Nuclear Nonproliferation:

Additional Actions Needed to Improve Security of Radiological Sources at U.S. Medical Facilities

GAO-12-925: Published: Sep 10, 2012. Publicly Released: Sep 10, 2012.

Multimedia:

Additional Materials:

Contact:

Mark E. Gaffigan
(202) 512-3168
gaffiganm@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

The Nuclear Regulatory Commission's (NRC) requirements do not consistently ensure the security of high-risk radiological sources at the 26 selected hospitals and medical facilities GAO visited. One reason for this is that the requirements are broadly written and do not prescribe specific measures that hospitals and medical facilities must take to secure medical equipment containing sealed sources, such as the use of cameras or alarms. Rather, the requirements provide a general framework for what constitutes adequate security practices, which is implemented in various ways at different hospitals. Some of the medical equipment in the facilities visited was more vulnerable to potential tampering or theft than that of other facilities because some hospitals developed better security controls than others. Some examples of poor security GAO observed included: an irradiator, used for medical research and containing almost 2,000 curies of cesium-137, was stored on a wheeled pallet down the hall from, and accessible to, a loading dock at one facility; at a second facility, the combination to a locked door, which housed an irradiator containing 1,500 curies of cesium- 137, was clearly written on the door frame; and at a third facility, an official told GAO that the number of people with unescorted access to the facility's radiological sources was estimated to be at least 500. In addition, some NRC and Agreement State inspectors said the training NRC requires is not sufficient.

As of March 2012, the National Nuclear Security Administration (NNSA) had spent $105 million to complete security upgrades at 321 of the 1,503 U.S. hospitals and medical facilities it identified as having high-risk radiological sources. Of the 26 hospitals and medical facilities that GAO visited, 13 had volunteered for the NNSA security upgrades and had received security upgrades, such as remote monitoring systems, surveillance cameras, enhanced security doors, iris scanners, motion detectors, and tamper alarms; three others were in the process of receiving upgrades. However, NNSA does not anticipate completing all such security upgrades until 2025, leaving a number of facilities potentially vulnerable. In addition, the program's impact is limited because, among other things, it is voluntary, and facilities can decline to participate. To date, 14 facilities, including 4 in large urban areas, have declined to participate in the program. Combined, those 14 facilities have medical equipment containing over 41,000 curies of high-risk radiological material. According to police department officials in a major city, one hospital with a blood irradiator of approximately 1,700 curies has declined the NNSA upgrades due in part to cost concerns, even though the police department considers it to be a high-risk facility.

Why GAO Did This Study

In the hands of terrorists, radiological material, such as cesium-137, could be used to construct a "dirty bomb." Such material--encapsulated in steel or titanium and called a sealed source--is commonly found in equipment used by U.S. medical facilities to treat, among other things, cancer patients. NRC is responsible for regulating the commercial use of sealed sources and has relinquished its regulatory authority to 37 states, known as Agreement States. In 2008, NNSA established a program to provide security upgrades to U.S. hospitals and medical facilities that use radiological sources. GAO was asked to determine (1) the extent to which NRC's requirements ensure the security of radiological sources at U.S. medical facilities and (2) the status of NNSA's efforts to improve the security of sources at these facilities. GAO reviewed relevant laws, regulations, and guidance; interviewed federal agency and state officials; and visited 26 hospitals and medical facilities in 7 states and Washington, D.C.

What GAO Recomends

GAO recommends, among other things, that NRC strengthen its security requirements by providing medical facilities with specific measures they must take to develop and sustain a more effective security program. NRC neither agreed nor disagreed with this recommendation and stated that its existing security requirements are adequate. GAO continues to believe that implementing its recommendation would contribute to increased security at U.S. hospitals and medical facilities.

For more information, contact Mark Gaffigan at (202) 512-3841 or gaffiganm@gao.gov.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: In August 2016, NNSA told us that they had significantly increased their outreach efforts to promote awareness of and participation in NNSA's security upgrade program, including targeted outreach to engage Category 1 sites to volunteer for the program that included emails and letters to NRC/State regulators and licensees, phone calls, webinars, and a new website. In addition, in May 2014, NRC published NUREG-2166, "Physical Security Best Practices for the Protection of Risk-Significant Radioactive Material," which includes a comprehensive appendix on NNSA's voluntary security upgrade program, including discussion of the upgrades, available training and tabletop exercises, and contact information for licensees interested in participating in the program.

    Recommendation: Because the security of radiological sources in hospitals and medical facilities has national security implications, and many potentially vulnerable medical facilities with high-risk sources have not received security upgrades, the Administrator of NNSA, in consultation with the Chairman of NRC and Agreement State officials, should increase outreach efforts to promote awareness of and participation in NNSA's security upgrade program. Special attention should be given to medical facilities in urban areas or in close proximity to urban areas that contain medical equipment with high-risk radiological sources.

    Agency Affected: Department of Energy: National Nuclear Security Administration

  2. Status: Closed - Not Implemented

    Comments: NRC did not provide hospitals and medical facilities with specific measures they must take to develop and sustain a more effective security program, including specific direction on the use of cameras, alarms, and other relevant physical security measures. Therefore, this recommendation is closed, but not implemented.

    Recommendation: To help address the security vulnerabilities at U.S. hospitals and medical facilities that contain high-risk radiological materials, the Chairman of the Nuclear Regulatory Commission should strengthen NRC security requirements by providing hospitals and medical facilities with specific measures they must take to develop and sustain a more effective security program, including specific direction on the use of cameras, alarms, and other relevant physical security measures.

    Agency Affected: Nuclear Regulatory Commission

  3. Status: Closed - Implemented

    Comments: In February 2014, NRC offered an updated training class to inspectors that included additional emphasis on best security practices, including specific guidance on the effective application of cameras, alarms, and other relevant physical security measures, in response to our recommendation.

    Recommendation: To help address the security vulnerabilities at U.S. hospitals and medical facilities that contain high-risk radiological materials, the Chairman of the Nuclear Regulatory Commission should ensure that NRC and Agreement State inspectors receive more comprehensive training to improve their security awareness and ability to conduct related security inspections.

    Agency Affected: Nuclear Regulatory Commission

  4. Status: Closed - Implemented

    Comments: In May 2014, NRC issued "Physical Security Best Practices for the Protection of Risk-Significant Radioactive Material" (NUREG-2166) containing additional guidance in response to our recommendation.

    Recommendation: To help address the security vulnerabilities at U.S. hospitals and medical facilities that contain high-risk radiological materials, the Chairman of the Nuclear Regulatory Commission should supplement existing guidance for facility officials, including RSOs, who may be responsible for implementing NRC's security controls, in how to adequately secure equipment containing high-risk radiological sources and conduct trustworthiness and reliability determinations.

    Agency Affected: Nuclear Regulatory Commission

 

Explore the full database of GAO's Open Recommendations »

Sep 30, 2016

Sep 29, 2016

Sep 28, 2016

Sep 27, 2016

Sep 26, 2016

Sep 23, 2016

Sep 21, 2016

Sep 7, 2016

Aug 30, 2016

Looking for more? Browse all our products here