Monitoring disease activity has been one of the primary responsibilities of government-supported public health units since they first came into being during the formative years of our nation. For much of our nation’s history, surveillance has focused on the most important infectious disease threats, such as cholera, tuberculosis, or more recently HIV/AIDS. Today, developing accurate and reasonable specific surveillance systems capable of identifying bioterrorism accurately and swiftly is one of the most active areas of development and research relating to bioterrorism. Early detection of exposures could allow for containment and treatment that could greatly reduce morbidity and mortality of countless numbers. Unfortunately, implementation of such surveillance systems is no simple task. There are several general approaches to surveillance: clinical or case-based surveillance, environmental surveillance, or laboratory-based surveillance. This chapter summarizes general principles of surveillance systems, as well as various models for conducting surveillance as it relates to bioterrorism. The concept of sentinel health events is also introduced, and its potential as a useful tool for practitioners in diagnosing bioterrorism is considered. Last, the chapter ends with a discussion of the utility of syndromic surveillance and how this might be applied in order to distinguish naturally occurring sentinel health events (e.g., a case of plague) from a deliberate bioterrorist attack.

Developing and testing surveillance systems to detect at the earliest possible stage potential bioterrorist incidents ranks high as a national public health priority. In 2002 alone, the CDC distributed over $1 billion in funds to accelerate research and development of surveillance systems with two specific objectives. First, to create state-based surveillance systems capable of receiving and evaluating diagnoses, disease case reports, or illness syndromes that could signal a bioterrorist attack. Second, to establish communication networks capable of sharing quickly critical public health information to emergency departments, local and state public health units, and local and state law enforcement officials. Although progress is being made, the degree to which these goals have been met varies considerably from state to state.

The overall objectives of an effective surveillance system are defined readily enough. According to the CDC, ideal surveillance systems are capable of recognizing a BCN terrorist event quickly, with reasonable sensitivity and specificity, and capable of quickly disseminating these data to critical nodal points in the public health decision-making structure. Further, surveillance systems should monitor diseases or illness syndromes with manifest public health importance. The operational requirements of surveillance systems should be known as well, including direct costs, and personnel and information technology requirements. The accuracy, flexibility, and acceptability of the system should be known, preferably through actual field testing or computer-simulated modeling. A surveillance system that cannot be modified as existing threats evolve, or as new ones emerge, has limited long-term utility and the costs associated with implementing such a system will be difficult to justify. If a surveillance system has limited acceptability to those who are being asked to assume the real costs of the system, for example, onerous, unduly complex, or time-consuming data entry requirements, the system will be useless as a surveillance tool. Other components of a good system include timeliness of reporting to key stakeholders, being discriminating enough to detect genuine outbreaks, and being capable of monitoring a population or locations that are reasonably representative of the larger population at risk. In summary, surveillance systems are only good if they identify early and accurately a potential or evolving bioterrorism event; are user friendly, flexible, and secure; and provide rapid information to decision makers. The capabilities of an ideal surveillance system are summarized in Table 5–1.

At present, the specific structure, methods, and purposes of existing surveillance systems demonstrate a great deal of significant variability. This variety offers opportunity and obstacles to the implementation of effective surveillance for bioterrorism. On the one hand, diversity offers the possibility of developing multiple effective surveillance models, or mutually reinforcing surveillance systems that afford a wider scope of protection than a single approach might. On the other hand, given the urgency that exists relating to this issue, the abundance of options may delay the timely implementation of a workable and effective surveillance system. There is value in bringing some standardization to the type of data being collected, monitoring and analytic methods, as well as reporting mechanisms. Achieving some consensus on these issues will facilitate the creation of a bioterrorism surveillance system, or set of systems, that is consistent, reliable, and accurate.

Unfortunately, recent reviews of existing biological and environmental surveillance systems make the general point that few, if any, currently available systems meet either the CDC criteria outlined previously or the need for standardized approaches that can be disseminated within the medical and public health communities. There are a number of reasons for this assessment. First, consensus within the public health and medical communities as to what diseases, syndromes, or agents ought to be included in the surveillance systems does not yet exist. There are similarly divergent views on the best sources of data and optimal methods for collecting and analyzing data.

