Biological Laboratories
Design and Implementation Considerations for Safety Reporting Systems Gao ID: GAO-10-850 September 10, 2010As the number of biological labs increases, so too do the safety risks for lab workers. Data on these risks--collected through a safety reporting system (SRS) from reports of hazards, incidents, and accidents--can support safety efforts. However, no such system exists for all biological labs, and a limited system--managed by the Centers for Disease Control and Prevention (CDC) and the Animal and Plant Health Inspection Service (APHIS)--applies to only a subset of these labs. While a national SRS has been proposed, design and implementation are complex. In this context, GAO was asked to identify lessons from (1) the literature and (2) case studies; and to apply those lessons to (3) assess CDC and APHIS's theft, loss, or release (TLR) system for select agents, such as anthrax, and (4) suggest design and implementation considerations for a labwide SRS. To do its work, GAO analyzed SRS literature; conducted case studies of SRSs in aviation, commercial nuclear, and health care industries; and interviewed agency officials and biosafety specialists.
According to the literature, effective design and implementation of a safety reporting system (SRS) includes consideration of program goals and organizational culture to guide decisions in three key areas: (1) reporting and analysis, (2) reporter protection and incentives, and (3) feedback mechanisms. Program goals are best identified through stakeholder involvement and organizational culture, through assessment. Case studies of SRSs in three industries--aviation, commercial nuclear, and health care--indicate that (1) assessment, dedicated resources, and management focus are needed to understand and improve safety culture; (2) broad reporting thresholds, experience-driven classification schemes, and local-level processing are useful SRS features in industries new to safety reporting; (3) strong legal protections and incentives encourage reporting and prevent potential confidentiality breaches; and (4) a central, industry-level unit facilitates lesson sharing and evaluation. While the CDC and APHIS Select Agent Program (SAP) has taken steps in the three key areas to improve the usefulness of the TLR system for select agents, steps for improvement remain. Specifically, the agencies have taken steps to better define reportable events, ensure the confidentiality of reports, and dedicate resources to use TLR data for safety improvement. However, lessons from the literature and case studies suggest additional steps in the three key areas to enhance the usefulness of the system. For example, lowering reporting thresholds could provide precursor data and limited immunity could increase the incentive to report. Finally, the CDC and APHIS are in a unique position--as recognized authorities in the lab community and with access to TLR reports from across the industry--to guide SRS evaluation and ensure safety lessons are broadly disseminated. For a national safety reporting system for all biological labs, existing information--about labs' organizational culture and the lab community's limited experience with SRSs--suggests the following features in the three key areas: (1) Reporting and analysis. Reporting should be voluntary; available to all workers; cover hazards, incidents, and less serious accidents; accessible in various modes (Web and postal); and with formats that allow workers to report events in their own words to either an internal or external SRS system. (2) Reporter protections and incentives. Strong confidentiality protections, data deidentification processes, and other reporting incentives are needed to foster trust in reporting. (3) Feedback mechanisms. SRS data should be used at both the local and industry levels for safety improvement. An industry-level entity is needed to disseminate SRS data and to support evaluation. GAO recommends that, in developing legislation for a national SRS for biological labs, Congress consider provisions for certain system features. GAO also recommends three improvements to the CDC and APHIS TLR system. HHS disagreed with the first two recommendations and partially agreed with the third. USDA agreed with the three recommendations.
RecommendationsOur recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.
Director: Thomas J. McCool Team: Government Accountability Office: Applied Research and Methods Phone: (202) 512-8678GAO-10-850, Biological Laboratories: Design and Implementation Considerations for Safety Reporting Systems
This is the accessible text file for GAO report number GAO-10-850
entitled 'Biological Laboratories: Design and Implementation
Considerations for Safety Reporting Systems' which was released on
October 12, 2010.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as
part of a longer term project to improve GAO products' accessibility.
Every attempt has been made to maintain the structural and data
integrity of the original printed product. Accessibility features,
such as text descriptions of tables, consecutively numbered footnotes
placed at the end of the file, and the text of agency comment letters,
are provided but may not exactly duplicate the presentation or format
of the printed version. The portable document format (PDF) file is an
exact electronic replica of the printed version. We welcome your
feedback. Please E-mail your comments regarding the contents or
accessibility features of this document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
Report to Congressional Requesters:
United States Government Accountability Office:
GAO:
September 2010:
Biological Laboratories:
Design and Implementation Considerations for Safety Reporting Systems:
GAO-10-850:
GAO Highlights:
Highlights of GAO-10-850, a report to congressional requesters.
Why GAO Did This Study:
As the number of biological labs increases, so too do the safety risks
for lab workers. Data on these risks”collected through a safety
reporting system (SRS) from reports of hazards, incidents, and
accidents”can support safety efforts. However, no such system exists
for all biological labs, and a limited system”managed by the Centers
for Disease Control and Prevention (CDC) and the Animal and Plant
Health Inspection Service (APHIS)”applies to only a subset of these
labs. While a national SRS has been proposed, design and
implementation are complex. In this context, GAO was asked to identify
lessons from (1) the literature and (2) case studies; and to apply
those lessons to (3) assess CDC and APHIS‘s theft, loss, or release
(TLR) system for select agents, such as anthrax, and (4) suggest
design and implementation considerations for a labwide SRS. To do its
work, GAO analyzed SRS literature; conducted case studies of SRSs in
aviation, commercial nuclear, and health care industries; and
interviewed agency officials and biosafety specialists.
What GAO Found:
According to the literature, effective design and implementation of a
safety reporting system (SRS) includes consideration of program goals
and organizational culture to guide decisions in three key areas: (1)
reporting and analysis, (2) reporter protection and incentives, and
(3) feedback mechanisms. Program goals are best identified through
stakeholder involvement and organizational culture, through assessment.
Case studies of SRSs in three industries”aviation, commercial nuclear,
and health care”indicate that (1) assessment, dedicated resources, and
management focus are needed to understand and improve safety culture;
(2) broad reporting thresholds, experience-driven classification
schemes, and local-level processing are useful SRS features in
industries new to safety reporting; (3) strong legal protections and
incentives encourage reporting and prevent potential confidentiality
breaches; and (4) a central, industry-level unit facilitates lesson
sharing and evaluation.
While the CDC and APHIS Select Agent Program (SAP) has taken steps in
the three key areas to improve the usefulness of the TLR system for
select agents, steps for improvement remain. Specifically, the
agencies have taken steps to better define reportable events, ensure
the confidentiality of reports, and dedicate resources to use TLR data
for safety improvement. However, lessons from the literature and case
studies suggest additional steps in the three key areas to enhance the
usefulness of the system. For example, lowering reporting thresholds
could provide precursor data and limited immunity could increase the
incentive to report. Finally, the CDC and APHIS are in a unique
position-”as recognized authorities in the lab community and with
access to TLR reports from across the industry-”to guide SRS
evaluation and ensure safety lessons are broadly disseminated.
For a national safety reporting system for all biological labs,
existing information”about labs‘ organizational culture and the lab
community‘s limited experience with SRSs”suggests the following
features in the three key areas:
* Reporting and analysis. Reporting should be voluntary; available to
all workers; cover hazards, incidents, and less serious accidents;
accessible in various modes (Web and postal); and with formats that
allow workers to report events in their own words to either an
internal or external SRS system.
* Reporter protections and incentives. Strong confidentiality
protections, data deidentification processes, and other reporting
incentives are needed to foster trust in reporting.
* Feedback mechanisms. SRS data should be used at both the local and
industry levels for safety improvement. An industry-level entity is
needed to disseminate SRS data and to support evaluation.
What GAO Recommends:
GAO recommends that, in developing legislation for a national SRS for
biological labs, Congress consider provisions for certain system
features. GAO also recommends three improvements to the CDC and APHIS
TLR system.
HHS disagreed with the first two recommendations and partially agreed
with the third. USDA agreed with the three recommendations.
View [hyperlink, http://www.gao.gov/products/GAO-10-850] or key
components. For more information, contact Thomas J. McCool at (202)
512-2642 or mccoolt@gao.gov.
[End of section]
Contents:
Letter:
Background:
Program Goals and Organizational Culture Guide Safety Reporting System
Design and Implementation in Three Key Areas:
Case Studies Demonstrate the Need for Assessment and Resources in
Design and Implementation and Suggest Certain Features in the Three
Key Areas:
The CDC and APHIS Have Taken Steps to Improve the Usefulness of the
TLR Reporting System; Lessons from the Literature and Case Studies
Suggest Additional Steps:
Existing Information on Biological Labs and Lessons from the
Literature and Case Studies Suggest Specific SRS Design and
Implementation Considerations:
Conclusions:
Matters for Congressional Consideration:
Recommendations for Executive Action:
Agency Comments and Our Evaluation:
Appendix I: Objectives, Scope, and Methods:
Appendix II: Summary of Lessons from the Literature and Case Studies:
Appendix III: Comments from the Department of Health and Human
Services:
Appendix IV: Comments from the Department of Agriculture:
Appendix V: GAO Contact and Staff Acknowledgments:
Bibliography of Articles Used to Develop SRS Lessons from the
Literature:
Bibliography of Other Literature Used in the Report:
Figures:
Figure 1: The Risk Pyramid for Safety Events:
Figure 2: Relationship of Program Goals, Organizational Culture, and
the Three Key Areas and Subcategories:
Figure 3: Growth in Aviation and VA Health Care Safety Reporting, 1981
to 2008:
Figure 4: Relationship of Program Goals, Organizational Culture, and
the Three Key Areas:
Figure 5: First Key Area--Reporting and Analysis:
Figure 6: Second Key Area--Reporter Protections and Incentives:
Figure 7: Third Key Area--Feedback Mechanisms:
Abbreviations:
ABSA: American Biological Safety Association:
AHRQ: Agency for Healthcare Research and Quality:
APHIS: Animal and Plant Health Inspection Service:
ASAP: Aviation Safety Action Program:
ASM: American Society for Microbiology:
ASRS: Aviation Safety Reporting System:
BMBL: Biosafety in Microbiological and Biomedical Laboratories:
BSC: biological safety cabinet:
BSL: biosafety level:
CDC: Centers for Disease Control and Prevention:
ERT: event review team:
FAA: Federal Aviation Administration:
FOIA: Freedom of Information Act:
HHS: Department of Health and Human Services:
INPOŽ: Institute of Nuclear Power Operators:
LAI: laboratory-acquired infection:
MMWR: Morbidity and Mortality Weekly Report:
NAPA: National Academy of Public Administration:
NASA: National Aeronautics and Space Administration:
NCPS: National Center for Patient Safety:
NIH: National Institutes of Health:
NNŽ: Nuclear Network:
NRC: Nuclear Regulatory Commission:
NTSB: National Transportation Safety Board:
OIG: Office of Inspector General:
OSHA: Occupational Safety and Health Administration:
PSIS: Patient Safety Information System:
PSRS: Patient Safety Reporting System:
SAP: Select Agent Program:
SEE-INŽ: Significant Event Evaluation--Information Network:
SRS: safety reporting system:
TMI: Three Mile Island:
TLR: theft, loss, release:
USDA: Department of Agriculture:
VA: Department of Veterans Affairs:
VDRP: Voluntary Disclosure Reporting Program:
VSP: Voluntary Safety Programs Branch:
[End of section]
United States Government Accountability Office:
Washington, DC 20548:
September 10, 2010:
The Honorable Joe Barton:
Ranking Member:
Committee on Energy and Commerce:
House of Representatives:
The Honorable Michael Burgess:
Ranking Member:
Subcommittee on Oversight and Investigations:
Committee on Energy and Commerce:
House of Representatives:
The Honorable Greg Walden:
House of Representatives:
The growing federal emphasis on identifying and protecting against
biological weapons attacks, as well as other factors, have led to an
increase in the number of biological laboratories in the United
States. Although data suggest that injury and illness rates for these
labs are below that of general industry, working with infectious
agents always involves inherent risk.[Footnote 1] To date,
catastrophes have been avoided in the United States, although serious
injuries and deaths have occurred among laboratory workers.[Footnote
2] These injuries and deaths might have been prevented had relevant
data on safety been quickly shared throughout the laboratory
community. For example, two microbiologists died in July and December
2000 of a laboratory-acquired infection (LAI) from exposure to
bacterium Neisseria meningitidis. In a review of how often this LAI
had occurred, investigators found 14 previously unreported LAIs from
exposure to the bacteria--8 of which were fatal.[Footnote 3] Had these
LAIs been reported and the safety issues surrounding this specific
bacterium communicated earlier, the two deaths in 2000 might have been
prevented.
Given the increase in biological labs and therefore risks, it is
essential to understand the sources of risk and how to communicate
them.[Footnote 4] These sources can best be identified through the
collection of safety data. Such data can come from accidents that
result in injuries or deaths. However, they can also come from
concerns about hazardous conditions or incidents such as errors
without consequences, near misses, or close calls. Collecting data on
accidents, incidents, and hazards can help identify accident
precursors--the actions, nonactions, processes, and environmental or
mechanical conditions that can lead to accidents.[Footnote 5] If the
precursors can be identified, communicated, and eliminated, the
occurrence of accidents--in particular those resulting in injury or
death--might be prevented. Safety reporting systems (SRS) are a key
tool industries use to collect such information. However, there is no
national labwide SRS for quickly and efficiently collecting,
analyzing, and communicating such information for biological labs.
Nevertheless, some mechanisms exist through which such data might be
communicated. For example, incidents of LAIs are sometimes reported in
academic journals, in the U.S. Department of Health and Human
Services' (HHS) Centers for Disease Control and Prevention's (CDC)
Morbidity and Mortality Weekly Reports (MMWR), or as a result of
Occupational Health and Safety Administration (OSHA) regulations.
However, there are a variety of barriers to reporting through these
mechanisms, and it is generally acknowledged that LAIs are
underreported because of concerns about stigma or punishment.
Consequently, a great deal of potential safety data is never
communicated. In addition, the CDC and the U.S. Department of
Agriculture's (USDA) Animal and Plant Health Inspection Service
(APHIS) together maintain a mandatory reporting system for theft,
loss, and release (TLR) of select agents,[Footnote 6] as required
under the select agent regulations.[Footnote 7] However, we have found
lapses in labs reporting to this program,[Footnote 8] suggesting the
need for improvement. Moreover, the Select Agent Program regulates
only those labs that possess, use, and transfer select agents and
toxins, and therefore covers only a fraction of U.S. biological labs
for which there is no SRS.[Footnote 9] Consequently, a great deal of
valuable safety data falls through the cracks, and potentially
avoidable accidents continue to occur.
Recognizing the need for an effective mechanism to collect safety
data, bills were introduced in both the Senate and House of
Representatives that, if enacted, would establish a new SRS for all
biological labs.[Footnote 10] While this legislation provides a
framework for establishing such a system, questions remain about what
constitutes the most effective design and implementation features for
a biological lab SRS. Despite these questions, it is known that
effective design and implementation include the use of existing
information, such as from the literature and case studies, to identify
lessons learned that can guide decisions. For example, when the health
care industry began to explore the potential of SRSs for hospitals,
many in the industry looked to the literature and other industries,
such as aviation, to identify lessons learned for design and
implementation. Similarly, for biological labs, although they are a
unique working environment, information from the literature and other
industries can identify lessons learned for the design and
implementation of a lab SRS.[Footnote 11] You therefore asked us to
identify lessons for designing and implementing an effective lab
safety reporting system, from (1) the literature and (2) case studies
of SRSs in the airline, commercial nuclear power, and health care
industries; and to apply those lessons to (3) assess the theft, loss,
and release reporting system, part of the Select Agent Program, and
(4) suggest design and implementation considerations for a national
safety reporting system for all biological labs.
To accomplish our objectives, we (1) reviewed an extensive selection
of both academic and applied literature related to safety science
(organizational safety and human factors) and SRS evaluation across a
wide variety of industries; (2) conducted case studies of SRSs in the
aviation, commercial nuclear power, and health care industries by
reviewing relevant documentation and academic literature, observing
safety task force and reporting system committee meetings, and
conducting open and structured interviews of agency officials, as well
as SRS and human factors experts in the three industries; (3)
interviewed national and international biosafety specialists, relevant
HHS and USDA officials, biological laboratory directors, and biosafety
officers; and (4) applied criteria--derived from our review of the
literature and case studies--for improving the Select Agent Program
reporting system and for designing and implementing an SRS for all
biological labs. With respect to the case studies, while we collected
information on a wide variety of safety reporting programs in the
three industries--and in some cases comment on these different
programs--we primarily developed our lessons from one reporting
program in each of the three industries. Specifically, we developed
lessons from the Federal Aviation Administration's (FAA) National
Aeronautics and Space Administration (NASA)-run Aviation Safety
Reporting System (ASRS) in aviation; the Institute of Nuclear Power
Operation's (INPO") Significant Event and Evaluation Information
Network (SEE-IN") system in commercial nuclear power; and the
Department of Veterans Affairs' (VA) health care reporting program,
which includes the Patient Safety Information System (PSIS) and the
Patient Safety Reporting System (PSRS). We chose to focus on these
programs because they represent fairly long-standing, nonregulatory,
domestic, industrywide, or servicewide reporting programs. For more
detailed information on our methods, please see appendix I.
We conducted this performance audit from March 2008 to September 2010
in accordance with generally accepted government auditing standards.
Those standards require that we plan and perform the audit to obtain
sufficient, appropriate evidence to provide a reasonable basis for our
findings and conclusions based on our audit objectives. We believe
that the evidence obtained provides a reasonable basis for our
findings and conclusions based on our audit objectives.
Background:
Biocontainment laboratories--designed with specific environmental,
storage, and equipment configurations--support containment efforts in
the day-to-day work with biological agents. These labs are designed,
constructed, and operated to (1) prevent accidental release of
infectious or hazardous agents within the laboratory and (2) protect
lab workers and the environment external to the lab, including the
community, from exposure to the agents. For example, the biological
safety cabinet (BSC) is laboratory safety equipment that is used when
manipulating infectious organisms. BSCs are enclosed cabinets with
mechanisms for pulling air away from the worker and into a HEPA
filter, which provides protection for the worker and prevents releases
into the environment. BSCs might be designed with a limited workspace
opening, or they might be completely enclosed with only gloved access
and air pressure indicators to alert users to potential microbial
releases. The selection of the BSC would depend on the (1) lab's risk
assessment for the specific agent and (2) nature of work being
conducted, as guided by the Biosafety in Microbiological and
Biomedical Laboratories (BMBL), and other relevant guidance, such as
OSHA regulations and National Institutes of Health (NIH) guidelines
for research involving recombinant DNA.
There are four biosafety levels (BSL). These levels--consisting of a
combination of laboratory practices, safety equipment, and laboratory
facilities--are based on the type of work performed, information about
the infectious agent, and the function of the laboratory. These levels
include combinations of laboratory practices and techniques, safety
equipment, and facilities that are recommended for labs that conduct
research on infectious mircro-organisms and toxins:
Biosafety level 1 (BSL-1) is suitable for work with agents not known
to consistently cause disease in healthy adults and present minimal
potential hazard to laboratory personnel and the environment.
Biosafety level 2 (BSL-2) is suitable for work with agents that pose
moderate risks to personnel and the environment.
Biosafety level 3 (BSL-3) is suitable for work with indigenous or
exotic agents that may cause serious and potentially lethal disease,
if inhaled.
Biosafety level 4 (BSL-4) is required for work with dangerous and
exotic agents that pose a high risk of life-threatening disease or
have aerosol or unknown transmission risk.
Examples of agents and toxins used within these labs include those
that primarily affect:
* humans and animals, such as Botulinum neurotoxin, a naturally
occurring poison, lethal to humans and animals, but used for medical
and cosmetic purposes in drugs such as Botox;
* animals, such as foot-and-mouth disease (FMD), a highly contagious
viral disease of cloven-hoofed animals--such as cattle, swine, and
sheep--that causes debilitation and losses in meat and milk production
(while FMD does not have human health implications it does have severe
economic consequences); and:
* plants, such as certain varieties of Xylella Fastidiosa, which can
kill citrus plants, but does not have human health implications.
Lab levels can also vary depending on their use. For example, research
that involves animal or plant pathogens may be designated as animal
biosafety levels (ABSL) 1-4 or BSL-3-AG. Similarly, some people may
refer to BSL-3 labs as "high-containment" labs and BSL-4 labs as
"maximum containment" labs. There are also several types of labs--
including clinical, research, teaching, public health (or reference),
and production (or commercial)--which are generally categorized on the
basis of the work conducted. While these labs all involve work with
infectious micro-organisms, there are regulatory, accrediting, and
risk differences associated with each type. For example, clinical labs
within hospitals test patient samples and may often be unaware of the
micro-organism they are handling until their tests have identified it.
In contrast, research, reference, and production (commercial) labs,
while they each have different purposes and environments, tend to be
aware of the micro-organisms they are handling. Clinical labs also
have specific accrediting and state reporting requirements, and their
control structure for handling illnesses is different from other types
of labs. We use the general term "biological lab" to include
biological labs of all levels or types that handle micro-organisms or
clinical samples. We use this general and inclusive term because SRSs
could be used in any environment with safety risks, including
different types or levels of labs. However, this does not necessarily
imply that a single SRS is appropriate or applicable to all labs of
varying type or level, although an SRS that encompasses the largest
view of a domain as possible has significant advantages. For example,
one national SRS would provide information that can cross boundaries
where common and similar practices exist and avoid the "stove-piping"
of safety information.
Many different federal agencies have some connection with biological
labs. Such agencies are involved with these labs in various
capacities, including as users, owners, regulators, and funding
sources.[Footnote 12] The CDC and APHIS regulate entities[Footnote 13]
that possess, use, and transfer select agents and toxins.[Footnote 14]
In addition, entities are required to report the theft, loss, or
release of any select agent or toxin to the CDC or APHIS, although we
had found reporting failures at some labs subject to this requirement.
[Footnote 15]
Along with environmental, storage, and equipment configurations,
various guidelines for lab practices support worker and public safety.
These biosafety guidelines offer general and agent-specific
containment and risk assessment practices. For example, the BMBL
suggests microbial practices, safety equipment, and facility
safeguards that vary by type of agent and intended use. These
documents are updated periodically--the BMBL is currently in its fifth
edition--in order to "refine guidance based on new knowledge and
experiences and to address contemporary issues that present new risks
that confront laboratory workers and the public health."[Footnote 16]
While the BMBL and other guidelines are useful for promoting safety,
they also recognize there are unknown and emerging laboratory safety
risks and that ongoing efforts to gather information about those risks
is essential for continued safety improvement. One of the key
information sources for these updates is published reports of LAIs.
However, it is widely recognized that these reports reflect only a
fraction of actual LAIs.
To develop evidence-based guidelines and safety-improvement
initiatives, other industries with inherent risks to workers and the
general public--such as aviation, commercial nuclear power, and health
care--collect and analyze safety data. These data can come from safety
events. Safety event levels--depicted in terms of a risk pyramid (see
figure 1)--increase in severity as they decrease in likelihood.
Whether and where the lines are drawn--between accidents (fatal or
nonfatal), incidents, and hazards--varies (1) across industries and
(2) according to whether the safety event resulted in no ill effects,
minor injuries, or severe injuries or deaths.
Figure 1: The Risk Pyramid for Safety Events:
[Refer to PDF for image: illustration]
Pyramid:
Base level: Hazards;
Mid level: Incidents;
Top level: Accidents.
Source: Based on the Heinrich Pyramid.
[End of figure]
Events at the top of the pyramid--generally identified as "accidents"
(sometimes further divided depending on fatality)--have significant
potential for harm or result in actual harm to one or more
individuals. These events can include radiological exposure,
industrial chemical spills or explosions, airline crashes (with or
without loss of life), patient medication errors that result in
illness or death, and LAIs. Accidents--especially fatal ones--are
generally infrequent, hard to conceal, and often required to be
reported. Events at the center of the risk pyramid--generally referred
to as "incidents"--are those that could have resulted in serious harm
but did not. Incidents occur more frequently than accidents and
include near misses, close calls, or other potential or actual adverse
events and violations, although definitions vary within and across
industries. For events at the base of the pyramid--generally referred
to as "hazards"--no incident or accident need occur. These events
include observations about the work environment, procedures,
equipment, or organizational culture that could be improved relative
to safety.
Safety data from accidents, incidents, and hazards provide the source
information for analysis of accident precursors--the building blocks
of events that can lead to injury or death. The focus on precursor
data arose as a result of the limited amount of data that could be
identified from accident investigations. Such data are often "too
sparse, too late and too statistically unreliable to support effective
safety management."[Footnote 17] In addition, the severity and
sometimes fatal consequences of accidents often preclude investigators
from gathering sufficient detail to fully understand systemic (as
opposed to individual) causes of the accident. Incident data are a
particularly rich source of precursor information because incidents
occur more frequently than accidents. Moreover, incidents do not often
rise to the level of regulatory or legal violation because no serious
harm has occurred. Workers are therefore generally less fearful of
punishment in reporting their mistakes at this level.
Collection of safety data and analysis of accident precursors focus on
trying to identify systemic, rather than individual, causes of error.
Industries often take this system-based approach to risk management
because they recognize that "blaming problems on 'human error' may be
accurate, but it does little to prevent recurrences of the problem. If
people trip over a step x times per thousand, how big must the x be
before we stop blaming people for tripping and start focusing on the
step?"[Footnote 18] The system-based approach focuses on analyzing
accident precursors to understand "how and why the defenses failed."
[Footnote 19] According to this approach, blaming individuals for
accidents--as in the person-based approach--not only fails to prevent
accidents, but also limits workers' willingness to provide information
about systemic problems. When precursor information from accidents,
incidents, and hazards are analyzed as part of a system, evidence-
based, industrywide safety improvements are possible. For example,
analysis of reports of health care workers improperly medicating
patients has helped identify and address systemic problems with
medication labeling and storage. In such cases, hospitals could have
punished an individual for the error. Instead, they focused on
learning rather than blame, which encouraged worker reporting and led
to needed changes in medication labeling and storage. This, in turn,
improved patient safety because any health care worker--not just the
one that reported the error--will be less likely to improperly
medicate patients in the future.
SRSs--both mandatory and voluntary--are the key tool for capturing
detailed safety data. Many industries have recognized that the costs
of repeated accidents or managing the aftermath of an accident can far
outweigh the costs to establish and maintain a reporting system.
[Footnote 20] Despite vast differences across industries, the sources
of risk--humans, technology, and environment--are the same.
Consequently, the tools--such as SRSs--that industries other than
biological labs use to understand these risks can also support
evidence-based, industrywide biosafety improvement efforts. This is
especially significant in understanding the risks in biological labs
because current biosafety guidelines are based on limited information.
While individual states or labs may have reporting mechanisms, no
formal system exists for sharing data among all labs. In addition,
while data reported through academic journals or state disease
registries is accessible industrywide, there are significant reporting
barriers. For example, before information about an incident becomes
available to others through academic publications, infections must be
recognized as laboratory-acquired, deemed scientifically interesting,
written up and submitted for peer review, and accepted for inclusion
in an academic journal. Furthermore, concerns about losing funding or
negative publicity can create barriers to an institution's willingness
to encourage publication of LAI information.[Footnote 21] Reports of
infections through state disease registries are also limited because
information about the source of the infection is generally not
collected and not all infectious diseases are required to be reported.
In addition, the infected individual must see a health practitioner
who recognizes the status of the disease as reportable and takes steps
to report it. Finally, releases without infection--or without
recognized infection as a result of a release--are unlikely to be
reported at all, despite the valuable precursor data that could be
gleaned from the event.
A system for collecting safety data from across the lab community has
been proposed as a means to improve the evidence base for biosafety
guidelines. However, as indicated by reporting lapses to the mandatory
system for theft, loss, and release of select agents, implementation
of a reporting system does not immediately create a highly useful one,
to which all workers instantaneously submit data on their errors.
Finally, when initiating any reporting system, it is important to
consider up front and throughout a myriad of design and implementation
issues so as to ensure the system is operating as effectively as
possible. Consequently, we look to research and experience to inform
design and implementation choices.
Program Goals and Organizational Culture Guide Safety Reporting System
Design and Implementation in Three Key Areas:
According to lessons from our review of the literature,[Footnote 22]
the design and implementation of an effective safety reporting system
(SRS) includes consideration of program goals and organizational
culture for decisions in three key areas: reporting and analysis,
reporter protection and incentives, and feedback mechanisms. Each of
the key areas contains subcategories of related decision areas, which
should also tie into program goals and organizational culture. Figure
1 illustrates the relationship among program goals, organizational
culture, and the three key areas with associated subcategories.
Figure 2: Relationship of Program Goals, Organizational Culture, and
the Three Key Areas and Subcategories:
[Refer to PDF for image: illustration]
The illustration depicts an interlocking circle of Program Goals and
Organizational Culture, with the following contained inside the circle:
1. Reporting and analysis:
* Level of event;
* Classification of error;
* Format and mode;
* Reporting management;
* Analytical process.
2. Reporter protections and incentives:
* Anonymity;
* Confidentiality;
* Deidentification of data;
* Limited immunity.
3. Feedback mechanisms:
* Feedback to reporters;
* Feedback to administrators;
* Feedback to industry;
* Feedback for system improvement.
Source: GAO analysis of SRS evaluation literature.
[End of figure]
Program Goals and Organizational Culture:
A program can have a variety of goals in the design and implementation
of an SRS, apart from the primary goal of improving safety, according
to the literature. For example, an SRS can be used for regulatory
purposes or for organizational learning--a distinction that will
fundamentally affect design decisions, such as whether reporting will
be mandatory or voluntary, what types of reporter incentives and
protections should be included, who will analyze SRS reports, and what
feedback will be provided. An SRS can be designed and implemented to
meet a variety of subgoals as well. Subgoals can include capabilities
for trend analyses, accountability improvement, liability reduction,
and performance indicators. The overall goals and subgoals should be
determined in advance of design decisions, so that decisions in the
three key areas support program goals. Identification and agreement on
program goals is best accomplished through the involvement of
appropriate stakeholders, such as management, workers, industry
groups, accrediting bodies, and relevant federal entities, according
to the literature.
Even with well-defined goals, the success of any SRS is intertwined
with the organizational culture in which it will operate.
Organizational culture--the underlying assumptions, beliefs, values,
attitudes, and expectations shared by those in the workplace--affects
implementation of programs in general and, in particular, those
designed to change that underlying culture.[Footnote 23] SRSs are
fundamentally tools that can be used to facilitate cultural change--to
develop or enhance a type of organizational culture known as a culture
of safety. A culture of safety implies individual and organizational
awareness of and commitment to the importance of safety. It also
refers to the personal dedication and accountability of all
individuals engaged in any activity that has a bearing on safety in
the workplace.[Footnote 24] Development of a positive safety culture
often involves a shift in how workers view and address safety-related
events. This shift is supported by data on safety-related events
provided by SRSs.[Footnote 25] Accordingly, an environment in which
workers can report safety events without fear of punishment is a basic
requirement for a safety culture and an effective SRS. In addition, an
important consideration in design and implementation is where on the
safety culture continuum an organization is currently positioned and
where it would like to be positioned. It is unlikely that workers
would report safety events in organizations with punishment-oriented
cultures--where workers are distrustful of management and each other.
To promote reporting in such environments, systems can be designed
with features that help alleviate these worker concerns. However,
understanding where the organizational culture is in relation to
reporting is essential for choosing system features that will address
these concerns.
