Hendon Publishing - Article Archive Details

Print Article Rate Comment Reprint Information

Bioterrorism, biosurveillance, and electronic health data

Written by Harry Greenspun

With increased availability and timeliness of information, public safety officials have been able to improve preparedness, detection, and response to terrorist acts. However, bioterrorism presents unique challenges. While health information technology has evolved to become a major contributor to this effort, it has yet to achieve its potential benefit. As health information exchanges (HIEs) arise to permit real-time access to electronic health records across broad geographic regions, the opportunity now exists to dramatically accelerate biosurveillance and situational awareness. This article will examine bioterrorism and biosurveillance, factors impacting the availability of medical information, efforts under way by the Centers for Disease Control and Prevention (or CDC) and other organizations to access it, privacy issues associated with use, and the sophisticated analytics required for to harness it.


Bioterrorism is the deliberate release of viruses, bacteria, or other agents to cause illness or death in people, animals, or plants. While these agents are typically naturally occurring, they may be modified to increase their ability to cause disease, enhance transmission, or their heighten resistance to treatment.

The CDC identifies three categories of bioterror agents:

Category A is the highest priority, including organisms or toxins that pose the highest risk to the public and national security because:

• They can be easily spread or transmitted from person to person;

• They result in high death rates and have the potential for major public health impact;

• They might cause public panic and social disruption;

• They require special action for public health preparedness. Examples include anthrax, botulism, smallpox, and the Ebola virus.

Category B agents are the second highest priority because:

• They are moderately easy to spread;

• They result in moderate illness rates and low death rates;

• They require specific enhancements of CDC’s laboratory capacity and enhanced disease monitoring. Examples include food and water safety threats such as salmonella and cholera, as well as viral encephalitis.

Category C encompass third highest priority agents include emerging pathogens that could be engineered for mass spread in the future because:

• They are easily available;

• They are easily produced and spread;

• They have potential for high morbidity and mortality rates and major health impact.

Hantavirus is one such example, a disease found in the Asia and eastern Europe, and the southwestern United States that can cause severe lung or kidney damage.

A significant challenge to detection is that the onset of symptoms may be considerably delayed from the time of release or exposure. Furthermore, early signs and symptoms can be very non-specific. Moreover, since the agents can be spread through air, water, and food, they can be widely distributed, and if the disease can be transmitted from victim to victim, the result can be perpetuated.

Disease Surveillance

Bioterrorism surveillance is a subset of public health surveillance, a collection of processes that work together to prevent or reduce the burden of a disease in the population through early detection and response. It is central to the mission of every public health agency at all levels of the government. Early detection is the cornerstone of reducing the response cycle, and the policies, procedures, and systems that facilitate that mission. Many diseases caused by biological agents are rapidly fatal but can be, once detected, treatable or prevent further spread with timely administration of appropriate antibiotics, antiserum, vaccination, and/or prophylaxis following exposure. If the disease agent is transmissible from person to person, early detection allows rapid isolation and quarantine to mitigate the spread of the disease agent. Another hallmark of preparedness is the ability to conduct a coordinated epidemiological investigation to determine the etiology and source of the outbreak to identify the most effective interventions to reduce morbidity and mortality. This is particularly critical when the underlying cause is terrorism, with resulting implications for law enforcement and homeland security personnel.

In order to mitigate the impact of bioterrorism acts and to provide timely information for rapid response and intervention, biosurveillance aims to detect and characterize early possible changes in health-related patterns. While traditional disease surveillance relies on physicians to report suspicious cases, primarily a passive and delayed process, contemporary biosurveillance takes a more active and earlier role focusing on automating preparedness and response. Active surveillance and HIEs can greatly improve surveillance capacity, significantly speed the detection of health-related events, and provide timely, suggestive information to hospitals as well as to state, local, and federal health officials, and law enforcement. This relies heavily on the ability to access electronic health information.

Electronic Health Information and Health Information Exchange

Many aspects of public safety have been able to harness information technology to improve preparedness and situational awareness related to terrorism. Officials can gather information from mass transit, financial institutions, law enforcement, and critical infrastructure. However, a major barrier to improving bioterror surveillance has been the lack of electronic health information. Historically, health care has significantly lagged other industries in investment and utilization of information technology. Evidence continues to demonstrate that use of electronic health records (EHRs), computerized physician order entry, electronic prescribing, and other health IT innovations results in improvements in the quality, safety, and cost of care as compared to traditional (typically paper-based) methods. In addition, the availability of real-time electronic health data creates new opportunities to accelerate disease surveillance.

Given the benefits of implementing health IT, many efforts are under way to promote its use. In 2004, President Bush issued an executive order calling for the widespread adoption of interoperable electronic health records by 2014, and he created the Office of the National Coordinator for Health IT (ONC) within the Department of Health and Human Services (DHHS). That same year, DHHS released a Strategic Framework report titled The Decade of Health Information Technology: Delivering Consumer-centric and Information-rich Care. The framework outlines four major goals to be pursued by public and private health sectors in order to shape a vision to utilize information technology in health. Simply, these four goals are to (1) inform clinical practice, (2) interconnect clinicians, (3) personalize care, and (4) improve population health.

