The Government Accountability Office (GAO) has issued a report entitled “Privacy and Security: Food and Drug Administration Faces Challenges in Establishing Protections for Its Postmarket Risk Analysis System.” The report focuses on the FDA’s Sentinel Initiative, a postmarket risk identification and analysis system based on electronic health data. Although the Sentinel system is still in the early planning stages, the GAO believes that the system will pose significant privacy and security challenges, including among other things: ensuring that appropriate legal mechanisms are established to protect privacy and implement security consistently across the Sentinel system; effectively informing the public of the program’s planned uses of their personal health information; ensuring that de-identified information is not re-identified; establishing adequate security controls to protect the personal health information associated with Sentinel; and establishing sufficient oversight and enforcement mechanisms to ensure that privacy and security requirements are consistently implemented. In the report, the GAO recommends that the Commissioner of FDA develop a plan, including milestones, for developing the Sentinel system and for addressing these privacy and security challenges.