Changing organizational culture is also generally recognized as a long-
term effort that takes at least 5 to 10 years. In high-risk
industries, reporting systems are often developed in conjunction with
other efforts to make safety a priority, and as the culture changes
from these efforts, so might the reporting system to reflect the
changing culture. For example, as safety events become more visible or
well-defined, reporting forms or requirements can be modified to
reflect this new understanding. Similarly, if reporting is waning but
safety events continue to occur, adjustments to reporting incentives,
definitions of events, and other features may be necessary to improve
reporting. Such ongoing assessment of organizational culture can also
help identify areas where system adjustments are needed and support
efforts to evaluate the contributions of the SRS to safety culture
improvement. As with any tool for cultural change, the value of the
SRS will be commensurate with the investment in its use. If an SRS is
to support overall safety improvement, training, outreach, and
management support are necessary to instruct staff in the desired
culture and use of the new system.
Lessons from the literature on the role of program goals and
organizational culture in SRSs include the need to:
* define overarching program goals and subgoals up front;
* involve stakeholders (e.g., management, industry groups,
associations, and workers) in developing program goals and designing
the SRS to increase support among key populations;
* assess the organizational culture to guide system design choices in
the three key areas; and;
* ensure that reporters and system administrators receive adequate
training regarding the function and application of the reporting
system.
First Key Area: Reporting and Analysis:
Among the first design decisions for an SRS are those that cover
reporting and analysis. Decisions in this key area include basic
questions about the (1) level of event that should be reported to the
system, (2) classification of events, (3) report format and mode, (4)
management of reporting, and (5) analysis of the reported data.
Level of Event: The Severity of Events Captured Generally Determines
Whether an SRS Is Mandatory or Voluntary:
The severity of events can vary from safety concerns to mass
casualties, and what is considered a "reportable event" has
implications for whether reporting should be mandatory or voluntary.
Mandatory reporting is generally preferred when program goals are
focused on enforcement. Serious events--such as accidents resulting in
injuries or deaths--are typically the level of event collected in
mandatory SRSs. Mandatory reporting is also generally preferred where
there is potential or realized association with injury or death and
related regulatory and legal implications, as in accidents. Voluntary
reporting is generally preferred when the program goal is learning--
identifying actions, processes, or environmental factors that lead to
accidents. Voluntary reporting in these cases is more appropriate
because the goal is improvement rather than compliance. Events at the
incident level--errors without harm, near misses, close calls, and
concerns--are less serious than accidents and are typically collected
through voluntary SRSs. Both mandatory and voluntary reporting systems
are often employed concurrently--sometimes independently and sometimes
in complementary roles--because programs face the dual requirements of
regulating and promoting safety improvement.
The level of event to be reported also depends on the organizational
culture. Industries new to safety reporting--in particular, those in
which the definition or recognition of an accident is unclear--may
find it particularly difficult to identify a reportable incident or
hazard. If the reporting threshold is set too high, significant safety
hazards may go undetected and unreported. In such environments, a low
initial threshold for reporting might be helpful, raising it over time
as workers develop familiarity with reportable events. However,
because of the greater frequency of incidents and safety concerns,
voluntary SRSs can be overwhelmed by the volume of submitted reports.
SRSs that focus on a particular type of incident or hazard area may
help to counteract this problem. In addition, if the reporting
threshold is set too low, reporters may feel events are too trivial
for reporting and that the SRS has little value. For example, surveys
of nurses and doctors have shown a range of opinions that constitute a
barrier to reporting, including beliefs that not all near-miss errors
should be reported or that reporting close calls could result in
significant change. The prevalence of these beliefs may reflect that a
"reporting culture"--one in which staff recognize and submit
reportable events--is not fully established.
Lessons from the literature on determining the level of event for
reporting include the need to:
* base the decision for mandatory or voluntary reporting on (1) the
level of event of interest and (2) whether the SRS will be used
primarily for enforcement or learning and;
* set reporting thresholds that are not so high that reporting is
curtailed, but not so low that the system is overwhelmed by the number
and variety of reportable events.
Classification of Error: Error Classification Can Guide Reporting and
Facilitate Information Sharing, but Can Limit Information Flow if Too
Restrictive:
To facilitate data-sharing across the organization or industry,
classification schemes provide standardized descriptions of accidents,
incidents, and concerns. Effective classification schemes can
facilitate safety improvement across organizations and industry by
providing a common language for understanding safety events and
precursors. For example, if several hospitals use a standard
classification scheme to submit incident reports to a patient SRS, the
resulting data can be used to examine incident data across hospitals.
Such data allow benchmarking of similar occurrences and promote a
better understanding of core hazards that exist across an industry.
Clearly defined and familiar classification terminology can also help
workers understand when and what to report. However, achieving a well-
defined and clear classification scheme--especially one that can be
used across an industry--can be difficult because different groups
within an organization or across an industry may classify events
differently. For example, one study on medical error reporting found
that nurses classify late administration of medication as a medical
error, whereas pharmacists do not.
Classification schemes should be broad enough to capture all events of
interest, but also well-defined enough to minimize receipt of
extraneous information. For example, organizational learning systems,
like FAA's NASA-run Aviation Safety Reporting System (ASRS), include a
broad definition of safety-related events to facilitate voluntary
reporting of all events. Alternatively, mandatory systems may include
a more specific classification scheme to capture deviations from
standard operating procedures. However, overly restrictive schemes may
lead workers to focus on certain events and neglect to report others.
For example, if a classification scheme is developed to consider only
compliance with an industry's standard operating procedures, workers
may not report safety-related incidents that involve factors other
than compliance. Similarly, overly detailed classification schemes may
be confusing for reporters if they do not know the appropriate codes
to apply. In addition, a classification scheme must be clear enough
for workers to understand what counts as a reportable incident.
Otherwise, underreporting or misreporting of incidents may result. If
possible, use of pre-existing industry-specific terminology in the
classification scheme can support information flow across the industry
and help workers--especially in industries new to safety reporting--
adapt to the SRS. Lastly, a classification scheme may require the
flexibility to allow different sites to adapt fields and elements to
match their own program goals and organizational cultures.
Design of a classification scheme may incorporate several strategies,
including (1) using an existing classification scheme from another
SRS, (2) modifying an existing classification scheme for use in a new
SRS, (3) developing a classification scheme based on incident reports
from the new or a similar SRS, or (4) using experts to develop a
classification scheme.
Lessons from the literature on designing classification schemes and
associated terms include the need to:
* develop classification schemes and associated terms that are clear,
easy to understand, and easy to use by drawing on terms already well
understood in the industry;
* test whether classification terms are clearly understood by
different groups in the organization;
* allow sufficient flexibility to (1) avoid narrowing the scope of
reporting in a way that limits all events of interest at the chosen
level of event, (2) allow different sites”if multiple sites will be
reporting to the same system”to adapt fields and elements to match
their own organizational culture, and (3) capture different types of
events and precursors, as they can change over time; and;
* develop a classification scheme that best suits the analytical
requirements and the comfort level of the organizational culture with
safety reporting and safety event terms.
Format and Mode: Report Mode and Format Must Balance Needs for Quality
and Quantity of Reported Information with Reporter Burden and
Proclivity to Report:
Reporting must be readily accessible and allow for sufficient
description of safety events without overburdening reporters with
extensive narrative requirements. Data collection considerations
include the format of the report (that is, the types of questions
included on the reporting form) and the mode of the report (that is,
how a report is physically submitted to the SRS, for example, by paper
or Internet). Both the report format and mode can affect the incentive
to report; the ease of reporting; and the type, quantity, and quality
of data collected. Decisions regarding the format and mode of
reporting are closely tied to the type of data desired from the SRS
and the organizational culture.
Report formats affect the quantity and quality of reports. For
example, question formats that allow workers to explain the incident
through narrative description may yield extensive details about the
incident. The literacy skills of the reporting population are
important considerations as well. Long narratives might be simple for
the highly educated but intimidating to those with less writing
proficiency. However, if workers are resistant to reporting,
structured question formats that use check-boxes or drop-down boxes
with categories may decrease the time it takes to complete an incident
report and thereby increase the incentive to report. Using structured
question formats will also decrease the amount of coding and
qualitative analysis that must be performed to examine the data. One
limitation of structured question formats, however, is that in
industries new to safety reporting, classification terms may not be
well developed or understood by the reporting population.
Options for SRS modes include paper, telephone, or electronic or Web-
based form. Although Web-based forms may increase the ease with which
data are collected, workers may be fearful of entering incident
reports using a Web-based form because reports can be traced back to
them. If workers perceive that the culture is punitive, mail reports--
especially to an outside entity that manages the system--can be the
most effective mode choice to alleviate these concerns. However,
accessibility of reporting forms can also affect the likelihood of
reporting. For example, if paper forms are outside the immediate work
area and require effort beyond the normal routine to complete, then
reporting may be curtailed. Since many workers have ready access to
the Web, a combination of Web and mail reporting may address both
access and sensitivity concerns.
Lessons from the literature on format and mode choice include the need
to:
* base decisions about report formats on (1) the type of data needed
for analysis, (2) capabilities of the reporting population, and (3)
maturity of existing safety event classification schemes within the
industry and;
* base decisions about report mode on (1) the accessibility of the
mode to the reporting population and (2) workers‘ concerns about and
willingness to report.
Reporting Management: SRS Administration and the Designated Reporting
Population Can Affect Willingness to Report and Analytical
Possibilities:
Reporting management includes decisions about SRS administration--who
will collect, analyze, and disseminate reports--as well as decisions
about who is allowed to submit reports. The choice of the entity
responsible for collecting, maintaining, analyzing, and disseminating
may affect the willingness of workers to submit reports. For example,
if workers perceive a punitive organizational culture or a lack of
confidentiality, they may be unwilling to submit reports to an SRS
within the workplace. An SRS managed by an independent, external
entity might alleviate these concerns. However, an organization may
have better awareness than an outside entity of internal safety
issues, expertise in analyzing and addressing them, and mechanisms for
encouraging participation in safety reporting. Consequently, decision
makers must weigh a variety of culture-related and resource
considerations in deciding how to administer an SRS.
The openness of reporting--whether reporting is available to all
workers or only to those in select occupations or positions--will also
affect the type and volume of data collected. For example, many
individuals--including pilots, ground crew, and controllers--can
submit reports to FAA's NASA-run ASRS, whereas only airlines can
submit reports to the Voluntary Disclosure Reporting Program (VDRP).
An open SRS, which accepts reports from different staff levels or
occupations, offers the potential for analysis of events from several
perspectives. However, such an SRS may be subject to staff hierarchies
that can limit reporting among certain employee groups or professions.
For example, in the medical industry, even when reporting is open to
both doctors and nurses, several studies have shown that nurses have a
greater awareness of and are more likely to submit reports to an SRS
than doctors. Similarly, reporting may be attenuated if events must be
reported up a chain of command, rather than directly by those involved
in an event. Direct reporting--regardless of position or occupation--
can increase the likelihood of reporting on a particular event.
Lessons from the literature on system administration and the reporting
population include the need to:
* base the decision for internal or external system administration on
(1) workers‘ degree of concern over punishment and confidentiality and
(2) availability of internal expertise and resources to analyze and
encourage reporting and;
* base decisions about who will be allowed to report on (1) awareness
of reporting hierarchies and (2) the type of information desired for
analysis.
Analytical Process: Report Prioritization, Data-Mining Techniques, and
Technical Expertise Can Enhance Results:
Analytical processes that focus on identifying safety improvements--
using report prioritization, data-mining techniques, and safety and
industry experts--can enhance the usefulness of reported information.
Frequently, the first step in analyzing reported data is determining
whether immediate action should be taken to address a safety concern.
Subsequently, analyses that explore why a particular event may have
occurred--such as root cause analysis--may be used to understand the
contributing factors to safety events and to design solutions to the
problem. Data-mining techniques, including those that combine safety
reports with other databases, can also be used to look for patterns of
events across organizations or a broad range of reports. Data mining
requires the capability to search for clusters of similar events and
reports that share common characteristics. Technical expertise, as
well as specialized software, access to other data sources, and data
format requirements, affects data-mining capabilities. For example,
data-mining searches may be more complicated when error reports
include both structured and open text (narrative) formats because open
text must be made suitable for data mining. In addition to these
retrospective analytical techniques, probabilistic risk assessment
methods may also be used as a proactive approach to examine all
factors that might contribute to an event. Literature on SRS use in
industries, such as nuclear power and aviation, advocate using a
combination of these approaches to provide a more thorough analysis of
reported data.
Finally, using data analysis techniques to prioritize incident reports
can facilitate analysis by identifying which reports require further
analysis or demand immediate review because they represent serious
safety concerns. Because analysts must have the technical skills and
relevant knowledge to make sense of the data, decisions about the
analysis will be linked with system administration and whether
technical and industry expertise reside within the organization.
Thorough analysis may require multidisciplinary committees that
contribute a variety of expert perspectives, but the breadth of
expertise required may not be readily available within an
organization. For example, analysis of medication error reports may be
conducted through multidisciplinary committees that include
physicians, nurses, pharmacists, quality managers, and administrators.
In the airline industry, an event review team (ERT), consisting of
representatives from the air carrier, the employee labor association,
and the FAA, is used to analyze reports as part of the Aviation Safety
Action Program (ASAP).
Lessons from the literature on analytical process include the need to:
* use a report prioritization process to quickly and efficiently
address key safety issues as they arise and;
* align analysis decisions with (1) report formats, (2) system
administration and location of technical expertise, and (3)
availability of other relevant data needed for analysis.
Second Key Area: Reporter Protections and Incentives:
SRSs--whether mandatory and voluntary--depend on the willingness of
workers to report mistakes they or others have made. It is unlikely
that workers would take the risk of reporting without protections that
provide confidence that their reports will be kept private and
incentives to report their errors. There are a variety of ways to
design SRSs to protect the identity of the reporter and to encourage
reporting, including (1) accepting anonymous reports, (2) providing
effective confidentiality protections on reported data, and (3)
deidentifying data sets. The principle reporting incentive is limited
immunity--whereby workers are granted protection from certain
administrative penalties when they report errors. There are advantages
and disadvantages to anonymous and confidential reporting, and
decisions about which to use should be guided by program goals and
culture-related considerations.
Anonymity Is the Surest Method for Protecting Reporter Identity, but
Can Limit Reporting Data:
Anonymity--reporting without identifying information--protects
reporters against legal discovery should the data be requested in a
subpoena. Because an individual's name is not tied to an incident
report, anonymity may lower the psychological barrier to reporting,
including fears about admitting a mistake or looking incompetent,
disclosure, and litigation. Anonymity may be critical in motivating
reporting among workers in an organizational culture seen as punitive,
especially when legal protections for reporter confidentiality may not
be feasible or well established. Report mode is also linked with
reporter protection choices. For example, one SRS for medication
errors was developed as a paper-based system because administrators
felt any electronic system could not be truly anonymous.
Despite the protection anonymity offers reporters, there are distinct
disadvantages, including the inability to obtain clarification or
further information from reporters. This limitation may compromise the
integrity of system data because investigators have no means for
validating and verifying the reported information. In addition,
anonymous data sets tend to be less detailed than identified data
sets. Initial reports from identified data sets can be supplemented by
follow-up interviews with reporters. The need to follow up with
reporters may also make anonymous reporting unfeasible, even in
organizations where significant reporting concerns exist. Anonymous
reporting also tends to limit the number of data elements that can be
derived from reports, making these data sets less useful than others,
particularly when trying to identify patterns of error. For example,
if fields that could identify reporters--such as occupation, location,
and position--are not collected, statistics on safety events across
organizational subunits or occupations would be impossible.
Another disadvantage of anonymity is that reporters cannot be
contacted for clarification or to provide direct feedback--a useful
technique for obtaining worker buy-in to the system. If reporters are
given specific feedback on actions taken to address issues brought up
in their reports and the outcomes of these actions, then reporters are
more likely to (1) attribute value to the SRS and (2) continue
submitting reports. Some SRSs have addressed this problem by offering
a compromise. Reporters can receive a unique identification number
that allows them to track the progress of their reports through the
SRS. However, if reporters are mistrustful enough that anonymous
reporting is necessary, they may not feel comfortable using an
optional identification number provided by the SRS. Even anonymity may
not be enough to alleviate reporters' fear of retribution. Other
disadvantages of anonymous reporting include the potential for (1)
workers to falsely report on the behavior of others in the absence of
report validation and (2) managers to discredit information about
concerns or incidents as reports of "troublemakers." Yet another
disadvantage is the inability to maintain anonymity in small reporting
populations or where the circumstances surrounding an incident are so
specific (to an organization, individual, date, and time) that any
mention of them would disclose the parties involved.
Confidentiality Enables Follow-up with Reporters but Includes the
Potential for Compromising Reporter Identity:
Confidential reports allow investigators to follow up with reporters
to gain a better understanding of reported incidents because the link
between the reporter and report is maintained. However, fear of
providing identifying information may limit reporting. Confidentiality
is accomplished through legislative, regulatory, or organizational
provisions to protect reporter privacy. Such provisions can include
exemptions from subpoena or disclosure, protections against civil or
criminal lawsuits for reporting, or criminalizing confidentiality
breaches. For example, some state-based mandatory SRSs for medical
errors include statutory provisions that protect reporters from some
potential legal liability. One international aviation SRS has
legislation making confidentiality breaches a punishable offense.
Maintaining identifying information enables data analysis across
professions and organizations, which can aid in benchmarking. Such
information can reveal whether recurring incidents indicate problems
within a specific organization or profession as opposed to those that
are industrywide, thereby targeting interventions to areas in greatest
need. Reporting formats may be less burdensome for confidential
systems than for anonymous systems, which must gather all details up
front. Confidential reporting allows investigators to gather
significant information through follow-up interviews, so less detail
needs to be provided on the reporting form. In the literature, report
follow-up was associated with a variety of positive results. For
example, it can (1) add to reporters' long-term recall of the event,
enhancing the quantity and richness of information collected; (2)
support event validation and clarification; and (3) bring closure to
an incident and assure reporters their information is being taken
seriously, thus increasing the likelihood of future reporting.
A potential disadvantage of a confidential SRS is that workers may be
fearful of the consequences--real or implied--of reporting. Moreover,
for systems untried by the legal system, the surety of confidentiality
provisions can be--in reality or perception--tenuous. For example, the
Applied Strategies for Improving Patient Safety (ASIPS) is a multi-
institutional reporting system designed to analyze data on medical
errors and is funded by the Agency for Healthcare Research and Quality
(AHRQ). This voluntary SRS for patient safety events relies on
confidential reports provided by clinicians and office staff. While
this reporting system promises reporters confidentiality within the
system, the program can offer no protection against potential legal
discovery. However, because ASIPS is funded by AHRQ, ASIPS reporters
would be protected by the confidentiality provision in AHRQ's
authorizing legislation, although the protections provided by this
provision have never been tested through litigation. Because of the
uncertainty of confidentiality protections, administrators of ASIPS
chose to build strong deidentification procedures--removal of
identifying information from reported data--into the system rather
than rely solely on confidentiality protections. Another potential
disadvantage of confidential SRSs is that costs may be higher than an
anonymous system if follow-up interviews with reporters are part of
SRS requirements. Sufficient resources are required for investigation
and follow-up with reporters; however, resource constraints may limit
these actions. Additional resource commitments (in the form of follow-
up interviews) are also assumed by those who submit confidential
reports.
Data Deidentification Provides Additional Reporter Protection:
Data deidentification supports confidentiality provisions since the
deidentification process makes it difficult to link reports to
specific individuals or organizations. Deidentification can also
support feedback mechanisms because the data can be readily shared
within and across organizations and industries. Data can be
deidentified at the source or in summary reports and data systems.
Source deidentification involves removal and destruction of all
identifying information from reports after follow-up and investigation
have been completed. Secondary data deidentification involves removal
of identifying information in summary reports or databases for sharing
safety information and alerts. Deidentification of source reports
strengthens confidentiality protection because records are unavailable
even if they are subpoenaed. Source report deidentification may
require (1) technical solutions if reports are collected
electronically and (2) special processes if collected in another
format. Eliminating the link between the reporter and the report can
help reinforce the confidential nature of an SRS and provide an
incentive for reporting, as long as the process for deidentification
is understood by the reporting population. Deidentified data can be
readily shared within or across organizations and industries,
enhancing analytical possibilities by increasing the number of
reported incidents available for analysis.
Limited Immunity Provides Reporting Incentive:
Limited immunity provisions can increase the volume of reports,
particularly when there are emotional barriers, such as fear about
reporting one's mistakes. These provisions offer protection from
certain legal or regulatory action if certain requirements are met.
For example, the ASRS offers limited immunity from enforcement actions
provided certain requirements are met and the incidents do not involve
criminal or negligent behavior. The literature suggests that the
immunity provisions offer a strong incentive to report and that pilots
would not submit ASRS reports if these provisions did not exist.
Numerous international SRSs also contain immunity provisions,
including the Danish aviation SRS and patient care SRSs in both
Australia and Israel.
Lessons from the literature on choosing reporter protections and
incentives include the need to:
* base the choice between anonymity and confidentiality on (1)
organizational culture, especially workers‘ degree of concern about
punishment and confidentiality, and (2) the amount of detail required
for analysis and whether it can be collected without follow-up;
* consider hybrid systems in which confidential and anonymous
reporting are used simultaneously if there is a conflict between
organizational culture and data need;
* develop data deidentification measures to support confidentiality
and data-sharing efforts; and;
* consider limited immunity provisions to increase the reporting
incentive.
Third Key Area: Feedback Mechanisms:
Because a primary SRS function is safety improvement, the system must
include feedback mechanisms for (1) providing actionable safety
information to the relevant populations and (2) improving the SRS
through identification of reporting gaps across occupations or
locations and evaluation of the effectiveness of the system as a
safety tool.
Feedback to Reporters and Industry Promotes Safety Improvement and
Reinforces Reporting:
To support its primary function of safety improvement, an SRS must
include feedback mechanisms for providing actionable safety
information to the relevant populations. A variety of populations can
benefit from SRS feedback, including (1) reporters, (2) managers, (3)
organizations and the industry at large, and (4) system
administrators. Feedback to reporters is essential in order to promote
safety and reinforce the benefits of reporting. If workers who report
safety events do not see any evidence that their report has been used,
they may question the value of the system and discontinue reporting.
Feedback among managers promotes management awareness of safety
concerns, management buy-in, and top-level efforts to address those
concerns. Feedback across the organization or industry can provide
tangible evidence of the value of the SRS by alerting management and
workers to important safety issues. Industry feedback can also provide
a benchmark to compare safety across similar organizations when data
are (1) collected at the local level and (2) compiled in a centralized
regional or national database. Use of such benchmarks may help
decision makers identify gaps in performance and practices that may
improve safety conditions in their own organization.
Feedback on System Performance Supports Targeted Outreach and System
Improvement:
Feedback mechanisms for system evaluation are also important in
ensuring the SRS's continued effectiveness. Feedback on reporting gaps
across occupations or locations can help identify nonreporting
populations. When these reporting gaps are compared with other data--
such as reports from comparable sites--they can help identify areas in
need of targeted outreach and training. In addition, feedback from
safety culture and system-user surveys, which assess safety and
reporting attitudes, can be used to evaluate the effectiveness of an
SRS. Performance metrics on safety improvement can be incorporated
into these surveys, providing information on the degree to which
program goals are being met and identifying areas of needed system
improvement.
Lessons from the literature on choosing feedback mechanisms include
the need to:
* provide direct feedback to reporters to foster worker-specific buy-
in for reporting;
* provide regular, timely, and routine feedback”for example, in the
form of newsletters, alerts, Web sites, and searchable databases”to
support overall organizational buy-in for reporting;
* provide positive feedback to managers who receive a high volume of
reports to demonstrate the importance of reporting and counteract the
perception that error reporting reflects poorly on management;
* use the data to identify reporting gaps for targeted outreach and
training; and;
* evaluate the effectiveness of the SRS to support ongoing
modification and improvement.
Case Studies Demonstrate the Need for Assessment and Resources in
Design and Implementation and Suggest Certain Features in the Three
Key Areas:
Lessons from case studies of safety reporting systems (SRS) in three
industries--aviation, commercial nuclear power, and health care--
indicate the importance of cultural assessment and resource dedication
in SRS design and implementation, and suggest certain features in the
three key areas.[Footnote 26] Although the industries differ in type
of work, regulation, and ownership, all three face substantial
inherent risks to health and public safety and have made significant
investments in promoting safety through voluntary SRS programs.
Consequently, their experiences suggest lessons that can be applied to
the design and implementation of an SRS for biological labs.
Collectively, these SRSs reflect 70 years of safety reporting
experience. In particular, the FAA's NASA-run Aviation Safety
Reporting System (ASRS) in aviation, the Institute of Nuclear Power
Operation's (INPO") Significant Event Evaluation--Information Network
(SEE-INŽ) system in commercial nuclear power, and VA's internally
managed Patient Safety Information System (PSIS) and NASA-run Patient
Safety Reporting System (PSRS) in VA health care provide the basis for
the following four lessons for SRS design and implementation:[Footnote
27]
1. Assessment, dedicated resources, and management focus are needed to
understand and improve safety culture.
2. Broad reporting thresholds, experience-driven classification
schemes, and processing at the local level can be useful SRS features
in industries new to safety reporting.
3. Strong legal protections and incentives encourage reporting and
help prevent confidentiality breaches.
4. A central industry-level entity facilitates lesson sharing and
evaluation.
Lesson 1: Assessment, Dedicated Resources, and Management Focus Are
Needed to Understand and Improve Safety Culture:
The case studies demonstrate that establishing a robust safety culture
is neither quick nor effective without a multipronged effort--
involving assessment, dedicated resources, and management focus--to
recognize safety challenges and improve safety culture. Despite the
costs and challenges of implementing an SRS, the industries recognized
they could not continue to operate without safety improvements and
their SRSs were a key tool in these efforts.
Assessing Safety Culture Can Alert Management to Workplace Safety
Issues:
Each of the three industries created its SRS after recognizing that
existing operations and safety culture posed an unacceptable risk to
workers and the public. In both the aviation and the commercial
nuclear power industries, SRS initiation was prompted by serious
accidents rather than a proactive assessment of the safety culture.
The Veterans Health Administration proactively initiated an SRS
program after its administrators and patient safety advocates
recognized the need to redesign systems "to make error difficult to
commit."[Footnote 28] Such assessments can reveal systemic safety
culture problems before they become critical.
Aviation:
The concept of a voluntary aviation reporting system was suggested in
1975 by the National Transportation Safety Board (NTSB), the FAA, and
the aviation industry following an investigation of a fatal airline
accident near Berryville, Virginia. The NTSB found that the accident
might have been averted if previous crews' reports about their near-
miss problems in that area had been shared. These problems included
inadequate aviation maps and the cockpit crews' misunderstanding
related to the air traffic controllers' terminology. The NTSB reported
that the industry culture made it difficult to report these problems.
These cultural barriers were apparently known, although a safety
culture assessment might have afforded proactive efforts to correct
them. As one solution to these problems, the NTSB suggested an
aviation SRS, initially managed by the FAA and known as the Aviation
Safety Reporting Program. But within a few months, the FAA had
received few reports. It therefore transferred operation and
management of the program to NASA and renamed it the Aviation Safety
Reporting System (ASRS).[Footnote 29]
Commercial Nuclear Power:
In 1979, the partial meltdown of a reactor at Three Mile Island (TMI)
in Pennsylvania led to the creation of INPO, an industry-initiated
technical organization that collects, studies, and shares safety
lessons throughout the industry using the SEE-IN program. The INPO
program was developed and is managed independently of the Nuclear
Regulatory Commission (NRC) regulatory requirements. Although the NRC
regulates the safety of commercial nuclear power generation,[Footnote
30] at the time of TMI, nuclear utilities had been operating with a
high degree of autonomy and were fairly insular, according to a 1994
study.[Footnote 31] The 1994 study of the safety culture at nuclear
reactors found that the management style reflected the culture of
conventional energy plants--a "hands-off management" and "fossil fuel
mentality" that emphasized maximum energy production as the highest
value.[Footnote 32] An industry official explained that the TMI
accident was a shock for the industry, which became determined to
operate its nuclear reactor facilities safely and reliably, thereby
convincing the American public it could be responsible and safe. The
entire U.S. commercial nuclear power industry joined INPO within
months of the TMI incident, and remains members today. The industry
focused early efforts on plant evaluations to understand the culture
that had led to the TMI accident. Within a year, INPO produced the
first of its Significant Operating Event Reports, which provide
information on identified safety problems and make recommendations for
improvement.
Despite safety advances in the decades after INPO was established, the
industry was once again reminded of the importance of safety culture
assessment in 2002, when corrosion ate a pineapple-sized hole in the
reactor vessel head at the Davis-Besse plant in Ohio.[Footnote 33]
Prior to this incident, INPO had given individual plants the
responsibility for assessing their safety culture--assuming that they
had a good understanding of it. Investigation revealed that a weak
safety culture contributed to the incident. After the Davis-Besse
incident, INPO re-emphasized the importance of proactively assessing
safety culture before critical safety failures occur. In response to
the incident, they recommended that safety culture assessments be a
permanent, periodic requirement.
Health Care:
After VA hospital accidents that had resulted in harm to patients, the
VA established the National Center for Patient Safety (NCPS) in 1999.
That unit designed and launched two options for reporting--one
internal (the PSIS) and one contracted (the PSRS) to the same NASA
center that operates ASRS for the FAA.[Footnote 34] The VA launched
its SRS program guided by a vision emerging in the medical community
to "create a culture in which the existence of risk is acknowledged
and injury prevention is recognized as everyone's responsibility."
[Footnote 35] The VA hired management with experience in NASA's safety
programs, who surveyed safety culture as they initiated the SRS. In
addition, the NCPS has conducted three nationwide safety culture
surveys, beginning in 2000, to understand the attitudes and
motivations of its frontline workers. The most recent, in 2009,
allowed the NCPS to identify a subcategory of caregivers for
intervention.
Improving Safety Culture Requires Dedicated Resources, Including Time,
Training, and Staff Investment:
Safety culture improvement depends on a robust reporting culture,
which requires considerable investment of time and resources. As the
experiences of the three industries demonstrate and as shown by SRS
data from two of the case industries, these investments pay off in an
increase, over time, in the volume of safety reports. Figure 3
illustrates time frames and growth in SRS reporting for FAA's ASRS and
the VA's PSIS.
Figure 3: Growth in Aviation and VA Health Care Safety Reporting, 1981
to 2008:
[Refer to PDF for image: multiple line graph]
Calendar year: 1981;
ASRS: 3,791.
Calendar year: 1990;
ASRS: 34,000.
Calendar year: 2000;
ASRS: 37,000;
PSIS: 300.
Calendar year: 2005;
ASRS: 41,000;
PSIS: 75,000.
Calendar year: 2008;
ASRS: 50,000;
PSIS: 108,000.
Source: VA, NASA.
Note: Comparable data from the commercial nuclear power industry are
not available. The earliest data for the ASRS are in 1981, although
the system began in 1976.
[End of figure]
Through conventional classroom and seminar training, workers in some
industries learned the terms, goals, and instruments of the new
voluntary SRS. Several innovative training opportunities were also
marshaled, including on-the-job training and employee loan and
training programs focused on improving teamwork. Both types of
training supported safety culture change and developed trust in the
SRS. Staff time and investment at all levels were necessary to
accomplish these training goals.
