outside of public health emergencies, subject to respective authorities. The purpose of this MOU is to address information-sharing and enable expanded collaborative activities among the Parties. This MOU does not affect or supersede any existing or future agreements or arrangements among the Parties except to the extent provided in section VI., below.
VI. Substance of Agreement
a. POCs: The Parties will establish a principal point of contact (POC), or liaison, to facilitate the actions carried out under this MOU.
b. Procedures: The Parties agree to attend an initial meeting to establish agreement to specific written procedures inclusive of safeguards necessary to implement this MOU. The initial meeting will take place as soon as possible after signing of this MOU. Additional meetings will be scheduled thereafter on an as-needed basis.
c. Confidentiality:
1. The Parties recognize that information exchanged that contains any of the following types of information must be protected from unauthorized use and disclosure: (1) confidential commercial or financial information, such as information that would be protected from public disclosure pursuant to Exemption 4 of the Freedom of Information Act (FOIA) (5 U.S.C. § 552(b)(4)); (2) personal privacy information, such as the information that would be protected or exempt from public disclosure pursuant to FOIA Exemptions 6 or 7(C) (5 U.S.C. § 552(b)(6) or 7(C); (3) information compiled for law enforcement purposes, such as information that would be protected or exempt from public disclosure pursuant to FOIA Exemption 7(E) (5 U.S.C. § 552(b)(7)(E)); or (4) information that is otherwise protected from public disclosure by federal statutes and their implementing regulations (e.g., Trade Secrets Act (18 U.S.C. § 1905)); the Privacy Act (5 U.S.C. § 552a); other FOIA exemptions not mentioned above (5 U.S.C. § 552(b)); the FD&C Act (21 U.S.C. §§ 301 et seq.); the Health Insurance Portability and Accountability Act (HIPAA), (Pub. L. 104-191), Section 319L(e) of the Public Health Service Act (42 U.S.C. § 247d-7e(e)), and disclosure restrictions subject to the Procurement Integrity Act (41 U.S.C. §§ 2101-2107) and Federal Acquisition Regulation (48 CFR § 3.104). Additionally, all federal agencies and contractors supporting them are under the Federal Information Security Management Act (FISMA), E-government Act of 2002 (Pub. L. 107-347). Pursuant to sections 301(j) and 520(c) of the FD&C Act (21 U.S.C. § 331(j) and 360j(c)), FDA will not reveal to any participant who is not a representative of an agency within the Department of Health and Human Services any information entitled to protection as a trade secret or confidential commercial or financial information relating to devices obtained by FDA under sections 513, 514, 515, 516, 518, 519, 520(f), 520(g), or 704 of the FD&C Act (21 U.S.C. 360c, 360d, 360e, 360f, 360h, 360i, 360j(f), 360j(g), 374), unless there is in place a written authorization, from the owner of that information, that permits FDA to reveal such information to representatives of non-HHS agencies. Such authorization may be obtained in the form attached as Exhibit A of this MOU (or a reasonable, mutually agreed upon variation).
2. The Parties will each establish proper safeguards to ensure that information shared under this MOU shall be used and disclosed solely in accordance with applicable laws, regulations, and this MOU. Access to such information shared under this MOU shall be restricted to authorized employees, agents, and officials of the Parties who require access to perform their official duties in accordance with the uses of information as authorized by this MOU. Such personnel shall be advised of (1) the confidential nature of the information; (2) safeguards required to protect the information; and (3) the administrative, civil, and criminal penalties for noncompliance. Such personnel shall be individually required, prior to receiving any such information, to sign the confidentiality commitment form as attached in Exhibit B of this MOU. Except as otherwise permitted under this MOU, each Party agrees that information shared pursuant to this MOU will not be further disclosed without the written permission of the sharing Party or as required by law with advance notice to the sharing Party. In the event disclosure is required by law, the disclosing party shall consult with the sharing party prior to such disclosure (i.e., consultation between the information-sharing liaisons or designees for the Parties).