Within the framework is the call to create the Regional Health Information Organizations (RHIOs) and other HIEs to foster regional collaboration around clinical care records and a Nationwide Health Information Network (NHIN) to support communication and ensure secure, interoperable information exchange among these organizations. As the number of HIEs continue to grow, each at varying stages of development with different constituents and specific business objectives, as many as a third of the functioning HIEs are driven by public health surveillance needs. Meanwhile, progress on the NHIN continues, with completion of initial contracts to create prototype demonstrations and current contracts by the ONC for trial implementations for nationwide data exchange.

Unfortunately, progress toward widespread adoption of EHRs has been slow. Estimates of full implementation of EHRs in hospitals and physician practices hover between 10% and 20%. The reasons for this are many, including acquisition and training costs, disruptions to existing workflow, incompatibility with legacy systems, and lack of standards. Each is being addressed in a number of ways, including incentives, certification processes, and legislation. Similarly, growth of HIEs has been unsteady. One of the central challenges for each is establishing a sustainable business model. Many HIEs were launched with funding from grants. Transitioning to self-reliance has proved quite difficult, particularly in the face of extreme economic pressures the health care industry faces.

Harnessing Electronic Health Records for Biosurveillance

The progress made in biosurveillance in the United States is significant and should be evolved to meet existing and emerging needs—biosurveillance remains a cornerstone in taking timely actions to reduce morbidity and mortality and to improve health. There are existing processes, relationships, technologies, policies, infrastructures, and advances in science and technology that provide a solid foundation to a truly integrated biosurveillance solution. Of paramount importance is the need to strengthen the capacity and enable data-driven decision-making of public health services from the local to the national level—both strategically and tactically.

This capacity can be expedited through an improved integration of health-related data and indicators among clinical, public health (e.g., state and local disease surveillance through a system of systems approach), emergency response, and veterinary and vector control services. Further enhancement and growth of the Health Information Exchange (HIE) infrastructure will improve knowledgeable decision making among these responsible parties.

Biosurveillance is a collaborative effort that calls upon the scientific research and advanced technologies, and also builds upon the common goals and needs of public and private sectors.

Several programs have arisen to tap into electronic health records for biosurveillance. One such program from CDC is BioSense. In the first quarter of 2004, BioSense became available for use. BioSense seeks to enhance the ability to rapidly detect and monitor bioterrorism, natural disease outbreaks, and other events of public health importance through access to data from health care organizations around the country, including DOD and the Department of Veterans Affairs medical treatment facilities.

In its initial stages, the CDC established direct connections with hospitals and laboratories, pulling data in real time. The program continues to expand by connecting to more organizations as well as exploring connections with HIEs. A second program expected to begin this fall focuses directly on connections with HIEs to provide biosurveillance and situational awareness for the CDC and local and state health agencies.

Both programs are evaluating and implementing aspects of the American Health Information Community (or AHIC) Biosurveillance Use Case. The intent is to transmit essential ambulatory care and emergency department visit, utilization, and lab result data from electronically enabled health care delivery and public health systems in a standardized and anonymized format to authorized public health agencies with less than one day lag time. At its core is collection of the Minimum Biosurveillance Data Set (MDS), the specific data elements required.

The Department of Defense is also using electronic health information for biosurveillance. With its enterprise-wide electronic health record (AHLTA), the DOD is able to track diagnoses and even presenting symptoms.

Integrating EHRs, HIEs, and the NHIN with public health data systems can have a tremendous impact on biosurveillance.


Public health agencies have long had the authority to collect information on reportable conditions. Therefore, doctors, hospitals, and laboratories have been compelled to provide information on a case-by-case basis. However, this sort of event reporting is quite different from active biosurveillance in which data from vast numbers of medical records is screened.

Consumer advocacy, privacy and other groups have expressed concern over potential breaches in security and confidentiality that may result from the use of EHRs, particularly when data may can be transferred electronically to other HIEs or organizations. Consequently, HIEs have adopted strict data access and use policies to adhere to state and federal regulations. In order to comply while still serving the needs of biosurveillance, individual patient data must be anonymized or de-identified before transmission. However, in the situation where a suspicious case becomes a confirmed case, the capability to re-identify individuals must exist.

Maintaining patient privacy will be paramount to continued adoption of EHRs and acceptance of HIEs. Without the public’s confidence in the security of their highly personal health information, support will quickly erode.

Analytics While new methods for obtaining health data are an important step forward to respond to bioterrorism, an equally critical task is determining what it means. With vast quantities of data (symptoms, diagnoses, lab orders, test results, etc.), officials could become quickly overwhelmed. Consequently, effective biosurveillance requires sophisticated analytics for event detection, situational awareness, and simulation and modeling Numerous statistical and mathematical models exist to facilitate event detection. Various algorithms look for anomalies in incoming data and, when coupled with other types of information, can alert users to unusual patterns. Bioterrorism introduces some specific challenges. First is that to identify an unusual pattern, one must first have a baseline. Unfortunately, much of the data available from HIEs is on a “go forward” basis. Consequently, historical data remains inaccessible on paper charts. A second challenge is that some diseases are so rare (Ebola, smallpox) that there is insufficient data to create reliable algorithms.

