January 31, 2003 - ASM Comments to the CDC on the Interim Final Rule on the Possession, Use and Transfer of Select Agents and Toxins

Minh Thomas
Select Agent Program
Centers for Disease Control and Prevention
1600 Clifton Rd., MS E-79
Atlanta, GA 30333

The American Society for Microbiology (ASM) is submitting the following comments on the December 13, 2002, request for comments on the Interim Final Rule (42 CFR 73) for the possession, use and transfer of select agents and toxins. The ASM is the largest single life science society with over 42,000 members, dedicated to the study and advancement of scientific knowledge of microbiology for the public benefit.The ASM submitted recommendations on July 23, 2002, for implementation of Title II, Enhancing Controls on Dangerous Biological Agents and Toxins in PL 107-188, the Public Health Security and Bioterrorism Act of 2002.The ASM offers its assistance to the Department of Health and Human Services (DHHS) and the Centers for Disease Control and Prevention (CDC) to ensure that this important new regulation accomplishes the intent of the legislation to increase safety and security against bioterrorism without hindering legitimate research and diagnostic testing.

Transition Timeline

Although the regulation includes phase-in or transition provisions for certain requirements, the ASM is concerned about whether the entities and the government will be able to complete the process without delaying and possibly discouraging research on select agents and toxins.The regulation requires a large number of activities in a short time period, including filing for security risk assessments for the entity, the Responsible Official, and individuals, developing security plans, training a Responsible Official, training individuals, and implementation of an emergency response plan.Further, the phase in period will occur just as new NIH funding is expected to become available to initiate biodefense research projects. The rule is vague about what will actually be required in the application package submitted to CDC and US Department of Agriculture (USDA) before November 12, 2003 and how entities will know if they are legally authorized to work with select agents and toxins during the phase in period from February to November, 2003.The compliance deadlines should permit efficacious implementation of the statute and be consistent with the directive of Section 202 (c) which states "the interim final rule…shall include timeframes for the application of the rule that minimize disruption of research and education projects…."

Security Risk Assessment

We are especially concerned about the lack of information about the risk assessment process for clearing individuals who will need access to select agents. The rule's preamble suggests that 817 entities are expected to request risk assessments for approximately 20,000 individuals.Nonetheless, in responding to a FAQ for the regulation, the CDC states that information on how to obtain a security risk assessment "will be posted on our web site when it becomes available."As of this date, information has not been posted on the website.The delay in obtaining this information causes concern because the regulation requires entities to submit applications for security risk approvals under Part 73.8 by March 12.Further, by April 12, entities must submit applications for individuals with access to select agents.We question whether institutions will be able to certify compliance without clarity about the clearance procedure, and detailed information about the process from the Department of Justice (DOJ).

We are particularly concerned whether ongoing research may be disrupted and new research delayed if the necessary information and a specific process and timetable are not spelled out in detail. Presently, Part 73.8, Security Risk Assessment, does not specify the information that must be submitted to the Attorney General.Further, it does not identify the process for submission of information, and there is no specific timeline for action taken in response to a request for a security risk assessment.Without that information institutions cannot conform to the requirements of the Public Health Security and Biopreparedness and Response Act of 2002. If the Department of Justice (DOJ) proposes additional clearance requirements beyond those specified in the statute in section 351A (e)(2)(3)(B) Safeguard and Security Requirements for Registered Persons, opportunity must be given to comment on such provisions before they are finalized and implemented.We strongly urge the DOJ to immediately, without further delay, provide the details of the clearance process and its requirements.

Section 73.8(c) requires a security risk assessment for "any individual who owns or controls the entity."We have two observations.First, should ownership or control assessments be limited to "individuals" who own or control entities?We suggest at Section 73.8(c) that the requirement also apply to entities that own or control entities possessing or transferring select agents.Second, there is no definition of ownership or control.We do not think majority ownership or exclusive control should be the touchstone.Guidance will be necessary in this area because individuals with ownership or control must have a security risk assessment.In some contexts, anyone with a legal or equitable interest in property is considered an "owner."For CERCLA purposes, courts have held that an entity with less than ten percent of a hazardous waste facility's area was an "owner" for purposes of the Act.We think the right to exercise control of an entity is the key to a security risk assessment regardless whether such right results from a substantial economic interest or contractual or other right to manage an entity.At the same time, the concept should not sweep so far as to reach every member of a Board of Directors or Board of Governors/Trustees, if such individual directors do not have actual control over the entity.

