CDC to review oversight of bioterror labs after USA TODAY investigation

The Centers for Disease Control and Prevention is launching a comprehensive review of how it regulates safety and security at bioterror labs in the wake of an ongoing USA TODAY Media Network investigation that has prompted congressional probes into the agency’s effectiveness.

CDC Director Tom Frieden ordered the review last week as USA TODAY prepared to report on newly obtained documents showing that the agency’s inspectors have allowed labs to keep experimenting with bioterror pathogens despite failing to meet key requirements on inspection after inspection, sometimes for years. The action also comes as the agency faces a hearing in the House next week.

“This review will be wide-ranging and includes a review of regulatory authority and the exercise of that authority so that we can identify potential modifications to the methods used to inspect labs,” the CDC said in a statement this week.

The review, which is expected to take 90 days, will be directed by Stephen Redd, director of the CDC’s Office of Public Health Preparedness and Response, the CDC said.

Next Tuesday, a subcommittee of the House Energy and Commerce Committee plans to hold a hearing on the CDC’s oversight of select-agent labs, with an emphasis on recent shipments of live anthrax from a Department of Defense facility in Utah.

“We hope this latest review signals that the agency is finally taking this issue seriously," the bipartisan leaders of the subcommittee and full committee said in a statement late Tuesday about CDC's examination of its lab inspection program. "While we applaud CDC’s intent to investigate this matter, previous assessments have failed to meaningfully address the root causes of why these safety lapses keep happening," said the statement from committee chairman Fred Upton, R-Mich., and ranking Democrat Frank Pallone, D-N.J.; U.S. Rep. Tim Murphy, R- Pa., chairman of the oversight and investigations subcommittee, and U.S. Rep. Diana DeGette, of Colorado, the subcommittee's ranking Democrat.

Earlier this month, citing USA TODAY’s reporting, the bipartisan leaders of the full committee and its investigations subcommittee sent letters to the CDC and enforcement officials at the Department of Health and Human Services inspector general’s office demanding they provide the names of research labs that have faced sanctions for safety violations as well as other information about select-agent oversight.

"Select agent" is the federal government’s term for viruses, bacteria and toxins with the potential to be used as bioweapons or that pose significant risk to agriculture or public health.

A USA TODAY Media Network investigation published in May uncovered hundreds of accidents that have occurred in biological laboratories nationwide in recent years and revealed that pervasive secrecy obscures failures by regulators to ensure research facilities operate safety and don’t unduly put workers and the public at risk. The network’s reporting has prompted questions about the CDC’s regulation of labs from the bipartisan leaders of the Senate Homeland Security and Governmental Affairs Committee.

The network’s ongoing investigation has raised questions about whether lax oversight and enforcement played a role in allowing an Army biodefense facility to mistakenly ship live anthrax for more than a decade to dozens of labs in the U.S. and abroad. USA TODAY reported in June that the CDC in 2007 referred the Army’s Dugway Proving Ground facility for potential federal enforcement action for failures to deactivate live anthrax with chemicals and for ignoring tests indicating the kill process was ineffective. But no fines were levied, and over the years CDC’s inspectors apparently never detected that similar failures continued at Dugway in its routine use of radiation to kill anthrax.

More than 100 labs experimenting with potential bioterror pathogens have faced enforcement actions — some repeatedly — since 2003 from the Federal Select Agent Program, which is jointly run by the CDC and the U.S. Department of Agriculture. The government keeps their names secret, citing a federal bioterrorism law, and even refuses to disclose the names of labs kicked out of the program.

USDA officials could not be immediately reached about whether that agency also is reviewing how it regulates the labs it oversees, which focus on pathogens that primarily threaten agriculture, plants and animals.

Since January, USA TODAY has sought records, using the Freedom of Information Act (FOIA), from the CDC and USDA about their use of performance improvement plan programs — or PIPPs — as an alternative to suspending or revoking a failing lab’s authorization to experiment with bioterror pathogens.

The USDA identified 479 pages of records involving letters to labs notifying them they were being put on a PIPP but in March refused to release any of them, citing a secrecy provision in the Public Health Security and Bioterrorism Preparedness and Response Act of 2002. USA TODAY has appealed.

The CDC recently responded to a similar FOIA request by sending USA TODAY 91 pages of correspondence with various labs about their enrollment or removal from performance improvement plans from 2011 to 2014. The CDC redacted all of the labs’ names — as well as the names of pathogens involved in their safety violations. USA TODAY has appealed the redactions.

The records show that labs experimenting with bioterror pathogens have failed over and over to comply with important safety and security regulations — yet CDC inspectors have allowed some of them to continue operating for years before offering to put them on PIPPs. When inspectors identified significantly lax safety or security practices in work with “Tier 1” select agents, the CDC’s letters said only that the agency “strongly recommends” the labs stop work with the pathogens, without mandating it.

Tier 1 select agents are those that federal officials deem to pose the “the greatest risk of deliberate misuse with significant potential for mass casualties or devastating effect to the economy, critical infrastructure or public confidence, and pose a severe threat to public health and safety.” They include such deadly pathogens as the Ebola virus, anthrax and botulinum neurotoxin.

It’s unclear whether the CDC’s approach to oversight is a result of a lack of authority. The agency did not respond to USA TODAY’s questions since last week about issues raised by the documents.

