Friday, July 18, 2014

Inspector General Reports: Biosecurity at Multiple Agencies (including CDC and NIH) a Joke/ USAToday

From USAT:

... CDC has not responded to USA TODAY's requests, under the Freedom of Information Act, filed in June 2012, for records involving lab safety and security incidents at the lab complex.
The latest set of "restricted" inspector general audits covered six federal entities conducting research on potential bioterror germs. Additional audits looked at how the agents are shipped and compliance at labs run by a sampling of universities and state, local and private labs.
For security reasons, the IG's office removed the names of the government agencies, universities and private firms that were running the labs. The specific germs or toxins were also withheld.
Among the reports' findings:
• An August 2009 report cites an undisclosed federal lab for not always restricting access to bioterror agents to approved individuals; failing to maintain complete records of who had accessed the specimens and not ensuring that individuals working with the specimens received proper training. In some cases, the agency had failed to cancel the electronic "swipe cards" and biometric access rights of people no longer authorized to be in the areas. "The Laboratory's access records showed that the three individuals entered select agent areas a total of 35 times after their access rights were terminated," the report notes.
• A June 2006 summary report examining labs at 15 universities found weaknesses at 11 of them. Three had incomplete inventory records. One university told auditors it "could not verify inventory records because it lacked qualified personnel to safely perform this function." Six universities were cited for issues that could have allowed unapproved individuals to access areas where specimens were stored, including one university where unapproved individuals could have generated keys for themselves and others.
A January 2008 summary report about issues at state, local, private and commercial labs, which was sent to Julie Gerberding, the CDC's director at the time, found problems at all of them that "could have compromised the ability to safeguard select agents from accidental or intentional loss." The issues included not adequately restricting access to approved individuals, insufficient security plans and lack of documented training. Although the eight entities had agreed with auditors' recommendations for corrections, the IG noted that six months had passed and CDC lab inspectors still hadn't documented corrections and submitted reports to auditors.
An April 2009 audit sent to the CDC's acting director at the time, Richard Besser, found problems in the transfer of specimens between undisclosed labs and failures by labs to ensure that only approved individuals received the packages. "Allowing unapproved individuals to handle select agents increased the risk that the agents could be lost or stolen, thereby potentially posing a severe threat to public health and safety," the auditors wrote. Yet CDC's lab inspectors were not adequately monitoring or enforcing requirements that labs protect against loss or theft during such transfers. Of 24 entities where auditors found unauthorized individuals accepting delivery of specimen packages, CDC inspectors had cited only four of them. CDC spokesman Tom Skinner said this week the agency has strengthened its inspection process since the report was written.
• A December 2009 audit involved a federal agency that described itself in an attached response letter as "the Nation's premier biomedical research institution." The National Institutes of Health has used that phrase in online publications to describe itself. Violations cited in the report included failure to maintain accurate and current inventory records. "The laboratory did not conduct a physical count until apprised of our audit in October 2008, at which time the laboratory determined that it had seven vials of select agents that were not recorded in the inventory records," auditors wrote. The types of germs in the vials, which the report said dated from the 1960s, were redacted from the report. The agency in its response said auditors had overstated the potential consequences of their findings. Auditors wrote that they disagreed. The NIH press office, in a statement, said it was not able to confirm that the report is about its agency.
All of the reports about federal entities involve agencies that are part of HHS, according to the letterhead of agency response letters that had the specific agency name removed. HHS officials did not respond to USA TODAY's interview request about the IG reports, and referred all questions to the CDC. In addition to the CDC, the two other federal agencies involved in the forgotten smallpox vials — the FDA and NIH — are also part of HHS...