The regulation states that registration will only be valid for the specific select agents and toxins and the specific activities and locations consistent with the information which the certificate of registration or amendment is granted (73.7(d)).The regulation also provides that the HHS Secretary may temporarily exempt an entity in whole or in part based on a determination that the exemption is necessary to provide for the timely participation of the entity in response to a domestic or foreign public health emergency (73.6 (d)).Party 73.8 (g) provides that the HHS Secretary will request the Attorney general to expedite the review process for an individual and will take action to expedite the HHS Secretary's review process for an individual upon a showing of good cause (e.g. public health or agricultural emergencies, national security, impending expiration of a research grant, a short-term visit by a prominent researcher).The CDC should clarify whether an individual, including CDC inspectors, will need additional security risk assessments if they have already been cleared at their own institution but visit another institution to conduct research or inspections.The timeline for the HHS and AG to respond to requests for exemptions and expedited review should be established.

Definition of Access

We believe that additional definition of terms is necessary. The regulation repeatedly refers to "access" to select agents.However, it does not define what it means to have such access.This may appear to be an obvious term, but due to the critical regulatory requirements conditioning right to access to select agents, there should not be any ambiguity regarding the meaning of access to select agents.For example, at Section 73.11(b)(6) the regulation refers to provisions for "ensuring that all individuals with access, including workers and visitors, understand security requirements . . . ."Presumably, visitors do not have "access" to select agents, but there should be no ambiguity.Access may be defined to mean the "ability to obtain possession of or make use of a select agent."Given the requirement to perform a security risk assessment for individuals who have access, the definition of "access" is critical.


We believe that leaving the specific security arrangements to institutions is a good approach.However, who will determine the adequacy of the biosecurity plans?

In Section 73.11, Security, some of the mandated security requirements may be too costly and difficult for some smaller entities to achieve and may discourage their ability to conduct research with select agents and toxins.Institutions will be concerned about the cost of compliance, estimated in the interim final rule at over $730,000, which is significant and whether new funding will be available in NIH grants to cover these costs.The security requirements of the regulation may entail duties that cause qualified smaller entities to forego work with select agents and toxins.Given some of the prescriptive requirements, such as inspection of "packages" entering and exiting the area, will guards and surveillance cameras be required to meet these requirements?We strongly recommend that a process be established for the timely review of security plans prior to investment in facilities.

As technology changes, so will approaches for providing security. We recommend mandating compliance with the most recent version of the Biosafety in Microbiological and Biomedical Laboratories (BMBL) Manual and specifically Appendix F, which was recently revised and published on December 6, 2002, in the CDC Morbidity and Mortality Weekly Report (Vol. 51, No. RR-19). By incorporation by reference of the BMBL and the revised Appendix F publication, Laboratory Security and Emergency Response Guidance for Laboratories Working with Select Agents, these regulations could mandate the state of the art approaches for safety and security.Under the Administrative Procedures Act, the CDC will have to update the regulations through rulemaking to incorporate by reference the most up to date version of the BMBL and Laboratory Security and Emergency Response Guidance to ensure that when these documents are updated and revised the most current version is incorporated by reference in the regulation. We consider this a superior approach and urge its consideration.The current regulation for facilities transferring or receiving select agents 42 CFR 72, (a)(5) incorporates by reference the BMBL and states that "The Director of the Federal Register has approved under 5U.S.C., 552(a) and C.F.R. part 51 the incorporation by reference of this document."


Section 73.10, Safety, prohibits two types of experiments unless expressly approved by the HHS Secretary. Paragraph (d) is reserved for possible future specification of additional types of experiments that might warrant stringent scrutiny in the interest of safety. Comment is requested about additional experiments regardless if they are to be regulated under Part 73. We question whether this section is appropriate in this regulation to implement the provisions of Title II of the Public Health Safety and Bioterrorism Preparedness and Response Act and believe careful consideration must be given to the incorporation of additional experiments. We are concerned that there is no process for expert review and oversight of "dangerous experiments."The two that are proposed are based on the NIH Guidelines for Recombinant DNA research.The NIH Guidelines for rDNA Research, however, are part of a living document which allows for change as science changes.The incorporation of a category of prohibited experiments into regulation will need to be reviewed in the future, with no mechanism for change if they are part of a regulation.We strongly recommend mandating compliance with the NIH Guidelines in the regulation which would achieve the intent of this provision while allowing for appropriate updating as the guidelines evolve as the result of research progress. This would also meet the intent of providing paragraph (d) for future classes of experiments that might be of concern.The Select Agent Advisory Committee, recommended later in this letter, could be an appropriate body of experts to provide scientific review of experiments or categories of experiments that require scrutiny in the interest of safety.It is critical that this review committee comprise appropriate experts in microbiology, highly pathogenic microorganisms and laboratory safety to ensure the best possible science advice.