3. Contractors, their subcontractors, and/or agents of the Parties participating in discussions covered by this MOU will be permitted to participate in discussions and to receive information under this MOU only if they require access to perform their official duties in accordance with the uses of the information and have signed an agreement (e.g., contractor or business associate non-disclosure agreement) by which they will commit to keep the information confidential (form attached as Exhibit B).
4. The Parties agree that requests for information, subject to this MOU, and responses to such requests, will be submitted in writing (or conveyed orally in an emergency) with the appropriate disclosure statements for information requests, responses, and documents provided, using the model request and response letters (or a reasonable, mutually agreed-upon variation) as described in Exhibit C.
5. The Parties agree to promptly notify an affected Party of any actual or suspected unauthorized disclosure of information shared under this MOU. The Parties are similarly under an affirmative obligation to report breaches of Personally Identifiable Information (PII), which might include Protected Health Information (PHI), or Individually Identifiable Health Information (IIHI), under appropriate authorities and timeframes, such as FISMA, HIPAA, the Privacy Act, and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Pub. L. No. 111-5, 123 Stat. 226 (Feb. 17, 2009); 42 U.S.C. §§ 300jj et seq.; §§ 17901 et seq.).
6. If a Party receives a FOIA request for records or information shared by another of the Parties pursuant to this MOU that are responsive to the request, the Party receiving the request will follow its FOIA regulations regarding referral, consultation, or coordination, working with the sharing party to ensure the sharing party’s FOIA regulations are followed for disclosure. The receiving Party will ensure final disclosure decisions are made by the sharing Party (originating agency of the records or information) including decisions on whether the records are responsive or able to be disclosed.
7. The Parties agree that each Party may decide not to share information or expertise in response to a particular request made for information, or to limit the scope of information and expertise shared in response to a particular request. A decision not to share information in response to a specific request may be based on several factors, including, for example, the amount of resources necessary to fulfill the request, the reasonableness of the request, the responding Party’s priorities, or legal restrictions. There is, however, agreement to share information to the maximum extent possible in furtherance of the purposes of this MOU. The Parties further agree that a Party may on its own initiative elect to share information pursuant to the procedures established under section VI.b., above, to further the purposes of this MOU. In the event the relevant Parties cannot reach consensus on a decision to share or not share information, the issue will be referred to an official designated by the Parties, specified in procedures to implement this MOU.
8. The Parties further agree that nothing in this MOU shall be construed to prevent a disclosure required by law or legal process. Notwithstanding this provision, the requesting Party will promptly notify a liaison or designee of the sharing Party before complying with any judicial order that compels the release of non-public information shared pursuant to this MOU, or any other attempt by a third party to obtain shared non-public information by compulsory process, including but not limited to a subpoena, discovery request, or litigation complaint or motion, so that the Parties may determine the appropriate measures to take, including, where appropriate, legal action (e.g., to provide an opportunity to seek to intervene and block the disclosure). This MOU does not prohibit disclosure of information that is available publicly or when authorized in writing by the information owner.
Nothing in this MOU shall be construed to prevent a Party from complying with an official request of the United States Congress, the Office of Inspector General, or the Government Accountability Office. The requesting Party will promptly notify the liaison or designee of the sharing Party of any attempt by Congress, the Office of Inspector General, or the Government Accountability Office, to obtain shared non-public information so that the Parties may determine the appropriate response and measures to take to protect the information from disclosure. The Parties shall consult before complying with any request to obtain shared nonpublic information, so that the Parties may determine the appropriate measures to take, including, where appropriate, legal action.
9. The Parties agree that termination of the MOU does not relieve them of their confidentiality obligations established under this MOU, including their obligations to safeguard and limit access to all information provided pursuant to this MOU.