Although many of these barriers can be overcome with improved research, planning, and national public health leadership, there are other barriers to creating an effective surveillance system that are not so easily remedied. One inescapable problem is that bioterrorism events are still (one might add, thankfully) rare occurrences. Consequently, prevalence and incidence data do not exist, making direct comparisons between one surveillance system and another difficult. Without reliable reference standards, formal evaluations of test characteristics such as posttest probabilities, predictive values, sensitivity, and specificity becomes serious obstacles. A related problem is that a “gold standard” surveillance system has not been created to which newer or modified approaches can be compared. Existing military surveillance systems for BCN agents might meet many of these objectives, but these have not been fully described in the scientific literature. On a positive note, efforts to improve cooperation between military and public health organizations are underway.

As mentioned briefly, there is a paucity of literature describing the test characteristics of the majority of surveillance systems. To be more precise, we know little about their ability to detect early cases that might herald an epidemic (system sensitivity) or how many false alarms might result from the use of the system (system specificity). For example, numerous bioterrorism-related hoaxes have been perpetrated in recent years. Between April 1997 and June 1999—well before the actual U.S. Post Office anthrax attacks—there were over 200 documented anthrax powder hoaxes in the United States. These hoaxes triggered some thirteen thousand evaluations by the emergency response system with significant costs in time, resources, and money. Distinguishing a real bioterrorist event from a false alarm is clearly a priority, given the limitations of our existing resources. Because we know so little about these fundamental test characteristics, we cannot define other useful constructs such as predictive values, likelihood ratios, or accuracy.

Computer simulation provides an increasingly viable method by which to surmount some of these problems. Retrospective mining of documented bioterrorism events, for example, the U.S. Postal Service anthrax attacks, have proved useful in creating some diagnostic algorithms that may have generalizability to the design of surveillance systems. How these algorithms will work in a genuine attack remains to be seen.

Novel approaches to extend surveillance systems into the community to a greater extent than is possible at present with hospital-, laboratory-, or emergency room-based systems are being actively investigated. Among the possibilities are using over-the-counter medications and prescription data as early markers of unusual disease or illness activity. Additional markers of potential interest in developing novel surveillance systems have been examined in various contexts. These include school absenteeism, calls to nursing information lines, physician house calls, or sick leave prescriptions for influenza-like conditions diagnosed by community practitioners. Some studies have found, for example, that physician diagnosis of flulike illnesses is a more sensitive marker of an emerging influenza epidemic than viral isolates, whereas other researchers have found the reverse to be true.

Timeliness of reporting to key stakeholders is critical in any workable surveillance system. It would seem that information technology (IT)-based systems would have a natural advantage over manual systems in this regard, although this is not necessarily the case based on our current knowledge. Moreover, IT systems are vulnerable to cyberterror attacks and internal failures, and often cannot handle substantial demands. Put simply, existing technology infrastructure is insufficient to handle the sheer volume that an actual or presumed bioterrorist attack would almost certainly place on any system. The example of the CDC website crashing temporarily in the days following the post office anthrax attacks as a result of the volume of hits illustrates the vulnerability of IT-based information, communication, and surveillance systems. Efforts to build redundancy, fail safes, surge capacity, and security into the nation’s health care and public health systems are underway, though nothing is fool-proof. The need for trained personnel at the local and state health department level in order to respond appropriately to the information being fed to them is obviously a critical component of current preparedness efforts nationwide.

Public Health Smoke Detectors: Surveillance Models

Notwithstanding the practical and theoretical problems noted previously, progress toward improved public health surveillance systems is being made. Public–private and philanthropically funded nonproprietary vendor-neutral collaborations are underway with the goal of creating a public health surveillance infrastructure with agreed-on norms for reporting and coding. A variety of surveillance systems are being tested in emergency departments because they are important points of first contact with the health care system. The province of Ontario, Canada, has linked its provincial telemedicine health information system and emergency department triage databases. Other public-domain software programs have been created to mine existing hospital or emergency room databases in real time for potential bioterrorism-related diagnoses.

The CDC has taken the lead in working with states and major cities to implement a national electronic disease surveillance system integrating data from hospital or regional laboratories, emergency room encounters, and hospital admission databases. Such programs can search hospital registration, emergency room encounters, or emergency room discharge data sources using predefined disease or illness categories or text words (such as chief complaint) in order to identify possible bioterrorism syndromes. Recent studies have substantiated the value of using admitting diagnoses, chief complaints, and ICD9 codes—or better yet, combinations of these variables—to create syndrome recognition algorithms capable of being used for bioterrorism and other public health surveillance. Chief complaints or emergency room admission or discharge diagnoses have all been found to be useful for surveillance systems, and because they can be obtained at the point of contact, they meet the criteria for timeliness of reporting.

