On Friday the 13th of June 2014, a scientist in a bioterrorism research laboratory at the Centers for Disease Control and Prevention in Atlanta noticed something unsettling. An unexpected growth appeared on a plate that supposedly held an inactivated form of the deadly anthrax bacteria.
More worrisome still, the plate was part of a larger sample — but the rest of that sample had already been removed and taken to another CDC lab that wasn’t equipped for experiments on pathogens as easily spread as live anthrax. Unaware that the sample might be live, a scientist there had already begun working with it, first using a nitrogen air stream to clean flakes off the plate holding it — a process that could transform the anthrax sample into an airborne threat.
By the time the CDC realized a live anthrax sample had been moved around its campus, sent to a low-security lab, handled by unknowing scientists, and maybe even aerosolized, a week had passed. At first, just two CDC employees were sent for testing. But officials then discovered workers had come and gone from restricted areas without being accurately recorded, and in the end 81 people had to be medically monitored.
Ultimately, no one was infected. But a recent audit by the investigative arm of Congress makes clear that porous government oversight played a part in the incident, and concludes that the problems that enabled the breach to take place haven’t been fixed.
Safety, the agency found, was compromised by an inherent conflict of interest: Key federal agencies such as the CDC that work with deadly pathogens and toxins, including Ebola, bird flu, smallpox, bubonic plague and ricin, determine for themselves whether that work is being done safely, without any independent oversight.
Instead, oversight is conducted through the so-called Federal Select Agent Program, in which the CDC and the Agriculture Department conduct inspections based on the rules they decide for themselves, and set standards they must meet at their own financial expense. The inspectors are not, an October report by the Government Accountability Office noted, “structurally distinct and separate from all the labs they oversee.”
Moreover, the lead federal inspection agency — the CDC — itself has accumulated the largest number of rules violations, according to a lawmaker's account of information provided to Congress in 2015.
Along with other flaws, these shortcomings render oversight “duplicative, fragmented, and dependent on self-policing,” the GAO report said. America’s approach, the report added, isn’t as hardy as some of its international allies, which also conduct sensitive work on deadly pathogens, but have assigned independent regulators to oversee it.
Speaking at a Nov. 2 hearing of the House Energy and Commerce Committee subcommittee on oversight and investigation, Rep. Diana DeGette, D-Colo., said that “we can’t just keep stumbling along like this from year to year.” Unless the Select Agent program is reformed, she said, “at some point, something very bad is going to happen.”
Asked for comment, CDC spokesman Jason McDonald said, “We believe that we are fulfilling the mandate given to us by Congress,” but added that “there is always room for process improvement.”
‘A serious event’
An internal review by the CDC in July 2014 called the previous month’s anthrax scare “a serious event that should not have happened.” The CDC also promised concrete actions “to change processes that allowed this to happen” and said the agency “will do everything possible to prevent a future occurrence such as this in any CDC laboratory, and to apply the lessons learned to other laboratories across the United States.”
The next year, however, an Army lab in Utah sent live anthrax to laboratories in all 50 states, nine countries, three U.S. territories, and Washington, D.C. A year after that, the Department of Homeland Security discovered that instead of an inert form of ricin — another deadly biological agent — one of its own labs had been sending active, lethal poison to a Federal Emergency Management Agency training center since 2011. As a result, as many as 10,000 trainees worked with a toxin that could have killed them in tiny doses. Near-catastrophic mistakes persisted in other labs monitored by the Select Agent program.
Rep. Morgan Griffith, R-Va., a member of the House Energy and Commerce Committee, said at the Nov. 2 subcommittee hearing about the inspection effort that its repeated glitches had an air of “Wash. Rinse. Repeat.”
“One would have assumed that the oversight program for Select Agents would meet at least some of the oversight elements found at other government oversight programs for dangerous research,” Griffith said. “That is not the case.”
Under the Select Agent program, labs affiliated with the government, universities and private industry that intend to work with more than 60 dangerous biological agents and toxins must secure a license and submit to federal inspections. Licenses issued to labs multiplied quickly after 9/11, according to the GAO, and as of December 2016, 336 such institutions employing at least 4,000 workers – including some with multiple labs — were registered.
Of those, 229 entities were eligible to possess the most dangerous Select Agent categories. But the executive branch doesn’t release detailed reports about how carefully each of the entities conducts its work.
For example, it told Congress in a special report that in 2016, there were 177 separate safety incidents involving potential exposures of nearly 1,000 lab workers. Three entities had their licenses suspended after inspections and one had its license suspended after authorities reviewed a confidential complaint. Five more entities were ordered to enter a "corrective action program" because they had problems decontaminating wastes, kept inaccurate records, or failed to follow workplace safety rules. But the names of these entities have not been made public.