Aviation:
From the inception of ASRS, the volume of aviation safety reports grew
slowly, indicating an increasing understanding among reporters of the
multiple factors that contribute to safety. However, a 1994 National
Academy of Public Administration (NAPA) evaluation, requested by the
FAA, found that FAA funding provided to NASA for the operation and
management of the ASRS had not kept pace with the work.[Footnote 36]
According to a NASA ASRS official, because resources were insufficient
to perform a detailed analysis on all the reports, reports are
triaged. Only those deemed most hazardous receive deeper analysis. The
NAPA report also noted that the aviation community broadly affirms the
safety value of ASRS and uses the data for training and safety
awareness. By contrast, some FAA line employees said ASRS was of
limited use. As a result of the NAPA report and congressional actions,
the FAA modestly increased funding. After the NAPA recommendation to
modernize, the ASRS transitioned from paper to electronic report
submissions. A recent FAA-sponsored study recognizes the importance of
training and retraining all SRS stakeholders, offering best practices
for formal and informal training. Reporting has increased. ASRS
currently receives about 50,000 reports per year, which demonstrates a
sustained level of trust in reporting. However, the study of best
practices in FAA's voluntary reporting options recommended that SRS
managers assess the availability of resources and plan for acquiring
them, as resource needs are likely to increase over time.[Footnote 37]
In further recognition of the importance of resources to ASRS, the
latest Memorandum of Understanding between the FAA and NASA also
includes a yearly inflation factor for the ASRS budget.
Commercial Nuclear Power:
Safety reporting to INPO's SEE-IN program began in 1980. The volume of
reports forwarded to INPO from the plants is between 3,000 and 4,000
annually.[Footnote 38] Early safety reports tended to focus on
technical failures and INPO realized that reporting on human error
needed to increase, according to an INPO liaison.[Footnote 39] Moving
beyond reporting equipment failure required significant training. To
encourage reporting of both equipment and human factor issues, INPO
established and continues to accredit training courses. Recognizing
the importance of having staff with industry knowledge to communicate
the relevance of safety and reporting in a way that is palatable to
industry, INPO began a second wave of hiring of people with nuclear
industry experience to ensure the safety science message was managed
and communicated in a way that both sides could understand. Despite
increases in reporting, however, the Davis-Besse incident in 2002
highlighted the serious consequences of lapses in safety culture.
Among other actions, INPO issued its safety principles document in
2004, which provides a framework for assessing safety culture. The
document outlines aspects of positive safety culture, such as workers'
questioning attitudes that support reporting and managers'
demonstrated commitment to safety through coaching, mentoring, and
personal involvement in high-quality training.
Health Care:
Reporting to the VA's PSIS grew strongly, from 300 incidents reported
annually at local hospitals in 2000 to 75,000 in 2005. Yet, the
initiation of a voluntary safety reporting system in the VA health
care facilities has faced considerable cultural and institutional
challenges. For example, one study found the various professions
within hospitals disagreed--when presented with scenarios such as late
administration of medication--as to whether an error had occurred. In
congressional testimony in 2000,[Footnote 40] we had observed that if
the VA hospital system was to implement an SRS, the VA would face a
challenge in creating an atmosphere that supports reporting because
hospital staff have traditionally been held responsible for adverse
patient outcomes. In our 2004 report, we also found that power
relationships, such as nurses reluctant to challenge doctors, can be
obstacles to patient safety. However, after the first 3 years of the
VA health care system's SRS, the cultural change that supports safety
reporting was under way at three of four facilities studied, as a
result of experiential training in addition to conventional classroom
training. The growth in reported events to the VA SRS over the last 10
years and our 2004 study suggest that the actions that the VA took can
be successful in supporting a safety culture and reporting.
Experiential--that is, on-the-job--training, in addition to
conventional classroom experience, fostered the habit of reporting
safety events at many VA hospitals. Since the initial years of the
VA's hospital SRS, clinicians and other VA workers have been selected
to participate in the hospital-based analysis of SRS reports so that
they could learn how the reports would be used. Once patient safety
managers prioritized reports, interdisciplinary teams of hospital
staff, including local frontline clinicians, looked for underlying
causes and devised systemic fixes. Through this experience, clinicians
and other hospital staff saw first-hand the rule-driven and
dispassionate search for root causes that resulted in a systemic fix
or policy change rather than punishment. We found that (1) this
training fostered a cultural shift toward reporting systemic problems
by reducing fear of blame, and (2) staff were impressed with the team
analysis experience because it demonstrated the switch from blame and
the value of reporting close calls.[Footnote 41] In addition, the VA
brought together facility-level workers, including patient safety
managers from VA medical centers across the nation, to introduce them
to the SRS. Through these seminars, staff were introduced to SRS
terms, tools, goals, and potential obstacles. They heard success
stories from industry and government, findings from the early VA
safety culture surveys, and recent alerts and advisories.
Changing Safety Culture Requires Management Focus:
To overcome cultural barriers to safety reporting--such as fear of
punishment, lack of trust between coworkers and management, and
hierarchical prohibitions on communication--management demonstrations
of support for the SRS are important. In the three industries, this
support was demonstrated through the deliberate use of tactics shown
to be effective at changing safety culture and supporting safety
reporting such as (1) open communication across the workplace
hierarchy encouraged in small group discussions and meetings with
managers; (2) storytelling, a tool to direct changes in norms and
values; and (3) rewards for participation in safety reporting or open
communication in meetings.
Aviation:
The three decades of ASRS experience demonstrate the importance of
consistent focus versus episodic efforts to publicize and support the
SRS. In the early stages of ASRS implementation, the FAA and ASRS
staff relied on small group briefings and promotional documents to
foster awareness and trust in reporting. For example, the FAA, through
its Advisory Circular, notified the aviation community that the system
was operational and, along with NASA, issued press releases and
conducted briefings about the system. In addition, industry groups and
airlines publicly expressed support for the system, and, according to
a 1986 NASA report, an advisory group carried "the word about ASRS
program plans and accomplishments back to their respective
constituencies."[Footnote 42] Other early promotional efforts included
the distribution of descriptive brochures and posters to operators,
FAA field offices, air traffic control facilities, and airline crew
facilities. As a result of these efforts, according to NASA's 1986
report, the number of reports coming into the system in the early
years exceeded expectations. However, a NAPA study 8 years later
raised concerns about the lack of publicity. That study found that
pilots lacked knowledge of the ASRS and the immunity features[Footnote
43] and questioned the FAA's credibility. NASA responded with a second
promotional surge by (1) publishing its first CALLBACK, a monthly
online bulletin, and (2) touring FAA regional headquarters to promote
the SRS. However, the NAPA study concluded that the lack of internal
FAA support for the ASRS had limited the degree to which FAA uses ASRS
data, and led to questioning the legitimacy of ASRS products and
activities. That study also found that FAA line officers (with the
exception of the Office of Aviation Safety) thought the ASRS had
limited utility, and some even suspected bias in reporting as a result
of reporters' interest in earning immunity from FAA enforcement
actions. To address these concerns, the FAA has recently been advised
to elevate the importance of establishing an initial shared vision
among all stakeholders through open discussion and training and
sustained promotion efforts.[Footnote 44]
Commercial Nuclear Power:
INPO focused on leaders and employee loan programs to change the
industry's safety culture one employee and one plant at a time.
Leadership's demonstrated commitment to safety is a key INPO principle
for a robust safety culture. This key principle stems from the
philosophy of having "eyes on the problem." That is, plant managers
must be out in the work areas, seeing things and talking to employees
in order to reinforce a safety culture. This principle also includes
reinforcing standards and encouraging candid dialogue when safety
issues arise. Such reinforcement can be in the form of rewards for
reporting, such as being congratulated at plant meetings for a "good
catch." Managers also have incentives to encourage workers to report.
Following its biannual inspections, INPO summarizes its assessment of
the plant's safety conditions, providing a numeric score, partly based
on the robustness of the plant's SRS. These safety scores are
important to plant managers because they can affect regulatory
oversight and insurance premiums. Scores range from 1 to 5, with 1 as
the top safety rating. While these assessments may result in more
attention and assistance for safety improvements, they also instill
pride in the plant, and at annual managers' meetings, managers of
plants with the highest scores receive recognition.
INPO has also facilitated active peer review and employee loan
programs to break down the insularity of the TMI era. When individuals
with in-depth industry experience participate in the inspection
process and work at INPO headquarters, they see firsthand the
excellence other plants practice and how those practices relate to
INPO safety initiatives.
Health Care:
The VA hospitals used small group meetings, storytelling, and small
rewards to reinforce safety reporting. At the most successful VA
hospital we reviewed in 2004, administrators held more than 100 small
group meetings where storytelling was used in order to introduce the
new SRS.[Footnote 45] VA hospital administrators used examples from
aviation wherein two airline pilots failed to communicate well enough
to avoid a fatal crash. The crash might have been avoided had the
first officer challenged the captain. This story raised parallels with
the medical hierarchy and led to discussions about similar unequal
power relationships in the hospital. Administrators introduced more
effective ways to challenge authority, naming it "cross-checking." An
early report to the VA SRS, which involved nearly identical packaging
for an analgesic and a potentially dangerous drug, was made into a
poster as part of the campaign for the SRS. The more successful VA
hospitals rewarded the month's best safety report with a plate of
cookies or certificates to the cafeteria. This playful openness
reduced secrecy and fears of punishment and increased comfort with
reporting, according to our 2004 analysis.
Lesson 2: Broad Reporting Thresholds, Experience-Driven Classification
Schemes, and Processing at the Local Level Are Useful Features in
Industries New to Safety Reporting:
After the three industries instituted a voluntary SRS, workers
experienced a sharp learning curve in recognizing a reportable event
and developing trust in reporting. The industries encouraged early
reporting in a variety of ways. Overall, their experiences demonstrate
that reporting is enhanced when (1) reportable events are broadly
defined and allow reporting from a wide range of workers; (2) workers
are able to describe the details of an incident or concern in their
own words, with classification schemes applied by specialists at a
higher level; and (3) both internal and external reporting options are
available, along with some degree of report processing at the local
level.
Broad Thresholds and Open Reporting Are Useful Features When Starting
an SRS:
In the three case industries, an early challenge was workers' lack of
understanding of what should be reported. In each of the industries,
the creation of an SRS involved broadening workers' concepts of safety
events, in addition to accidents, that were worthy of reporting.
Nevertheless, early reporting still tended toward accidents and
technical issues--accidents because they were fairly evident and
harder to hide and technical issues (as opposed to human factors)
because the external nature of the fault provided some distance from
individual blame. Reporting these technical events helped workers
become more comfortable with reporting and provided objective links
between their reports and systemic safety improvements, according to
several industry officials. Over time, workers' ability to identify
less concrete, but equally unsafe, nontechnical issues grew. The
industries managed this growth, in part, by keeping the threshold and
definitions for reportable events simple. In some cases, direct
reporting--as opposed to reporting hierarchically, up the chain of
command--was used to eliminate the fear that workers might have about
reporting a mistake to the boss. Open reporting of events from several
workers--especially those in different occupations--provided more raw
data in the search for underlying causes, as well as information about
the event from a variety of perspectives.
Aviation:
The ASRS used a broad definition of reportable events and allowed all
frontline aviation personnel to report them. Any actual or potential
hazard to safe aviation operations are included in reportable events,
thus expanding to areas on the risk pyramid beyond "accident." Serious
accidents are not reported to the ASRS, since they are already covered
by the NTSB. While reporting is available to all participants in the
national aviation system, for several decades, the majority of reports
were from pilots. After outreach and initiatives--such as revised
specialized forms--the ASRS has in recent years seen modest increases
in reports from diverse groups of workers, such as maintenance
workers, enhancing the potential for analysis of single incidents from
a variety of perspectives. To reduce the loss of information that
could occur if reports from frontline workers are filtered through
work hierarchies, the ASRS makes it possible for individual aviation
workers to report directly to the central collection unit within NASA.
Commercial Nuclear Power:
Individual nuclear plants operate corrective action reporting
programs, which feed into INPO's SEE-IN system. The plant-level
corrective action programs have a zero threshold for reporting--that
is, workers can report anything of concern. To make the definition for
reporting clear to workers, INPO characterizes the reporting threshold
in terms of asking workers to report events that they would want to
know about if the event had happened elsewhere.[Footnote 46] In
addition to establishing low reporting thresholds, a broad spectrum of
workers are encouraged to report to the plant's corrective action
programs. Open reporting and low reporting thresholds are necessary to
ensure the fullest coverage of significant event reporting, according
to an INPO liaison. While the individual plants are expected to assess
and address the bulk of reports, they must also identify the most
significant reports to send to INPO. Plants forward between 3,000 and
4,000 concerns to INPO each year from the estimated 400,000 concerns
reported and resolved at the plant level through their corrective
action programs. To ensure all staff are encouraged to report any
event of interest, INPO examines the robustness of the plant's
reporting culture during biannual plant inspections. As part of this
process, INPO also compares corrective action reports to SEE-IN data
to determine whether there are reports in the corrective action system
that were not forwarded to INPO that should have been. If such
discrepancies arise, these cases are discussed with plant managers to
educate and clarify the plant's reporting thresholds to INPO.
Health Care:
Prior to the SRS program, VA hospital workers were accustomed to
reporting only the most serious events, such as inpatient suicides or
wrong-site surgery. The VA SRS program expanded the definition of
reportable events to include incidents--such as close calls or errors
that caused no patient harm--in recognition of the value of incident
data in detecting systemic safety problems.[Footnote 47] Despite the
conceptual shift in reporting expectations, in our 2004 report, we
found that 75 percent of clinicians we surveyed at four facilities
understood these new reporting requirements. In addition, the SRS
program was designed to allow direct reporting from any member of the
medical center staff to the patient safety manager. This expansion--
beyond the previous expectation that nurses would report to their
supervisors--was made in recognition of the power relationships among
clinicians that might inhibit reporting. As a patient safety manager
noted, the change in reporting expectations was evidenced when a chief
surgeon came to report instances of mistaken patient identity in the
surgery.
Encouraging Workers to Report Incidents in Their Own Words Facilitates
Reporting Initially:
In all three industries, delaying the launch of an SRS for development
of a formal error classification scheme would have been unpalatable in
light of significant pressure to implement solutions following serious
events. Further, some safety experts believe rigid early
classification of error can limit new knowledge and insights. In the
absence of such schemes, the industries allowed reporters to give
detailed narrative accounts of the incidents or concerns in their own
words. As the industries' comfort with error terminology develops,
some SRSs may encourage reporters to classify certain aspects of
events in order to facilitate industrywide analyses.
Aviation:
ASRS reports are primarily experiential narratives in the words of the
reporters. Although the heavily regulated aviation industry had event
definitions for rule enforcement, studies have concluded that the ASRS
was begun without a formal classification of errors.[Footnote 48] The
unstructured nature of the narrative reports is an analytic challenge.
However, the ASRS has developed a set of 1,200 separate codes that
facilitate the analysis of aviation risk. Recent FAA activities are
focused on the benefits of an integrated data system for safety events
that combines ASRS's narrative reports and other reporting systems.
Understandably, international aviation safety organizations have
declared common reporting methods--including terms and forms--best
practices.
Commercial Nuclear Power:
The corrective action reporting programs at each plant collect
information as narratives in the workers' own words. Corrective action
reports are reviewed at the plant level by a team of managers and
specialists. As part of this review, the team determines what actions,
if any should be taken to address the issue, and reports are sorted
and some level of classification is applied. Most corrective action
reports are dealt with at the plant level. Only reports that rise to a
defined level of significance--as determined through the review
process--are sent on to INPO. While the reports sent to INPO do
maintain narrative description of the event, they also classify
specific aspects of the event. INPO further sorts and classifies these
reports and produces various levels of industry alerts based on this
review.
Health Care:
According to a VA official, the SRS program was launched without an
error classification system at the reporter level. Considering that
even now the science for developing a formula for public reporting is
evolving, he noted that the time it would have taken the VA to develop
such a system would have delayed the launch by several years. Instead,
the classification is done centrally. The VA has maintained this
process because it believes that application of an error
classification scheme is best done at higher levels by, for example,
the patient safety managers. The VA official observed that the Agency
for Healthcare Research and Quality (AHRQ) has been working on a set
of error terms for nearly 5 years; however, there is, to date, no
industrywide agreement on error or adverse event terminology in health
care, although one for select health care institutions is under
review.[Footnote 49]
Reporting Options with Some Local-Level Processing Facilitates
Reporting Initially:
The initiation of SRS programs in two industries was driven by urgent
circumstances, before there was time to assess workers' willingness to
report. However, while program developers did not know everything
about the problem, they did know that existing knowledge about the
workforce culture could provide some basis for planning--that is, if
employers suspect they have a mistrustful workforce, they can plan for
it. In addition, the industries recognized that the value of local-
level processing for improving safety culture and awarding
responsibility for safety to the frontline was too great to completely
give to an outside entity. Therefore, they developed a bi-level
process for assessing safety data at both the local and industry
levels.
Aviation:
The airline industry manages the tension between trust and ownership
in SRS reporting by offering a variety of internal and external, as
well as local-and industry-level, reporting options. The ASRS (an
external reporting option) was originally managed by the FAA, but
within a year, it was moved to NASA--an honest broker--because of
concerns that reporting directly to the regulator would discourage
reporting. While separating the reporting function from regulation
encouraged reporting, it may have fostered unconstructive perceptions
of the ASRS among some FAA staff. Specifically, the 1994 NAPA
evaluation found that FAA workers may not understand the ASRS and,
consequently, devalue it. While the ASRS receives reports directly
from reporters, the FAA's Voluntary Safety Programs branch (VSP)
launched a bi-level SRS program in which 73 airlines are primarily
responsible for receiving and processing reports and implementing
solutions. By selecting a private structure for these SRSs, the FAA
gets the entity closest to the local context to analyze reports and
develop and implement solutions. A selection of the systemic problem
reports is transmitted to the FAA's Aviation Safety Information
Analysis and Sharing program, which the FAA uses to develop
industrywide guidance and regulations to improve safety.[Footnote 50]
More than 60 percent of reports to the ASRS also appear in the other
VSP's SRSs.
Commercial Nuclear Power:
In the commercial nuclear power industry, most safety reports--an
estimated 400,000 annually--are managed at the plant level, according
to an INPO liaison. There is no confidentiality for individual
reporters to their plant's SRS; instead, the reporting system relies
on developing an open reporting culture. Each plant is responsible for
sorting, analyzing, and implementing corrections for most of the
reports to their corrective actions program. The reporter's identity
is not revealed when the more serious events are sent on to INPO. INPO
created a bi-level reporting structure because it lacked the resources
to handle 400,000 reports annually and because it sought to involve
the plants by giving them some ownership of the safety improvement
system. However, recognizing the need for an industry-level assessment
of safety data, INPO uses the more serious event reports from plants
to develop industry alerts and safety recommendations.
Health Care:
In the absence of specific information about workers' trust in
reporting to an internal system, the VA could not be certain it had a
safety culture that would support open local reporting. However, they
knew nurses and pharmacists were "rule followers," while physicians
had more discretion. The VA handled this uncertainty by initiating
both internal and external reporting options. One reporting option,
which emulated the ASRS model, was designed to enable workers to
report directly to NASA--a contracted, external entity--
confidentially. After operating both reporting options for nearly 10
years, the NASA-run system was discontinued for budgetary reasons at
the end of fiscal year 2009. While the PSIS enables workers to report
to an internal entity--the hospital's patient safety manager--the
external NASA option provided more confidentiality and some measure of
anonymity; the internal option provides personal contact and
confidentiality, but not anonymity. Even with its much lower report
volume--about a 1 to 1,000 ratio of reporting for the PSRS compared to
the PSIS--for over 8 years, the system contracted to NASA provided a
confidential alternative for workers who felt that they could not
report to their own hospital, providing a safety valve or insurance
policy of sorts. In addition to dual reporting options, the VA also
planned for internal and external processing options. The NCPS
intended that hospital-level report collection and processing--
including root cause analysis and the development of systemic changes--
be deliberately assigned to the individual hospitals to give workers
on-the-job learning, and we found the experience drove home to
clinicians that the SRS was a nonpunitive, solution-developing system.
While reports are processed by a higher-level entity, the NCPS, to
facilitate identification of issues with systemwide safety
implications, local-level processing is also maintained because it
provides a sense of ownership and immediacy in solving problems.
Lesson 3: Strong Legal Protections and Incentives Encourage Reporting
and Help Prevent Confidentiality Breaches:
Each industry we examined grappled with how to balance the regulatory
tradition of punishing workers (or entities) for safety events with
legal protections and incentives for reporting. Under most current
laws, reports generated before an accident are considered discoverable
evidence afterwards.[Footnote 51] Such laws may deter companies from
soliciting and collecting reports about safety problems and workers
from reporting them. To address these concerns, the three industries
offered a variety of mechanisms for protecting and encouraging
reporting, including confidentiality provisions, process protections,
and reporting incentives. Confidentiality provisions, rather than
anonymous reporting, are the most common approach to protecting
reporters' identities because they allow follow-up with the reporters;
however, their protections are not ironclad. And, as SRS program
managers in some of the industries discovered, even the perception
that confidentiality can be, or has been, breached can discourage
reporting. In the three industries, most of the laws supporting SRS
confidentiality protections are a patchwork of older laws not
originally intended to back up an SRS. Most also have exceptions to
confidentiality if Congress or law enforcement agencies demand access
to the protected documents. Some of the systems rely on existing laws,
such as exceptions in the Freedom of Information Act (FOIA); other
systems have a legal and regulatory basis crafted for related
purposes. As SRS failures in other countries illustrate,[Footnote 52]
legal protections can be strengthened or weakened through legislative
action.
Recognizing the fragility of confidentiality provisions, the three
industries also relied on processes and incentives to protect and
encourage reporting. Processes, such as deidentification of reports,
support confidentiality provisions. Some industries apply it to both
the reporter and the organization or unit involved. Data
deidentification at the organizational level supports organizational
buy-in for reporting, makes it less likely that reporters will be
discouraged from reporting, and facilitates industrywide sharing by
removing fear of reprisal. In addition, limited immunity provisions or
small rewards were used, in some industries, as incentives to
encourage safety reporting, especially in environments of mistrust.
Limited immunity provisions apply when certain requirements--such as
timely reporting--are met. These provisions provide reporters
(individuals or organizations) with a means for avoiding or mitigating
civil or regulatory penalties. With respect to rewards, even seemingly
small incentives can be effective in promoting trust in reporting.
Aviation:
The FAA protects its reporters through a combination confidentiality
and limited immunity, relying on regulation, policy statements, and
procedural or structural arrangements. For the much older ASRS,
confidentiality is maintained both as part of the interagency
agreement between NASA and the FAA and through procedural efforts,
such as deidentification of reports, as well as regulation. Section
91.25 of the Federal Aviation Regulations prohibit the FAA from using
information obtained solely from these ASRS reports in enforcement
actions against reporters unless criminal actions or accidents are
involved. Specifically, after following up with the reporter and
analyzing the report, the NASA office removes information that could
identify the reporter, including the reporter's name, the facility,
airline, or the airport. NASA destroys the identity portions of the
original reports so that no legal demands could reveal them. The
ASRS's information processing and deidentification of reports has
ensured the confidentiality of its reports for over 30 years, despite
pressures from the regulator and outside entities to reveal them. To
strengthen the confidentiality agreement between the FAA and NASA, the
FAA has determined by regulation that it will generally not use
reports submitted to NASA in enforcement actions and provides some
disciplinary immunity for pilots involved in errors.[Footnote 53] In
contrast, for several of the carrier-run SRSs initiated since 1997,
reports are protected from legal enforcement action by the FAA only by
policy.[Footnote 54] However, despite the combined legal and
procedural bases for protecting aviation SRS data--for both the ASRS
and the other SRSs the FAA supports--there are pressures to violate
SRS confidentiality. After recent judicial decisions forced
disclosures from an SRS managed by the VSP branch, four major airlines
withdrew from a voluntary program but have since rejoined.[Footnote 55]
Commercial Nuclear Power:
INPO operates under considerable confidentiality and maintains the
ability to withstand legal challenges. Protecting the confidentiality
of plants was central to the inception of INPO's safety efforts,
according to industry officials. While guaranteeing its member
utilities confidentiality similar to that in a doctor-patient
relationship, INPO has also cultivated an open questioning attitude as
the wellspring of safety reporting. While individual reporters receive
no confidentiality, the reporting system relies on developing an open
reporting culture. Under an INPO-NRC Memorandum of Agreement, reports
and information that INPO makes available to the NRC will be treated
as proprietary commercial information and will not be publicly
disclosed.[Footnote 56] INPO maintains legal resources for future
confidentiality challenges. In INPO's bi-level system, reports sent to
INPO do not identify the reporter, and INPO's confidentiality includes
carefully guarding the identity of individual plants or utilities. For
example, INPO does not reveal plants' safety scores. NRC officials
reported that their process also guards against release of INPO
information, such as looking at INPO's reports but not taking
possession of them.[Footnote 57]
Plants' interests in avoiding negative consequences also serve as an
incentive for reporting. In particular, plants' fear of exclusion from
INPO and interest in avoiding negative comparisons to other plants are
tools the industry uses to promote reporting and workplace safety. An
industry reality is that U.S. nuclear power plants are "hostages of
each other," in that poor safety on the part of one plant could damage
the entire industry's future.[Footnote 58] In addition, the NRC and
insurers would be made aware of a plant's exclusion from INPO, leading
to increased insurance costs, as well as a loss of accreditation for
training programs, which would result in more regulatory involvement
by the NRC. The NRC and INPO identified other incentives that
encourage nuclear plants in their current safety efforts, including
(1) NRC credit on penalties if a plant identifies and corrects its own
accident precursors, (2) the high cost of corrections, (3) the
negative effect of safety events on stock values, (4) the loss of
public confidence, and (5) insurance rates.
Health Care:
The confidentiality of the SRS records that the VA hospital
administration maintains is protected from disclosure by 38 U.S.C. §
5705--a law that predated the establishment of the SRS by over 15
years. This law prohibits the disclosure of records that are part of
programs to improve the quality of health care. Sanctions, including
monetary fines, are attached to disclosure violations, but there are
exceptions to the confidentiality of the records, including demands by
law enforcement agencies or Congress. More recently, the Patient
Safety and Quality Improvement Act of 2005[Footnote 59] provided
similar confidentiality provisions, including fines for disclosure,
for voluntarily submitted SRS-related documents from all U.S.
hospitals.[Footnote 60]
The bi-level structure of the VA's internal SRS facilitates
deidentification. Individual hospitals collect and analyze reports and
develop systemic fixes for their own hospital. Subsequently, the
hospital sends reports and analyses--which are stripped of information
that could identify individuals--to the central NCPS. The external,
NASA-run SRS also deidentified reports. In addition, NASA destroyed
the identification section of original reports in a process similar to
that used for ASRS reports.
The VA does not grant immunity for intentionally unsafe acts or
criminal behavior, nor does the safety program replace VA's existing
accountability systems. However, individual facilities have used
rewards as incentives, such as cafeteria coupons or cookies, to
encourage reporting. In addition, hospital-level awards, such as
awards to VA Medical Center directors from the NCPS, have also been
used to encourage their support for reporting, analyzing selected
reports in a timely way, and following up to mitigate risks identified
in their reports and analyses.
Lesson 4: A Central, Industry-Level Entity Facilitates Lesson-Sharing
and Evaluation:
While some of the SRSs in the three industries have local-level
processes for analyzing safety reports, they also have a central,
industry-level entity that collects, analyzes, and disseminates safety
data and makes recommendations. These industry-level entities
facilitate feedback and evaluation by (1) elevating facility-level
safety data to industrywide lessons and disseminating them across the
industry, including internationally, and (2) assessing safety culture
and identifying units or worker subgroups in need of outreach or
intervention.
Some industry SRSs offer direct reporting to a central, industry-level
entity, which is responsible for processing, analysis, and
dissemination. For others, reporting takes place at the local level.
While some level of report processing, analysis, and dissemination
takes place at these local facilities, full or deidentified safety
data are sent to a central, industry-level entity. Sending reports up
to a central entity ensures that safety fixes identified through local
processes are not lost to the rest of the industry. At the same time,
local analysis and feedback can demonstrate the system's value to
workers and reinforce reporting. Because the central entity receives
safety data from multiple organizations--whether through direct
reporting or from local-level systems--the volume and variety of
information increase the potential for identifying systemic issues and
improving safety industrywide. In addition, the industries recognize
that a central, industry-level entity might be necessary for bringing
some difficult safety problems to light. This is because the central
entity is more likely to consider the interests of the industry,
whereas local-level managers might resist identifying systemic issues
that would put personal or organizational interests at risk. These
central entities, because of their position as industry
representatives, are also in a better position to disseminate lessons
across the industry and internationally. They provide a single source
for industrywide notices of varying urgency, regular online
newsletters, policy changes, briefings, and data systems. In addition,
some of these entities have staff with internationally recognized
safety experts--expertise which has been leveraged worldwide to inform
international safety recommendations and SRS design.
The central, industry-level entities are also in a better position to
facilitate evaluation, including safety culture assessment;
identification of reporting gaps (access to safety data from across
the industry offers the potential for analysis of gaps across
particular locations, organizations, or occupations); and needed
system modifications. Furthermore, such entities often have access to
other safety data, such as inspection information. This information
can be compared with reporting data in order to identify sites in need
of outreach and training. Such systemwide visibility provides an ideal
position from which to conduct SRS evaluations. Industry experts we
spoke with believe that their industries are safer, in part, as a
result of their SRS programs. In limited cases, the central entities
have been able to conduct evaluations or use performance metrics to
assess safety culture improvements and the role of the SRS in those
efforts, as is recommended under the Government Performance and
Results Act.
Aviation:
The ASRS shares lessons with all levels of the domestic aviation
community and has served as a model of aviation safety reporting
worldwide. NASA's ASRS issues a series of industrywide notices based
on ASRS reports, which are graded on the basis of the urgency and
importance of identified safety issues, and it has been recognized
worldwide as a model for collecting data from frontline workers. NASA
provides "alerting" messages to the FAA and the airlines on safety
issues that require immediate attention. NASA also disseminates ASRS
information via a monthly online bulletin, CALLBACK, to 85,000 members
of the aviation community on safety topics such as summaries of
research that have been conducted on ASRS data. Unions and airlines
use this information in safety training. Among the SRSs we are aware
of, only the ASRS offers access to its event database for outside
researchers to conduct analysis and for ASRS staff to perform
specially requested analyses for the FAA, NTSB, and others. The FAA
also maintains an industry-level office--the VSP branch--which
oversees seven different voluntary reporting systems, including the
ASRS. Data from these SRSs provide information on events that would
otherwise be unknown to FAA or others, and VSP's role is to facilitate
sharing of these data at the airline and industry levels. We observed
VSP and ASRS staff representing U.S. airline safety interests at an
international aviation safety reporting meeting to share lessons on
aviation safety and SRS design and implementation. Such participation
offers opportunities for safety improvement in aviation worldwide. For
example, VSP and ASRS staff have supported efforts to develop safety
reporting systems worldwide because aviation safety does not stop at
the U.S. border. Most foreign aviation SRSs have been based on the
ASRS model. The international aviation safety organization, the
International Civil Aviation Organization, has called for each country
to have an independent aviation safety reporting system similar to
ASRS.
Despite the benefits of these SRSs, formal evaluation has provided
insights for system improvement. For example, the FAA requested the
NAPA evaluation of ASRS, which recommended the ASRS modernize by
implementing actions, such as collecting and disseminating reports in
electronic formats to better meet the needs of the aviation community.