What happened to the last safety czar you appointed? Asked who this was, the CDC Director didn't know/ Reuters

I am posting the entire Reuters story below. Is it funny, pathetic, or both?
CDC Director Tom Frieden promised Congress to appoint a senior official to oversee lab security in a 2012 letter responding to a Congressional inquiry. Asked about this person at the House Energy and Commerce Oversight and Investigations Hearing on Wednesday (at 1 hr 25 minutes), Frieden could not recall who had been appointed.  The next day, CDC spokesman Skinner said the official was appointed in March 2013, and that the official was Joseph Henderson.
One problem:  Henderson had been sitting next to Frieden at the witness table the day before.  It seems he didn't know he was the appointee, or he would have presumably informed Frieden and the committee. Will Frieden get another chance to spout happy talk to Congress? Watch his performance at the hearing, where he probably pissed off every member of the subcommittee with his canned non-answers.  (He sounded like a slightly impatient teacher explaining the same thing over and over to slow children, never ever expanding beyond his brief, initial comments. OTOH, there may have been good reasons why Frieden desperately avoided veering from his script.)

Here is the Reuters story
(Reuters) - U.S. lawmakers investigating repeated safety lapses at government laboratories questioned Thursday whether the U.S. Centers for Disease Control and Prevention was up to the task of fixing the problem, given similar promises to remedy such breaches in 2012.
The CDC is under scrutiny for a June incident, in which more than 80 lab workers may have been exposed to live anthrax bacteria that was mistakenly sent out of a high-security lab on its Atlanta campus. Federal investigators have since reported dozens of other infractions at CDC labs that handle deadly pathogens such as anthrax and avian flu.
A House Energy and Commerce subcommittee is investigating the incident and the CDC's response. Committee members are weighing the possibility of imposing new outside oversight on CDC labs and crafting national lab safety standards that would be administered by a single government body.
On Thursday, Committee Chairman Fred Upton made public a 2012 letter from CDC Director Dr Thomas Frieden saying the agency had put a senior official in charge of lab security and was soliciting advice from outside experts in biosecurity.
"We have designated a senior official who will report directly to the CDC Director regarding concerns or complaints related to safety at CDC's laboratories," Frieden said in the letter from September 2012 that was addressed to Upton.
Two years later, those measures did not appear to prevent a new round of safety breaches, including the anthrax incident.
Last week, Frieden said the CDC had appointed Dr. Michael Bell to be in charge of lab safety issues and would convene a panel of outside experts to advise the agency.
“These measures sound very similar to the corrective actions Dr. Frieden outlined last Friday to address the current lab crisis," Upton said. "Why should we believe this time that things will be different?”
Frieden testified on Wednesday at a hearing of the Energy and Commerce Subcommittee on Oversight and Investigations.
When asked about the senior official put in charge of lab security in 2012, Frieden was unable to name the appointee or describe the official's duties.
"I will have to get back to you about that to get you the name and the details of what was done pursuant to that letter," he told Representative Gregg Harper, a Mississippi Republican.
CDC spokesman Tom Skinner said on Thursday that CDC official Joseph Henderson was named to the position around March 2013, and that the role included a broader portfolio of responsibilities. Henderson, currently director of the Office of Safety, Security and Asset Management, sat next to Frieden at the witness table during the subcommittee hearing.
"When that letter was written in September 2012, there may have been a person designated in an acting role. Joe was hired full time seven months later in 2013," Skinner said.

Monday, July 14, 2014

CDC says there were 269 separate, reported incidents of lost or escaped 'select agent' microbes in 2010/ Reuters

