More than 200 labs in the United States conduct research on hazardous pathogens, such as anthrax bacteria and the Ebola virus. These are called high-containment laboratories. Sometimes, security lapses occur.
For example, in May 2015, the U.S. Department of Defense (DoD) discovered that a DoD laboratory had inadvertently shipped live anthrax bacteria to nearly 200 other laboratories worldwide over the course of 12 years.
Then in late 2016, the U.S. Department of Homeland Security (DHS) discovered that a private laboratory had inadvertently sent a potentially lethal form of ricin to one of its training centers multiple times since 2011. (For more background on lab safety breaches from Security Management, see "Lax Lab Safety," November 2014.)
Given these lapses, the U.S. Government Accountability Office (GAO) recently examined the oversight of these labs. Under the current system, high-containment laboratories are regulated by the Federal Select Agent Program, which was established to regulate the use and transfer of select agents in response to security concerns following bioterrorism attacks in the 1990s and early 2000s.
Two agencies share oversight responsibilities for this program: the Division of Select Agents and Toxins in the Centers for Disease Control and Prevention (CDC) and the Agriculture Select Agent Services within the U.S. Animal and Plant Health Inspection Service (APHIS).
To measure oversight, the GAO formulated five key elements of effective oversight for programs where low-probability adverse events (such as a toxic spill) could have far-reaching effects.
Independence. The organization conducting oversight should be structurally distinct and separate from the entities it oversees.
Ability to perform reviews. The organization should have the access and working knowledge necessary to review compliance with requirements.
Technical expertise. The organization should have sufficient staff with the expertise to perform sound safety and security assessments.
Transparency. The organization should provide access to key information, as applicable, to those most affected by operations.
Enforcement authority. The organization should have clear and sufficient authority to require that entities achieve compliance with requirements.
The GAO's report focused on two questions. Does the Select Agent Program have effective oversight, and do strategic planning documents guide its oversight efforts? What approaches have other selected countries (such as the United Kingdom and Canada) and regulatory sectors used to promote effective oversight?
On the first count, the GAO found that the Select Agent Program's oversight is sometimes inadequate. For example, the program is not always structurally distinct and separate from the labs it oversees, so it does not fulfill the key component of independence.
The program also fell short in the area of performing reviews, the GAO found. There was no assurance that the program's reviews were targeting the highest-risk activities because the program had not assessed which activities pose the highest risk. In addition, the program does not have joint strategic planning documents, including a joint workforce plan, to guide its shared oversight efforts.
On the second count, the report found that the program could learn from other countries when it came to oversight.
For example, the United Kingdom's Health and Safety Executive, which oversees laboratories that work with pathogens, is an independent government agency, distinct from any of the labs it oversees.
And when it comes time for reviews, regulators in both the United Kingdom and Canada apply a risk-based approach by assessing laboratories, and then targeting those that conduct higher-risk activities or have a documented history of performance issues.
In response to the report, the U.S. Departments of Agriculture and Health and Human Services will outline actions they will take to improve oversight.