The documents released by the CDC include 17 letters that are initial notices to labs that they either need to agree to enter into a federal performance improvement plan or the agency will “begin proceedings to suspend or revoke” the facility’s authorization to possess select agent pathogens. Examples include:

• An unidentified lab was cited for nine of the same violations on four consecutive inspections from January 2012 through December 2013, CDC said in a March 2014 letter to the facility. Inspectors said the lab "has a history of non-compliance” that has raised “serious concerns” about its ability to comply with mandates for adequate biosafety and security safeguards. The issues continue to be "a systemic problem" beyond any particular researcher or location at the facility, the letter says.

• An unidentified university lab’s ongoing failure to implement requirements for security, biosafety, incident response and training “indicated a serious disregard for these regulatory requirements,” the CDC said in a May 2014 letter. Inspectors observed “widespread regulatory non-compliance” during a March 2014 inspection. “Serious” biosafety issues included failure to enroll staff working with Tier 1 agents in an appropriate occupational health program and an inconsistent use of respiratory protection that “can result in increased risk of exposure to infectious agents.” The CDC said it “strongly recommends” the university cease all work with Tier 1 agents until the improvement plan has been completed.

• An unidentified company that works with botulinum neurotoxin was cited for numerous violations during inspections in November 2013 and January 2014 — and its failure to adequately address the problems even after being given a deadline extension until October 2014. The company, the CDC’s November 2014 letter says, failed to install required security for possessing the potential bioterror toxin, including not ensuring a minimum of three security barriers and having an intrusion detection system. It also failed to restrict access to the toxin to only federally authorized individuals — and even gave access to a person who "was denied access approval," the letter says. The company was cited for "not currently working with select toxins safely." The CDC noted that staff described the use of toxins "in areas that do not have sufficient biosafety and containment procedures" and that staff handled the toxins without appropriate protective equipment and did not decontaminate work surfaces and equipment as required. The company also failed to ensure that employees understood their training.

• An unidentified lab drew "significant concerns" from CDC inspectors during a May 2014 inspection that identified failings with biosafety, security, incidence response and record-keeping requirements. Lab workers were engaged in "propagation" of an undisclosed species of pathogen in an unapproved location that lacked sufficient building design and construction to contain it, and the staff were using insufficient safety procedures, the CDC wrote in a September 2014 letter. Other workers handled select agents in long-term storage without wearing protective gear, and staff told inspectors they did not routinely decontaminate gear after experiments and before reuse. The lab "did not use a validated method for the inactivation of select agents" before using materials in unregistered locations, the inspectors found. The lab also lacked an adequate incident response plan describing what would be done in the event of a theft, loss or release and how it would coordinate with local emergency responders.

• An unidentified lab’s responsible official provided three different security plans to the CDC’s inspectors yet “was unsure which plan the entity followed at the time of the inspection.” And inspectors noted that the keys to the “select toxin inventory are located in an unsecured drawer within a laboratory that does not have security barriers to prevent unauthorized access.” During business hours the lab’s door is kept open “with only a chain across the entrance which would not impede access to select toxins,” the CDC’s January 2014 letter to the lab said. The same lab also had a history of performing aerosol-generating experiments with “large quantities of toxin” outside of a biosafety cabinet that is needed to contain the airborne particles. This lab was cited over and over for the same kinds of issues from November 2010 through November 2013: 17 of 39 citations in December 2012 were repeats from a Nov. 2010 inspection report; 16 of 35 violations cited in a Nov. 2013 report were repeated failures from a Jan. 25, 2013 report, the document says.

• An unidentified lab that received a letter from the CDC in February 2014 saying the lab "has failed to address safety issues over the course of the last four years." This facility had repeated issues in 2013 involving the discovery of select-agent specimens in its labs that the organization was not authorized to possess. Yet when regulators inspected the facility in December 2013, inspectors noted that the facility still had not done an audit of its approximately 230 storage freezers and refrigerators. The letter notes that the facility failed to correct all violations noted in its inspection reports of 2009, 2011 and 2012. The letter notes that inspectors observed failures to conduct biosafety and security training for staff in 2011, 2012 and 2013. A top lab official told the CDC it "could take years" for human resources officials at the lab to give the OK to do security suitability assessments of lab staff with access to Tier 1 select agents, which were required of all labs by April 2013.

• The CDC told a university lab in an October 2014 letter that inspectors have “significant concerns” that it was capable of possessing and experimenting with select agents “in a manner which does not endanger public health and safety.” The letter notes that numerous violations were identified a month earlier, including failures to enhance security, implement an appropriate occupational health program for workers in labs using Tier 1 agents and not ensuring all workers receive adequate training. The university was found to have granted staff access to "Tier 1" select agents without conducting security suitability assessments, failed to do ongoing suitability assessments and hasn't created a system for peer-reporting of incidents that impact an individual's suitability. Because of the serious nature of the issues, the letter adds that the CDC "strongly recommends” the university cease all work with Tier 1 agents.

It’s unclear why the CDC handled the cases as it did because the agency would not grant any interviews or respond to questions. In a statement, the CDC said generally that “regulatory penalties are imposed based on the degree of danger resulting from the violation; however, we’ll be able to better answer your questions at the conclusion of this review.”

Read full coverage of USA TODAY’s ongoing investigation of safety and security issues at labs across the USA: biolabs.usatoday.com

Follow USA TODAY investigative reporter Alison Young on Twitter: @alisonannyoung