[Footnote 61] Currently, ASRS safety reports and monthly newsletters
are primarily transmitted by e-mail. In addition to ASRS-specific
evaluations, the FAA has access to more investigations of aviation
safety culture conducted over the last decade. For example, special
studies of aviation specialists, such as controllers and maintenance
workers, have identified reasons for their lower reporting rates.
These studies revealed specific aspects of cultures in these
professions that would discourage reporting. For example, controllers
were highly focused on bureaucratic boundaries that enabled them to
define away--rather than report--unsafe conditions they perceived to
be outside their responsibility. Alternatively, according to FAA
officials, they found a strongly punitive culture among maintenance
workers that led workers to assume that if a supervisor told them to
violate a rule, it did not create an unsafe--and hence reportable--
condition. These studies made possible targeted efforts, such as a
reporting program just for controllers, that resulted in a growing
proportion of safety reports from nonpilots.
Commercial Nuclear Power:
INPO's lesson-sharing program uses the Nuclear Network--an industry
intranet--for sharing safety information. This network houses event
data that plants can access and is a platform for INPO to disseminate
alerts. Information transmitted via this system includes Significant
Operating Event Reports--the highest-level alert document--as well as
experiential and nuclear technical information. Plants can also use
the network to ask questions or make comments that can be sent to one,
several, or all users. Apart from the direct feedback reporters
receive from the plant, the key to getting workers to participate in
reporting was through seeing--via the Nuclear Network--the corrective
actions developed in response to reports they had made, according to
the INPO liaison. INPO is seen as a model for other national and
supranational nuclear safety organizations, such as the World
Association of Nuclear Operators, an organization representing the
global nuclear community. As such, INPO has recently begun to
participate in the Convention on Nuclear Safety, a triannual
international commercial nuclear safety effort.[Footnote 62]
INPO also evaluates plants' safety improvement programs, although the
evaluations are generally not publicly available, according to an INPO
liaison. INPO performs a type of "gap analysis" at the biannual on-
site plant inspections and conducts safety culture surveys with a
sample of staff before each.[Footnote 63] Reporting gaps are evaluated
at the plant level (not by occupation or work group) by looking for
reductions in report volume and mining the plant's corrective action
reports. A reduction in reporting year to year is interpreted as an
indicator of a potential problem rather than an improvement in safety
conditions, because such reductions can indicate a lack of management
support for reporting. In addition, if a plant receives a low safety
score as a result of inspection findings, INPO provides extra
attention and assistance by assigning a team of industry experts to
engage in weekly consultations with plant directors, review corrective
actions, discuss plant needs, develop solutions, and provide peer
assistance and accompaniment to seminars.
Health Care:
In its position as the industry-level entity responsible for the VA
SRS, NCPS creates and disseminates key policy changes to the VA health
care system in response to trends identified from patient safety
reports. For example, the NCPS (1) designed and implemented a program
that promotes checklist-driven pre-and post-surgical briefings that,
according to the SRS program director, have been associated with
reduced surgical mortality across the VA hospital system and (2)
developed new requirements for CO2 detectors on every crash cart for
checking safe intubations outside of operating room settings. The NCPS
has played a role in disseminating its SRS model and tools for safety
improvement to other U.S. states and federal agencies, including the
AHRQ. Specifically, the NCPS provided training to all 50 states and
the District of Columbia via the Patient Safety Improvement Corps, a
program funded by the AHRQ.[Footnote 64] The VA -supplied state
training contributed heavily toward building a common national
infrastructure to support implementation of effective patient safety
practices.[Footnote 65] Further, after attending the VA seminars,
several foreign countries implementing their own SRSs have adopted
tools developed by the VA.
The NCPS has also conducted evaluations of the SRS program, which have
provided information for SRS and safety culture improvements. For
example, in 2008, the NCPS published a study of the effectiveness of
actions hospitals developed in response to SRS reports of adverse drug
events.[Footnote 66] They found that changes in clinical care at the
bedside--such as double-checking high-risk medications--and
improvements to computers and equipment were effective solutions, but
training was not. In addition NCPS has conducted three safety culture
surveys, the most recent of which enabled identification of safety
culture differences among staff subgroups in order to target outreach
and training. To support future evaluations of this kind, the NCPS
established several criteria to assess the quality of local-level
processes for reporting, analysis, and safety improvement.
The CDC and APHIS Have Taken Steps to Improve the Usefulness of the
TLR Reporting System; Lessons from the Literature and Case Studies
Suggest Additional Steps:
The CDC and APHIS Select Agent Program (SAP) has taken steps to
improve reporting and enhance the usefulness of the theft, loss, and
release (TLR) reporting system as a safety tool.[Footnote 67]
Additional steps to improve the TLR system, as suggested by the
literature and case studies, include increased awareness of the
culture in biological labs and improvements in the three key areas--
reporting and analysis, protections and incentives, and feedback
mechanisms. See appendix II for a summary of lessons derived from the
literature and case studies that can be applied to the TLR system.
The CDC and APHIS Recognize the TLR Reporting System's Usefulness as a
Safety Tool; Lessons Indicate That Increased Awareness of Labs'
Culture Could Enable Targeted Outreach and Training:
Recognizing the usefulness of the TLR system as a safety tool, the CDC
and APHIS SAP has dedicated resources to manage the system. The TLR
reporting system for select agents was developed in 2002, after the
2001 anthrax attacks.[Footnote 68] As the number and types of reported
incidents increased, an outcome of the new reporting requirements, the
agencies implemented processes to utilize the TLR system as a tool to
manage the Select Agent Program. In addition, the CDC reassessed its
administration of the system to consider how it could be used as a
safety tool, rather than just a recording system. To its credit, the
CDC employed a safety science expert to manage the TLR reporting
system and is now exploring ways of using the TLR data to identify
systemic safety issues. APHIS has also utilized the TLR as a tool to
identify trends such as (1) gaps in administrative oversight of
personnel and training and (2) weaknesses in safety and security
policies and procedures in regulated entities. Each TLR is reviewed by
a compliance officer, security manager, and subject matter experts to
identify trends and areas of concern. Identified issues are
subsequently discussed with the reporting facility's senior
management, with additional monitoring and inspections as needed.
The CDC and APHIS also rely on periodic on-site lab inspections to get
an understanding of the culture, with respect to safety and reporting,
and identify areas for outreach and training. The agencies inspect
labs to ensure that they are in compliance with the safety, security,
training, and record-keeping provisions outlined in the regulations.
As part of this process, the agencies use checklists developed from
regulations and nationally recognized safety standards to review
laboratory safety and security and to develop observations. In
addition, the agencies interview lab staff and examine documentation,
such as medical surveillance documents, exposure or incident records,
and minutes from Institutional Biosafety Committee meetings. Review of
such documentation can provide an indication of possible incidents
with select agents or toxins. During these inspections, the CDC and
APHIS officials seek to (1) identify gaps in knowledge about safety
and reporting and (2) report on areas needing improvement.
The information the agencies derive from these inspections and from
TLR reports can provide useful information about the culture of safety
and reporting within labs. However, lessons from the literature also
suggest that systematic assessment of the culture, such as through
ongoing surveys or studies, can provide invaluable information about
how the specific working environment can affect perceptions of safety
and reporting requirements.[Footnote 69] These perceptions--and
variations, for example, within or across working environments or
occupations--can affect what is considered a reportable event;
feelings of responsibility for or fear of reporting; and the value of
reporting safety events. For example, studies examining the effects of
culture on safety and reporting in the aviation and health care
industries have found that perceived occupational hierarchies, such as
between doctors and nurses or pilots and cabin crew;[Footnote 70]
authority structures;[Footnote 71] organizational factors;[Footnote
72] concepts of justice;[Footnote 73] and other factors can affect
safety and reporting.
According to CDC and APHIS officials, they have no plans to arrive at
such an awareness through cultural assessment. Nevertheless, agency
officials agree that culture matters when it comes to safety and
reporting. For example, they noted that culture may differ by a lab's
size and level of resources. Larger labs or labs with more resources
tend to have better safety and reporting. Other agency officials noted
that, based on career experiences, they have become aware of safety
differences across different types or levels of labs. According to a
CDC official, staff in higher-level labs, such as BSL-4 labs, have
recognized the danger of the material they are working with. These
facilities are also more likely to have biosafety officers, whose
presence, according to the CDC official, tends to make workers more
conscientious about safety. Another official noted that, while you
might find sandwiches or soda in the refrigerator of a BSL-2 lab,
these items would never be found in BSL-4 labs. Safety culture
differences between clinical and research labs were also noted by CDC
officials. Such variation in culture across labs was also noted by
domestic and international biosafety specialists we spoke with.
Despite recognition of such variation across labs, officials stated,
the CDC does not have a unified position on the issue, and the
research does not exist to definitively establish safety culture
differences by lab type, occupation, or sector. Greater awareness of
cultural influences and how they affect safety and reporting in the
labs could (1) help the agencies better target outreach and training
efforts and (2) provide insights into whether reporting system design
and implementation changes are needed to address lab variations in
safety and reporting.
The CDC and APHIS Have Taken Steps to Better Define Reportable Events;
Lessons Indicate That a Broadened Definition Could Further Enhance
Collection of Safety Data:
The CDC and APHIS SAP has taken steps to better define reportable
events, which can increase the likelihood that workers will report
when required. For example, in early 2008, the CDC and APHIS published
the Select Agents and Toxins Theft, Loss and Release Information
Document,[Footnote 74] which includes detailed scenarios on what and
when to report. Since the TLR reporting program was established in
2002, the agencies have seen reports increase substantially; since a
2008 initiative to better inform the lab community of incident-
reporting requirements, the CDC and APHIS noted that they receive
approximately 130 incident reports per year. The types of labs
reporting have also broadened. According to the CDC, the increased
reporting is the result of better awareness of and compliance with
reporting requirements, rather than an increase in thefts, losses, or
releases.[Footnote 75] Indeed, of the reported TLRs, there have been
no confirmed thefts, one loss, and only eight confirmed releases.
To clarify reportable events, the Select Agent Regulations require
that the individual or entity immediately notify the CDC or APHIS upon
discovery of a release of an agent or toxin causing occupational
exposure, or release of a select agent or toxin outside of the primary
barriers of the biocontainment area. The agencies' Select Agents and
Toxins Theft, Loss and Release Information Document further clarifies
reportable events. The document defines a release as a discharge of a
select agent or toxin outside the primary containment barrier due to a
failure in the containment system, an accidental spill, occupational
exposure, or a theft. Furthermore, any incident that results in the
activation of medical surveillance or treatment should also be
reported as a release. The document also emphasizes that occupational
exposure includes any event in which a person in a registered facility
or lab is not appropriately protected in the presence of an agent or
toxin.[Footnote 76] For example, a sharp injury from a needle being
used in select agent or toxin work would be considered an occupational
exposure. While these reporting requirements are fairly broad, they do
require a degree of certainty about the occurrence of an event. But,
in some cases, recognition of a reportable event may come only when
consequences are realized.
While the agencies' steps to better define reportable events can
increase the likelihood that recognized events will be reported,
according to the literature and biosafety specialists, lab workers are
often unaware that a release has occurred unless or until they become
sick. For example, early studies of LAIs found that as many as 80
percent of all reported LAIs could not be traced back to a particular
lab incident. A more recent study found similar results.[Footnote 77]
The absence of clear evidence of the means of transmission in most
documented LAIs highlights the importance of being able to recognize
potential hazards because the likely cause of these LAIs is often
unobserved. While a great deal is known about micro-organisms to
support safe lab practices, microbiology is a dynamic and evolving
field. New infectious agents have emerged, and work with these agents
has expanded. In addition, while technological improvements have
enhanced safety, they can also introduce new safety challenges. For
example, failures in a lab system designed to filter aerosols led to a
recent company recall of this system.[Footnote 78] The dynamic nature
of the field, coupled with the difficulty of identifying causal
incidents in LAIs, suggests substantial potential for unintentional
under-reporting. In such an environment--where workers are waiting for
an obvious event to occur before reporting--a significant amount of
important, reportable safety information could be lost. Consequently,
while reporting requirements for releases may now be clear for many
incidents or for observed consequences, broader reporting thresholds
may be necessary to accommodate emerging safety issues and the
unobserved nature of many LAI events.
According to lessons from the literature and case studies, expanding
reporting thresholds--in this case, to include observed or suspected
hazards--can help capture valuable information for accident
prevention. The industries in the case studies all struggled with how
to recognize, and thus report, such events. However, over time, the
feedback they received from these reports, in the form of specific
safety improvements, helped workers develop familiarity and comfort
with recognizing and reporting such events. An example in the lab
community might be the practice of mouth pipetting, drawing an agent
into a pipette by sucking on one end. At one time, mouth pipetting was
a common practice, despite the high risk of exposure. Even though not
every instance resulted in exposure or an LAI, some did, and
eventually the activity was recognized as a potential hazard--an
accident precursor. Expanding the TLR reporting threshold to include
hazards could provide additional data that might be useful for safety
improvement efforts. For example, INPO encourages reporting of events
at all levels of the risk pyramid--including the hazard level--for the
corrective actions reporting programs of nuclear power plants. This
level of reporting ensures as complete coverage as possible of
potential safety issues. For the TLR, reporting at this level could be
voluntary or mandatory. Moreover, until a labwide voluntary reporting
system is implemented, reporting at this level could further develop
the reporting culture among select agent labs.
The CDC and APHIS Have Taken Steps to Protect Confidentiality, Which
Can Encourage Reporting; Lessons Indicate That Limited Immunity Could
Further Encourage Reporting:
The CDC and APHIS SAP has taken steps to incorporate deidentification
measures to further protect the confidentiality of entities reporting
thefts, losses, or releases. While entity-specific information is
protected from release under FOIA,[Footnote 79] there was an instance
when specific entity information was somehow leaked to the media after
the CDC provided the data in response to a congressional request. As a
result, the agency provides only deidentified report forms in response
to congressional requests. In addition, to further support reporter
confidentiality in the event of audit or congressional requests to
view TLR information, the CDC has established an access-controlled
reading room for viewing these reports. It expects these measures to
prevent any future prohibited disclosure of entity-specific data,
while special-need access to information about thefts, losses, or
releases is provided.[Footnote 80] According to lessons from the
literature and case studies, even the perception of a confidentiality
breach can quash reporting. Consequently, the agencies' measures to
ensure confidentiality can increase confidence in reporting.
Apart from the requirement to report, labs also have some incentive
for reporting. One such incentive, according to CDC officials, is
labs' interest in avoiding increased oversight.[Footnote 81] In
addition, lab officials know that (1) select agents are on the list
because they are dangerous and (2) it is of critical importance to
promptly report incidents to ensure proper care of workers and the
public. CDC officials stated, however, that too much discretion about
what and when to report could result in the under-reporting of more
serious events. As the experiences of the case industries illustrate,
protection of reporter confidentiality is an ongoing effort, even when
strong legislative provisions exist to protect reporters' identities.
Because, as mentioned above, even the perception of a confidentiality
breach can quash reporting, strong incentives for reporting--such as
limited immunity provisions--can balance these fears and encourage
continued reporting, according to lessons from the literature and case
studies.
If the CDC or APHIS discovers possible violations of the select agent
regulations, the following types of enforcement actions may occur: (1)
administrative actions, including denial of application or suspension
or revocation of certificate of registration, (2) civil money
penalties or criminal enforcement, and (3) referral to the Department
of Justice for further investigation or prosecution.[Footnote 82]
Currently, even if entities report violations, there are no provisions
for receiving immunity from these enforcement actions. In the aviation
industry, pilots face the possibility of similar enforcement actions
for violations of regulations. However, the FAA provides some
disciplinary immunity for pilots reporting violations of regulations
to ASRS.[Footnote 83] Such immunity is in recognition of the fact that
(1) information about pilots' errors is essential for identification
of systemic problems and (2) pilots would be unlikely to report their
errors without some incentive to do so. Similar provisions for limited
immunity from administrative action or reduced monetary penalty could
be offered to labs for some violations of select agent regulations.
Although the CDC and APHIS have not yet explored this option, such an
incentive could be a powerful tool for ensuring reporting compliance.
The CDC and APHIS are Uniquely Positioned to Support Data Sharing and
Feedback Efforts, Including Evaluation:
The CDC and APHIS are uniquely positioned to support feedback and
evaluation efforts that are based on TLR information. The agencies'
oversight responsibilities for registered labs and their recognized
expertise in laboratory safety practices provides them visibility and
authority across the lab community. Such a position, according to
lessons from the literature and case studies, is ideal for (1)
disseminating feedback from SRSs and (2) evaluating the effectiveness
of the reporting program. Currently, the agencies have a process for
providing feedback to the reporting institution, and are beginning to
explore avenues for sharing safety lessons across the labs and
internationally.
In addition, the CDC has begun using the data to develop lessons
learned from reported information. Although deidentified reports are
not available to the general public, they are being used for special
research studies sponsored by the Select Agent Program. For example,
information from deidentified reports has been used for conferences
such as the yearly Select Agent Workshops, sponsored by the CDC,
APHIS, and the Federal Bureau of Investigation. The agencies are also
analyzing data on select agent release reports and plan to publish the
findings in a publicly available, peer-reviewed journal. Such feedback
demonstrates the value of reporting, according to lessons from the
literature and case studies. Lessons from the case studies also
indicate that using SRS data to develop guidance and sharing such
information internationally can support industrywide safety
improvement efforts. For example, TLR data could provide valuable
information for updates to the BMBL and World Health Organization
guidelines, which can benefit the worldwide lab community.
When a lab reports a TLR, the CDC or APHIS provides feedback and, if
necessary, follows up to determine the root cause or initiate
surveillance. While the CDC recognizes the usefulness of TLR reports
for generating data that can (1) help spot trends, (2) highlight areas
for performance improvement, and (3) show limitations in current
procedures, it is just beginning to collect enough data to see
patterns of nonreporting, according to CDC officials. The CDC expects
that in the future, it will have collected enough data, including
inspection data, to identify reporting patterns and conduct targeted
outreach to nonreporting labs. However, the agencies do not yet have a
specific plan to identify reporting gaps in order to develop targeted
outreach and training or to assess the system's effectiveness. To
further support targeted outreach, as well as system modification,
evaluation is needed. As we have previously reported, such evaluation
can be a potentially critical source of information for assessing the
effectiveness of strategies and the implementation of
programs.[Footnote 84] Evaluation can also help ensure that goals are
reasonable, strategies for achieving goals are effective, and
corrective actions are taken in program implementation. For example,
an evaluation of the ASRS program revealed the need to improve the
usefulness of the system through system modifications and increased
outreach to certain populations. According to CDC Select Agent Program
officials, they have had general reviews, such as an HHS Office of
Inspector General review and a federally funded, third-party review of
procedures conducted by Homeland Security. However, these reviews did
not focus on the effectiveness of the TLR reporting system.
Existing Information on Biological Labs and Lessons from the
Literature and Case Studies Suggest Specific SRS Design and
Implementation Considerations:
Safety reporting system evaluation literature and case studies of SRSs
in three U.S. industries--aviation, commercial nuclear power, and
health care--provide lessons for design and implementation
considerations for a national biological lab SRS.[Footnote 85] First
among these lessons is the need to set system goals and assess
organizational culture, as illustrated in figure 4. However,
assessment of organizational culture is difficult in the context of
U.S. biological labs because there is an unknown number of labs and,
except for labs in the Select Agent Program, no entity is responsible
for overseeing all labs. While many federal agencies have labs and are
involved in the industry, no single regulatory body has the clear
responsibility or directive for the safety of all laboratories.
[Footnote 86] Consequently, an important part of the goal-setting and
assessment process for a biological lab SRS is determining the scope
of labs to which the system would apply. For example, specific system
goals, such as the ability to identify trends or incidence rates, may
be possible with one type or level of lab, but not another. Similarly,
assessment may reveal that differences in organizational cultures
across lab types is so significant that appropriate SRS features for
one type of lab would not apply well to another. Consequently, the
scope of labs to which an SRS might apply could be addressed as part
of the goal-setting and assessment process.
Figure 4: Relationship of Program Goals, Organizational Culture, and
the Three Key Areas:
[Refer to PDF for image: illustration]
The illustration depicts an interlocking circle of Program Goals and
Organizational Culture, with the following contained inside the circle:
1. Reporting and analysis.
2. Reporter protections and incentives.
3. Feedback mechanisms.
Source: GAO analysis of SRS evaluation literature.
[End of figure]
Until such a goal-setting and assessment process is completed, design
and implementation options in the three key areas--reporting and
analysis, reporter protections and incentives, and feedback
mechanisms--can be considered in the context of available information
on organizational culture in biological labs and potential goals for a
biological lab SRS. In particular, the following can provide some
context to guide early decisions for the design and implementation of
an SRS for the lab community: biosafety research, experiences with the
TLR reporting system and biosafety specialists' perspectives. Such
context can be further refined once assessment and stakeholder input
are obtained. In addition, the NIH has begun developing a prototype
reporting system for a subset of its intramural research labs. Lessons
from how this prototype system works for a subset of labs could also
inform design and implementation considerations for a national
biological lab reporting system.
In the Context of Existing Information, Lessons Suggest Several
Features for Reporting and Analysis:
Existing information about the potential goals for a biological lab
SRS and the organizational culture of these labs suggest certain
design and implementation features in the first key area: reporting
and analysis. Figure 5 shows the relationship of program goals and
organizational culture to this key area.
Figure 8: First Key Area--Reporting and Analysis:
[Refer to PDF for image: illustration]
The illustration depicts an interlocking circle of Program Goals and
Organizational Culture, with the following contained inside the circle:
1. Reporting and analysis:
* Level of event;
* Classification of error;
* Format and mode;
* Reporting management;
* Analytical process.
Source: GAO analysis of SRS evaluation literature.
[End of figure]
Level of Event, Learning Goal, and Culture Suggest Voluntary Reporting:
The level of event of interest, probable SRS goals, and organizational
culture all suggest voluntary reporting for a biological lab SRS.
While the TLR reporting system for select agents is focused on
incidents or accidents that pose the greatest danger to workers and
the public, an SRS for nonselect agents could be used to gather
information on hazards and potentially less serious incidents and
accidents in order to collect precursor data. Systems that focus on
less serious events and that collect precursor data to support
learning rather than enforcement goals are generally associated with
voluntary reporting, according to lessons learned. Voluntary reporting
for a biological lab SRS also corresponds with the views of biosafety
specialists we spoke with.
Laboratory Community's Limited Experience with Reporting to an SRS
Suggests an Initially Open Classification Scheme:
Reporting to an SRS--especially for incidents beyond LAIs or the
theft, loss, or release of select agents--would be relatively new to
the lab community. And although select agent labs have become familiar
with reporting theft, loss, or release incidents, previous reporting
failures indicate that, even among this subset of labs, reportable
events may still be unclear. In such situations, allowing workers to
report events in their own words, rather than asking them to classify
the event as a certain type of hazard or error in order to report, can
facilitate reporting. Classifying events--that is, applying
standardized descriptions of accidents, incidents, and hazards--can
facilitate safety improvement across the industry by providing a
common language for understanding safety events. But classification
can also limit reporting if workers are unsure of how to apply it. One
solution for industries new to SRS reporting is to apply
classification at a higher level, for example, through the event
review or analysis process.
Ensuring the reporting process is as clear and simple as possible is
especially important for the lab community. Although LAIs are widely
recognized as under-reported, there is, at least, a long history of
reporting these events among lab workers. However, lab workers do not
have as much experience reporting events without an obvious outcome,
such as an LAI. Many of the biosafety specialists we spoke with had
difficulty envisioning the types of events--apart from LAIs--that
might be reportable. In addition, even when LAIs do occur, many are
never linked with a specific causative incident, so information about
potential event precursors is never communicated or is difficult to
identify. Difficulty recognizing exposure is a reality of work in
these labs. LAIs often occur through aerosol exposure, and the
activities that can create such conditions are numerous. However, all
three case-study industries grappled with similar difficulties in
recognizing and reporting events that did not result in obviously
negative outcomes. One way the industries addressed this difficulty
was to allow workers to report a broad range of events in their own
words. Over time, as workers saw concrete results from their reports,
such as improved processes or guidance, their ability to identify less
concrete, but equally unsafe hazards and incidents--even those without
obvious consequences--grew. Expecting lab workers to classify events
in order to report them would likely limit reporting. In such
situations, lessons learned suggest allowing workers to report events
in their own words to facilitate reporting.
Diversity of Lab Community and Uncertainty about Reporting Population
Suggest Multimode and Open Format Reporting Options, with Direct and
Open Reporting:
The lab community is organizationally diverse and the population of
labs is unknown. Opening reporting to all workers, and offering
multiple reporting modes (e.g., Web and postal), and using forms with
open-question formats that allow workers to report events in their own
words can facilitate reporting in the face of such uncertainty,
according to lessons from the literature and case studies. Biological
labs operate across a wide range of employment sectors, locations, and
levels of containment. There are BSL-2, 3, and 4 labs in private,
academic, and public settings across the United States. Staffing
models for these labs are likely as different as the lab populations.
Safety culture and reporting proclivity also vary across lab types.
For example, according to biosafety specialists, clinical and academic
labs--in contrast to government and private labs--face greater
challenges to creating a safety culture and reporting events.
According to one biosafety specialist, in academic labs, students
expected to complete lab work before they have received adequate
safety training may not feel they are in a position to demand such
training. Specialists also indicate that higher-level labs (BSL-3 and
4)--especially the larger ones with better resources--have personnel,
equipment, and/or processes to better support safety culture than
lower-level, smaller labs with fewer resources. Furthermore, the
consequences of accidents are so great at higher-level labs that the
culture is generally more cautious. At lower-level labs, the
perception of risk and actual risk are lower, so practices are not as
stringent as they would be at higher-level ones.
The work environment at biological labs also varies. In particular,
some work is done in teams and some individually, and some is
completed overnight because of time-sensitive experiments in the
research. In addition, the solo nature of much lab research means that
a single lab worker may be the only one who knows about an incident.
For lab work, the external visibility of accidents and incidents
present in aviation or some areas of health care may not exist.
Bioresearch errors are also a lot harder to spot than errors in other
industries. For example, nuclear safety officers can use radiation
detectors to determine whether breaches of protocol have occurred by
identifying hot spots in suspicious areas, such as a phone outside the
lab. No similar tracking mechanism exists for bioresearch. Therefore,
the only objective proof of most accidents is that someone became ill.
In addition, lab workers have little incentive to report if the
incident occurred as a result of their own error, according to
biosafety specialists. Although one specialist believes there is a
fair degree of reporting on equipment failures because researchers
generally want to ensure that the equipment is fixed.
Such variation has consequences for reporting. According to lessons
from the literature and case studies, assessments can provide
information about aspects of organizational cultures, structures, or
processes that can affect reporting. However, a comprehensive
assessment of this sort is difficult because (1) the population of
labs is unknown and (2) no entity is responsible for conducting such
an assessment. Given the uncertainty about cultural influences that
may affect reporting behavior, more inclusive reporting options can
facilitate reporting, according to lessons from the literature and
case studies. For example, uncertainty about lab workers' access to
reporting forms or ability to complete detailed forms can be minimized
if (1) workers can report in whichever mode is most accessible to them
(Web or postal) and (2) the forms do not require overly detailed or
technical explanations.
In an environment where much of the work is done alone and incentives
may not exist for reporting, an SRS that is open to all lab workers
(including security and janitorial staff) can facilitate reporting
where none might occur. Accepting reports from workers not directly
involved in research can increase the volume of safety data that can
be obtained. Multimode and open-reporting formats, as suggested above,
support open reporting since staff with varying knowledge of biosafety
terms--such as janitorial, security, or animal care staff--are still
able to report incidents or hazards in their own words in the way that
is most convenient to them.
Historically, the preferred model of biosafety reporting is
hierarchical. This ensures that workers receive timely medical
intervention and surveillance. Although it is important that workers
have a mechanism for receiving immediate medical attention and
surveillance when needed, a lot of important safety information could
be lost if only supervisors or managers are allowed to report.
Hierarchical reporting structures may limit the amount of useful
safety data that can be received because a filtering process takes
place at each level in the reporting hierarchy. As the information
moves up the reporting structure, each person assesses whether the
event is reportable. If the person decides that it is, he or she will
report his or her own interpretation of events. Allowing all workers
to directly report to an SRS removes this filter and can increase the
number of reports and the amount of information collected from
reports. For example, reports from multiple sources can enable
analysis of events from multiple perspectives. While workers should
always be encouraged to report potential exposures and other hazards
to their supervisors so that they can receive timely medical
attention, they should also be able to report incidents directly to an
SRS.
Advantages and Disadvantages Inherent in Industry-Level and Local-
Level SRS Administration Suggest a Dual Reporting Option:
The HHS and USDA--as central, recognized authorities in the biological
lab community--represent the kind of industry-level entities that,
according to lessons learned, are necessary for effective
dissemination and evaluation activities. However, the agencies'
regulatory role in the Select Agent Program could inhibit voluntary
reporting, suggesting that an alternative reporting mechanism may be
necessary. According to lessons from the case studies, dual reporting
options can facilitate reporting in such situations. For example, if
workers are concerned about reporting safety events--either to an
internally managed SRS or to the regulator--an external, independently
managed SRS can be useful. Alternatively, if workers are comfortable
reporting to a local SRS, these programs can be very effective when
the information from local systems is fed to a central, industry-level
entity that can analyze data across the industry and disseminate
safety improvements industrywide.
While each case study industry differs in its approach, all three rely
on dual (or multiple) reporting options. Specifically, the FAA relies
on the independently run ASRS, as well as seven other key reporting
programs, to collect safety data. Events that meet reporting
requirements can be reported to the ASRS--meeting the need for an
independent reporting mechanism for those concerned about reporting to
either their local (airline-run) SRSs or to the regulator. In
addition, as part of the FAA's other reporting programs, the FAA
receives SRS data from the airlines, which they use to develop
industrywide safety improvements. The commercial nuclear power
industry also has reporting options. While each plant has a reporting
system for corrective actions, a portion of the more significant
reports are passed on to INPO for development of industrywide safety
improvements. Individuals and plants also have the option to report to
NRC's Allegation Program. Finally, in designing its reporting program,
the VA created two reporting options--one externally managed by NASA
and one local, hospital-based program in which safety data are sent on
to VA's National Center for Patient Safety (NCPS) for development of
industrywide safety improvements. While the industries might encourage
workers to use one option over another, they are still able to report
to the system most comfortable for them. Both options, however,
utilize an entity with industrywide visibility and recognized
authority to disseminate SRS information and direct system evaluations.
An external, independently managed SRS for the lab community offers
several advantages, including the (1) potential to reduce workers'
fear of being punished for reporting, (2) ability to contract for
system management, and (3) centralization of safety data.
Nevertheless, since the individual labs have the most intimate
knowledge of staff, pathogens, and operations, several biosafety
specialists adamantly indicated that the lab facility was the
appropriate level for reporting and analysis. According to lessons
from the literature, as well as the perspectives of biosafety
specialists, analysis of safety reports should be done by qualified
biosafety professionals and others with appropriate expertise or
knowledge. In addition, processes for local-level collection and
analysis of SRS reports can facilitate worker buy-in for reporting,
according to lessons from the case studies. However, not all labs have
the same resources for collecting and analyzing reports. Furthermore,
the focus on safety culture across the lab community may not be
sufficient to support an SRS program that operates only at the local
level. But local-level support--as well as encouragement of reporting,
receptivity to safety concerns, and regard for the field of biosafety--
is central to a robust reporting program. Even if there is receptivity
to biosafety issues, when safety is the responsibility of those
internal to the organization, there may be conflicts of interest in
addressing safety issues. While safety improvements are most useful
when shared across the lab community, sharing this information may
raise institutional concerns about funding streams, public perception
of the institution, and professional standing of lab workers,
according to biosafety specialists we spoke with.
