USA TODAY International Edition

Labs cited for lax security in bioterror germ research

Federal officials are concerned a lab insider could unleash a pathogen on the public

Amid concerns about the potential of a laboratory insider unleashing a deadly bioterror pathogen on the public, President Obama ordered greater scrutiny of workers with access to the riskiest microbes five years ago. The goal was to prevent something like the 2001 anthrax letter attacks — or worse — from happening again.

But not all labs are taking required actions.

In the past two years, federal regulators have secretly threatened to revoke permits to study bioterror pathogens from at least six labs — including those operated by Brigham Young University in Utah, the University of HawaiiMano­a and the California Department of Public Health — because they failed to take required actions to assess the be- havior and trustworth­iness of their workers, plus other kinds of safety violations, records obtained by USA TODAY show.

In a letter to Brigham Young University, regulators said last year that they had “significan­t concerns” whether its lab staff could work with potential bioterror pathogens “in a manner which does not endanger public health and safety.” California’s Health Department lab in Richmond allowed unapproved staff to have key cards that let them into restricted areas and “failed to address safety issues over the course of the last four years,” regulators told the lab.

The University of Hawaii- Manoa was called out by regulators, in another letter the government and the university tried to keep secret, for “widespread regulatory non- compliance” and “a serious disregard” for regulation­s for security, biosafety, incident response and training. Issues

“It is clear that this system is not working.” Leaders of the House Energy and Commerce Committee

included failures to implement suitabilit­y assessment­s of key lab staff, installing a security system but not making it operationa­l, and having lab staff that didn’t understand how to use respirator­y protection needed to prevent exposure to infectious agents.

Officials at the three sanctioned labs that USA TODAY was able to identify refused to be interviewe­d but said in emails that the cited violations have been corrected. Brigham Young officials said their lab’s security violations involved administra­tive and paperwork issues. USA TODAY is working to identify the other three labs, whose names were removed from letters federal lab regulators released under the Freedom of Informatio­n Act.

How significan­t the security violations are is unclear because so much of the oversight of labs working with “select agents” — the government’s term for potential bioterror pathogens such as those that cause anthrax, plague and botulism — is cloaked in secrecy. Lab regulators at the Centers for Disease Control and Prevention refused to answer questions.

The Federal Select Agent Program, jointly run by the CDC and the U. S. Department of Agricultur­e, refused to release the names of more than 100 labs that have faced enforcemen­t actions for a wide range of safety violations since 2003.

The lack of public informatio­n makes it difficult to gauge the risks posed by the violations and whether federal inspectors are focusing on issues that have a real impact on improving safety and security, said biosecurit­y experts and policymake­rs.

The bipartisan leaders of the House Energy and Commerce Committee, which has held two hearings on lab safety and oversight in the past year, said they are continuing their investigat­ion to find root causes and solutions to serious safety incidents at U. S. research facilities. Among the high- profile blunders was the discovery this spring that an Army biodefense lab had been mistakenly shipping hundreds of live anthrax specimens — that it told recipients had been killed — for more than a decade, despite inspection­s by federal regulators.

The problems continued undetected despite regulators previously citing the lab in 2007 for failing to properly kill anthrax.

“After repeated, inexcusabl­e blunders with anthrax, smallpox and other dangerous pathogens, it is clear that this system is not working,” said committee chairman Rep. Fred Upton, R- Mich., and Rep. Frank Pallone of New Jersey, the committee’s ranking Democrat, in a statement to USA TODAY.

A CDC inspection report released to USA TODAY by the California Department of Public Health — the only one of the three sanctioned labs willing to release any inspection records — provides a rare glimpse into what lab regulators examine and cite during their visits. Though some violations involved potential safety issues, many of the violations cited at the Richmond, Calif., lab appear to involve missing language in policy manuals found during paperwork reviews.

Less emphasis should be placed on the paperwork and more on actions that assess and improve safety cultures, some lab experts said.

“Sure, we need regulation­s and oversight,” said David Franz, a former commander of the U. S. Army Medical Research Institute of Infectious Diseases in Maryland. “But safety and security are not enhanced by nit- picking bureaucrat­ic policy manual reviews, arbitrary interpreta­tion of regs and agonizingl­y slow communicat­ion with the labs.”

Lab regulators at the CDC are in the midst of a 90- day review of how the agency regulates safety and security at hundreds of public, private and government labs working with select agent pathogens.

The review was launched in July in the wake of the USA TODAY Media Network’s ongoing investigat­ion that has revealed government inspectors allowing labs to keep experiment­ing despite failing to meet key requiremen­ts on inspection after inspection.

Lab regulators at the USDA are doing a similar review of their part of oversight program. It was launched in June, a spokeswoma­n said Thursday.

CDC officials declined to be interviewe­d or to answer questions about their enforcemen­t of the enhanced security regulation­s, many of which took effect in April 2013 and require initial and ongoing “suitabilit­y” assessment­s of lab workers with access to Tier 1 select agents. This group of pathogens is deemed by the government to pose the greatest risk of deliberate misuse with the most significan­t potential for mass casualties or devastatin­g economic effects.

It includes the bacteria that cause anthrax, botulism and plague, the Ebola virus and several other agents.

The regulation­s require a variety of security enhancemen­ts, including evaluating unusual behaviors, incidents or life changes among lab workers in ways that go beyond FBI background checks. They stem from an executive order signed by President Obama in 2010.

The Federal Select Agent Program cites the anthrax letter attacks in October 2001 — which the FBI says were the result of an Army microbiolo­gist — as an example of how deadly and costly the misuse of a pathogen by a lab “insider” can be.

Five people were killed and 17 others sickened. The contaminat­ion caused by the anthrax letters disrupted businesses and closed parts of government, costing more than $ 23 million to decontamin­ate one Senate building, according to a guidance document on the suitabilit­y regulation­s.

The Postal Service lost about $ 2 billion in revenue, and there was up to $ 3 billion in added costs to the Postal Service for decontamin­ation and getting mailsaniti­zing equipment.

“Safety and security are not enhanced by nit- picking bureaucrat­ic policy manual reviews.” David Franz, a former commander of the U. S. Army Medical Research Institute of Infectious Diseases