A report by the Government Accountability Office (GAO) faulted regulations issued by the Nuclear Regulatory Commission (NRC) that require that hospitals and medical facilities implement measures to ensure the security of radioactive materials.  In response to the report, the NRC largely defended the adequacy of the regulations and noted that several of the glaring deficiencies found by the GAO were the result of noncompliance by the facilities GAO visited, not the regulations themselves.  The NRC was also concerned that several media stories on the GAO report gave the incorrect impression that four out of five hospitals nationwide have failed to secure radioactive materials.

Performance-based

The NRC notes that its regulations require that hospitals implement multiple layers of security, including background checks on people with access to radioactive materials; personnel access controls to areas where the materials are stored or used; security plans and procedures designed to detect, deter, assess, and respond to unauthorized access attempts; coordination and response planning between the facilities and local law enforcement agencies; coordination and tracking of radioactive material shipments; and security barriers to discourage theft of portable devices containing radioactive materials.  Many aspects of the regulations are performance-based, meaning that the facilities must achieve an adequate level of security, but are not told which specific measures they must undertake.

Following visits to 26 hospitals and medical facilities, the GAO reviewers concluded that NRC’s “broadly written” performance measures “do not go far enough” and “have left some hospitals and medical facilities we visited vulnerable to possible theft or sabotage of potentially dangerous radiological sources,” including actions by terrorists to use stolen material to construct a radioactive dirty bomb.

Probable violations

The GAO also reported on several specific instances of security lapses, including an irradiator containing almost 2,000 curies of cesium-137 stored on a wheeled pallet down the hall from and accessible to a loading dock at one facility.  At another, the combination to a lock to a door of a room that housed an irradiator containing 1,500 curies of cesium-137 was clearly written on the door frame.

The NRC informed the GAO that these were probably violations of regulations, not indicative of deficiencies with the regulations.  The NRC asked the GAO to provide more information about the facilities where these lapses were found, but the GAO had not responded as of September 24, 2012, says the NRC.

Voluntary program

The NRC emphasized that the media reports referred to the GAO’s description of a voluntary program of additional security enhancements developed by the National Nuclear Security Administration (NNSA).  

“As the GAO noted, 321 of approximately 1,500 eligible medical facilities have taken advantage of this program,” stated the NRC.  “These figures are the basis for the misleading statement in some media reports that ‘nearly four out of five hospitals nationwide have failed to implement safeguards.’  All of these hospitals have implemented the NRC’s requirements; not all have accepted the NNSA’s voluntary enhancements.”

The NRC agreed with one GAO recommendation that outreach should be increased to promote more participation in the NNSA’s program.  The NRC neither agreed nor disagreed with three other GAO recommendations, including development of more specific security requirements and providing more training to inspectors.

Read the GAO report.