Given the advantages and disadvantages of SRS administration at both
the local and agency levels, dual reporting options may be necessary,
at least initially. For example, the VA initiated its safety reporting
program with both internal and external options. Although the VA
canceled the NASA-run program after nearly 10 years, in recognition of
the importance of an external reporting option, some efforts to
reestablish the system continue.
In the Context of Existing Information, Lessons Suggest Several
Features for Reporter Protections and Incentives:
Existing information about the potential goals for a biological lab
SRS and the organizational culture of these labs suggest certain
design and implementation features in the second key area: reporter
protections and incentives. Figure 6 shows the relationship of program
goals and organizational culture to this key area.
Figure 6: Second Key Area--Reporter Protections and Incentives:
[Refer to PDF for image: illustration]
The illustration depicts an interlocking circle of Program Goals and
Organizational Culture, with the following contained inside the circle:
2. Reporter protections and incentives:
* Anonymity;
* Confidentiality;
* Deidentification of data;
* Limited immunity.
Source: GAO analysis of SRS evaluation literature.
[End of figure]
TLR Reporting History and Biosafety Specialists' Views of Lab Culture
Suggest Strong Confidentiality Protections, Data Deidentification, and
Other Reporting Incentives Are Needed to Foster Trust in Reporting:
Voluntary reporting to an SRS--especially of incidents that do not
result in LAIs--would be a new expectation for some lab workers. As
mentioned earlier, even the perception of a confidentiality breach can
quash reporting. And given that entity information from the TLR
reporting system was leaked to the press,[Footnote 87] lab workers
might have reason for concern about reporting similar incidents to a
voluntary system. In addition, the literature and biosafety
specialists noted, confidentiality concerns are among the barriers SRS
managers will face in implementing a successful reporting program.
Therefore, concerns about confidentiality suggest that a biological
lab SRS will require strong confidentiality protections, data
deidentification processes, and other incentives to encourage
reporting, according to lessons learned. In addition, while the
literature suggests anonymous reporting as one solution for minimizing
confidentiality concerns, it is not an ideal one here. The complexity
of biosafety issues would require a mechanism for follow-up with the
worker or reporting entity because interpretation of the incident from
a written report can often differ from interpretation of the incident
from talking with the reporter, according to biosafety specialists.
Biosafety specialists also noted that developing trust in reporting
has the potential to be problematic because of labs' existing
reporting culture. For example, specialists noted the following
influences on lab workers' likelihood of reporting accidents or
incidents:
* realization that there is risk associated with laboratory work;
* difficulty recognizing that an incident has occurred, and knowing
that this incident is reportable;
* disincentives for reporting, such as the threat of punishment for
reporting or concerns about (1) the reputation of both the worker and
the institution, (2) the potential loss of research funds, and (3) the
fact that reporting may take time away from work; and:
* lack of perceived incentives for reporting, such as the failure to
see the value of reporting accidents or incidents, as well as the fact
that lab work may be done alone, which does not provide an incentive
for self-reporting of errors.
Given the confidentiality concerns and other difficulties of
introducing a voluntary reporting system into the biological lab
community, deidentification of safety reports takes on more
importance. For example, according to biosafety specialists at one
university, a primary concern with the establishment of their SRS was
anonymity, especially for those in the agricultural labs. These
researchers were concerned that if their identities became known, they
could suffer from retaliation from organizations opposed to their
research. While the SRS managers chose to make the reports available
to the public via the Web, they also deidentified the reports to
prevent individuals outside the lab community from being able to
identify individuals or specific labs. However, because the university
research community is a small one and lab work is fairly specific, it
is not overly difficult for those in the lab community to determine
who was involved in an incident if a report mentions a particular
pathogen and what was being done with it. As a result,
deidentification measures may have to go beyond simply removing
reporter information. In addition, if deidentification measures are
insufficient for maintaining confidentiality, workers and entities may
need added incentives to encourage reporting in light of the fact that
their identities may become known.
There are several incentives for the lab community to report,
according to biosafety specialists. For example, deidentified SRS data
can enhance the evidentiary foundation for biosafety research since it
provides an extensive, heretofore unavailable data source. Such
analyses benefit the overall lab community by providing greater
evidentiary basis for risk based decisions for--or against--expensive
or burdensome lab safety protocols. In addition, workers' trust in
reporting can be developed over time at the local level, through
rewarding, nonpunitive reporting experiences. The relationship workers
have with the lab's safety staff is central to this effort, according
to biosafety specialists. Trust in an institution's Occupational
Health Service, biosafety officer, or other official responsible for
safety encourages workers to overcome ignorance, reluctance, or
indifference to reporting. Biosafety specialists at one university
credit the success of their nonpunitive SRS to the safety-focused
relationship among the biosafety officer and lab staff. At first,
according to these biosafety specialists, the researchers were afraid
that SRS reports would be used to punish them academically or
professionally. Over time, however, they saw the implementation of a
nonpunitive system that had positive outcomes for safety improvements
in the lab.
While biosafety specialists believed that development of a reporting
culture might be difficult, they offered a number of suggestions for
overcoming reporting barriers, including (1) developing a safety
office in conjunction with the research staff, (2) ensuring continued
interaction and shared conferences on safety issues with researchers
and the biosafety office to show the value of reported information,
and (3) reinforcing the importance of reporting by showing a concern
for the individual that is exposed rather than focusing on punishment.
In addition, the CDC noted the importance of biosafety training, which
is an important part of laboratory safety culture that has an impact
on workers' ability to recognize and report safety issues. This type
of continued support for reporting--as evidenced through positive
feedback, awards, and nonpunitive experiences and training--fosters
trust and willingness to report, according to lessons learned.
In the Context of Existing Information, Lessons Suggest Several
Features for Feedback Mechanisms:
Existing information about the potential goals for a biological lab
SRS and the organizational culture of these labs suggest certain
design and implementation features in the third key area: feedback
mechanisms. Figure 7 shows the relationship of program goals and
organizational culture to this key area.
Figure 7: Third Key Area--Feedback Mechanisms:
[Refer to PDF for image: illustration]
The illustration depicts an interlocking circle of Program Goals and
Organizational Culture, with the following contained inside the circle:
3. Feedback mechanisms:
* Feedback to reporters;
* Feedback to administrators;
* Feedback to industry;
* Feedback for system improvement.
Source: GAO analysis of SRS evaluation literature.
[End of figure]
Lessons Suggest Industry-Level Entities, Such as the CDC or NIH, Can
Facilitate Dissemination of SRS-Based Safety Information across the
Lab Community:
The CDC and NIH--as recognized authorities on working safely with
infectious diseases--disseminate safety information to the entire lab
community. For example, documents such as the BMBL and recombinant DNA
guidelines provide the foundational principles for lab safety
practices; they are updated periodically to reflect new information
about infectious agents and routes of exposure. In addition, the CDC's
MMWR reports provide alerts as emerging safety issues are identified.
Lessons suggest that entities with industrywide visibility and
recognized authority are ideally situated to ensure SRS data and
safety improvement initiatives are disseminated across the industry.
Such entities would be better positioned than individual labs,
facilities, states, or others to disseminate SRS-based alerts or other
safety reports in a way that reaches all labs. In addition, in order
to counter the potential conflicts of interest that can arise with
sharing data across labs, biosafety specialists we spoke with
supported the notion of an "industry-level" entity for disseminating
safety data. In particular, the specialists noted that the typical
reporting relationship between the biosafety officer and lab
management is not independent; this relationship might therefore
inhibit sharing of safety data beyond the individual lab. Thus, a
central, industry-level unit--responsible for collecting and
disseminating SRS reports from either workers or organizations--
minimizes such concerns and facilitates industrywide sharing of SRS
data, according to lessons learned.
SRS data can also support training, which is a key component of
biosafety. These data can provide the experiential basis for specific
safety precautions. For example, one biosafety specialist noted that
staff want to know this information in order to accept the need for
precautions and procedures. Currently, there is no such experiential
database; however, an industry-level entity could facilitate the
creation and maintenance of such a database from SRS data.
Biosafety Specialists Note the Importance of Monitoring Safety Culture:
Some of the biosafety specialists we spoke with noted the importance
of ongoing monitoring of safety culture, for example, through a lab
director's personal investment of time and direct observation and
communication with lab workers. Without such observation and
communication, as well as feedback from workers, managers will remain
unaware of areas where the safety culture is likely to lead to serious
problems. While specialists did not specifically note the need for
formal evaluation to solicit this feedback, lessons learned suggest
that evaluation is useful in this regard. Specifically, evaluation can
help identify (1) problem areas in the safety culture and (2) where
targeted outreach and training or program modification might lead to
better reporting and safety improvement. Such evaluation is important
in ensuring the system is working as effectively as possible,
according to lessons from the literature and case studies.
Conclusions:
Safety reporting systems (SRS) can be key tools for safety improvement
efforts. Such systems increase the amount of information available for
identifying systemic safety issues by offering a means through which
workers can report a variety of events that shed light on underlying
factors in the work environment that can lead to accidents. Our
extensive review of SRS evaluation literature and case studies of SRS
use in three industries provides an empirical, experience-based
foundation for developing a framework for SRS design and
implementation. This framework can be applied across a wide variety of
industrial, organizational, professional, and cultural contexts. The
industries we studied, despite their differences, shared similar
experiences designing and using SRSs for safety improvement. The
commonalities they shared provide the basis for our lessons--the pros
and cons and successes and failures--relating to particular design and
implementation choices across a wide variety of work environments.
However, it is important to recognize the uniqueness of any work
environment. The biological lab community is undoubtedly a unique
working environment and blindly applying an SRS from one industry to
the lab community would be a mistake. This observation underlies the
leading finding among our lessons: in choosing the system features
most appropriate for the environment in which the SRS will operate,
consideration of program goals and organizational culture is
essential. Such consideration provides the context for choosing
features in three key areas of system design and implementation--
reporting and analysis, reporter protections and incentives, and
feedback mechanisms.
The Centers for Disease Control and Prevention (CDC) and Animal and
Plant Health Inspection Service (APHIS) Select Agent Program (SAP)
manage a mandatory reporting system for theft, loss, and release (TLR)
of select agents. Although this system is compliance-based, it can be
used--like the SRSs in our study--to identify systemic safety issues.
In fact, the agencies have taken steps to use the system in this way.
For example, the agencies have dedicated expert resources to manage
the system, developed guidance to clarify reportable events and
procedures to ensure reporter confidentiality, and used information
from the system to provide feedback about safety issues to the select
agent lab community. However, lessons from the literature and case
studies suggest additional actions in assessment and the three key
areas that could further improve reporting and the usefulness of the
system as a source for safety data. These elements include an
assessment of organizational culture, a lower threshold for reportable
events, limited immunity provisions, and mechanisms for international
lesson sharing and evaluation. Through these actions, efforts to
identify areas for system improvement, target outreach and training,
and encourage reporting could be supported.
While other industries have developed industrywide SRSs, one does not
exist for the broader laboratory community. However, recognizing the
potential of such a system for the laboratory community, an
interagency task force on biosafety recommended it and Congress
proposed legislation to develop one. While current safety guidance for
biological labs is based on many years of experience working with
infectious organisms and analyses of laboratory-acquired infections
(LAI), there are some limitations to these data. For example, a widely
recognized limitation is the high rate of under-reporting of LAIs. In
addition, accident and illness data are incomplete, and reported
information usually does not fully describe factors contributing to
the LAIs. Such issues limit the amount of information available for
identification of systemic factors that can lead to accidents. A
national laboratorywide voluntary SRS that is accessible to all labs
and designed around specific goals and organizational culture would
facilitate collection of such data to inform safety improvements.
Analysis of these data could support evidence-based modifications to
lab practices and procedures, reveal problems with equipment use or
design, and identify training needs and requirements.
Establishing such an SRS for the lab community, however, would require
addressing some unique issues. Although our findings suggest that
reporting systems should be tied to program goals and a clear sense of
the organizational culture, this is problematic for biological labs
because they are not a clearly identified or defined population. In
addition, there is no agency or entity with the authority to direct
such assessments across the entire lab community. Proposed federal
legislation, if enacted, would establish a role for an SRS for the lab
community to be administered by the Department of Health and Human
Services (HHS) and the Department of Agriculture (USDA). If HHS and
USDA are directed to develop such an SRS, certain features for the
three key areas are suggested by existing studies, the CDC's and
APHIS's experiences with the TLR reporting system, and biosafety
specialists' knowledge of organizational culture in labs and
experiences with safety reporting. Lessons developed from experiences
with the National Institutes of Health's (NIH) prototype reporting
system for its intramural research labs might inform design and
implementation considerations as well. In addition, stakeholder
involvement in goal setting is particularly important given the issues
related to visibility and oversight of the broader lab population. The
greater the stakeholder involvement, the greater the likelihood the
perspectives of labs with varying environments and cultures will be
represented. Stakeholders may also have knowledge of, and access to,
labs that can support cultural assessments and encourage reporting.
Such assessments are important for understanding differences in
organizational cultures across the diverse types and levels of labs
that could affect choices for system scope and features.
Until a cultural assessment is conducted, existing information about
likely system goals and labs' organizational culture suggests certain
features in the three key areas--reporting and analysis, reporter
protections and incentives, and feedback mechanisms. With respect to
reporting and analysis, a variety of factors suggest voluntary
reporting for labs outside the Select Agent Program, including likely
system goals for learning rather than enforcement and the need to
collect information on incidents and hazards as opposed to serious
accidents. In addition, the lab community's limited experience with
this type of reporting, the diversity of lab environments, and
uncertainty about the reporting population suggest an initially open
classification scheme that allows workers to report events in their
own words, using multimode (Web or postal) and open-format reporting
options that are available to all workers. These options can
facilitate reporting in such situations. Lastly, the advantages and
disadvantages inherent in SRS administration at either the local or
higher level suggest that dual reporting options may be necessary.
Such options--present in different forms in all three case industries--
allow workers to submit reports to whichever level is most comfortable
for them. For example, workers would have the choice of whether to
report to an internal, lab-managed reporting program that feeds data
to a central authority or to an independent, externally managed SRS.
Both of these reporting options will also require strong
confidentiality protections, data deidentification, and other
reporting incentives to foster trust in reporting. Finally, feedback
mechanisms for disseminating safety data or recommendations and
evaluations are needed to promote worker buy-in for reporting,
identify areas for targeted outreach and training, and identify areas
for system improvement.
Matters for Congressional Consideration:
In developing legislation for a national reporting system for the
biological laboratory community, Congress should consider provisions
for the agency it designates as responsible for the system to take
into account the following in design and implementation:
* include stakeholders in setting system goals;
* assess labs' organizational culture to guide design and
implementation decisions;
* make reporting voluntary, with open-reporting formats that allow
workers to report events in their own words and that can be submitted
by all workers in a variety of modes (Web or postal), with the option
to report to either an internal or external entity;
* incorporate strong reporter protections, data deidentification
measures, and other incentives for reporting;
* develop feedback mechanisms and an industry-level entity for
disseminating safety data and safety recommendations across the lab
community; and:
* ensure ongoing monitoring and evaluation of the safety reporting
system and safety culture.
Recommendations for Executive Action:
To improve the system for reporting the theft, loss, and release of
select agents, we recommend that the Centers for Disease Control and
Prevention and Animal and Plant Health Inspection Service Select Agent
Program, in coordination with other relevant agencies, consider the
following changes to their system:
* lower the threshold of event reporting to maximize collection of
information that can help identify systemic safety issues,
* offer limited immunity protections to encourage reporting, and:
* develop (1) mechanisms for sharing safety data for international lab
safety improvement efforts and (2) processes for identifying reporting
gaps and system evaluation to support targeted outreach and system
modification.
Agency Comments and Our Evaluation:
We provided a draft of this report to the Department of Transportation
(DOT), HHS, INPO, NASA, NRC, USDA, and VA for review and comment. In
written comments, the DOT, INPO, NASA, NRC, and VA agreed with our
findings and conclusions and provided technical comments, which we
addressed, as appropriate. The DOT's FAA and NASA also provided
positive comments on the quality of our review. In particular, the FAA
reviewer indicated that it was an excellent report that addressed the
factors that should be considered by an organization planning to
implement a safety reporting system. Similarly, the NASA reviewer
noted that this was an excellent document describing the many aspects
of safety reporting systems, and that it had captured the complexity
and dynamic nature of the SRS approach to obtaining safety information
from the frontline.
In written comments, the HHS noted that GAO's thorough case studies of
long-standing industrywide safety reporting systems would be helpful
when considering the important issue of reporting systems in
biological laboratories. However, the HHS disagreed with two of our
recommendations, and partially agreed with a third, to improve the
theft, loss, and release (TLR) reporting system for select agents.
Specifically, the HHS disagreed with our first recommendation--to
lower the threshold for reportable events to maximize information
collection--noting that their current mandatory reporting thresholds
for the Select Agent Program (SAP) provides sufficiently robust
information. While we appreciate the CDC and APHIS Select Agent
Program's efforts to clarify reporting requirements to ensure all
thefts, losses, and releases are reported, lowering reporting
thresholds could further ensure all relevant reports are received.
With lower reporting thresholds, questionable events are less likely
to go unreported because of confusion about whether to report.
Furthermore, we note that reporting below the currently established
threshold could be voluntary, thereby offering registered entities a
convenient, optional mechanism for sharing identified hazards. This is
similar to the agencies' recently initiated, anonymous fraud, waste,
and abuse reporting system. However, reporting to the TLR system would
enable follow-up and feedback with the reporting lab because of its
confidential, as opposed to anonymous, nature. Lastly, biosafety
specialists we spoke with, as well as HHS staff involved in updating
the BMBL, specifically noted the lack of available data for developing
evidence-based biosafety guidelines. Data collected through the TLR
system--especially if it is more comprehensive--could provide such
data.
The HHS also disagreed with our second recommendation--to offer
limited immunity protections to encourage reporting. While the HHS
agrees that identification of safety issues is important, they believe
they do not have statutory authority to offer limited immunity. The
Public Health Security and Bioterrorism Preparedness and Response Act
of 2002 required the Secretary of HHS to promulgate regulations
requiring individuals and entities to notify HHS and others in the
event of the theft, loss, or release of select agents and toxins.
Violations of the Select Agent Regulations may result in criminal or
civil money penalties. While we do not want to suggest that the HHS
waive these penalties under a limited immunity provision, the Act sets
maximum civil money penalties for Select Agent Regulations violations
at $250,000 for individuals and $500,000 for entities, which provides
the HHS Secretary, now delegated to the HHS Inspector General,
discretion to charge penalties up to those maximum amounts. In
addition, while reporting is required by law, individuals or entities
may be concerned that reporting thefts, losses, or releases may lead
to increased inspections by the CDC or referral to the Inspector
General of the Department of Health and Human Services for
investigation and possible penalties. Therefore, we recommend the CDC,
in conjunction with other pertinent oversight agencies, examine
whether adding limited immunity protections into the TLR reporting
system would ease individuals' and entities' fears of reporting and
encourage them to provide more complete information on thefts, losses,
and releases. One possible way to incorporate limited immunity
protections into the TLR reporting system would be to lower the civil
money penalty for those individuals or entities who properly filed a
TLR report should penalties be appropriate for the theft, loss, or
release being reported. We believe the Secretary of HHS has
sufficiently broad authority under the Public Health Security and
Bioterrorism Preparedness and Response Act of 2002 to provide such
immunity protections. The literature and our case studies identified
limited immunity as a key incentive for reporting, and HHS' Trans-
Federal Task Force on optimizing biosafety and biocontainment
oversight noted the potential of the Aviation Safety Reporting System--
and its associated immunity provisions--as a model for a national SRS
for biological labs.
Lastly, the HHS partially agreed with the third recommendation. While
the agency agreed with the recommendation to develop processes for
identifying reporting gaps and system evaluation to support targeted
outreach and system modification, they disagreed with the
recommendation to share TLR data for international lab safety
improvement efforts. In particular, the HHS notes its lack of
authority to regulate foreign laboratories and suggests such
activities might be better placed elsewhere in the CDC. As the
literature and case studies illustrate, it is important to share
safety lessons as broadly as possible. Sharing TLR lessons does not
involve regulation of foreign labs, so additional authority is not
required. Furthermore, the recommendation is directed to the CDC SAP
because they manage the TLR system. If the CDC SAP wished to delegate
the responsibility for sharing TLR lessons with the international lab
community to another HHS entity, it would satisfy the intent of the
recommendation.
The HHS also commented on the matters for congressional consideration,
for example, suggesting additional matters that fall outside the scope
of this review. The agency disagreed with GAO on several issues, such
as (1) the scope of the recommendations, (2) the extent to which the
biological lab industry might benefit from an SRS, (3) particular SRS
features noted in the matters for congressional consideration, and (4)
reporting thresholds and system management. These general comments and
our responses to them are included in appendix IV. The HHS also
provided technical comments which we addressed, as appropriate.
In written comments, the USDA concurred with our recommendations,
although they noted several disagreements in their detailed responses.
With respect to our first recommendation--to lower reporting
thresholds--the USDA noted, like the HHS, that (1) they believe the
current reporting thresholds (providing 130 reports a year) are
sufficiently robust and (2) APHIS's other monitoring and surveillance
activities are sufficient for monitoring safety and security
conditions in select agent labs. As noted above, we believe that with
lower reporting thresholds, questionable events are less likely to go
unreported because of confusion about whether to report. Furthermore,
we note that reporting below the currently established threshold could
be voluntary, thereby offering registered entities a mechanism for
sharing identified hazards in a system that would enable follow-up and
feedback with reporters. Lastly, data collected through the TLR
system--especially if it is more comprehensive--could provide data for
updates to biosafety guidelines.
In response to our second recommendation--to offer limited immunity
protections--the USDA, like the HHS, believes it lacks statutory
authority to offer such protections. As noted above, we believe the
Secretary of USDA has sufficiently broad authority under the
Agricultural Bioterrorism Protection Act of 2002 to provide such
immunity protections for the TLR reporting system. However, in
recognition that such provisions might require coordination with other
agencies, we added this clarification to the recommendations.
Lastly, in response to our third recommendation--to (1) share TLR data
for international lab safety improvement efforts and (2) identify
reporting gaps and conduct system evaluation--the USDA noted that they
did not believe additional regulatory oversight was needed and that
targeted education and safety training in high-risk areas would likely
be more cost effective. Our recommendation does not suggest any
additional regulatory oversight. It is focused on broadly sharing
lessons learned from the TLR system and on identifying areas--through
analysis of TLR data and evaluation--for targeted outreach and
training and system modification. These actions are methods through
which the USDA can better identify the "high-risk areas" the agency
notes should be targeted for education and training. The USDA also
noted that an example we provided of unreported LAIs demonstrates that
these types of infections are infrequent. However, this is just one
example of LAI underreporting and their consequences. As noted in the
footnote prior to this example, in a review of LAI literature, the
authors identified 663 cases of subclinical infections and 1,267 overt
infections with 22 deaths. The authors also note that these numbers
"represent a substantial underestimation of the extent of LAIs."
[Footnote 88] SRSs are key tools for bringing forward such safety
information--currently recognized as substantially underreported--in
order to benefit the entire industry. USDA's written comments are
included in appendix IV.
As agreed with your offices, unless you publicly announce the contents
of this report earlier, we plan no further distribution until 30 days
from the report date. At that time, we will send copies of this report
to the appropriate congressional committees and other interested
parties. In addition, the report will be available at no charge on the
GAO Web site at [hyperlink, http://www.gao.gov].
If you or your staffs have any questions about this report, please
contact me at (202) 512-2642 or mccoolt@gao.gov. Contact points for
our Offices of Congressional Relations and Public Affairs may be found
on the last page of this report. GAO staff who made major
contributions to this report are listed in appendix V.
Signed by:
Thomas J. McCool:
Director, Applied Research and Methods:
[End of section]
Appendix I: Objectives, Scope, and Methods:
This appendix details the methods we used to identify lessons for
designing and implementing an effective safety reporting system (SRS)
from (1) the literature and (2) case studies of SRSs in the airline,
commercial nuclear power, and health care industries; and apply those
lessons to (3) assess the theft, loss, and release (TLR) reporting
system for the Select Agent Program and (4) suggest design and
implementation considerations for a national SRS for all biological
labs.
To develop lessons from the literature, we used an iterative approach
to search several venues (academic journals, agency and organization
publications, and grey literature) for literature related to human
factors, safety science, and SRS evaluation. We reviewed the
publications generated through automated searches to identify (1)
search terms for additional automated queries and (2) citations for
publications that might be within our scope of interest. We ended the
formal search for additional literature after reaching saturation in
the publications generated from our search (i.e., no or few new
publications). The literature we reviewed generally fell into one of
two categories--safety science (including human factors and
organizational safety) literature and descriptions of SRS features and
evaluations. The safety science literature serves as background
information and was also used to develop familiarity with safety
science terms and theories required for our assessment of the SRS
evaluation literature. The literature related to SRS features and
evaluations was used to develop lessons for the first objective. We
assessed the SRS evaluation literature for both methodological rigor
and findings related to SRS design and implementation. For the
methodological review, we assessed the appropriateness of the methods
relative to the study objectives for all articles, and a sample (about
half) received a secondary, independent review of methodological
rigor. Studies that met our standards of methodological rigor were
incorporated into the assessment, and findings related to system
goals, cultural considerations, reporting and analysis features,
reporter protections and incentives, and feedback mechanisms were
coded to identify effective features and processes for SRS design and
implementation. See the Bibliography of Articles Used to Develop SRS
Lessons from the Literature for a list of the literature used to
develop these lessons.
To develop lessons from case studies of three industries, we (1)
reviewed studies and documentation on a variety of SRSs in the three
industries; (2) interviewed agency and organization officials
knowledgeable about safety science and human factors engineering,
reporting systems, and their own SRS programs; and (3) attended a
variety of SRS and safety conferences. We chose to focus on the
aviation, commercial nuclear power, and health care industries because
they are moderate-to high-risk industries that represent a variety of
(1) organizational cultures, (2) length of experience using SRSs for
safety improvement, and (3) feature and design choices in their SRS
programs. While we collected information on a wide variety of safety
reporting programs and systems in these industries--and in some cases
comment on these different programs--we primarily developed our
lessons from one reporting program in each of the three industries.
Specifically, we developed lessons from the Federal Aviation
Administration's (FAA) National Aeronautic and Space Administration
(NASA)-run Aviation Safety Reporting System (ASRS) in aviation, the
Institute of Nuclear Power Operation's (INPO") Significant Event
Evaluation-Information Network (SEE-INŽ) system in commercial nuclear
power, and the VA's internally managed Patient Safety Information
System (PSIS) and NASA-managed Patient Safety Reporting System (PSRS)
in VA health care. We chose to focus on these systems because they
represent fairly long-standing, nonregulatory, domestic, industrywide
or servicewide reporting programs. For example, NASA's ASRS has been
in operation for 34 years; INPO's SEE-IN, for 30 years; and VA's PSIS
and PSRS, for 10 years. Although we primarily developed our lessons
from these key SRSs, we also collected information on other notable
SRSs in the industries, including the Nuclear Regulatory Commission's
(NRC) Allegations Program, the FAA's Aviation Safety Action Program
(ASAP), and the Agency for Healthcare Research and Quality's (AHRQ)
Patient Safety Organizations (PSO) program, among others.
To assess the TLR reporting system, we interviewed agency officials,
reviewed agency and other documentation, and applied lessons from the
literature and case studies to these findings. Specifically, using a
standard question set, we interviewed HHS officials from the
Coordinating Center for Infectious Disease, Office of Health and
Safety, and Division of Select Agents and Toxins, and received
responses to our question set from the USDA's Animal and Plant Health
Inspection Service (APHIS). In addition, we attended an agency
conference on select agent reporting and reviewed documents from this
conference and from the National Select Agent Registry (NSAR) Web
site, detailing TLR reporting requirements and scenarios. We also
reviewed GAO testimony and reports on previously identified TLR
reporting issues. Using the lessons for SRS design and implementation
derived from the literature and case studies, we applied these
criteria to identify areas for TLR improvements.
To propose design and implementation considerations for a national
biological laboratory reporting system, we reviewed studies and other
reports on biosafety, interviewed HHS officials and domestic and
international biosafety specialists, attended conferences on biosafety
and incident reporting, and applied lessons from the literature and
case studies to these findings. We interviewed HHS officials and
biosafety specialists to get a sense of the culture-related context
for, and potential barriers to, an SRS for biological labs.
Specifically, we used a standardized question set to gather
specialists' views about overall design and implementation
considerations for a labwide reporting program, as well as how lab
culture and safety orientation (1) vary by level and type of lab; (2)
affect reporting under current requirements; and (3) might affect
reporting to a national biological lab SRS.
We conducted this performance audit from March 2008 through September
2010 in accordance with generally accepted government auditing
standards. Those standards require that we plan and perform the audit
to obtain sufficient, appropriate evidence to provide a reasonable
basis for our findings and conclusions based on our audit objectives.
We believe that the evidence obtained provides a reasonable basis for
our findings and conclusions based on our audit objectives.
[End of section]
Appendix II: Summary of Lessons from the Literature and Case Studies:
Area: System goals and organizational culture;
Lessons from the literature:
(1) Define overarching program goals and subgoals up front;
(2) Involve stakeholders (e.g., management, industry groups,
associations, and workers) in development of program goals and SRS
design to increase support among key populations;
(3) Assess organizational culture to guide system design choices in
the three key areas;
(4) Ensure that reporters and system administrators receive adequate
training regarding the function and application of the reporting
system;
Lessons from case studies:
(1) Assessment, dedicated resources, and management focus are needed
to understand and improve safety culture;
(1a) Assessing safety culture can alert management to workplace safety
issues;
(1b) Improving safety culture requires dedicated resources, including
time, training, and staff investment;
(1c) Changing safety culture requires management focus.
Area: Reporting and analysis;
Lessons from the literature:
Level of event:
(1) Base the decision for mandatory or voluntary reporting on (a) the
level of event of interest and (b) whether the SRS will be used
primarily for enforcement or learning;
(2) Set reporting thresholds that are not so high that reporting is
curtailed, nor so low that the system is overwhelmed by the number and
variety of reportable events;
Lessons from case studies:
(2) Broad reporting thresholds, experience-driven classification
schemes, and processing at the local level can be useful SRS features
in industries new to safety reporting;
(2a) Broad thresholds and open reporting are useful features when
starting an SRS.
Area: Reporting and analysis;
Lessons from the literature:
Event classification;
(1) Develop classification schemes and associated terms that are
clear, easy to understand, and easy to use by drawing on terms already
well understood in the industry;
(2) Test whether classification terms are clearly understood by
different groups in the organization;
(3) Allow sufficient flexibility to (a) avoid narrowing the scope of
reporting in a way that limits all events of interest at the chosen
level of event, (b) allow different sites--if multiple sites will be
reporting to the same system--to adapt fields and elements to match
their own organizational culture, and (c) capture different types of
events and precursors as they can change over time;
(4) Develop a classification scheme that best suits analytical
requirements and the comfort level of the organizational culture with
safety reporting and safety event terms;
Lessons from case studies:
(2b) Encouraging workers to report incidents in their own words
facilitates reporting initially.
