What GAO Found
The Nuclear Regulatory Commission's (NRC) requirements do not consistently ensure the security of high-risk radiological sources at the 26 selected hospitals and medical facilities GAO visited. One reason for this is that the requirements are broadly written and do not prescribe specific measures that hospitals and medical facilities must take to secure medical equipment containing sealed sources, such as the use of cameras or alarms. Rather, the requirements provide a general framework for what constitutes adequate security practices, which is implemented in various ways at different hospitals. Some of the medical equipment in the facilities visited was more vulnerable to potential tampering or theft than that of other facilities because some hospitals developed better security controls than others. Some examples of poor security GAO observed included: an irradiator, used for medical research and containing almost 2,000 curies of cesium-137, was stored on a wheeled pallet down the hall from, and accessible to, a loading dock at one facility; at a second facility, the combination to a locked door, which housed an irradiator containing 1,500 curies of cesium- 137, was clearly written on the door frame; and at a third facility, an official told GAO that the number of people with unescorted access to the facility's radiological sources was estimated to be at least 500. In addition, some NRC and Agreement State inspectors said the training NRC requires is not sufficient.
As of March 2012, the National Nuclear Security Administration (NNSA) had spent $105 million to complete security upgrades at 321 of the 1,503 U.S. hospitals and medical facilities it identified as having high-risk radiological sources. Of the 26 hospitals and medical facilities that GAO visited, 13 had volunteered for the NNSA security upgrades and had received security upgrades, such as remote monitoring systems, surveillance cameras, enhanced security doors, iris scanners, motion detectors, and tamper alarms; three others were in the process of receiving upgrades. However, NNSA does not anticipate completing all such security upgrades until 2025, leaving a number of facilities potentially vulnerable. In addition, the program's impact is limited because, among other things, it is voluntary, and facilities can decline to participate. To date, 14 facilities, including 4 in large urban areas, have declined to participate in the program. Combined, those 14 facilities have medical equipment containing over 41,000 curies of high-risk radiological material. According to police department officials in a major city, one hospital with a blood irradiator of approximately 1,700 curies has declined the NNSA upgrades due in part to cost concerns, even though the police department considers it to be a high-risk facility.
Why GAO Did This Study
In the hands of terrorists, radiological material, such as cesium-137, could be used to construct a "dirty bomb." Such material--encapsulated in steel or titanium and called a sealed source--is commonly found in equipment used by U.S. medical facilities to treat, among other things, cancer patients. NRC is responsible for regulating the commercial use of sealed sources and has relinquished its regulatory authority to 37 states, known as Agreement States. In 2008, NNSA established a program to provide security upgrades to U.S. hospitals and medical facilities that use radiological sources. GAO was asked to determine (1) the extent to which NRC's requirements ensure the security of radiological sources at U.S. medical facilities and (2) the status of NNSA's efforts to improve the security of sources at these facilities. GAO reviewed relevant laws, regulations, and guidance; interviewed federal agency and state officials; and visited 26 hospitals and medical facilities in 7 states and Washington, D.C.
What GAO Recomends
GAO recommends, among other things, that NRC strengthen its security requirements by providing medical facilities with specific measures they must take to develop and sustain a more effective security program. NRC neither agreed nor disagreed with this recommendation and stated that its existing security requirements are adequate. GAO continues to believe that implementing its recommendation would contribute to increased security at U.S. hospitals and medical facilities.
Recommendations for Executive Action
|National Nuclear Security Administration||Because the security of radiological sources in hospitals and medical facilities has national security implications, and many potentially vulnerable medical facilities with high-risk sources have not received security upgrades, the Administrator of NNSA, in consultation with the Chairman of NRC and Agreement State officials, should increase outreach efforts to promote awareness of and participation in NNSA's security upgrade program. Special attention should be given to medical facilities in urban areas or in close proximity to urban areas that contain medical equipment with high-risk radiological sources.|
|Nuclear Regulatory Commission||To help address the security vulnerabilities at U.S. hospitals and medical facilities that contain high-risk radiological materials, the Chairman of the Nuclear Regulatory Commission should strengthen NRC security requirements by providing hospitals and medical facilities with specific measures they must take to develop and sustain a more effective security program, including specific direction on the use of cameras, alarms, and other relevant physical security measures.|
|Nuclear Regulatory Commission||To help address the security vulnerabilities at U.S. hospitals and medical facilities that contain high-risk radiological materials, the Chairman of the Nuclear Regulatory Commission should ensure that NRC and Agreement State inspectors receive more comprehensive training to improve their security awareness and ability to conduct related security inspections.|
|Nuclear Regulatory Commission||To help address the security vulnerabilities at U.S. hospitals and medical facilities that contain high-risk radiological materials, the Chairman of the Nuclear Regulatory Commission should supplement existing guidance for facility officials, including RSOs, who may be responsible for implementing NRC's security controls, in how to adequately secure equipment containing high-risk radiological sources and conduct trustworthiness and reliability determinations.|