The United Kingdom, in contrast, posts enforcement actions and prosecutions online.
A question of structure
Both CDC and the USDA run their own specialized Select Agent labs, which means the two agencies play a role in their own inspections. What the GAO judged to be a lack of independence, however, the agencies see as an advantage. A USDA spokeswoman, Joelle Hayden said it “allows for swift response when needed.” And CDC spokesman McDonald said the expertise of the agencies “provides inspectors and other staff the unique ability to easily reach across each agency for technical assistance from subject matter experts."
But the GAO has repeatedly warned that the lack of outside scrutiny creates a conflict of interest. So the two agencies agreed several years ago that each would inspect the other’s labs. But the agreement was made in a memo; no checks are in place to ensure they fulfill that promise, and often, the GAO report said, they don’t. USDA inspectors sometimes feel they’re unqualified to deal with agents that affect humans, and commonly rely on CDC inspectors’ expertise while looking at CDC labs, while the USDA plays a similar advisory role during inspections of its own labs, the report said.
The GAO’s Chief Scientist, Timothy Persons, a nuclear physicist with a doctorate in biomedical engineering who directed the GAO report, said in an interview that he’s worried the two agencies are not independent enough “to move ahead with enforcement when they need to... It’s not like you can be an operator last week, a regulator this week, and go back to being an operator next week.”
Although the Select Agent program has taken some steps to reduce conflicts of interest, the report said, “it has generally done so in response to concerns raised by others. The program itself has not formally assessed all potential risks posed by its current structure and the effectiveness of its mechanisms to address those risks.”
The report also cited other serious problems in the Select Agent program, including “shortcomings related to each of the five key elements: independence, performing reviews, technical expertise, transparency, and enforcement.”
A staffing and training shortage leads to overworked and underqualified employees, who wind up with exhausting and time-consuming travel routines, the report said. A backlog of inspections and reports ensues, and leads to staffers performing functions they’re unqualified for, such as a security specialist inspecting a ventilation system vital to the containment of dangerous agents.
An Oct. 2015 internal report by the CDC’s office of public health preparedness and response expressed similar concerns. It also recommended more transparency, including allowing public access to inspection records.
But neither the CDC nor the USDA have adopted that practice, according to the GAO. They won’t even disclose the location of all the high containment labs, due to a 2002 bioterrorism law they say prohibits them from doing so.
Alternative approaches
Persons of the GAO noted that other government agencies have effective pathways for learning about missteps that the Select Agent laboratory system does not, and should adopt. The Federal Aviation Administration, in conjunction with NASA, has a confidential, voluntary “Aviation Safety Reporting System” and the Nuclear Regulatory Commission has a “Hotline” program, which provides a confidential way to inform the Commission’s Inspector General about safety problems.
Unlike the U.S. government, which worries primarily about security lapses at high-containment research labs, both Canada and the UK prioritize their inspections labs based on safety risks: The more dangerous the agent a lab wants to work with, the more frequent the visits from regulators, and the shorter its operating licenses will be. The GAO recommended the two U.S. agencies adopt similar practices; the agencies say they are already moving in that direction. But Persons says it’s evident from the persistent mistakes that they haven’t done it well enough.
Although the CDC and the USDA said in their formal responses to the GAO that its recommendations were generally sound, the heads of the Select Agent program at CDC, Samuel Edwin, and USDA veterinarian Freeda Isaac, struck a more defensive tone at the Nov. 2 hearing. “We are committed to further strengthening oversight of laboratories that handle select agents and toxins,” Edwin said, but he defended CDC’s existing role as the lead overseer.
Isaac didn’t appear to consider the shortcomings urgent. “We are,” she said, “pursuing an option to have an external review of our program” that would identify the most serious safety risks and “develop options to be able to take care of that.”
Griffith and other members of the congressional subcommittee are mulling what to do next about the Select Agent Program, Griffith’s spokesman Kevin Bair said in an email. “Independent oversight at the agencies, more transparency, and better coordination among those charged with the Select Agent Program would have helped the labs to focus more on priorities such as… inactivation of dangerous pathogens,” Griffith said.
Lisa Cohen, chief of staff for DeGette, the ranking Democrat on the subcommittee, said that one of the core issues is that “with the dual agencies reviewing this, nobody has full responsibility or ownership.” The only way to change that and make it an independent agency is through legislation. “If they can’t get their act together,” Cohen said, DeGette “may support legislation to do that.”
Meanwhile, according to lawmakers and federal auditors, there’s never been a public accounting of how many laboratories are actually necessary to meet U.S. defense and public health needs, nor has an entity been identified to perform such an audit. Which means that in facilitating research ostensibly necessary to keep Americans safe, the spread of biocontainment laboratories across the country — still subject to error and lacking in effective oversight — may be doing the opposite.