10. This MOU does not address, and has no effect on, the application of, or compliance with, any requirement or restriction on disclosure for national security purposes. Any national security clearance requirements or restrictions applicable to classified information (e.g., “confidential,” “secret,” “top secret”) that may be shared by or among the Parties must be satisfied independent of this MOU.
d. Conflict of Interest:
Executive Order 12674 (modified by E.O. 12731), Standards of Ethical Conduct for Employees of the Executive Branch (5 CFR part 2635), and individual Parties’ standards of conduct contain rules and regulations which govern the ethical obligations applicable to government employees. Federal law generally prohibits a federal employee from participating personally and substantially in any particular matter in which the employee has a financial interest (18 U.S.C. § 208). The restriction also applies to financial interests of an employee’s spouse; minor child; partner; organization in which he or she is serving as officer, director, trustee, partner or employee; and any person or organization with whom the employee is negotiating or has any arrangement concerning prospective employment. Ethics requirements applicable to federal employees also broadly prohibit engaging in financial transactions using nonpublic information and prohibit the improper use of nonpublic information to further their own private interest or that of another, whether through advice, recommendation, or by knowing unauthorized disclosure. HHS Supplemental Standards of Ethical Conduct for Employees of the Department of Health and Human Services (5 CFR part 5501) impose additional conditions, such as unique prohibited-holdings regulations for certain FDA personnel.
Representatives of the Parties to any discussion regarding the information shared pursuant to this MOU must not have a prohibited financial conflict of interest through personal or family investments in a sponsor, or a competitor to the sponsor, who will be affected by FDA decisions. If at any time prior to or during the performance of activities under this MOU, a person becomes aware that a potential or actual conflict exists, that person must notify the appropriate authorities within their own Agency, including any persons designated under the procedures established in section VI.b. above, and that Agency must contact the liaison or designated official listed on the MOU to undertake any resultant necessary actions.
e. Integrity of Regulatory Decision-Making Process:
FDA participation is predicated on a mutual understanding that the Parties’ meetings under this MOU provide a forum for mutual exchange of opinions and ideas and must avoid any appearance that procurement or investment considerations may influence FDA regulatory decision-making concerning product approval or authorization. FDA employees generally will not participate in discussions or decision-making regarding the terms of procurement of or investment in a medical product. FDA representatives may participate in discussions under this MOU to provide FDA’s current thinking on scientific or regulatory issues within FDA’s areas of responsibility and expertise.
VII. General Provisions
This is an internal government agreement among the Parties to this MOU and it does not confer any rights or benefits to any person or party. This MOU does not include any commitment, by any Party, of resource contributions or exchanges.
This MOU does not supersede any existing agreements or arrangements among the Parties; to the extent the provisions of the MOU conflict with any existing or future agreement between FDA and any other of the Parties, the provisions of this MOU shall govern FDA communications relating to the coordination and collaboration between and among the Parties for device regulation as related to the intersection of their respective missions. This MOU and all associated agreements will be subject to the applicable policies, rules, regulations, and statutes under which the respective Parties operate, and nothing in the MOU shall be construed as changing the current requirements under the statutes and regulations administered and enforced by the Parties. Further, nothing contained in this MOU constitutes a mandate or a requirement imposed on the Parties that is additional to the mandates or requirements imposed on them, individually or collectively, by federal statutes and regulations.
VIII. Liaisons
a. For the Food and Drug Administration:
Organization: Office of Strategic Partnerships and Innovation (OST)/CDRH/FDA
Title: Director, OST/CDRH/FDA
Address: Silver Spring, MD
b. For the Centers for Disease Control and Prevention:
Organization:
Title: Director, National Personal Protective Technology Laboratory (NPPTL)/NIOSH/CDC
Address: Pittsburgh, PA
c. For the Department of Labor:
Organization: OSHA Directorate of Standards and Guidance
Title: Director, Directorate of Standards & Guidance/OSHA/US Department of Labor
Address: 200 Constitution Avenue NW, Washington DC 20210
Each Party may designate new liaisons at any time by notifying the other Parties’ administrative liaisons in writing. If, at any time, an individual designated as a liaison under this Agreement becomes unavailable to fulfill those functions, the Party will name a new liaison within two (2) weeks and notify the other Parties through the designated administrative liaisons.