We question who or what body will be responsible for prior approval for changes in "areas of work", "protocols" or "objectives of study" in the registration.

Section 73.15(i) of the regulations requires safety and security "incident" reports.The term also is repeatedly used elsewhere.The regulation does not define events that constitute incidents.Section 73.11(d)(7) lists events that presumably constitute incidents, but it is not clear what the full scope of events the term "incident" is meant to cover.Is any failure to comply with the regulations an "incident"?To us, an incident is any occurrence or event which results, or threatens to result, in the unlawful transfer, possession, or use of a select agent or in the loss, theft, or other unauthorized transfer, use, or release of a select agent.However, this is a subject that should be considered very carefully.We note that requiring reports of such events may require the reporting of civil or criminal violations of the regulations.

Section 73.7(h):Does the requirement for notification of destruction apply to destruction of any quantity of material?What if only part, but not all, of an entity's sample of a select agent or toxin is to be destroyed?Is notification still required under this subsection?

Section 73.8 promises a "prompt" response.It would be most useful if a specific time limit of two weeks could be assigned for such reviews.The next to last sentence states that the "entity" will receive prompt notice of the action taken for the entity, RO, or individual.The RO and/or individual also should receive the notice.The last sentence of 73.8(c) only specifies that an individual will receive a notice of denial of approval.The last two sentences should be rewritten to make it clear that the applicant entity and any affected RO or individual will receive prompt notice of denial or approval.A notice of denial should provide notice of the reason for denial in sufficient detail to permit a challenge to the denial.The regulation should explicitly provide that the clearance process is confidential.

Section 73.10(b) is fraught with potential legal problems for the entity, the RO and anyone else conducting such inspections.The regulation requires that the "results of these inspections" be documented which, as a practical and legal matter, means that the RO or designee will be creating a written record of deficiencies, thus establishing that specific individual had knowledge of such deficiencies when they existed.It will be imperative that the entity have a clear policy about the manner in which such findings and associated recommendations and corrections will be documented.It is also critical that any deficiencies noted in these inspections be corrected in a timely manner to minimize or avoid civil and criminal liability.

List of Select Agents

The ASM commented on the list of select agents in its letter of September 9, 2002. We have previously questioned whether Coccidioides should be included as a select agent and expressed concern about the process for determining which agents appear on the list. There is also no explicit process for evaluating exclusions for attenuated strains of select agents and toxins. The broad microbiological community, not just government agency representatives, must be involved in this process.

Defining appropriate exemptions is critical for the proper oversight of dangerous pathogens. Given the cost of compliance with these regulations, the appropriate list of select agents, including a list of exempted strains, should be in place at the time the regulations are implemented.

The Public Health Safety and Bioterrorism Preparedness and Response Act mandates in Section 351A (B)(ii) that the DHHS consult with "scientific experts representing appropriate professional groups" in determining whether to include an agent or toxin on the select agent and toxin list.The DHHS/CDC should follow the consultation process required in the statute for revising the select agent and toxin list to ensure that the list is based on the best scientific advice.

Summary and Overarching Recommendation

In summary, the research community needs as much detail as soon as possible to assure an efficient process that does not interfere with or delay important research or discourage researchers and institutions from participating in the critically important research agenda for civilian biodefense. Broad input is needed from the scientific community. The ASM, therefore, recommends the establishment of a broadly representative group, the Select Agent Research Advisory Committee (SARAC), which should include individuals with expert scientific backgrounds in microbiology, laboratory safety, and experience working with highly dangerous pathogens, to act as an advisory body to the federal agencies as they deliberate on issues related to the evolution of regulations for select agents and toxins.This advisory group would be extremely useful to enhance and ensure not only the safety and security of research and diagnostic testing, but also the advancement of studies related to select agents and toxins.

Thank you for the opportunity to comment on the interim final rule.