Not to put too fine a point on it, but today's Reuters story has even more bad news on safety at our highest containment labs:
According to a 2012 report by CDC scientists, there were 16 incidents of lost or escaped microbes from select-agent labs in 2004, meaning everything from misplaced samples to an infected researcher walking out the door harboring a virus. That rose to 128 in 2008 and 269 in 2010.
There is some good news.  In light of all this, CDC Director Tom Frieden has proposed reducing the number of high containment labs in the US, and at CDC.  Sounds like a great idea! Also from the Reuters story:
    In the wake of disclosures that top government labs mishandled anthrax, smallpox and avian flu, U.S. health authorities are considering the once unthinkable: cutting the burgeoning number of labs working with the planet's most dangerous microbes.
    When the U.S. Centers for Disease Control and Prevention last week unveiled a report documenting multiple safety breaches at its labs, its director for the first time suggested the country turn back the rapid-fire proliferation of such research units, which have tripled in little more than a decade to at least 1,500. 
    "One of the things that we want to do is reduce the number of laboratories that work with dangerous agents to the absolute minimum necessary," said CDC Director Dr Thomas Frieden. "Reduce the number of people who have access to those laboratories to the absolute minimum necessary. Reduce the number of dangerous pathogens we work with." 
    His remarks may vindicate the views of a small group of biosafety and biosecurity experts who see that as the only way to protect dangerous viruses and bacteria from both lab accidents and thefts.... 
UPDATE:  US Government purges more than half the members of an NIH biosafety advisory board, including several anthrax experts.  Guess the executive branch has its own ideas about the kind of advice it wants, and feared it might not be forthcoming from this group.  See email sent to the 11 members here.

CDC scientists' lack of understanding of anthrax is shocking and terrifying

The WaPo has published the full text of the CDC report on its anthrax mishap last month, with mention of a number of other, almost identical even from the same lab... in which highly virulent, live bacteria, including anthrax, H5N1 avian flu and Clostridium botulinum were transferred to other labs, on the assumption they were benign strains or had been killed.

However, the report deemphasizes a critical safety breech:  that multiple lab personnel failed to appreciate the differences between anthrax spores and vegetative organisms.  It further minimizes the risk from live spores.

The report repeatedly states that the procedure used to inactivate anthrax would have worked for vegetative forms of anthrax.  The report admits the procedure did not completely kill spores.

There's an understatement.  Vegetative, growing anthrax bacteria can be killed by almost anything, including flying through the air. They cannot be used as a weapon due to their fragility.  

But spores are an entirely different matter.  There are very few things that kill anthrax spores, which can live for hundreds of years. That is why it was so difficult and expensive to decontaminate buildings contaminated with them.  An area harboring anthrax spores remains dangerous for the foreseeable future.  Scotland's Gruinard Island, where anthrax was tested during World War 2, was off limits to humans for 45 years, until it was decontaminated by being bathed in formaldehyde.

At CDC, an inactivation procedure was used on anthrax spores that was developed for vegetative, growing Brucella bacteria, yet was expected to inactivate spores.  This fact alone is astounding.  It shows complete lack of understanding of what the scientists were dealing with.  The report says its scientists had "inadequate knowledge of the peer-reviewed literature" on anthrax.  I would say they knew nothing about how to work with anthrax and are lucky they are still alive. They did not understand what they were doing, and should be reassigned away from select agents.

Even after 24 hours in a chemical bath, not all spores were killed.  Four colonies grew from an estimated 50,000 put on a plate.  Based on this, CDC's report claims there was no problem, as not enough spores (only about 1 in 10,000) might have lived to cause trouble.

However, only an estimated 50,000 spores were plated.  But how many were transferred to other labs? That number is never provided.  Bruce Ivins kept 1 trillion spores per ml (milliliter) in his flask at Fort Detrick. Fermenters produce one billion organisms per ml.  Most experiments require many orders of magnitude more than were plated. A reasonable guess might be that 10 billion spores were transferred.  At the given rate of inactivation, a million anthrax spores would have remained viable. According to the NY Times:
Over the next few days, scientists in two other labs where breathing equipment was not used agitated the bacteria and sprayed them with compressed gas, which could have blown spores into the air.
Could have blown spores into the air?  Clearly, these procedures did release spores into the air. Luckily for the scientists, it usually takes thousands of spores to cause infection.  But the occasional person (consider nonagenarian Ottilie Lundgren in Connecticut) may succumb to just a few spores.

