… CDC has not responded to USA TODAY’s requests, under the Freedom of Information Act, filed in June 2012, for records involving lab safety and security incidents at the lab complex.
The latest set of “restricted” inspector general audits covered six federal entities conducting research on potential bioterror germs. Additional audits looked at how the agents are shipped and compliance at labs run by a sampling of universities and state, local and private labs.
For security reasons, the IG’s office removed the names of the government agencies, universities and private firms that were running the labs. The specific germs or toxins were also withheld.
Among the reports’ findings:
• An August 2009 report cites an undisclosed federal lab for not always restricting access to bioterror agents to approved individuals; failing to maintain complete records of who had accessed the specimens and not ensuring that individuals working with the specimens received proper training. In some cases, the agency had failed to cancel the electronic “swipe cards” and biometric access rights of people no longer authorized to be in the areas. “The Laboratory’s access records showed that the three individuals entered select agent areas a total of 35 times after their access rights were terminated,” the report notes.
• A June 2006 summary report examining labs at 15 universities found weaknesses at 11 of them. Three had incomplete inventory records. One university told auditors it “could not verify inventory records because it lacked qualified personnel to safely perform this function.” Six universities were cited for issues that could have allowed unapproved individuals to access areas where specimens were stored, including one university where unapproved individuals could have generated keys for themselves and others.
• A January 2008 summary report about issues at state, local, private and commercial labs, which was sent to Julie Gerberding, the CDC’s director at the time, found problems at all of them that “could have compromised the ability to safeguard select agents from accidental or intentional loss.” The issues included not adequately restricting access to approved individuals, insufficient security plans and lack of documented training. Although the eight entities had agreed with auditors’ recommendations for corrections, the IG noted that six months had passed and CDC lab inspectors still hadn’t documented corrections and submitted reports to auditors.
• An April 2009 audit sent to the CDC’s acting director at the time, Richard Besser, found problems in the transfer of specimens between undisclosed labs and failures by labs to ensure that only approved individuals received the packages. “Allowing unapproved individuals to handle select agents increased the risk that the agents could be lost or stolen, thereby potentially posing a severe threat to public health and safety,” the auditors wrote. Yet CDC’s lab inspectors were not adequately monitoring or enforcing requirements that labs protect against loss or theft during such transfers. Of 24 entities where auditors found unauthorized individuals accepting delivery of specimen packages, CDC inspectors had cited only four of them. CDC spokesman Tom Skinner said this week the agency has strengthened its inspection process since the report was written.
• A December 2009 audit involved a federal agency that described itself in an attached response letter as “the Nation’s premier biomedical research institution.” The National Institutes of Health has used that phrase in online publications to describe itself. Violations cited in the report included failure to maintain accurate and current inventory records. “The laboratory did not conduct a physical count until apprised of our audit in October 2008, at which time the laboratory determined that it had seven vials of select agents that were not recorded in the inventory records,” auditors wrote. The types of germs in the vials, which the report said dated from the 1960s, were redacted from the report. The agency in its response said auditors had overstated the potential consequences of their findings. Auditors wrote that they disagreed. The NIH press office, in a statement, said it was not able to confirm that the report is about its agency.
All of the reports about federal entities involve agencies that are part of HHS, according to the letterhead of agency response letters that had the specific agency name removed. HHS officials did not respond to USA TODAY’s interview request about the IG reports, and referred all questions to the CDC. In addition to the CDC, the two other federal agencies involved in the forgotten smallpox vials — the FDA and NIH — are also part of HHS…