Surveillance systems using this “drop-in” approach have already been used at a number of high-profile public events—such as the Utah Winter Olympic Games and the 2004 Republican National Convention. The CDC collaborates with several states on surveillance programs with selected hospitals using clinical and laboratory data systems to identify possible bioterrorism syndromes. The CDC is also collaborating with Poison Control Centers and medical toxicologists to create surveillance models whereby index cases, clusters of toxidromes, or illness patterns consistent with chemical agents can be identified quickly and the information passed along to key public health authorities. A lingering concern is the necessity of developing greater uniformity and standards in case and syndrome definitions, data analysis, and reporting. Standardization will facilitate the creation and expansion of surveillance systems and create a more robust public health information network.

One of the difficulties noted earlier is that normative incidence or prevalence data are needed in order to design surveillance programs that pick up excess rates of conditions that might have public health importance, such as bioterrorism syndromes. Typically, baseline rates are established by sampling these databases using variable “windows” of time (e.g., 2 weeks before an upcoming major event) and then comparing these expected rates to observed rates. These systems can set different thresholds for flagging an alert. This is a critical issue because an overly sensitive system runs the risk of “crying wolf” too often and draining public health resources in the labor-intensive follow-up that must follow any “positive.” Bayes’ theorem applies to bioterrorism surveillance: an overly sensitive system looking for rare or infrequent events will identify far more “false-positives” than “true- positives.” Similarly, eliminating “noise” from the system using various statistical techniques may improve the system’s specificity but may allow some genuine cases to slip below the level of detection. At the present time, even a good surveillance system is perhaps best viewed as a “smoke detector.” They may pick up important public health diagnoses or syndromes, but only labor-intensive follow-up investigations will distinguish genuine fires from backyard barbecues.

As noted earlier, event-based surveillance systems have already been used to proactively monitor for a preestablished set of clinical syndromes in emergency rooms and hospitals in a geographically defined area during and immediately following major public events, such as international summits, sporting competitions, presidential inaugurations, or national party conventions. These systems provide participating hospitals a Web-accessible reporting form that includes fields for describing the patient’s symptoms and signs, as well as whether they participated in the event being surveilled.

There are a number of military surveillance systems for which some information is known. For example, the U.S. military tracks clinical data daily from Department of Defense facilities worldwide as part of its Electronic Surveillance System for the Early Notification of Community-Based Epidemics (ESSENCE). Other military-based systems have been developed as well, including particulate monitoring systems aboard U.S. naval ships. Enhanced collaboration between the Department of Defense and the CDC relating to research and testing should prove very helpful in developing improved surveillance programs applicable to future public health surveillance systems.

The anthrax attacks and the international SARS epidemic underscore the importance of early identification and timely dissemination of such data in order to facilitate appropriate medical and public health response. Historically, case-based surveillance has proven to be a valuable tool. For example, an unusually large bump in a rare form of skin cancer—Kaposi’s sarcoma—in the San Francisco area in the early 1980s alerted the CDC to the coming AIDS epidemic. Similar epidemiologically based diagnosis or syndrome surveillance efforts are currently in use in selected areas of the country, particularly larger metropolitan areas. A continual theme of this text is that underlying the clinical approach to diagnosing a bioterrorism event is identifying temporal or geographic clustering of cases that meet certain syndromic features (Tables 5–2 and 5–3). In anticipation of such attacks, a number of government agencies, most notably the CDC, are actively researching improved diagnostic and therapeutic modalities as well as lab accessibility and clinical pathways to ensure diagnostic accuracy. State-based surveillance systems are under development for monitoring local emergency rooms, hospital admissions, and ambulatory care encounters for clustering of signs, symptoms, and other findings indicative of a biological attack.

Since the September 11 attacks, a number of states and cities have implemented hospital admissions syndromic surveillance systems. The aim of these systems is to provide a daily census of admittable diagnoses to acute care facilities and to track these admissions by clustering symptoms and signs into discreet syndromes. Collecting the data and analyzing it enables state and municipal health departments to be alert to an unexpected bump in particular disease clusters. Most of these systems have gone to web-based reporting, which facilitates data collection and real-time analysis. The systems are flexible, allowing changes in diseases or syndromes being surveilled as circumstances change. For example, when the anthrax bioterror attacks occurred in the late fall of 2001, anthrax was promptly added to these case-based syndromic surveillance programs. Case-based reporting through Internet-accessible systems has not proven to be an undue burden on hospitals and emergency departments that have agreed to participate in these surveillance systems.