IX. Term, Termination, and Modification
This Agreement will be effective when accepted by all participating Parties and will remain in effect for five (5) years, unless terminated or superseded. At the end of the five (5) year period, all Parties shall review the Agreement and revise, as necessary, pursuant to standard policies in effect at the time of review. The Parties may agree to renew the Agreement and continue the review process every five (5) years thereafter. This Agreement may be modified or terminated by mutual written consent of all Parties or may be terminated by any Party, as to that Party, upon a 60-day advance written notice to the other Parties.
APPROVED AND ACCEPTED FOR FOOD AND DRUG ADMINISTRATION
/s/
By: Jeffrey Shuren, M.D., J.D.
Title: Director, Center for Devices and Radiological Health
Date: 04/12/2023
APPROVED AND ACCEPTED FOR CENTERS FOR DISEASE CONTROL AND PREVENTION
/s/
By: Maryann D’Alessandro, Ph.D.
Title: Director, National Personal Protective Technology Laboratory
Date: 04/12/2023
EXHIBIT A
MODEL AUTHORIZATION FOR FDA TO SHARE NON-PUBLIC INFORMATION WITH NIOSH AND OSHA PARTNERS
[To be completed on sponsor/information-owner letterhead]
[FDA Center Official – e.g., Center or Office Directors]
United States Food and Drug Administration
10903 New Hampshire Avenue
Building __, Room ____
Silver Spring, MD 20993
[Identify relevant FDA file number – e.g., NDA/ANDA/BLA, EUA/Pre-EUA, etc.)]
Re: FDA Sharing of Non-Public Information Concerning [insert name of regulated product(s)] with NIOSH and OSHA Partners
On behalf of [insert name of information owner], I authorize the U.S. Food and Drug Administration (FDA) to share with National Institute for Occupational Safety and Health (NIOSH) and Occupational Safety and Health Administration (OSHA) partners, and with contractors to those partners, all information concerning the above-described product(s) that [insert name of information owner] has provided, or will provide, to FDA, or to any other NIOSH and OSHA partner. I understand that those partners have committed to use such information only for the purposes of NIOSH and OSHA, and they have committed or are otherwise legally required to maintain the confidentiality of such information (or both), and that contractors to NIOSH and OSHA are bound by their contracts to maintain the confidentiality of the information. I understand that the information may contain confidential commercial or financial information or trade secrets within the meaning of 18 U.S.C. § 1905, 21 U.S.C. § 331(j), 21 U.S.C. § 360j(c), and 5 U.S.C. § 552(b)(4), that is exempt from public disclosure. I agree to hold FDA harmless for any injury caused by FDA's disclosure of this information.
Authorization is given to FDA to share this information without deleting confidential commercial or financial or trade secret information. This authorization shall remain valid unless revoked in writing. As indicated by my signature, I am authorized to provide this consent on behalf of [insert name of information owner] and my full name, title, address, and telephone number, and email are set out below for verification.
Sincerely,
(Signature)
(Printed name)
(Title)
(Telephone & Email)
EXHIBIT B
CDC/NIOSH, DOL/OSHA, FDA/CDRH Partnership Confidentiality Commitment
NIOSH, OSHA, and CDRH frequently coordinate interagency efforts and are responsible for, inter alia, researching, setting and enforcing standards and regulations to enable safe and effective medical device use in the United States. As part of participation in meetings, discussions, or other communications, I understand that I may be exposed to information that is trade secret, confidential commercial or financial information, personal privacy information, or pre-decisional or deliberative information that has been provided to, or belongs to, an agency or department that is a member of the collaborative group.
I, on this ____________ day of ___________, 20__, hereby agree that
I shall not release, publish, or disclose such information, including disclosure in publications and public meetings, and I shall protect such information in accordance with all applicable laws relating to my receipt of non-public information in connection with my participation in NIOSH/OSHA/CDRH partnership activities, and that I may be subject to disciplinary action and, in some cases, administrative, civil and/or criminal penalties as prescribed by law for unlawful disclosure of such information. I shall use such information in accordance with my official duties and shall share such information only with individuals who either (1) are employed by, or a contractor of, the originating government agency that provided the information to me or to my agency and are authorized to have access to the information by virtue of their duties, or (2) are employed by, or a contactor of, a collaborating agency and have themselves signed a Confidentiality Commitment.