Area: Reporting and analysis;
Lessons from the literature: Mode and format;
(1) Base decisions about report mode on (a) the accessibility of the
mode to the reporting population and (b) workers' concerns about and
willingness to report;
(2) Base decisions about report formats on the (a) type of data needed
for analysis, (b) capabilities of the reporting population, and (c)
maturity of existing safety event classification schemes within the
industry.
Area: Reporting and analysis;
Lessons from the literature: System administration;
(1) Base the decision for internal or external system administration
on (a) workers' degree of concern over punishment and confidentiality
and (b) the availability of internal expertise and resources to
analyze and encourage reporting;
(2) Base decisions about who will be allowed to report on (a)
awareness of reporting hierarchies and (b) the type of information
desired for analysis;
Lessons from case studies: (2c) Reporting options with some local-
level processing facilitates reporting initially.
Area: Reporting and analysis;
Lessons from the literature: Analysis;
(1) Use a report prioritization process to quickly and efficiently
address key safety issues as they arise;
(2) Align analysis decisions with (a) report formats, (b) system
administration and location of technical expertise, and (c)
availability of other relevant data needed for analysis.
Area: Reporter protections and incentives;
Lessons from the literature: Confidentiality and anonymity:
(1) Base the choice between anonymity and confidentiality on (a)
organizational culture, especially workers' degree of concern about
punishment and confidentiality, and (b) the amount of detail required
for analysis and whether it can be collected without follow-up;
(2) Consider a hybrid system in which confidential and anonymous
reporting are used simultaneously if there is conflict between
organizational culture and data need;
Data deidentification:
(1) Develop data deidentification measures to support confidentiality
and data-sharing efforts;
Limited immunity:
(1) Consider limited immunity provisions to increase the reporting
incentive;
Lessons from case studies: (3) Strong legal protections and incentives
encourage reporting and help prevent confidentiality breaches.
Area: Feedback mechanisms;
Lessons from the literature: Feedback;
(1) Provide direct feedback to reporters to foster worker-specific buy-
in for reporting;
(2) Provide regular, timely, and routine feedback--for example in the
form of newsletters, e-mail alerts, Web sites, and searchable
databases--to support overall organizational buy-in for reporting;
(3) Provide positive feedback to managers who receive a high volume of
reports to demonstrate the importance of reporting and counteract the
perception that error reporting reflects poorly on management;
Evaluation:
(1) Use the data to identify reporting gaps for targeted outreach and
training;
(2) Evaluate the effectiveness of the SRS to support ongoing
modification and improvement;
Lessons from case studies: (4) A central, industry-level unit
facilitates lesson sharing and evaluation.
Source: GAO analysis of SRS literature and case studies.
[End of table]
[End of section]
Appendix III: Comments from the Department of Health and Human
Services:
Note: GAO comments supplementing those in the report text appear at
the end of this appendix.
Department Of Health & Human Services:
Office Of The Secretary
Assistant Secretary for Legislation:
Washington, DC 20201:
August 16, 2010:
Tom McCool, Director:
Applied Research and Methods:
U.S. Government Accountability Office:
441 G Street N.W.
Washington, DC 20548:
Dear Mr. McCool:
Attached are comments on the U.S. Government Accountability Office's
(GAO) report entitled: "Biological Laboratories: Design and
Implementation Considerations for Safety Reporting Systems" (GA0-10-
850).
The Department appreciates the opportunity to review this report
before its publication.
Sincerely,
Signed by:
Jim Esquea:
Assistant Secretary for Legislation:
Attached:
[End of letter]
General Comments Of The Department Of Health And Human Services (HHS)
On The Government Accountability Office's (GAO) Draft Report Entitled.
"Biological Laboratories: Design And Implementation Considerations For
Safety Reporting Systems" (GA0-10-850):
We appreciate GAO's review of this important issue. HHS is committed
to improving biosafety in laboratories across the United States. This
draft report from GAO thoroughly outlines examples of safety reporting
systems in other industries, which is helpful in considering how to
improve safety reporting systems in biological laboratories.
Scope of Draft Report:
This report addresses two separate but related issues”safety reporting
for biological laboratories in general and the theft, loss, and
release reporting system for laboratories that are subject to the
Select Agent Regulations (42 CFR part 73, 9 CFR part 121, and 7 CFR
part 331). The issues, challenges, and implementation considerations
are related, but not interchangeable. We note that the safety
reporting programs chosen by the GAO for their case study represented
fairly longstanding, non-regulatory, domestic, industry wide reporting
programs.
Though the draft GAO report addresses broad issues for consideration
in implementing a safety reporting system for all biological
laboratories in the United States, the recommendations do not
logically follow from the data presented in the report, as the
recommendations are only focused on the Select Agent Programs at the
Centers for Disease Control and Prevention (CDC) and the United States
Department of Agriculture's Animal and Plant Health Inspection Service
(APHIS). The narrow scope of the recommendations raises concerns that
the GAO views the mission of the Select Agent Programs as including a
responsibility to improve biosafety at all U.S. laboratories. The GAO
report should recognize that the scope of the statutory authority for
the Select Agent Programs is limited to the oversight of biosafety at
registered entities and that creation of a new regulatory safety
reporting system would require new authority and resources. [See
comment 1]
The premise of the report is that a new, highly comprehensive, and
presumably costly reporting system is necessary for the U.S.
Government and research community to understand the etiology and
consequences of, as well as preventative strategies for, laboratory
accidents: NIII does not believe that this is the ease. Under the
current reporting requirements of the Select Agent Program (SAP) and
the NIH Guidelines for Research Involving Recombinant DNA Molecules,
there is likely sufficient data to perform the kinds of analyses that
arc described in the GAO report. It would, however, necessitate
sharing the reported information between the two programs and
supporting a common analysis, something that is not currently done. It
makes more sense to begin with the Federal Government sharing and
analyzing data already collected under current requirements. To the
extent warranted by the need for additional data, the Government could
then assess the need for a more universal incident-reporting system.
[See comment 2]
Furthermore, the characteristics of the reporting system advocated in
the report”one that would he accessible to all and utilize free-form
reporting”would greatly undermine the quality of the data and only
frustrate efforts to conduct meaningful analyses and draw specific
conclusions. While appreciating the arguments for a system that is
accessible and encourages reporting, these particular approaches to
achieving those aims pose innumerable problems, such as unintelligible
reports, redundant data, lack of quality control, and unreliable
statistics that, in the end, would preclude meaningful trend analysis
and improvements to specific institutional settings, and thus
result in a system that provides little marginal value for what is
likely to he a major investment.
Scope of Safety Reporting Systems:
In the draft report, GAO notes the need to understand the safety
culture in laboratories. GAO realizes that the occupational setting
varies widely from clinical laboratories to research laboratories. We
encourage GAO to recognize that the design of a safety reporting
system or systems for biological laboratories should be targeted to
the specific types of laboratories that will be subject to this system
(i.e., clinical laboratories vs. research laboratories), in order to
design an appropriate reporting system. [See comment 4]
This draft report proposes a national safety reporting system and
notes that some institutions already require safety reporting within
the institution. We encourage GAO to clarify the scope of the proposed
system (to he less confusing to those who already have local safety
reporting requirements), and specify that they are describing a
"national" safety reporting system when referring to the national
system. [See comment 5]
Threshold for Reporting:
We believe that the GAO confuses the Select Agent Programs' "theft,
loss, and release" reporting requirements with a laboratory safety
reporting system. The Select Agent Programs' statutory authority only
requires that registered entities report actual releases of select
agents or toxins "causing occupational exposure or release of a select
agent or toxin outside of the primary barriers of the biocontainment."
While the Select Agent Programs urge, and registered entities for the
most do, the reporting of accidents and incidents that might have
resulted in a release (it being better to confirm that an accident or
incident did not result in a release than not properly report a
release), it is only a violation of the Select Agent regulations if an
actual release goes unreported. The presumption that lowering the
threshold for reportable events would lessen the confusion about what
to report should be discussed in the context that there is no national
system for reporting and correspondingly no standard for what that
"threshold" might be. This could be an area for additional
exploration. [See comment 6]
Considerations for Implementing a Safety Reporting System vs. Deciding
to Create Such a System:
GAO's draft report points out those things that should be considered
in implementing a safety reporting system for all biological
laboratories, but does not fully assess the merit of deciding to
create and implement such a system. Resources and the relative
priority of such a system as compared to other things that can improve
biosafety in all biological laboratories must be considered before a
decision is made to create such a system. The federal government needs
a greater understanding of opportunity costs and potential benefits
before deciding to pursue such a system as compared to other biosafety
improvements. [See comment 7]
Accordingly, we recommend that the Matters for Congressional
Consideration section include resources and the relative priority of
implementing a safety reporting system as compared to other biosafety
improvements as additional matters for Congressional consideration.
Also, should a decision be made to create a voluntary safety reporting
system for all biological laboratories, there will have to be careful
consideration of which federal entity will be responsible for
implementing the system. Laboratories and laboratorians that are not
currently subject to the Select Agent Regulations may be hesitant to
voluntarily report incidents to a regulatory body (i.e., the CDC and
APHIS Select Agent Programs). If a safety reporting system were the
responsibility of the CDC and APHIS Select Agent Programs, this may
reduce voluntary reporting. GAO recognizes this concern on page 64 of
the draft report. Accordingly, we recommend that the Matters for
Congressional Consideration section include consideration of the
specific type of program (i.e., regulatory vs. non-regulatory) that
should be adopted as a safety reporting system. [See comment 8]
There is also potential for confusion about mandatory versus voluntary
reporting. The NIH is concerned that compliance with mandatory
reporting requirements may go down because lab personnel think that
all reporting is voluntary, or that if a reportable incident was
entered into the voluntary system that it would suffice for the
mandatory reporting to the SAP or NIH. [See comment 9]
Comments on Recommendations:
To improve the system for reporting the theft, loss, and release of
select agents, we recommend that CDC and APHIS consider the following
changes to their system:
Recommendation 1: Lower the threshold of event reporting to maximize
collection of information that can help identify systemic safety issues.
CDC disagrees with.this recommendation. The CDC and APHIS Select Agent
Programs provide registered entities with guidance on the defined
triggers for reporting a possible theft, loss, or release, to help
ensure that they are not in violation of the Select Agent Regulations'
requirement to report actual releases. We believe that the current
thresholds provide a sufficiently robust information flow to monitor
safety incidents in regulated laboratories, without imposing an excess
reporting burden on the regulated community. [See section: Agency
Comments and Our Evaluation]
The triggers are:
* Occupational exposure: Any event that results in any person in a
registered entity facility or laboratory not being appropriately
protected in the presence of an agent or toxin. This may include
reasonably anticipated skin, eye, mucous membrane, or parenteral
contact with blood or other potential infectious materials that may
result from the performance of a person's duties. For example, a
sharps-related injury from a needle being used in select agent or
toxin work would be considered an occupational exposure.
* Release: A discharge of a select agent or toxin outside the primary
containment barrier due to a failure in the containment system, an
accidental spill, occupational exposure, or a theft. Any incident that
results in the activation of a post exposure medical
surveillance/prophylaxis protocol should be reported as a release.
- Primary containment barriers are defined as specialized items
designed or engineered for the capture or containment of hazardous
biological agents. Examples include biological safety cabinets,
trunnion centrifuge cups, and aerosol-containing blenders. For the
purposes of assessing a potential select agent release, the laboratory
room may be considered a primary containment barrier in facilities
meeting the requirements of biosafety level-4 (BSL-4) or BSL-3Ag as
described in the 5th edition of the Centers for Disease Control and
Prevention/National Institutes of Health (CDC/NIH) Biosafety in
Microbiological or Biomedical Laboratories manual.
In 2008, the CDC and APHIS Select Agent Programs provided enhanced
guidance to the regulated community regarding the reporting of
releases of Select agents or toxins.[Footnote 1] This guidance
includes examples of reportable incidents and scenarios that can be
used by the regulated community to help them identify when they have a
reportable incident.[Footnote 2] Since this guidance was published,
the CDC Select Agent Program has experienced an increase in the
reporting of incidents from the regulated community. We currently
receive approximately 130 reports per year. Although we have seen a
dramatic increase in the number of reports of incidents, our follow-up
investigations have detected little to no increases in confirmed
releases.
Though GAO focused only on safety reporting systems as a way to
strengthen biosafety, the CDC Select Agent Program uses other
mechanisms to monitor safety conditions in facilities working with
select agents and toxins. These mechanisms help ensure that biosafety
incidents arc prevented and, when incidents occur, they are reported
and assessed promptly. Assistance also is provided to meet the
biosafety requirements of the Select Agent Regulations.
The mechanisms are summarized below:
Biosafety Planning Training, and Inspections:
The Select Agent Regulations (See 42 C.F.R. 73.12) require an entity
to develop and implement a written biosafety plan that is commensurate
with the risk of the agent or toxin, given its intended use and to
provide biosafety training for all individuals working or visiting
laboratories. The training must address the particular needs of the
individual, the work they will do, and the risks posed by the select
agents or toxins.
All registered laboratories also must undergo a biosafety inspection
by the Programs as a condition for registration and on a routine basis
thereafter. The Select Agent Programs may also perform non-routine
inspections at registered entities at any time to verify the
resolution of findings from a routine inspection, to authorize work in
a new building, to investigate a laboratory-acquired infection or
other significant incident, or to resolve any other concern that the
Select Agent Programs may have.
Surveillance of Exempted Laboratories for Thefts Losses and Releases:
While clinical and diagnostic laboratories arc exempt from the Select
Agent Regulations (42 C.F.R. 73.5, 73.6), they are required, to report
any identified select agents contained in a specimen presented for
diagnosis, verification, or proficiency testing to the CDC or APHIS
Select Agent Program. In addition to the reporting requirement when a
select agent is identified, the select agent must be secured against
theft, loss, or release during the period between identification and
final disposition. In.the event that a release has occurred, exempted
laboratories-must report this release.to the CDC or APHIS Select Agent
Program. Any reports of possible theft, loss, or release from exempted
laboratories are investigated by the Select Agent Programs.
Outreach and Guidance:
The CDC and APHIS Select Agent Programs provide guidance and support
to assist registered laboratories in meeting their biosafety
requirements. Each regulated entity is assigned a file -manager to
assist the entity in maintaining its registration. The file manager is
available by phone, fax, or e-mail to the entity's responsible
official to answer questions and provide advice on maintaining the
entity's registration. hi addition, the Select Agent Programs maintain
the National Select Agent Registry (NSAR) website
(www.selectagents.gov) with up-to-date information, including guidance
documents, biosafety and security checklists based on national
standards, other resource materials, and an e-mail link for questions
or requests. Since 2008, the Select Agent Programs have hosted an
annual workshop to inform individuals of their legal responsibilities
for implementing the select agent regulations. The last workshop was
held on June 15, 2010 in Sparks, NV and included a session on the
"Inspection Trends and Best Practices for Preventing Occupational
Exposures and Biocontainment Breaches."
Recommendation 2: Offer limited immunity protections to encourage
reporting.
CDC disagrees with this recommendation, as the CDC Select Agent
Program currently lacks the statutory authority required to offer
limited immunity protection as recommended by GAO. Further, we are not
aware of any analysis assessing the merit of limited immunity
protections as a means to encourage reporting. In accordance with the
HHS. Select Agent Regulations, the CDC Select Agent Program refers non-
compliance issues, such as a significant biosafety or security
concern, to the Department of Health & Human Services, Office of
Inspector General (HHS-OIG) for further investigation and enforcement
(e.g., assessment of civil money penalties). [See section: Agency
Comments and Our Evaluation]
However, CDC agrees with the GAO that the identification of safety
issues is important and that laboratorians should have an anonymous
way to report safety concerns. On April 26, 2010, the CDC and APHIS
Select Agent Programs established an anonymous means for reporting
select agent safety and security issues through the HHS-OIG fraud,
waste, and abuse hotline. This hotline is now available for anyone to
anonymously report safety or security, issues related to select agents
and toxins. Our communication outreach efforts for this hotline have
included sending an c-mailed notification to all responsible officials
and alternate responsible officials, posting information regarding the
hotline on an international biosafety listserver, and discussing the
hotline at the Select Agent Workshop held on June 15, 2010.
Information for accessing the hotline is also available on the
national select agent website (www.selectagents.gov).
Recommendation 3: Develop (1) mechanisms for using safety data for
international lab safety improvements efforts and (2) processes for
identifying reporting gaps and system evaluation to support targeted
outreach and system modification. [See section: Agency Comments and
Our Evaluation]
For part 1 of this recommendation, CDC agrees that helping to improve
international laboratory biosafety is an important activity for CDC as
a whole, but disagrees that this should be a specific responsibility
for the CDC Select Agent Program. The CDC agrees with part 2 of this
recommendation. In the final report, we recommend that GAO clarify the
scope of the recommendation and to whom this recommendation is
directed (as the recommendations as a whole arc currently only
directed at the CDC and APHIS Select Agent Programs).
The CDC and APHIS Select Agent Programs' statutory authority to
regulate individuals and entities that possess, use, or transfer
select agents does not include the authority to regulate laboratories
outside the United States. Accordingly, the Select Agent Programs do
not receive theft, loss, or release reports from foreign laboratories.
Due to the scope of its statutory authority, the Select Agent Programs
are not the appropriate programs to focus on improving international
biosafety efforts. Other federal government entities (which could
include programs in CDC and APHIS other than the Select Agent
Programs) would be a more appropriately responsible for such efforts.
For example, as a co-publisher of Biosafety in Microbiological and
Biomedical Laboratories (currently in its 5d' edition), CDC already
has one key mechanism for using safety data for international
laboratory safety improvement. CDC also funds and is working with the
World Health Organization to update its Laboratory Biosafety Manual.
The CDC also provides biosafety training in a variety of countries
(through its Global Aids Program funding and the Office of Health and
Safety staff) and uses the compiled safety data to assist those
counties to improve biosafety. compliance.
As for the CDC Select Agent Program, it is working with international
partners to increase collaboration on mutual matters of interest.
Since 2007, the CDC Select Agent Program has participated in two
multinational meetings with biosafety regulators from Canada, the
United Kingdom, Australia, Germany, Switzerland, Brazil, Singapore,
Japan, and the World Health Organization. The Select Agent Program
plans to continue its engagement with this group, and utilize this
forum for data-driven discussions an biosafety improvements.
For part 2 of the recommendation, we are taking the following actions
as noted in HHS' response to the recommendations in the GAO report
High-Containment Laboratories: Coordinated National Oversight is
Needed (GAO-09-574):
"HHS also agrees that lessons learned from laboratory accidents should
be synthesized and shared with the broader laboratory community. The
APHIS/CDC Form 3 collects information on thefts, losses, and releases
of select agents. CDC will work with APHIS to synthesize the data that
have been gathered about releases in laboratories registered with the
select agent programs, and it will publish and share this analysis in
a public report. Please note that HHS and USDA have the ability to
gather such data only for laboratories that work with select agents. A
separate mechanism must be identified to gather information about
releases in laboratories that do not work with select agents."
Sharing such information publicly will help inform both domestic and
international laboratory biosafety improvements.
Footnotes:
[1] Section 73.19 of Title 42, Code of Federal Regulations
(Notification of theft, loss, or release) requires that upon discovery
of a release of an agent or toxin causing occupational exposure or
release of a select agent or toxin outside of the primary barriers of
the biocontainment area, an individual or entity must immediately
notify CDC or APHIS.
[2] A previous GAO report (High-Containment Laboratories: Coordinated
National Oversight is Needed; GAO-09-574) recommended that the Select
Agent Programs develop "a clear definition of exposure." The theft,
loss, and release guidance document was updated with additional
examples in 2010, to respond to this GAO recommendation.
The following are GAO's comments on the Department of Health and Human
Services' letter, dated August 16, 2010.
GAO Comments:
1. We disagree. We do understand that the scope of statutory authority
for the Select Agent Program is limited to registered entities. That
is why our recommendations for improvements to the TLR program are
directed to the CDC and APHIS, while recommendations for a national
SRS for all labs are directed to Congress through matters for
consideration. We do not make recommendations for the national SRS to
the CDC or APHIS because they do not have authority for labs outside
the Select Agent Program.
Furthermore, the recommendations, as well as the matters for
congressional consideration, are directly linked and logically follow
from the data presented in the report. This report has two objectives
(the third and fourth) related to an SRS for biological labs and two
sets of recommendations that flow from those objectives. We have
structured our report this way because we recognize that the statutory
authority for the Select Agent Program is limited to the oversight of
biosafety at registered entities and that creation of a new safety
reporting system would require new authority and resources, in
particular:
* Objective 3--applying lessons from SRS literature and case studies
to assess the theft, loss, and release (TLR) reporting system, part of
the Select Agent Program--focuses on the TLR system, and thus applies
to only registered entities and associated labs. The recommendations
derived from this review of the TLR system are directed to the CDC and
APHIS Select Agent Program because they have the statutory authority
for this system.
* Objective 4--applying lessons from SRS literature and case studies
to suggest design and implementation considerations for a national
safety reporting system--applies to all biological laboratories, in
particular those outside the Select Agent Program. Because there is
currently no agency with specific authority for such a system to whom
we could direct recommendations, they are directed to Congress through
Matters for Congressional Consideration.
2. We disagree. We recognize that implementation of any program has
costs. However, evidence from the literature indicates that the
benefits of an SRS can far outweigh the costs; this position was also
endorsed by experts from the three case study industries. While we
certainly encourage the NIH and CDC Select Agent Program efforts to
share information that is currently reported, assessing the
sufficiency of existing data was not within the scope of this
engagement. In its comments to an earlier report on oversight of high-
containment labs (GAO-09-574), the HHS agreed with our recommendation
that lessons learned should be synthesized and shared with the broader
community. They further noted that while the HHS and USDA have the
ability to gather such data for laboratories registered with the
Select Agent Program, a separate mechanism must be identified to
gather information about releases in laboratories that do not work
with select agents. A national SRS for all biological laboratories is
such a mechanism. In addition, the Trans-federal Task Force on
Optimizing Biosafety and Biocontainment Oversight--co-chaired by the
HHS and USDA--recommended a new voluntary, nonpunitive incident-
reporting system, and pending legislation in both the House and Senate
would establish such a system. For these reasons, we did not revisit
the issue of whether a nationwide SRS for biological labs is
necessary. Instead, we agreed to examine the literature and SRSs in
other industries to support effective design and implementation of
such a system, should it be established.
3. The concerns raised here do not accurately characterize the message
and matters conveyed in the report, and are not supported by evidence
from the literature and our case studies. Specifically, (1) our
recommendation to allow workers to report in their own words does not
equate to "free-form reporting." Rather, it relates to how errors are
classified and labeled and where in the process that should take
place. (See sections "Lesson 2: Broad Reporting Thresholds, Experience-
Driven Classification Schemes, and Processing at the Local Level Are
Useful Features in Industries New to Safety Reporting" and
"Encouraging Workers to Report Incidents in Their Own Words
Facilitates Reporting Initially" for further detail.) In commenting on
this issue, an internationally recognized SRS expert at NASA noted
that, while highly structured reporting forms may decrease the
analytical workload, the data quality is largely sacrificed for this
false sense of efficiency. Requiring the reporter to also be the
analyst--evaluating aspects of the event--creates unreliable
assessments because of the variability in workers' perspectives. Open-
field narrative has the best hope of providing insights that are
largely unknown by personnel who invent the structured questions.
Consequently, allowing workers to report in their own words and
applying error classifications at the analytical level serve to
improve, rather than degrade, data quality.
In addition, an SRS does not inherently produce unintelligible
reports, redundant data, lack of quality control, and unreliable
statistics. One of our key messages is that determining system goals--
such as for specific analytical capabilities or means to identify
specific locations or groups--is essential to do up front, in order to
select system features compatible with these goals. In the section
"Program Goals and Organizational Culture Guide Safety Reporting
System Design and Implementation in Three Key Areas," we describe the
pros and cons of different system features and how choices for
specific features should logically flow from system goals and
assessment of organizational culture. We have recommended, for
congressional consideration, certain features for a national SRS for
biological labs that appear best aligned with existing information
about system goals and lab culture.
4. The importance of culture in SRS design and implementation is
foundational in our report, and is reflected in our graphics,
findings, conclusions, and matters for congressional consideration.
5. We agree that this is a useful clarification and have made this
change, as appropriate, throughout the report.
6. We do not confuse the TLR with a safety reporting system. We are
aware that the system serves a regulatory function, and recognize this
in the body of the report. However, we also recognize that this is not
a dichotomy--the TLR's regulatory function does not preclude its
usefulness as a safety tool. In fact, we commend the CDC and APHIS
Select Agent Program for recognizing the TLR's potential beyond its
mere regulatory function. In particular, in the section "The CDC and
APHIS have Taken Steps to Improve the Usefulness of the TLR Reporting
System; Lessons from the Literature and Case Studies Suggest
Additional Steps," we comment on the agencies' recognition of the
system's usefulness for providing safety improvement data and our
recommendations reflect enhancements to the system for this purpose.
In addition, while we agree that a national reporting system might
address the issue of capturing events (such as near misses or
identified hazards) that are below the threshold for reporting to the
TLR system, no such system currently exists. Consequently, the TLR
system is the only system ideally situated to capture this information.
7. We recognize that implementation of any program has costs. However,
evidence from the literature indicates that the benefits of an SRS can
far outweigh the costs, a position that was also endorsed by experts
from the three case study industries. We agree that dedicating
resources is essential to successfully implement an SRS program, and
this is reflected in the first lesson derived from the case studies--
"Assessment, dedicated resources, and management focus are needed to
understand and improve safety culture." However, it is outside the
scope of this report to add a matter for congressional consideration
to assess the relative priority of implementing a safety reporting
system as compared to other biosafety improvements. See also comment
#2 above, in response to HHS's earlier remark about evaluating
whether, and not how, to develop a national SRS for biological labs.
8. We agree this is an important consideration. In the section "Level
of Event: The Severity of Events Captured Generally Determines Whether
an SRS Is Mandatory or Voluntary," we note that mandatory reporting is
generally preferred when program goals are focused on enforcement of
regulations. Serious events--such as accidents resulting in injuries
or deaths--are typically the level of event collected in mandatory
SRSs, whereas voluntary reporting is generally preferred when learning
is the goal. The purpose of a national SRS for all labs would likely
be for learning rather than compliance because the SAP program,
through the TLR system, already manages the regulatory function for
the most dangerous pathogens. Accordingly, it is logical that a
national SRS for all biological labs would be a voluntary,
nonregulatory system.
9. Evidence from the literature and our case studies does not support
this argument. While we appreciate the NIH's concerns about the
clarity of reporting requirements, we found that mandatory and
voluntary systems are often employed concurrently--sometimes
independently and sometimes in complementary roles--because programs
face the dual requirements of regulating and promoting safety
improvement. In order to ensure appropriate levels of reporting,
however, we also note the importance of setting clear goals and
reporting thresholds for each system and communicating reporting
requirements to the lab community. In addition, evaluation is an
important tool for identifying and addressing such problems.
Consequently, we recommended evaluation for both the TLR system and
the national SRS for biological labs.
[End of section]
Appendix IV: Comments from the Department of Agriculture:
USDA:
United States Department of Agriculture:
Office of the Secretary:
Washington, D.C. 20250:
August 30, 2010:
Ms. Rebecca Shea:
Assistant Director:
United States Government Accountability Office:
441 G Street, NW:
Washington, DC 20548:
Dear Ms. Shea:
The United States Department of Agriculture (USDA) has reviewed the
U.S. Government Accountability Office's (GAO) draft report,
"Biological Laboratories: Design and Implementation Considerations for
Safety Reporting Systems" (10-850), and appreciates the opportunity to
comment on this report. Thank you for your review of this important
issue. While we concur with the Recommendations for USDA, we offer the
following perspectives on our ongoing and planned activities to
address these Recommendations.
GAO Recommendation:
To improve the system for reporting the theft, loss, and release of
select agents, we recommend that CDC and APHIS consider the following
changes to their system: lower the threshold of event reporting to
maximize collection of information that can help identify systemic
safety issues.
USDA Response:
Section 331.19 of Title 7 and Section 121.19 of Title 9, Code of
Federal Regulations (Notification of theft, loss, or release) requires
that upon discovery of a release of an agent or toxin causing
occupational exposure or release of a select agent or toxin outside of
the primary barriers of the biocontainment area, an individual or
entity must immediately notify Centers for Disease Control (CDC) or
the Animal and Plant Health Inspection Service (APHIS). In 2008, the
APHIS and CDC Select Agent Programs provided enhanced guidance to the
regulated community regarding the reporting of releases of select
agents or toxins. This guidance includes examples of reportable
incidents and scenarios that can be used by the regulated community to
help them identify when they have a reportable incident. Key
definitions in this guidance document are as follows:
* Occupational exposure: Any event which results in any person in a
registered entity facility or lab not being appropriately protected in
the presence of an agent or toxin. This may include reasonably
anticipated skin, eye, mucous membrane, or parenteral contact with
blood or other potential infectious materials that may result from the
performance of a person's duties. For example, a sharps injury from a
needle being used in select agent or toxin work would be considered an
occupational exposure.
* Primary containment barriers: Specialized items designed or
engineered for the capture or containment of hazardous biological
agents. Examples include biological safety cabinets, trunnion
centrifuge cups, and aerosol-containing blenders. For the purposes of
assessing a potential select agent release, the laboratory room may be
considered a primary containment barrier in facilities meeting the
requirements of biosafey biocontainments level-4 (BSL-4) or BSL-3Ag as
described in the 5th edition of the Centers for Disease Control and
Prevention/National Institutes of Health (CDC/NIH) Biosafety in
Microbiological or Biomedical Laboratories manual.
* Release: A discharge of a select agent or toxin outside the primary
containment barrier due to a failure in the containment system, an
accidental spill, occupational exposure, or a theft. Any incident that
results in the activation of a post exposure medical
surveillance/prophylaxis protocol should be reported as a release.
Since this guidance was published, the APHIS and. CDC Select Agent
Programs have experienced a greater than 10-fold increase in the
reporting of theft, loss, or release incidents from the regulated
community. We currently receive approximately 130 reports annually
from the approximately 381 registered entities. Although we have seen
a dramatic increase in the number of reports of theft, loss, and
release incidents, our follow-up investigations have detected little
to no increases in confirmed thefts, losses, or releases. For these
reasons, we believe that the current thresholds provide a sufficiently
robust information flow to monitor safety and security incidents,
without imposing an excess reporting load on the regulated community.
In addition to the theft, loss, and release.reporting system, the
APHIS Select Agent Program uses other mechanisms to monitor safety and
security conditions in facilities working with select agents. These
other systems are summarized as follows:
Monitoring biosafety/biocontainments through the Select Agent Program
Inspections:
The Select Agent Program regulatory oversight of laboratories
registered to possess, use, or transfer select agents and/or toxins
includes biosafety/biocontainment. See 7CFR 331.12 and 9 CFR 121.12.
All registered laboratories must undergo a biosafety/biocontainment
inspection by the Select Agent Program as a condition for registration
and on a routine basis thereafter. The Select Agent Program may also
perform non-routine inspections at registered entities at any time to
verify the resolution of findings from a routine inspection, to
authorize work in a new building, to investigate a laboratory-acquired
infection or other significant incident, or to resolve any other
concern that the Select Agent Program may have.
