(3) Active postmarket risk identification.— (A) Definition .— In this paragraph, the term “data” refers to information with respect to a drug approved under this section or under section 262 of title 42 , including claims data, patient survey data, standardized analytic files that allow for the pooling and analysis of data from disparate data environments, and any other data deemed appropriate by the Secretary. (B) Development of postmarket risk identification and analysis methods .— The Secretary shall, not later than 2 years after September 27, 2007 , in collaboration with public, academic, and private entities— (i) develop methods to obtain access to disparate data sources including the data sources specified in subparagraph (C); (ii) develop validated methods for the establishment of a postmarket risk identification and analysis system to link and analyze safety data from multiple sources, with the goals of including, in aggregate— (I) at least 25,000,000 patients by July 1, 2010 ; and (II) at least 100,000,000 patients by July 1, 2012 ; and (iii) convene a committee of experts, including individuals who are recognized in the field of protecting data privacy and security, to make recommendations to the Secretary on the development of tools and methods for the ethical and scientific uses for, and communication of, postmarketing data specified under subparagraph (C), including recommendations on the development of effective research methods for the study of drug safety questions. (C) Establishment of the postmarket risk identification and analysis system.— (i) In general .— The Secretary shall, not later than 1 year after the development of the risk identification and analysis methods under subparagraph (B), establish and maintain procedures— (I) for risk identification and analysis based on electronic health data, in compliance with the regulations promulgated under section 264(c) of the Health Insurance Portability and Accountability Act of 1996, and in a manner that does not disclose individually identifiable health information in violation of paragraph (4)(B); (II) for the reporting (in a standardized form) of data on all serious adverse drug experiences (as defined in section 355–1(b) of this title ) submitted to the Secretary under paragraph (1), and those adverse events submitted by patients, providers, and drug sponsors, when appropriate; (III) to provide for active adverse event surveillance using the following data sources, as available: (aa) Federal health-related electronic data (such as data from the Medicare program and the health systems of the Department of Veterans Affairs); (bb) private sector health-related electronic data (such as pharmaceutical purchase data and health insurance claims data); and (cc) other data as the Secretary deems necessary to create a robust system to identify adverse events and potential drug safety signals; (IV) to identify certain trends and patterns with respect to data accessed by the system; (V) to provide regular reports to the Secretary concerning adverse event trends, adverse event patterns, incidence and prevalence of adverse events, and other information the Secretary determines appropriate, which may include data on comparative national adverse event trends; and (VI) to enable the program to export data in a form appropriate for further aggregation, statistical analysis, and reporting. (ii) Timeliness of reporting .— The procedures established under clause (i) shall ensure that such data are accessed, analyzed, and reported in a timely, routine, and systematic manner, taking into consideration the need for data completeness, coding, cleansing, and standardized analysis and transmission. (iii) Private sector resources .— To ensure the establishment of the active postmarket risk identification and analysis system under this subsection not later than 1 year after the development of the risk identification and analysis methods under subparagraph (B), as required under clause (i), the Secretary may, on a temporary or permanent basis, implement systems or products developed by private entities. (iv) Complementary approaches .— To the extent the active postmarket risk identification and analysis system under this subsection is not sufficient to gather data and information relevant to a priority drug safety question, the Secretary shall develop, support, and participate in complementary approaches to gather and analyze such data and information, including— (I) approaches that are complementary with respect to assessing the safety of use of a drug in domestic populations not included, or underrepresented, in the trials used to approve the drug (such as older people, people with comorbidities, pregnant women, or children); and (II) existing approaches such as the Vaccine Adverse Event Reporting System and the Vaccine Safety Datalink or successor databases. (v) Authority for contracts .— The Secretary may enter into contracts with public and private entities to fulfill the requirements of this subparagraph.