Signature: ____________________________________
Date: ______________
Type or Print Name: ______________________________________
Agency: _________________________________________________
Supervisor Signature (if applicable): ________________________
Date: ______________
Type or Print Supervisor Name: _______________________________
EXHIBIT C
Requests for information subject to the MOU that involve CDC/NIOSH, DOL/OSHA and/or FDA/CDRH, including meeting requests, which may include email or calendar invitation, will be transmitted in writing and describe the requested information and purpose for which the information is requested, and include the following statement:
"[Requesting Party] hereby requests information necessary to carry out the terms of the referenced Memorandum of Understanding (MOU) ###-##-###, entered among CDC/NIOSH, DOL/OSHA, FDA/CDRH, for the purpose of coordinating activities, including the sharing of information, between and among the Parties to facilitate coordination, decision-making, law enforcement activities, and guidance or regulation development regarding devices intended for a medical purpose. [Requesting Agency] understands that information that is shared in connection with or in response to this request may include privileged, trade secret, or confidential commercial or financial information protected or exempt from public disclosure, and that by signing this request, I understand that I am responsible for ensuring that the information received in response to this request will be handled in accordance with the terms of the MOU. I certify that the records are sought for an activity that is authorized by law, will only be shared with employees or contractors who require access to perform their official duties in accordance with the uses of the information as authorized in the MOU, unless disclosure is otherwise authorized under the MOU, and that such personnel sign a CDC/NIOSH, DOL/OSHA, FDA/CDRH Confidentiality Commitment. [Requesting Agency] agrees not to further disclose any shared information without [Sharing Party’s] written permission or as required by law with advance notice to the [Sharing Party], as described in, and to the extent required under the MOU. [Requesting Party] understands that 21 U.S.C. §§ 331(j) and 360j(c) prohibit disclosure of certain trade secret and confidential commercial or financial information outside the Department of Health and Human Services.
[Requesting Party] is requesting the following information from [Sharing Party]:
<<describe the information requested.>>
[Name and Title of Official authorized to request on behalf of agency/office]"
Responses by the sharing Party will be transmitted by letter, along with any non-public information shared, indicating the type of information (e.g., confidential commercial or financial information, personal privacy, pre-decisional, etc.), and should include the following statement:
"Pursuant to the FDA Memorandum of Understanding ###-##-###, this letter accompanies agency records [Sharing Party] is sharing with [Requesting Party] in response to [Requesting Party’s] request, dated [insert date]. These agency records contain one or more of the following categories of non-public information:
___ Confidential commercial or financial information
___ Personal Privacy Information
___ Information subject to the Privacy Act
___ Intra-agency records
___ Records or information compiled for law enforcement purposes
___ Information protected for national security reasons; or
___ Other [insert description]
This response includes non-public information that is being shared under the terms of the MOU referenced above, which obligates [Requesting Party] to prevent onward disclosure or sharing of the information in any manner without the written permission of [Sharing Party] or as required by law with advance notice to the sharing agency, as described under the terms of the MOU. Recipients of such information must have a signed CDC/NIOSH, DOL/OSHA, FDA/CDRH Confidentiality Commitment on file with your agency.
[Name and Title of Official authorized to respond on behalf of agency/office]"
The shared documents containing non-public information should be marked “Do not disclose without permission of [Insert Name of Sharing Party].”
In an emergency, if submitting written request or response is not feasible, this information may be conveyed orally consistent with all other terms of the MOU.
In cases where a Party to this MOU needs to obtain certain information as soon as possible due to emergency circumstances, such as an outbreak of an illness, or if required by law, the Requesting Agency shall so indicate orally or through informal written communication, e.g., email, to the other Party. The Requesting agency shall agree to protect any such information from unauthorized disclosure. In the case of emergency circumstances or if required by law, as soon as is practicable, the Parties to this MOU shall document their sharing of any non-public information.