A final challenge is that diseases resulting from bioterrorism may follow different patterns from their natural occurrence. For example, a terrorist planning or developing bioterrorism may either conduct a small-scale test or accidentally be exposed, resulting in a very unusual event. Addressing this is critical, as the capability to detect a single case or a small cluster of cases may thwart a large-scale event.

The term situational awareness (or SA) can be quickly described as the degree to which a person is aware of what is going on around him. SA describes various techniques to address situations where there may be too much data and too little knowledge of what it represents. Typical approaches define key indicators that help to characterize changes in the data space. Situational awareness uses visualization strategies to convey multiple streams of information into a single, highly intuitive, operational picture. Data can be represented in dashboards or over time (as in waves of infection, incubation, and symptoms), or geospatially, related to population density, weather patterns, or other factors that impact disease spread or vulnerable populations.

Simulation and modeling are additional key tools against bioterrorism. Outbreak models, of which there are many, can help project the course of a disease and inform management. Again, most are geared toward naturally occurring events (both predictable and unpredictable), so terrorist intent adds to the complexity.

Although biosurveillance benefits immensely from cross-pollination from many science and technology fields, there remain areas of both applied and basic research that represent the core science of biosurveillance. Applied research in biosurveillance will be enriched as it translates techniques from other fields (e.g., intelligence, engineering, allied health, biological sciences) to address engineering and organizational issues related to the construction of biosurveillance systems. The application of scientific method ensures that the correct interpretation is made of evaluated data.

Biosurveillance Systems in Action

Health information obtained from EHRs and HIEs is one essential element of an effective biosurveillance system. When functioning, systems operate in three surveillance modes: monitoring, characterizing, and responding. These iterative modes are not mutually exclusive. The primary mode of operation is monitoring (processing data before a change in health-related pattern occurs). This mode relies on collection and evaluation of raw, consumed (e.g., alerts, briefings), and synthetic data. This information can be shared bi-directionally among sector-specific surveillance systems (e.g., anthrax coordination with USPS, alerts to the DHS National Biosurveillance Integration System (NBIS) system). In addition, other novel information sources (e.g., news feeds, intelligence reports, over-the-counter sales, school and worksite absenteeism) can further enhance early detection and potentially reduce the response cycle. This sharing of information is supported by inter-agency agreements and existing or enhanced policies and procedures. Many agencies share key sources of raw data and summary indicators relevant to health events. There are currently existing channels to share biologic, food, environmental, laboratory, animal, and immigrant information with public health agencies (e.g., EPA, FDA, USDA, NIOSH, CDC, the state and federal laboratories, border control authorities, FEMA).

During an event, surveillance focuses on characterizing the nature of the event. This type of surveillance, coupled with the increase adoption of EHRs and HIEs, is a more rigorous surveillance activity and depends more on enhanced algorithms and setting alert thresholds. Though advances in science and technology have resulted in a large number of algorithms capable of providing useful answers, a tremendous amount of research remains to be done. For example, researchers will need to identify key components in a syndrome associated with a new or “modified” disease quickly after it emerges. This new syndrome or change in behavior must then require a new algorithm.

Once an event has been characterized as a true threat, the biosurveillance system should provide decision support for responding and recovering. This system should be in accordance; for example, with the FEMA National Incident Management (NIMS) guidelines and protocols. Such a system can provide a unified approach to incident management, a standardized command and control structure in states of emergency, and focus on resource allocation and integrated support at all levels.


The growing availability of electronic health information can provide greatly enhanced preparedness, detection, and response to bioterrorism. To achieve this potential, several factors are required. First, adoption of EHRs must accelerate. Unless electronic health data is available from a much larger proportion of the population, only a very incomplete picture will be represented. Second, this information has to be accessible in a standardized manner via financially sustainable HIEs. The business case for biosurveillance must be clear. Finally, further research must be done to improve the automated detection of bioterrorism events. With the often unique characteristics of existing and emerging bioterrorism threats, early detection and response are essential to avert catastrophe.

Harry Greenspun, MD, is the chief medical officer at Health Solutions Northrop Grumman Corporation in Chantilly, VA.

Taha-Kass-Hout, MD, MS, is chief scientist of the Public Health Division at Northrop Grumman in Atlanta.

Robert Cothren, PhD, is the director of Clinical Information Systems Division at Northrop Grumman.

Published in Public Safety IT, Sep/Oct 2007

Rating : Not Yet Rated


Comment on This Article

No Comments

Related Companies

Northrop Grumman

Related Products


Article Images

Click to enlarge images.

Events and Tradeshows: LAOPFMTRPSIT
Close ...