Surveillance of Exempted Laboratories:
The select agent regulations (7 CFR 331.5 and 9 CFR 121.5 and 9 CFR
121.6) exempt clinical or diagnostic laboratories from the requirement
of the select agent regulations for so long as they take the specific
actions required and/or meet the specific conditions prescribed.
Clinical or diagnostic laboratories and other entities (exempted
laboratories) that have identified select agents and toxins contained
in a specimen presented for diagnosis, verification, or proficiency
testing are required by the select agent regulations to report this
identification to Select Agent Program by completing APHIS/CDC Form 4,
Report of the Identification of a Select Agent or Toxin. In addition
to the reporting requirement, the identified select agent or toxin
must be secured against theft, loss, or release during the period
between identification and final disposition. In the event that a
release has occurred, the laboratories must report this release using
APHIS/CDC Form 3. Since the isolation of a select agent has the
potential for significant public health implications, diagnostic
laboratories typically send these isolates to registered reference
laboratories for confirmation. Upon confirmation, the registered
laboratory files an APHIS/CDC Form 4 with the Select Agent Program,
which includes contact information for the submitting laboratory. The
Select Agent Program then follows up with the submitting laboratory,
and any other laboratory in the transfer chain, to determine if the
laboratories have met the requirements outlined in 7 CFR 331.5 and 9
CFR 121.5 and 9 CFR 121.6, including biosafety/biocontainment.
Outreach:
The APHIS/CDC Select Agent Programs provide guidance and support to
assist registered laboratories in meeting their
biosafety/biocontainment requirements. Each regulated entity is
assigned a file manager to assist the entity in maintaining its
registration. The file manager is available by phone, FAX, or Email to
the entity's responsible official during normal business hours to
answer questions and provide advice on maintaining the entity's
registration. In addition, the APHIS/CDC Select Agent Program
maintains the National Select Agent Registry (NSAR) website
(www.selectagents.gov) with up to date information, including guidance
documents, biosafety and biocontainment and security checklists based
on national standards, other resource materials, and an e-mail link
for questions or requests. Since 2008, the APHIS/CDC Select Agent
Program has hosted annual workshops to inform individuals of their
legal responsibilities for implementing the select agent regulations.
The last workshop was held June 15, 2010 in Sparks, Nevada and
included a session on the "Inspection Trends and Best Practices for
Preventing Occupational Exposures and Biocontainment Breaches."
GAO Recommendation:
To improve the system for reporting the theft, loss, and release of
select agents, we recommend that CDC and APHIS consider the following
changes to their system: offer limited immunity protections to
encourage reporting.
USDA Response:
The APHIS/CDC Select Agent Programs agree that the identification of
safety issues is important. On April 26, 2010, Select Agent Program
established a confidential means for reporting select agent safety and
security issues through the United States Department of Agriculture,
Office of Inspector General fraud, waste, and abuse hotline. This
hotline is now available for anyone to anonymously report safety or
security issues related to select agents and toxins. Our communication
outreach efforts for this hotline have included sending an mailed
notification to all responsible officials and alternate responsible
officials, posting information regarding the hotline on an
international biosafety/biocontainment listserver, and discussing the
hotline at the Select Agent Workshop held on June 15, 2010.
InfOrmation for accessing the hotline is also available on the
national select agent website (www.selectagents.gov).
In accordance with the APHIS Select Agent Regulations, the APHIS
Select Agent Program refers non-compliance issues, such as a
significant biosafety/biocontainment or security concern, to the APHIS
Investigative and Enforcement Service (IES) for further investigation
and enforcement (e.g., assessment of civil money penalties). APHIS,
IES, USDA, OIG and HHS, OIG work collaboratively on non-compliance
issues that cross departmental jurisdictions. The APHIS Select Agent
Program lacks the specific statutory authority required to offer
limited immunity protections as recommended by GAO.
GAO Recommendation:
To improve the system for reporting the theft, loss, and release of
select agents, we recommend that CDC and APHIS consider the following
changes to their system: develop (1) mechanisms for using safety data
for international lab safety improvements efforts and (2) processes
for identifying reporting gaps and system evaluation to support
targeted outreach and system modification.
USDA Response:
USDA appreciates the intent of GAO's recommendation in this critical
area Further, USDA appreciates GAO's highlighting of the risk involved
in working in laboratories that handle human pathogens. As the draft
report makes clear, the safety of personnel is and must be paramount
importance in those settings. USDA firmly agrees with that position.
Indeed, APHIS' processes, procedures, and oversight of safety have
been and will remain a priority. It is unclear, however, based on the
data presented in the report, that additional regulatory oversight is
required in the area of safety. As the report indicates, data suggest
that injury and illness rates for these labs are below that of general
industry. While deaths have occurred, the numbers are low despite the
risk of working with human pathogens. The draft report cites the
deaths of 2 laboratory workers in 2000 and notes that a review
indicated 14 previously unreported cases resulting in 8 deaths. While
those statistics provide additional useful perspective, it is
important to note that those 14 cases occurred over the previous 15
years worldwide. This data demonstrates that these types of infections
are infrequent. APHIS and CDC laboratory personnel always strive to
improve safety. However, it is not clear that adding more regulatory
oversight will significantly affect conditions. Anonymous reports, for
example, may have their own inherent problems, such as erroneous
reports from uninformed employees that will still require follow-up.
Targeted education and safety training in high risk areas would likely
have the same or better effect, at a fraction of the cost. USDA and
APHIS will continue to prioritize laboratory safety. Thank you for
allowing us the opportunity to comment on this report.
Sincerely,
Signed by:
Edward Avalos:
Under Secretary:
Marketing and Regulatory Programs:
[End of section]
Appendix V: GAO Contact and Staff Acknowledgments:
GAO Contact:
Thomas J. McCool, (202) 512-2642 or mccoolt@gao.gov:
Staff Acknowledgments:
In addition to the contact named above, Rebecca Shea, Assistant
Director; Amy Bowser; Barbara Chapman; Jean McSween; Laurel Rabin; and
Elizabeth Wood made major contributions to this report.
[End of section]
Bibliography of Articles Used to Develop SRS Lessons from the
Literature:
Aagaard, L., B. Soendergaard, E. Andersen, J. P. Kampmann and E. H.
Hansen. "Creating Knowledge About Adverse Drug Reactions: A Critical
Analyis of the Danish Reporting System from 1968 to 2005." Social
Science & Medicine, vol. 65, no. 6 (2007): 1296-1309.
Akins, R. B. "A Process-centered Tool for Evaluating Patient Safety
Performance and Guiding Strategic Improvement." In Advances in Patient
Safety: From Research to Implementation, 4,109-125. Rockville, Md:
Agency for Healthcare Research and Quality, 2005.
Anderson, D. J. and C. S. Webster. "A Systems Approach to the
Reduction of Medication Error on the Hospital Ward." Journal of
Advanced Nursing, vol. 35, no. 1 (2001): 34-41.
Arroyo, D. A. "A Nonpunitive, Computerized System for Improved
Reporting of Medical Occurrences." In Advances in Patient Safety: From
Research to Implementation, 4, 71-80. Rockville, Md.: Agency for
Healthcare Research and Quality, 2005.
Bakker, B. "Confidential Incident Reporting Systems For Small Aviation
Communities on a Voluntary Basis." Aviation Safety (1997): 790-720.
Baldwin, I., U. Beckman, L. Shaw and A. Morrison. "Australian
Incidence Monitoring Study in Intensive Care: Local Unit Review
Meetings and Report Management." Anaesthesia and Intensive Care, vol.
26, no. 3 (1998): 294-297.
Barach, P. and S. D. Small. "Reporting and Preventing Medical Mishaps:
Lessons from Non-medical Near Miss Reporting Systems." British Medical
Journal, 320 (2000): 759-763.
Battles, J. B., H. S. Kaplan, T. W. Van der Schaaf and C. E Shea. "The
Attributes of Medical Event-Reporting Systems: Experience with a
Prototype Medical Event-Reporting System for Transfusion Medicine."
Archives of Pathology & Laboratory Medicine, vol. 122, no. 3 (1998):
231-238.
Battles, J. B., N. M. Dixon, R. J. Borotkanics, B. Rabin-Fastmen and
H. S. Kaplan. "Sensemaking of Patient Safety Risks and Hazards."
Health Services Research, vol. 41, no. 4 (2006): 1555-1575.
Beaubien, J. M. and D. P. Baker. "A Review of Selected Aviation Human
Factors Taxonomies, Accident/Incident Reporting Systems, and Data
Reporting Tools." International Journal of Applied Aviation Studies,
vol. 2, no. 2 (2002): 11-36.
Beckett, M. K., D. Fossum, C. S. Moreno, J. Galegher and R. S. Marken.
"A Review of Current State-Level Adverse Medical Event Reporting
Practices Toward National Standards." RAND Health: Technical Report.
2006.
Berkowitz, E. G., M. E. Ferrant, L. B. Goben, K. E. McKenna, and J. L.
Robey. "Evaluation of Online Incident Reporting Systems." Duke
University School of Nursing (2005): 1-27.
Billings, C. E. Some "Hopes and Concerns Regarding Medical Event-
Reporting Systems." Archives of Pathology & Laboratory Medicine, vol.
122, no. 3 (1998): 214-215.
Bloedorn, E. Mining Aviation Safety Data: A Hybrid Approach. The MITRE
Corporation, 2000.
Braithwaite, J., M. Westbrook, and J. Travaglia. "Attitudes Toward the
Large-scale Implementation of an Incident Reporting System."
International Journal for Quality in Health Care, vol. 20, no. 3
(2008): 184-191.
Centers for Disease Control and Prevention. CDC Workbook on
Implementing a Needlestick Injury Reporting System. 2008.
Chidester, T. R. Voluntary Aviation Safety Information-Sharing
Process: Preliminary Audit of Distributed FOQA and ASAP Archives
Against Industry Statement of Requirements. DOT/FAA/AM-07/7. A report
prepared at the request of the Federal Aviation Administration. 2007.
Clarke, J. R. "How a System for Reporting Medical Errors Can and
Cannot Improve Patient Safety." The American Surgeon, vol. 72, no. 11
(2006): 1088-1091.
Connell, L. J. Cross-Industry Applications of a Confidential Reporting
Model, 139-146. Washington D.C.: National Academy of Engineering, 2004.
Council of Europe: Expert Group on Safe Medication Practices. Creation
of a Better Medication Safety Culture in Europe: Building Up Safe
Medication Practices. P-SP-PH/SAFE. 2006.
Dameron, J. and L. Ray. Hospital Adverse Event Reporting Program: an
Initial Evaluation. Oregon Patient Safety Commission, 2007.
Daniels, C. and P. Marlow. Literature Review on the Reporting of
Workplace Injury Trends. HSL/2005/36. Buxton, Derbyshire, UK: Health
and Safety Laboratory, 2005.
Department of Defense. Assistant Secretary of Defense for Health
Affairs. Military Health System Clinical Quality Assurance Program
Regulation. DoD 6025.13-R. 2004.
Desikan, R., M. J. Krauss, W. Claiborne Dunagan, E. C. Rachmiel, T.
Bailey, and V. J. Fraser. "Reporting of Adverse Drug Events:
Examination of a Hospital Incident Reporting System." In Advances in
Patient Safety: From Research to Implementation, 1, 145-160.
Rockville, Md.: Agency for Healthcare Research and Quality, 2005.
Evans, S. M., J. G. Berry, B. J. Smith, A. Esterman, P. Selim, J.
O'Shaughnessy and M. DeWit. "Attitudes and Barriers to Incident
Reporting: A Collaborative Hospital Study." Quality and Safety in
Health Care, 15 (2006): 39-43.
Fernald, D. H., W. D. Pace, D. M. Harris, D. R. West, D. S. Main and
J. M. Westfall. "Event Reporting to a Primary Care Patient Safety
Reporting System: A Report from the ASIPS Collaborative." Annals of
Family Medicine, vol. 2, no. 4 (2004): 327-332.
Flack, M., T. Reed, J. Crowley, and S. Gardner. "Identifying,
Understanding, and Communicating Medical Device Use Errors:
Observations from an FDA Pilot Program." In Advances in Patient
Safety: From Research to Implementation, 3, 223-233. Rockville, Md.:
Agency for Healthcare Research and Quality, 2005.
Flink, E., C. L. Chevalier, A. Ruperto, P. Dameron, F. J. Heigel, R.
Leslie, J. Mannion and R. J. Panzer. "Lessons Learned from the
Evolution of Mandatory Adverse Event Reporting Systems." In Advances
in Patient Safety: From Research to Implementation, 1-4, 135-151.
Rockville, Md.: Agency for Healthcare Research and Quality, 2005.
Flowers, L. and T. Riley. State-based Mandatory Reporting of Medical
Errors: An Analysis of the Legal and Policy Issues. National Academy
for State Health Policy, 2001.
Frey, B., V. Buettiker, M. I. Hug, K. Waldvogel, P. Gessler, D.
Ghelfi, C. Hodler and O. Baenziger. Does Critical Incident Reporting
Contribute to Medication Error Prevention?" European Journal of
Pediatrics, vol. 161, no. 11 (2002): 594-599.
Ganter, J. H., C. D. Dean, and B. K. Cloer. Fast Pragmatic Safety
Decisions: Analysis of an Event Review Team of the Aviation Safety
Action Partnership. SAND2000-1134. Albuquerque, N.M.: Sandia National
Laboratories, 2000.
Gayman, A. J., A. W. Schopper, F. C. Gentner, M. C. Neumeier, and W.
J. Rankin. Crew Resource Management (CRM) Anonymous Reporting System
(ARS) Questionnaire Evaluation. CSERIAC Report CSERIAC-RA-96-003. 1996.
Global Aviation Information Network (GAIN) Working Group E. "A Roadmap
to a Just Culture: Enhancing the Safety Environment." Flight Safety
Digest, vol. 24, no. 3 (2005): 1-48.
Grant, M. J. C. and G. Y. Larsen. "Effect of an Anonymous Reporting
System on Near-miss and Harmful Medical Error Reporting in a Pediatric
Intensive Care Unit." Journal of Nursing Care Quality, vol. 22, no. 3
(2007): 213-221.
Harper, M. L. and R. L. Helmreich. "Identifying Barriers to the
Success of a Reporting System. Advances." In Advances in Patient
Safety: From Research to Implementation, 3, 167-179. Rockville, Md.:
Agency for Healthcare Research and Quality, 2004.
Hart, C. A. "Stuck on a Plateau: A Common Problem." In Accident
Precursor Analysis and Management: Reducing Technological Risk Through
Diligence, 147-154. Phimister, J. R., V. M. Bier, and H. C.
Kunreuther, Eds. Washington, D.C.: National Academies Press, 2004:
Holden, R. J. and B.-T. Karsh. "A Review of Medical Error Reporting
System Design Considerations and a Proposed Cross-Level Systems
Research Framework." Human Factors; the Journal of the Human Factors
Society, vol. 49, no. 2 (2007): 257-276.
Holzmueller, C. G., P. J. Pronovost, F. Dickman, D. A. Thompson, A. W.
Wu, L. H. Lubomski, M. Fahey, D. M. Steinwachs, L. Engineer, A.
Jaffrey, et al. "Creating the Web-based Intensive Care Unit Safety
Reporting System." Journal of the American Medical Informatics
Association, vol. 12, no. 2 (2005): 130-139.
International Atomic Energy Agency. The IAEA/NEA Incident Reporting
System: Using Operational Experience to Improve Safety.
International Atomic Energy Agency. Safety Culture. A Report by the
International Nuclear Safety Advisory Group. Safety Series: 75-INSAG-
4. International Nuclear Safety Advisory Group, 1991.
Johnson, C. "Software Tools to Support Incident Reporting in Safety-
Critical Systems." Safety Science, vol. 40, no. 9 (2002): 765-780.
Kaplan, H. and P. Barach. "Incident Reporting: Science or
Protoscience? Ten Years Later." Quality and Safety in Health Care,
vol. 11, no. 2 (2002): 144-145.
Kaplan, H., J. Battles, Q. Mercer, M. Whiteside and J. Bradley. A
Medical Event Reporting System for Human Errors in Transfusion
Medicine, 809-814. Lafayette, Ind.: USA Publishing, 1996.
Kaplan, H.S. and B. R. Fastman. "Organization of Event Reporting Data
for Sense Making and System Improvement." Quality and Safety in Health
Care, vol. 12 (2003): ii68-ii72.
Khuri, S. F. "Safety, Quality, and the National Surgical Quality
Improvement Program." The American Surgeon, vol. 72, no. 11 (2006):
994-998.
Krokos, K. J. and D. P. Baker. Development of a Taxonomy of Causal
Contributors for Use with ASAP Reporting Systems, 1-59. American
Institutes for Research, 2005.
Leape, L. L. Reporting of Adverse Events. The New England Journal of
Medicine, vol. 347, no. 20 (2002): 1633-1639.
Lee, R. The Australian Bureau of Air Safety Investigation, in Aviation
Psychology: A Science and a Profession, 229-242. U.K.: Ashgate
Publishing, 1998.
Martin, S. K., J. M. Etchegaray, D. Simmons, W. T. Belt and K. Clark.
Development and "Implementation of The University of Texas Close Call
Reporting System." Advances in Patient Safety, vol. 2 (2005): 149-160.
Morters, K., and R. Ewing. "The Introduction of a Confidential
Aviation Reporting System into a Small Country." Human Factors Digest,
vol. 13 (1996): 198-203.
Murff, H. J., D. W. Byrne, P. A. Harris, D. J. France, C. Hedstrom,
and R. S. Dittus. "'Near-Miss' Reporting System Development and
Implications for Human Subjects Protection." In Advances in Patient
Safety: From Research to Implementation, 3, 181-193. Rockville, Md.:
Agency for Healthcare Research and Quality, 2005.
Nakajima,K., Y. Kurata and H. Takeda. "A Web-based Incident Reporting
System and Multidisciplinary Collaborative Projects for Patient Safety
in a Japanese Hospital." Quality and Safety in Health Care, vol. 14
(2005): 123-129.
National Academy of Engineering of the National Academy. 2004. "The
Accident Precursors Project: Overview and Recommendations." In
Accident Precursor Analysis and Management: Reducing Technological
Risk Through Diligence, 1-34. Phimister, J. R., V. M. Bier, and H. C.
Kunreuther, Eds. Washington, D.C.: National Academies Press, 2004.
National Aeronautics and Space Administration. ASRS: The Case for
Confidential Incident Reporting Systems. Pub 60. 2001.
National Transportation Safety Board. Current Procedures for
Collecting and Reporting U.S. General Aviation Accident and Activity
Data. NTSB/SR-05/02. 2005.
Nguyen, Q.-T., J. Weinberg, and L. H. Hilborne. "Physician Event
Reporting: Training the Next Generation of Physicians." In Advances in
Patient Safety: From Research to Implementation, 4, 353-360.
Rockville, Md.: Agency for Healthcare Research and Quality, 2005:
Nielsen, K. J., O. Carstensen, K. and Rasmussen. "The Prevention of
Occupational Injuries in Two Industrial Plants Using an Incident
Reporting Scheme." Journal of Safety Research, vol. 37 (2006): 479-486.
Nřrbjerg, P. M. "The Creation of an Aviation Safety Reporting Culture
in Danish Air Traffic Control." CASI (2003): 153-164.
Nosek, Jr., R. A., J. McMeekin, and G. W. Rake. 2005. "Standardizing
Medication Error Event Reporting in the U.S. Department of Defense."
In Advances in Patient Safety: From Research to Implementation, 4, 361-
374. Rockville, Md.: Agency for Healthcare Research and Quality, 2005.
O'Leary, M. J and S. L. Chappell. Early Warning: Development of
Confidential Incident Reporting Systems. NASA Center for AeroSpace
Information, 1996.
Page, W. D., E. W. Staton, G. S. Higgins, D. S. Main, D. R. West and
D. M. Harris. "Database Design to Ensure Anonymous Study of Medical
Errors: A Report from the ASIPS Collaborative." Journal of the
American Medical Informatics Association, vol. 10, no. 6 (2003): 531-
540.
Patankar, M. S. and J. Ma. "A Review of the Current State of Aviation
Safety Action Programs in Maintenance Organizations." International
Journal of Applied Aviation Studies, vol. 6. no. 2 (2006): 219-233.
Phillips, R. L., S. M. Dovey, J. S. Hickner, D. Graham and M. Johnson.
"The AAFP Patient Safety Reporting System: Development and Legal
Issues Pertinent to Medical Error Tracking and Analysis." In Advances
in Patient Safety: From Research to Implementation, 3, 121-134.
Rockville, Md.: Agency for Healthcare Research and Quality, 2005.
Phimister, J. R., V. M. Bier and H. C. Kunreuther. "Flirting with
Disaster." Issues in Science and Technology (2005).
Pronovost, P. J., B. Weast, C. G. Holzmueller, B. J. Rosenstein, R. P.
Kidwell, K. B. Haller, E. R. Feroli, J. B. Sexton, and H. R. Rubin.
"Evaluation of the Culture of Safety: Survey of Clinicians and
Managers in an Academic Medical Center." Quality and Safety in Health
Care, vol. 12, no. 6 (2003): 405-410.
Ramanujam, R., D. J. Keyser and C. A. Sirio. "Making a Case for
Organizational Change in Patient Safety Initiatives." In Advances in
Patient Safety: From Research to Implementation, 2, 455-465.
Rockville, Md.: Agency for Healthcare Research and Quality, 2005.
Raymond, B. and R. M. Crane. Design Considerations for Patient Safety
Improvement Reporting System. Kaiser Permanente Institute for Health
Policy, NASA Aviation Safety Reporting System, and The National
Quality Forum, 2000.
Rejman, Michael H. Confidential Reporting Systems and Safety-Critical
Information, 397-401. Columbus, Ohio: Ohio State University, 1999.
Reynard, W.D., C.E. Billings, E.S. Cheaney and R. Hardy. The
Development of the NASA Aviation Safety Reporting System, Pub 34. NASA
Reference Publication, 1986.
Ricci, M., A. P. Goldman, M. R. de Leval, G. A. Cohen, F. Devaney and
J. Carthey. "Pitfalls of Adverse Event Reporting in Pediatric Cardiac
Intensive Care." Archives of Disease in Childhood, 89 (2004): 856-859.
Ruchlin, H. S., N. L. Dubbs, M. A. Callahan and M. J. Fosina. "The
Role of Leadership in Installing a Culture of Safety: Lessons from the
Literature." Journal of Healthcare Management, vol. 49, no. 1 (2004):
47-59.
Schleiffer, S. C. "We Need to Know What We Don't Know." International
Air Safety Seminar, 35 (2005): 333-340.
Snijders, C., R. A. van Tingen, A .Molendijk, and W. P. F. Fetter.
"Incidents and Errors in Neonatal Intensive Care: A Review of the
Literature." Archives of Disease in Childhood, Fetal and Neonatal
Editon, vol. 92, no. 5 (2007): 391-398.
Staender, S., J. Davies, B. Helmreich, B. Sexton and M. Kaufmann. "The
Anaethesia Critical Incident Reporting System: An Experience Based
Dataset." International Journal of Medical Informatics, vol. 47, no. 1-
2 (1997): 87-90.
Stainsby, D., H. Jones, D. Asher, C. Atterbury, A. Boncinelli, L.
Brant, C. E. Chapman, K. Davison, R. Gerrard, A. Gray et al. "Serious
Hazards of Transfusion: A Decade of Hemovigilance in the UK."
Transfusion Medicine Reviews, vol. 20, no. 4 (2006): 273-282.
Stalhandske, E., J. P. Bagian, and J. Gosbee. "Department of Veterans
Affairs Patient Safety Program." American Journal of Infection
Control, vol. 30, no. 5 (2002): 296-302.
Stump, L. S. "Re-engineering the Medication Error-Reporting Process:
Removing the Blame and Improving the System." American Journal of
Health-System Pharmacy, vol. 57, no. 24 (2000): S10-S17.
Suresh, G., J. D. Horbar, P. Plsek, J. Gray, W. H. Edwards, P. H.
Shiono, R. Ursprung, J. Nickerson, J. F. Lucey, and D. Goldmann.
"Voluntary Anonymous Reporting of Medical Errors for Neonatal
Intensive Care." Pediatrics, 113 (2004): 1609-1618.
Tamuz, M. "Learning Disabilities for Regulators: The Perils of
Organizational Learning in the Air Transportation Industry."
Administration & Society, 33 (2001): 276-302.
Tamuz, M. and E. J. Thomas. "Classifying and Interpreting Threats to
Patient Safety in Hospitals: Insights from Aviation." Journal of
Organizational Behavior, 27 (2006): 919-940.
Taylor, J. A., D. Brownstein, E. J. Klein, and T. P. Strandjord.
"Evaluation of an Anonymous System to Report Medical Errors in
Pediatric Inpatients." Journal of Hospital Medicine, vol. 2, no. 4
(2007): 226-233.
Tuttle, D., R. Holloway, T. Baird, B. Sheehan, and W. K. Skelton.
"Electronic Reporting to Improve Patient Safety." Quality and Safety
in Health Care, 13 (2004): 281-286.
U.S. Department of Energy. Office of Environment, Safety and Health.
Occurrence Reporting and Processing of Operations Information. DOE
231.1-2. 2003.
U.S. Nuclear Regulatory Commission. Working Group on Event Reporting.
Final Report of the Working Group on Event Reporting. 2001.
Ulep, S. K. and S. L. Moran. 2005. "Ten Considerations for Easing the
Transition to a Web-based Patient Safety Reporting System." In
Advances in Patient Safety: From Research to Implementation, 3, 207-
222. Rockville, Md.: Agency for Healthcare Research and Quality.
Underwood, P. K (LTC). Medical Errors: An Error Reduction Initiative,1-
75. U.S. Army--Baylor University Graduate Program in Healthcare
Administration, 2001.
van der Schaaf, T. W. and L. Kanse. Checking for Biases in Incident
Reporting, 119-126. Washington D.C.: National Academy of Engineering,
2004.
van der Schaaf, T. W. "Medical Applications of Industrial Safety
Science." Quality and Safety in Health Care, vol. 11, no. 3 (2002):
205-206.
Wallace, B., A. Ross and J. B. Davies. "Applied Hermeneutics and
Qualitative Safety Data: The CIRAS Project." Human Relations, vol. 56,
no. 5 (2003): 587-607.
Webster, C. S. and D. J. Anderson. "A Practical Guide to the
Implementation of an Effective Incidence Reporting Scheme to Reduce
Medication Error on the Hospital Ward." International Journal of
Nursing Practice, vol. 8, no. 4 (2002): 176-183.
Weinberg, J., L. H. Hilborne, Q.-T. Nguyen. "Regulation of Health
Policy: Patient Safety and the States." In Advances in Patient Safety:
From Research to Implementation, 1, 405-422. Rockville, Md.: Agency
for Healthcare Research and Quality, 2005.
Weiner, B. J., C. Hobgood, and M. Lewis. "The Meaning of Justice in
Safety Incident Reporting." Social Science & Medicine, vol. 66, no. 2
(2008): 403-413.
Wiegmann, D. A. and T.L. von Thaden. The Critical Event Reporting Tool
(CERT); Technical Report. University of Illinois at Urbana-Champaign:
Aviation Research Lab, Institute of Aviation. ARL-01-7/FAA-01-2. 2001.
Wilf-Miron, R., I. Lewenhoff, Z. Benyamini, and A. Aviram. "From
Aviation to Medicine: Applying Concepts of Aviation Safety to Risk
Management in Ambulatory Care." Quality and Safety in Health Care,
vol.12, no. 1 (2003): 35-39.
Wu, A. W, P. Pronovos and L. Morlock. "ICU Incident Reporting
Systems." Journal of Critical Care, vol. 17, no. 2 (2002): 86-94.
Yong, K. "An Independent Aviation Accident Investigation Organization
in Asia Pacific Region--Aviation Safety Council of Taiwan."
International Air Safety Seminar Proceedings, 173-180. 2000.
[End of section]
Bibliography of Other Literature Used in the Report:
Barhydt, R. and C. A. Adams. Human Factors Considerations for Area
Navigation Departure and Arrival Procedures. A report prepared for
NASA. 2006.
Besser, R. E. Oversight of Select Agents by the Centers for Disease
Control and Prevention. Testimony before Subcommittee on Oversight and
Investigations, Committee on Energy and Commerce, United States House
of Representatives. 2007:
Center for Biosecurity. University of Pittsburgh Medical Center.
Response to the European Commission's Green Paper on Bio-preparedness.
2007.
Gronvall G. K., J. Fitzgerald, A. Chamberlain, T. V. Inglesby, and T.
O'Toole. "High-Containment Biodefense Research Laboratories: Meeting
Report and Center Recommendations." Biosecurity and Bioterrorism:
Biodefense Strategy, Practice, and Science, vol. 5, no. 1 (2007): 75-
85.
Gronvall G. K. Germs, Viruses, and Secrets: The Silent Proliferation
of Bio-Laboratories in the United States. University of Pittsburgh
Medical Center, Center for Biosecurity, 2007.
Gronvall G. K., J. Fitzgerald, T.V. Inglesby, and T. O'Toole.
"Biosecurity: Responsible Stewardship of Bioscience in an Age of
Catastrophic Terrorism." Biosecurity and Bioterrorism: Biodefense
Strategy, Practice, and Science, vol. 1, no. 1 (2003): 27-35.
Hallbert, B., R. Boring, D. Gertman, D. Dudenhoeffer, A. Whaley, J.
Marble, J. Joe, and E. Lois. Human Event Repository and Analysis
(HERA) System, Overview, vol 1. Idaho National Laboratory, U.S.
Nuclear Regulatory Commission, Office of Nuclear Regulatory Research.
NUREG/CR-6903, 2006.
Hallbert, B and A. Kolaczkowski, eds. The Employment of Empirical Data
and Bayesian Methods in Human Reliability Analysis: A Feasibility
Study. Office of Nuclear Regulatory Research, United States Nuclear
Regulatory Commission. NUREG/CR-6949. 2007.
Hallbert, B., A. Whaley, R. Boring, P. McCabe and Y. Chang. Human
Event Repository and Analysis (HERA): The HERA Coding Manual and
Quality Assurance, vol 2. Idaho National Laboratory, U.S. Nuclear
Regulatory Commission, Office of Nuclear Regulatory Research. NUREG/CR-
6903. 2007.
Harding, A. L. and K. B. Byers. "Epidemiology of Laboratory-Associated
Infections." In Biological Safety: Principles and Practices, Third
Edition, 35-56. Fleming, D. O. and D. L. Hunt, eds. Washington D.C.:
ASM Press, 2000.
Helmreich, R. L. "On Error Management: Lessons from Aviation." British
Medical Journal, vol. 320, no. 7237 (2000): 781-785.
Helmreich, R.L., and A. C. Merritt. Culture at Work in Aviation and
Medicine: National, Organizational, and Professional Influences.
Brookfield VT: Ashgate Publishing, 1998.
Kortepeter, M. G., J. W. Martin, J. M. Rusnak, T. J. Cieslak, K. L.
Warfield, E. L. Anderson, and M. V. Ranadive. "Managing Potential
Laboratory Exposure to Ebola Virus Using a Patient Biocontainment Care
Unit." Emerging Infectious Diseases. (2008).
Lentzos, F. "Regulating Biorisk: Developing a Coherent Policy Logic
(Part II)." Biosecurity and Bioterrorism: Biodefense Strategy,
Practice, and Science, vol. 5, no. 1 (2007): 55-61.