The litany of mistakes that were made, detailed in the report's Findings, is breathtaking.  Lack of understanding of anthrax. Lack of SOPs. Lack of appropriate experimental design. Failure to follow CDC's own protocols, where they existed. Lack of supervision. Lack of timely communication when the incident was discovered, including identifying employees who may have been exposed so they could receive prophylaxis. (See page 16 of the Report.)  However, I disagree that it was highly unlikely that staff were exposed to anthrax:  they were, more likely, simply not exposed to enough anthrax spores, along with receiving prophylactic antibiotics, to induce disease.

Good recommendations are made to prevent a repeat in this report.  However, as the NY Times notes below, CDC has failed repeatedly to correct the very same problems identified in the report.  Decades ago, Fort Detrick lost two employees at its research facility to anthrax.  Many of us think it simply isn't possible for thousands of labs to perform this type of work safely.  It needs a tremendous degree of attention, care, and a paranoid mindset.  I would not trust myself to do it.  

It is slow working in a moon suit with a self-contained breathing apparatus.  You don't get to do blockbuster science this way. 

Have lower caliber scientists been shunted to the labs that perform this type of work, when what is required are the highest caliber, in order to do it safely?

UPDATE:  USDA's investigation of CDC finds even more bloopers and blunders, including failure to secure one of the labs that received the live anthrax.  People continued to transit the area for days after the mistake was discovered.  The CDC clinic failed to see exposed workers for up to 5 days, and advised some to check themselves for anthrax.  Anthrax was kept in an unlocked hall fridge; elsewhere, anthrax had gone missing.

2nd UPDATE:  Congressional memo with comments on USDA's APHIS report

Congress will be investigating with a hearing July 16.  From the Times:

Several experts on biosecurity noted that the inspector general’s office of the Department of Health and Human Services sent official complaints to the C.D.C. in 2008, 2009 and 2010 about undertrained lab personnel and improperly secured shipments.
Both Dr. Frieden and his predecessor, Dr. Julie L. Gerberding, replied in letters over their signatures that the problems would be fixed.

Tuesday, July 1, 2014

CDC anthrax story keeps getting weirder

Latest update claimed that CDC scientists put anthrax into a chemical bath to inactivate it for 24 hours, but after only ten minutes took out a sample for plating and culturing to determine if viable spores remained.  They failed to plate the anthrax that was transferred, after 24 hours in a chemical bath. And it was the spores that were in the bath for 24 hours that were shipped to other labs.
From Reuters:
What researchers are trying to find out is whether that was long enough to kill the anthrax, Dr Paul Meechan, director of the CDC's environmental health and safety compliance office, told Reuters in a telephone interview.
"We don't know that, but we're doing experiments to prove it," said Meechan. The CDC first disclosed the incident to Reuters a week ago.
An independent laboratory is running the same set of experiments to see if they get the same answers, which would add to the validity of the findings.
Meechan said workers in the bioterror lab were testing a new protocol for inactivating anthrax before sending the bacteria for experiments in two lower-security CDC labs.
The protocol they were following had been used by researchers at the CDC to inactivate other bacteria, but not on anthrax. It called for placing anthrax into a bath of acid for 10 minutes, removing some, putting it on a nutrient-rich plate and placing it in an incubator.
After 24 hours, the researchers checked to see if any colonies of anthrax had grown. None had, so the team took the anthrax that had been soaking in acid for 24 hours, put it on slides and sent it for testing in two other CDC labs.
1.  Why did it take 10 days for this piece of information to be reported?
2.  Why is CDC only now doing the allegedly appropriate experiment to determine if there even was an exposure to live anthrax, more than 2 weeks after the mistake was discovered?
3.  If scientists truly kept the anthrax spores in a bath for 24 hours, then they should have plated those spores to check for inactivation.  CDC says it is only now doing the experiment to see if 24 hours in the bath inactivates anthrax spores.  Really?  Only now you are doing the experiment that needed to be done (according to your own protocols) before any anthrax was sent elsewhere?
4.  Anthrax, when healthy, can go through enough doublings to form a visible colony on an agar plate in 18-24 hours.  After a bath in a harsh chemical, one should not assume they grow as fast. Even a small growth delay could require more time for visible growth on agar.  Even 48 hours should not be enough time to rule out the presence of viable, possibly mutated and slower-growing spores.
5.  Did researchers start with spores or vegetative forms of anthrax?  Vegetative forms are easily killed--but may convert to spores when placed in harsh conditions.  The spores can survive whatever method kills only the vegetative form.  Was there vegetative cell to spore conversion?
6.  To perform a valid experiment, you test one parameter of the experiment.  However, media reports claim that CDC scientists were testing a new method to detect anthrax.  To do so they were using anthrax that was killed by a new method.  When you have two variables (new methods) in this type of experiment, you need extra experimental arms to control for the presence of two variables.  There have been no reports that the experiment took this into account. Therefore the CDC experiment for which the anthrax was prepared was likely an example of junk science, i.e., could not produce a valid answer to the question posed no matter what result was obtained.
7.  Why, a week after the problem was discovered, had only 2/3 of potentially exposed individuals been seen by occupational health and treated using CDC-established post-exposure prophylaxis protocols?
8.  Here are CDC's recommendation for handling and proving the inactivation of anthrax spores (which were not followed) that were issued after a similar incident exposed lab workers to live anthrax at Oakland Children's Hospital in June 2004:
Inactivated suspensions of B. anthracis should be cultured both at the preparing laboratory before shipment and at the research laboratory several days before use to ensure sterility. Sensitivity of sterility testing might be enhanced by increasing the inoculum size and incubation time, and by inoculating in multiple media, including both solid and broth media. Such procedures would increase the probability of detecting even a small number of viable B. anthracis spores. CHORI staff members did not perform sterility testing on the suspension received in March 2004.
Because inhalation of viable B. anthracis spores can result in fatal infection, CDC recommends that laboratory personnel who routinely perform activities with clinical materials and diagnostic quantities of infectious cultures implement BSL-2 practices (7). These practices include use of appropriate PPE (e.g., gloves, gowns, or laboratory coats) and a BSC for procedures with the potential to expel infectious aerosols (e.g., centrifuging or ejection of pipette tips). Face protection (e.g., goggles, face shield, or splatter guard) should be used against anticipated splashes or sprays when potentially infectious materials require handling outside of the BSC. In the incidents described in this report, because CHORI staff members believed they were working with nonviable organisms, they did not fully implement BSL-2 practices until after the deaths in the second group of mice.
Research laboratory workers should assume that all inactivated B. anthracis suspension materials are infectious until inactivation is adequately confirmed. BSL-2 procedures should be applied to all suspension manipulations performed before confirming sterility. After sterility is confirmed, laboratory personnel should continue to use BSL-2 procedures while performing activities with a high potential for expelling aerosolized spores.
The Advisory Committee on Immunization Practices recommends routine anthrax vaccination of persons who work with production quantities or concentrations ofB. anthracis cultures or perform other activities with a high potential for producing infectious aerosols (8). Facilities performing such work should have appropriate biosafety precautions in place to prevent exposure to B. anthracis spores; however, anthrax vaccination can be an additional layer of protection in the event of an unrecognized breach in practices or equipment failure. Because of the small potential for inadvertent exposure to aerosolized B. anthracis spores before or after sterility testing, vaccination might also be considered for researchers who routinely work with inactivated B. anthracis suspensions.
In addition, laboratories working with inactivated B. anthracis organisms should develop and implement training activities and incident-response protocols to ensure appropriate actions are taken in the event of a potential exposure. These protocols should describe mechanisms for offering counseling and postexposure chemoprophylaxis and obtaining paired sera from potentially exposed persons. Training at animal research facilities should emphasize prompt communication between animal handlers and researchers if animals are unexpectedly found dead and any special handling procedures are needed for carcasses and bedding. Finally, institutional biosafety committees should routinely review protocols and procedures to ensure that appropriate safety precautions are always in place.