Lofstedt, R. "Good and Bad Examples of Siting and Building Biosafety
Level 4 Laboratories: A Study of Winnipeg, Galveston and Etobicoke."
Journal of Hazardous Materials, 93 (2002): 47-66.
Miller, D. and J. Forester. Aviation Safety Human Reliability Analysis
Method (ASHRAM). Sandia National Laboratories. SAND2000-2955. 2000.
Minnema, D. M. Improving Safety Culture: Recognizing the Underlying
Assumptions. Powerpoint presentation for the ISM Workshop, Defense
Nuclear Facilities Safety Board, 2007.
National Academy of Public Administration for the Federal Aviation
Administration. A Review of the Aviation Safety Reporting System: A
Report. 1994.
Newsletter of the European Biosafety Association. Biosafety
Organisation in Spain. EBSA 2001 Newsletter, vol. 1, no. 3 (2001).
Paradies, M., L. Unger, P. Haas, and M. Terranova. Development of the
NRC's Human Performance Investigation Process (HPIP). NUREG/CR-5455.
System Improvements, Inc. and Concord Associates, Inc.,1993.
Patankar, M. S. and E. J. Sabin. Safety Culture Transformation in
Technical Operations of the Air Traffic Organization: Project Report
and Recommendations. St. Louis, Mo.: Saint Louis University, 2008.
Patankar, M. S. A "Study of Safety Culture at an Aviation
Organization." International Journal of Applied Aviation Studies, vol.
3, no. 2 (2003): 243-258.
Patankar, M. S., J. P. Brown, and M. D. Treadwell. Safety Ethics:
Cases from Aviation, Healthcare, and Occupational and Environmental
Health. Aldershot, U.K.: Ashgate Publishing, 2005.
Patankar, M. S. and D. Driscoll. "Preliminary Analysis of Aviation
Safety Action Programs in Aviation Maintenance." Proceedings of the
First Safety Across High-Consequence Industries Conference, St. Louis,
Mo., 97-102. 2004.
Patankar, M.S. and J. C. Taylor. Risk Management and Error Reduction
in Aviation Maintenance. Aldershot, U.K.: Ashgate Publishing, 2004.
Patankar, M. S., T. Bigda-Peyton, E. Sabin, J. Brown, and T. Kelly. A
Comparative Review of Safety Cultures. St. Louis, Mo.: Saint Louis
University, 2005.
Peterson, L.K., E. H. Wight, and M.A. Caruso. "Evaluating Internal
Stakeholder Perspectives on Risk-Informed Regulatory Practices for the
Nuclear Regulatory Commission." Paper presented at the WM '03
Conference, Tuscon Ariz., 2003.
Pounds, J. and A. Isaac. Development of an FAA-EUROCONTROL Technique
for the Analysis of Human Error in ATM. DOT/FAA/AM-02/12. Federal
Aviation Administration, Office of Aerospace Medicine. 2002.
Race, M. S. "Evaluation of the Public Review Process and Risk
Communication at High-Level Biocontainment Laboratories." Applied
Biosafety, vol. 13, no. 1 (2008): 45-56.
Race, M. S. and E. Hammond. "An Evaluation of the Role and
Effectiveness of Institutional Biosafety Committees in Providing
Oversight and Security at Biocontainment Labs." Biosecurity and
Bioterrorism: Biodefense Strategy, Practice, and Science, vol. 6, no.
1 (2008): 19-35.
Reason, J. "Human Error: Models and Management." British Medical
Journal, vol. 320, no. 7237 (2000): 768-770.
Rusnak, J. M., M.G. Kortepeter, R.J. Hawley, A.O. Anderson, E.
Boudreau, and E. Eitzen. "Risk of Occupationally Acquired Illnesses
from Biological Threat Agents in Unvaccinated Laboratory Workers."
Biosecurity and Bioterrorism: Biodefense Strategy, Practice, and
Science, vol. 2, no. 4 (2004): 281-93.
Scarborough, A., L. Bailey and J. Pounds. Examining ATC Operational
Errors Using the Human Factors Analysis and Classification System.
DOT/FAA/AM-05/25. Federal Aviation Administration, Office of Aerospace
Medicine. 2005.
Schroeder, D., L. Bailey, J. Pounds, and C. Manning. A Human Factors
Review of the Operational Error Literature. DOT/FAA/AM-06/21. Federal
Aviation Administration, Office of Aerospace Medicine. 2006.
Sexton, J. B., E. J. Thomas, and R. L. Helmreich. "Error, Stress and
Teamwork in Medicine and Aviation: Cross-sectional Surveys." British
Medical Journal, vol. 320, no. 7237 (2000): 745-749.
Shappell, S. and D. Wiegmann. Developing a Methodology for Assessing
Safety Programs Targeting Human Error in Aviation. DOT/FAA/AM-06/24.
Federal Aviation Administration, Office of Aerospace Medicine. 2006.
Shappell, S., C. Detwiler, K. Halcomb, C. Hackworth, A. Boquet, and D.
Wiegmann. Human Error and Commercial Aviation Accidents: A
Comprehensive, Fine-Grained Analysis Using HFACS. DOT/FAA/AM-06/18.
Federal Aviation Administration, Office of Aerospace Medicine. 2006.
GAO. NASA: Better Mechanisms Needed for Sharing Lessons Learned.
[hyperlink, http://www.gao.gov/products/GAO-02-195]. Washington, D.C.:
January 30, 2002.
U.S. Nuclear Regulatory Commission. Advisory Committee on Reactor
Safeguards. Review and Evaluation of the Nuclear Regulatory Commission
Safety Research Program. NUREG-1635, vol. 7. 2006.
U.S. Nuclear Regulatory Commission. Division of Risk Analysis and
Applications, Office of Nuclear Regulatory Research. Perspectives
Gained From the Individual Plant Examination of External Events
(IPEEE) Program. NUREG-1742, vols. 1-2. 2002.
Wedum, A. G. "Pipetting Hazards in the Special Virus Cancer Program."
Journal of the American Biological Safety Program, vol. 2, no. 2
(1997): 11-21.
West, D.L., D. R. Twardzik, R. W. McKinney, W. E. Barkley, and A.
Hellman. "Identification, Analysis, and Control of Biohazards in Viral
Cancer Research." In Laboratory Safety: Theory and Practice, 167-223.
New York, N.Y.: Academic Press, 1980.
Wiegmann, D. A. and S. A. Shappell. "Human Error Perspectives in
Aviation." International Journal of Aviation Psychology, vol. 11, no.
4 (2001): 341-357.
[End of section]
Footnotes:
[1] Report Of The Transfederal Task Force On Optimizing Biosafety And
Biocontainment Oversight. July, 2009. See Appendix D Of The Task Force
Report For Injury And Illness Information.
[2] In a review of literature published between 1979 and 1999, Harding
and Byers (2000) identified 663 cases of subclinical infections and
1,267 overt infections with 22 deaths. Five deaths were of fetuses
aborted as the consequence of a maternal LAI. The authors note the
general acknowledgment that these numbers "represent a substantial
underestimation of the extent of LAIs." Harding, L. And K. Beyers,
"Epidemiology Of Laboratory-Associated Infections," in Biological
Safety: Principles And Practices, Third Edition (Washington, D.C.: ASM
Press, 2000), P. 37.
[3] Morbidity And Mortality Weekly Report (MMWR), Vol. 51, No. 07
(Feb. 22, 2002): 141-4.
[4] While risks from radiation, toxic and flammable chemicals, and
mechanical and electrical hazards are also present in these labs, for
the purposes of this report we are primarily focused on the biological
risks.
[5] The National Academy Of Sciences defines precursors broadly as
"the conditions, events, and sequences that precede and lead up to
accidents." this definition includes events that are both internal and
external to an organization. Phimister et al., Accident Precursor
Analysis And Management: Reducing Technological Risk Through Diligence
(Washington, D.C.: National Academies Press, 2004).
[6] Select Agents are those biological agents and toxins determined by
the CDC And/or APHIS to have the potential to pose a severe threat to
public health and safety, animal or plant health, or animal or plant
products. See 42 C.F.R. §§ 73.3 & 73.4 (CDC - Human And Overlap
Agents); 7 C.F.R. § 331.3 (APHIS - Plant); 9 C.F.R. §§ 121.3 & 121.4
(Aphis - Animal And Overlap Agents).
[7] Unless exempted under 42 C.F.R. Part 73, 7 C.F.R. Part 331, or 9
C.F.R. Part 121, an entity or individual may not possess, use, or
transfer a select agent or toxin without a certification of
registration from the CDC Or APHIS. An Individual or entity must
immediately notify the CDC Or APHIS And appropriate federal, state, or
local law enforcement agencies upon discovering a theft or loss of a
select agent or toxin, and notify The CDC or APHIS upon discovering
the release of a select agent or toxin. See 242 C.F.R. § 73.19; 7
C.F.R. § 331.19; 9 C.F.R. § 121.19. C.F.R. § 73.19; 7 C.F.R. § 331.19;
9 C.F.R. § 121.19.
[8] GAO, High-Containment Biosafety Laboratories: Preliminary
Observations On The Oversight Of The Proliferation Of BSL-3 And BSL-4
Laboratories in The United States, [hyperlink,
http://www.gao.gov/products/GAO-08-108T] (Washington, D.C.: Oct. 4,
2007) and High-Containment Laboratories: National Strategy For
Oversight Is Needed, [hyperlink,
http://www.gao.gov/products/GAO-09-574] (Washington, D.C.: Sept. 21,
2009).
[9] Labs not working with select agents can be BSL-1, 2, or 3. Some
examples of nonselect agents include the micro-organisms that cause
HIV, tuberculosis, and typhoid fever.
[10] H.R. 1225, 111th Cong. § 203 (2009); S. 485, 111th Cong. (2009).
[11] Such an approach--in particular, learning from the experiences of
other industries--was recommended in the report of the Transfederal
Task Force on Optimizing Biosafety and Biocontainment Oversight.
[12] These Agencies include the CDC, NIH, USDA, VA, The Food and Drug
Administration (FDA), The Department Of Commerce (DOC), The Department
Of Defense (DOD), The Department Of Labor's (DOL) OSHA, The Department
Of State (State), The Department Of Justice's (DOH) Federal Bureau Of
Investigation (FBI), The Department Of Homeland Security (DHS), The
Department Of Energy (DOE), The Department Of The Interior (DOI), and
the Environmental Protection Agency (EPA).
[13] An entity is defined in the select agent regulations as any
government agency (federal, state or local), academic institution,
corporation, company, partnership, society, association, firm, sole
proprietorship, or other legal body. A registered entity may operate
multiple labs within a single facility. 42 C.F.R. §773.1; 7 C.F.R. §
331.1; 9 C.F.R. § 121.1.
[14] The Secretary of HHS developed the select agent program in the
CDC in response to the Antiterrorism and Effective Death Penalty Act
of 1996. The Public Health Security and Bioterrorism Preparedness And
Response Act of 2002 revised and expanded the Select Agent Program
within the CDC and granted comparable authority to regulate select
agents and toxins affecting plants and animals to the Secretary of
Agriculture, a responsibility then delegated to APHIS.
[15] [hyperlink, http://www.gao.gov/products/GAO-08-108] and
[hyperlink, http://www.gao.gov/products/GAO-09-574].
[16] Biosafety In Microbiological And Biomedical Laboratories, Fifth
Edition.
[17] J. Reason in S.C. Schleiffer, "We Need To Know What We Don't
Know," International Air Safety Seminar, 35 (2005): 333-340.
[18] C.A. Hart, "Stuck on a Plateau: A Common Problem," In Accident
Precursor Analysis and Management: Reducing Technological Risk Through
Diligence, James R. Phimister, Vicki M. Bier, Howard C. Kunreuther,
Eds. (Washington, D.C.: National Academies Press, 2004), 151.
[19] J. Reason, "Human Error: Models and Management,"British Medical
Journal, Vol. 320 (2000): 768.
[20] Barach and Small, "Reporting and Preventing Medical Mishaps:
Lessons from Non-Medical Near Missreporting Systems," British Medical
Journal, Vol. 320 (2000): 759-763.
[21] Gronvall et al., "High-Containment Biodefense Research
Laboratories: Meeting Report and Center Recommendations," Biosecurity
And Bioterrorism: Biodefense Strategy, Practice, And Science, Vol. 5,
No. 1 (2007).
[22] A Bibliography of articles used to develop SRS lessons from the
literature is available at the end of this report.
[23] GAO, Organizational Culture: Techniques Companies Use to
Perpetuate or Change Beliefs And Values, [hyperlink,
http://www.gao.gov/products/GAO/NSAID-92-105] (Washington, D.C.: Feb.
27, 1992).
[24] GAO, Nuclear Safety: Convention on Nuclear Safety is Viewed By
Most Member Countries as Strengthening Safety Worldwide, [hyperlink,
http://www.gao.gov/products/GAO-10-489] (Washington, D.C.: Apr. 29,
2010).
[25] Reason, "Human Error: Models and Management," 768-770.
[26] See more about the three key areas of SRS design in a review of
the literature in the previous section of this report: Program Goals
and Organizational Culture Guide Safety Reporting System Design and
Implementation In Three Key Areas.
[27] While we collected information on a wide variety of safety
reporting programs and systems in the three industries--and in some
cases comment on these different programs--we primarily developed our
lessons from one reporting program in each of the three industries. We
chose to focus on these programs because they represent fairly long-
standing, non-regulatory, domestic, industrywide or servicewide
reporting programs.
[28] Lucian L. Leape Et Al., "Promoting Patient Safety By Preventing
Medical Error," Journal Of The American Medical Association, Vol. 280,
No.16 (Oct. 28, 1998): 1444-47.
[29] National Transportation Safety Board, Aircraft Accident Report--
Transworld Airlines, Inc. Boeing 727-231. NTSB-AAR-75-16 (Washington,
D.C., 1975.)
[30] According To The NRC, their Allegation Program Evaluates A Broad
Range Of Nuclear Safety Concerns Associated With NRC-regulated
activities, including, for example, complaints of retaliation for
raising nuclear safety concerns.
[31] Joseph V. Rees, Hostages of Each Other: The Transformation of
Nuclear Safety Since Three Mile Island (Chicago, Ill.: The University
of Chicago Press, 1994).
[32] Rees, Hostages of Each Other.
[33] The Davis-Besse nuclear power plant in Ohio was shut down between
2002 and 2004 because leakage had caused extensive corrosion on the
vessel head--a vital barrier preventing a radioactive release.
Significant to the failure and to the delay in restarting the plant
were NRC's concerns over the plant's safety culture. GAO, Nuclear
Regulation: NRC Needs to More Aggressively and Comprehensively Resolve
Issues Related to the Davis-Besse Nuclear Power Plant's Shutdown, GAO-
04-415 (Washington, D.C.: May 17, 2004).
[34] The PSRS Was discontinued at the end of fiscal year 2009. We
Include the PSRS in our case study with the PSIS because it was
central to the design of VA's safety reporting program and it operated
for nearly 10 years, providing valuable insights for SRS lessons
learned.
[35] L. Leape Et Al., "Promoting Patient Safety by Preventing Medical
Error."
[36] National Academy Of Public Administration, A Review of the
Aviation Safety Reporting System (1994).
[37] GAO, Aviation Safety: Improved Data Quality and Analysis
Capabilities Are Needed as FAA Plans a Risk-Based Approach to Safety
Oversight, [hyperlink, http://www.gao.gov/products/GAO-10-414] (May 6,
2010). The FAA runs a number of safety reporting systems, several of
which are reviewed in this recent GAO Report. See also American
Institutes for Research, Best Practices for Event Review Committees
(December 2009): 1-2.Ember 2009): 1-2.
[38] Despite the increase in the overall number of reports, the
proportion of serious reports has declined over the years. Rather than
suggesting an increase in safety problems, the increasing number of
reports--especially those at the lower half of the risk pyramid--
indicates a robust reporting culture, where workers are more aware of
and willing to report safety issues at the incident or concern level.
[39] INPO Afforded us substantial access to their liaison. In multiple
interviews over the period of the investigation, the liaison explained
details of INPO history and policy that are not widely available
because of the centrality of confidentiality to INPO's safety
operations from its initiation. We confirmed these details, when
possible, from documents. The facts we report were further vetted by
an official INPO spokesman. We explain inpo's confidentiality efforts
later in this report.
[40] GAO, Va Patient Safety: Initiatives Promising, but Continued
Progress Requires Culture Change, [hyperlink,
http://www.gao.gov/products/T-HEHS-00-167] (Washington, D.C.: July 27,
2000).
[41] GAO, Va Patient Safety Program: A Cultural Perspective At Four
Medical Facilities, [hyperlink, http://www.gao.gov/products/GAO-05-83]
(Washington, D.C.: Dec. 22, 2004).
[42] W.D. Reynard, C.E. Billings, E.S. Cheaney and R. Hardy, The
Development of the NASA Aviation Safety Reporting System, Pub 34, NASA
Reference Publication (1986): 25.
[43] These Are known as "enforcement incentives" inside the FAA.
[44] American Institutes For Research, Best Practices for Event Review
Committees.
[45] [hyperlink, http://www.gao.gov/products/GAO-05-83].
[46] INPO has specifically defined the criteria for reports
"noteworthy" enough that they should be sent onto INPO for central
analysis. The criteria include events that caused an unexpected change
in conditions or had the potential to cause these changes under
slightly different circumstances.
[47] In Terms of the risk pyramid, the VA SRS programs expanded
reporting from top-level events (accidents) to include midlevel events
(incidents).
[48] J.M. Beaubien and D. P. Baker, "A Review Of Selected Aviation
Human Factors Taxonomies, Accident/Incident Reporting Systems, and
Data Reporting Tools," International Journal of Applied Aviation
Studies, Vol. 2, No. 2 (2002); M. Tamuz and E. J. Thomas, "Classifying
and Interpreting Threats to Patient Safety In Hospitals: Insights from
Aviation," Journal Of Organizational Behavior, 27 (2006): 9919-940.
[49] In September 2009, The AHRQ published for review a follow-up
version to its 2008 Common Formats for adverse medical events,
required by the Patient Safety and Quality Improvement Act of 2005.
The process of developing these codes stretched over 3 to 4 years.
[50] [hyperlink, http://www.gao.gov/products/GAO-10-414].
[51] Academy Of Engineering, Accident Precursor Analysis and
Management: Reducing Technological Risk through Diligence (Washington,
D.C.: National Academies of Science, 2004): 14.
[52] Several Aviation SRSS in other countries have suffered from
perceptions they failed to maintain the confidentiality of reporters
or from lack of funding. The Canadian Securitas--responsible for
receiving safety reports from aviation, rail, and marine industries--
is so under-resourced that its budget supports less than one employees
per province. The original aviation reporting system in New Zealand
failed due to a breach of confidentiality. An Australian aviation
reporting system that had functioned for many years was weakened under
social pressures for redress and pressure from the regulator after a
fatal aviation accident. Those pressures resulted in an indirect
breach of identity and a change in the law toward "natural justice"
for reporters. A representative of the Australian SRS reported in 2008
that the number of reports to the SRS had fallen.
[53] 14 C.F.R. § 91.25. If the incident is found to involve a
violation of regulations, neither civil penalties nor certificate
suspension will be imposed as long as the reported action (1) is not
deliberate and (2) does not involve a criminal offense, accident, or
evidence of incompetence, and the reporter (1) has not been in
violation for 5 years and (2) completed and submitted a report under
ASRS within 10 days of the incident. Advisory circular AC-00-46d.
[54] several other voluntary SRS programs, such as ASAPS, stress
corrective actions over punishment, although the FAA can prosecute
cases involving egregious acts (e.g., substance or alcohol abuse or
the intentional falsification of information). ASAPS provide
previously unavailable information rapidly and directly from those
responsible for day-to-day aviation operations. While the FAA has
limited access to ASAP data, these programs are expected to lead to
improvements in aviation safety.
[55] [hyperlink, http://www.gao.gov/products/GAO-10-414].
[56] This policy of protecting INPO reports from public disclosure was
tested by a request under the freedom of information act (FOIA) for
INPO safety reports that had been provided to the NRC. In Critical
Mass Energy Project v. Nuclear Regulatory Commission, the U.S. Court
of Appeals for the District of Columbia upheld the lower court
decision that information voluntarily provided by INPO to the NRC,
which was commercial in nature and not customarily released to the
public, was confidential and therefore exempt from disclosure under
FOIA. 975 F.2d 871 (D.C. Cir. 1992), cert. denied, 507 U.S. 9849 (1993)
[57] The NRC also runs a reporting system--the allegations program--
for nuclear safety or regulatory concerns involving NRC regulated
facilities and licensed nuclear material. For this program, there are
exceptions to FOIA and related regulations that may justify
withholding information that would identify an alleger or other
confidential source. See 5 U.S.C. §§ 552(b)(6), (7); 10 C.F.R. §§
9.17(a)(6), (7). Confidentiality is not routinely offered; however,
when reporters request it, it is formalized in a letter that
establishes several conditions under which confidentiality will not be
preserved, such as a request from Congress or state or federal law
enforcement bodies.
[58] Rees, Hostages Of Each Other.
[59] Pub. L. No. 109-41, 119 Stat. 424 (July 29, 2005).
[60] GAO, Patient Safety Act: HHS is in the Process of Implementing
the Act, So Its Effectiveness Cannot Yet be Evaluated, [hyperlink,
http://www.gao.gov/products/GAO-10-281] (Washington, D.C.: Jan. 29,
2010).
[61] National Academy of Public Administration, A Review of the
Aviation Safety Reporting System.
[62] GAO, Nuclear Safety: Convention on Nuclear Safety Viewed by Most
Member Countries As Strengthening Safety Worldwide, [hyperlink,
http://www.gao.gov/products/GAO-10-489] (Washington, D.C.: Apr. 29,
2010).
[63] There are four major parts of the inspection review process: (1)
performance indicators, (2) analysis of corrective action reports
(data mining that looks for word trending), (3) plant evaluation
process (on-site interviews with a variety of staff areas and levels),
and (4) safety culture surveys.
[64] See The AHRQ Web Site, [hyperlink,
http://www.ahrq.gov/about/psimpcorps.htm].
[65] Rand Corporation, Evaluation of the Patient Safety Improvement
Corps: Experiences of the First Two Groups Of Trainees (2006).
[66] P.D. Mills, J. Neily, L.M. Kinney, J. Bagian, W.B. Weeks,
"Effective Interventions and Implementation Strategies To Reduce
Adverse Drug Events in the Veterans Affairs (VA) System," Quality and
Safety In Health Care, 17 (2008): 37-46.
[67] While we sometimes refer to the agencies generally, this section
specifically applies to the CDC and APHIS Select Agent Program.
[68] Under the Select Agent Regulations, individuals or entities must
immediately notify the CDC or APHIS and appropriate federal, state, or
local law enforcement agencies upon discovering a theft or loss of a
select agent or toxin, and notify the CDC or APHIS upon discovering
the release of a select agent or toxin. See 42 C.F.R. § 73.19; 7
C.F.R. § 331.19; 9 C.F.R. § 121.19. The individual or entity that
discovered the theft, loss, or release must submit an APHIS/CDC form 3
(report of theft, loss, or release of select agents and toxins) within
7 calendar days lease of select agents and toxins) within 7 calendar
days.
[69] For example, patankar et al. note that, "There are three key
issues regarding research and measurement of safety culture: (a)
survey instruments take a 'snapshot' measurement of safety climate.
When such measurements are repeated across multiple organizational
units and conducted repeatedly over a reasonably long time (over five
years), a cultural assessment can be developed. (b) A rigorous
analysis of the various factors that influence safety climate/culture
needs to be conducted so as to better understand the inter-
relationship among these factors and their individual, group, and
cumulative influence on the overall safety climate/culture... (c)
Results from measurements need to be distributed consistently
throughout the organization so that everyone is fully aware of their
contributions to the goals and are able to make timely actions/changes
that are consistent with the organizational goals." M. S. Patankar, T.
Bigda-Peyton, E. Sabin, J. Brown, and T. Kelly, A Comparative Review
Of Safety Cultures (St. Louis, Mo.: Saint Louis University, 2005).
[70] GAO, Va Patient Safety Program: A Cultural Perspective at Four
Medical Facilities, [hyperlink, http://www.gao.gov/products/GAO-05-83]
(Washington, D.C.: Dec. 15, 2004); and R.L. Helmreich and A.C.
Merritt, Culture at Work in Aviation And Medicine: National,
Organizational, and Professional Influence (Brookfield VT, U.K.:
Ashgate Publishing, 1998).
[71] National Nuclear Security Administration, Lessons Learned and
Recommendations from Review Off NASA's Columbia Accident Investigation
Board Report (2004).
[72] S.M. Evans Et Al., "Attitudes and Barriers to Incident Reporting:
A Collaborative Hospital Study," Quality and Safety in Health Care, 15
(2006): 39-43; And Tamuz, M. And E. J. Thomas, "Classifying and
Interpreting Threats to Patient Safety in Hospitals: Insights from
Aviation," Journal of Organizational Behavior, 27 (2006): 919-940.
[73] B.J. Weiner, C. Hobgood, and M. Lewis, "The Meaning of Justice in
Safety Incident Reporting," Social Science & Medicine, Vol. 66, No. 2
(2008): 403-413.
[74] Also Available At [hyperlink,
http://www.selectagents.gov/resources/CDC-
APHIS_Theft_Loss_Release_Information_Document.pdf.]
[75] The literature and case studies also suggest that reporting
increases do not necessarily signal an increase in safety problems,
but rather an increased awareness of reportable incidents and trust in
the reporting system.
[76] This may include reasonably anticipated skin, eye, mucous
membrane, or parenteral contact with blood or other potential
infectious materials that may result from the performance of a
person's duties.
[77] A.L. Harding and K. B. Byers, "Epidemiology of Laboratory-
Associated Infections," in Biological Safety: Principles and
Practices, Third Edition, D.O. Fleming and D. L. Hunt, eds.
(Washington D.C.: ASM Press, 2000), 35-56.
[78] BD Biosciences' Aerosol Management Option (AMO) System, Model
333728 (US) And 333729 (Europe).
[79] 42 U.S.C. § 262a(h) (Disclosure Of Information).
[80] In April 2010, the labs were provided a confidential means, by
the agencies, for reporting safety and security issues associated with
the possession, use, and transfer of select agents and toxins. HHS's
Office of Inspector General Maintains a hotline that allows
individuals to anonymously report fraud, waste, and abuse in all
departmental programs. This hotline is now available to anonymously
report safety or security issues related to select agents and toxins.
[81] Entities That continue to have repeat noncompliance of the Select
Agent Regulations can be placed on a performance improvement plan.
Entities can also be referred to the Office of Inspector General (OIG)
for Select Agent violations, which can result in civil monetary
penalties.
[82] (1) Administrative Actions: The CDC And APHIS may deny an
application or suspend or revoke a registered entity's certificate of
registration. (2) Civil money penalties or criminal enforcement: the
CDC refers possible violations of the select agent regulations to the
HHS's Office of Inspector General (OIG). The HHS-OIG can levy civil
money penalties (for an individual, up to $250,000 for each violation
and, for an entity, up to $500,000 for each violation) or recommend
criminal enforcement (imprisonment for up to 5 years, a fine, or
both). APHIS relies on its own investigative unit, USDA Marketing And
Regulatory Programs--Investigative And Enforcement Services (IES), for
initial investigations of potential select agent violations. Like the
HHS-OIG, IES can levy civil money penalties or recommend criminal
enforcement. IES refers potential criminal violations to USDA'S OIG.
(3) Referral to the Department Of Justice: the CDC or APHIS can refer
possible criminal violations involving select agents to the department
for further investigation or prosecution.
[83] 14 C.F.R. § 91.25. If the incident is found to involve a
violation of regulations, neither civil penalties nor certificate
suspension will be imposed as long as (1) the reported action is not
deliberate and does not involve a criminal offense, accident, or
evidence of incompetence and (2) the reporter has not been in
violation for 5 years and completed and submitted a report under ASRS
within 10 days of the incident. FAA Advisory Circular 00-46D.
[84] GAO, Results-Oriented Government: GPRA Has Established a Solid
Foundation For Achieving Greater Results, [hyperlink,
http://www.gao.gov/products/GAO-04-38] (Washington, D.C.: Mar. 10,
1994).
[85] See appendix II For a summary of lessons derived from the
literature and case studies that can be applied to an SRS for
biological labs.
[86] The total number and locations of all biological laboratories is
unknown, and, as a result, in a 2009 report (GAO-09-574), we
recommended that a process to identify them be initiated. In addition,
there is no centralized oversight responsibility for labs except for
those registered with the select agent program. Lab safety is
generally covered through the OSHA or state regulations for general
organizational safety. The principles of biosafety and biocontainment
have been articulated in two key documents, the NIH guidelines for
research involving recombinant DNA Molecules (NIH Guidelines) and the
CDC-NIH Manual, Biosafety in Microbiological and Biomedical
Laboratories. Research that involves recombinant DNA molecules may be
subject to the NIH Guidelines. Compliance with the NIH guidelines is a
term and condition of NIH grants and thus is mandatory for all
institutions that receive NIH funding for recombinant DNA research. In
addition, a number of other federal agencies (e.g., the Department Of
Energy, Department of the Army, USDA, And VA to name a few) have made
compliance with the NIH guidelines a term and condition of research
grants and a requirement for their own intramural research activities.
Although adherence to the BMBL is voluntary, the manual is a widely
accepted code of practice for biosafety and biocontainment in all
microbiological and biomedical laboratories in the United States and
in many other countries.
[87] While entity-specific information is protected from release under
FOIA, after the CDC provided the data in response to a congressional
request, specific entity information was somehow leaked to the media.
[88] Harding, L. and K. Beyers, "Epidemiology of Laboratory-Associated
Infections," In Biological Safety: Principles And Practices, Third
Edition (Washington, D.C.: ASM Press, 2000), P. 37.
[End of section]
GAO's Mission:
The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the performance
and accountability of the federal government for the American people.
GAO examines the use of public funds; evaluates federal programs and
policies; and provides analyses, recommendations, and other assistance
to help Congress make informed oversight, policy, and funding
decisions. GAO's commitment to good government is reflected in its core
values of accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each
weekday, GAO posts newly released reports, testimony, and
correspondence on its Web site. To have GAO e-mail you a list of newly
posted products every afternoon, go to [hyperlink, http://www.gao.gov]
and select "E-mail Updates."
Order by Phone:
The price of each GAO publication reflects GAO‘s actual cost of
production and distribution and depends on the number of pages in the
publication and whether the publication is printed in color or black and
white. Pricing and ordering information is posted on GAO‘s Web site,
[hyperlink, http://www.gao.gov/ordering.htm].
Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
TDD (202) 512-2537.
Orders may be paid for using American Express, Discover Card,
MasterCard, Visa, check, or money order. Call for additional
information.
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]:
E-mail: fraudnet@gao.gov:
Automated answering system: (800) 424-5454 or (202) 512-7470:
Congressional Relations:
Ralph Dawn, Managing Director, dawnr@gao.gov:
(202) 512-4400:
U.S. Government Accountability Office:
441 G Street NW, Room 7125:
Washington, D.C. 20548:
Public Affairs:
Chuck Young, Managing Director, youngc1@gao.gov:
(202) 512-4800:
U.S. Government Accountability Office:
441 G Street NW, Room 7149:
Washington, D.C. 20548:
