Information held by the regulator
52. A number of issues about the manner in which
the HSE currently operates as a regulator arose during this inquiry,
primarily as a result of the haphazard nature of the legislation
it enforces. First, both the COSHH and GMO(CU) regulations require
notifications of work on dangerous pathogens at "premises"
without defining the term. The HSE receives notifications that
refer to individual laboratories (the majority of notifications
at CL4), sites (departments, locations and campuses) or the organisation
(a university), but this is at the discretion of the notifier:
Due to the flexible nature in which the law permits
notifications to be made under both COSHH and GMO(CU) it can be
difficult to capture intelligence on what particular work is being
undertaken at a particular site. For example some employers choose
to notify at the organisational level: once HSE have given permission
for the work to proceed they are permitted to move this work between
different sites (so long as those sites have been previously registered
and meet the required standards) without notifying HSE. Other
employers choose to notify at the site level: once HSE have given
permission for the work to proceed these are not permitted to
move this work between different sites without each new site notifying
the work. This can apply to work at CL2 and CL3 but not CL4.[105]
The HSE can use its systems "to give a fuller
picture" of work carried out by an organisation but described
this as "a resource intensive process". [106]
Dr Paul Logan accepted that this should change in future:
The political imperative appears to be that people
want to know down to very specific levels and if that is the case
I think it is quite easy for organisations to provide that information
- i.e., this organisation is working on these organisms in these
particular laboratories at this particular address.[107]
53. Secondly, whilst all new work under COSHH
must be notified to the HSE, COSHH regulations were introduced
in 2002 and are not retrospective. For organisations which began
to use the pathogen prior to this date, the HSE relies on information
gained through surveys and inspections. Even if, as Dr Penrose
believes, "in practice" the HSE is aware of all those
using dangerous pathogens,[108]
this is not an ideal state of affairs. This should be addressed
by the new regulatory framework.
54. Thirdly, that it is of paramount importance
that the HSE build strong links with organisations who might need
access to the information it holds on work using dangerous pathogens.
This would include the emergency services who might attend an
incident at premises handling dangerous pathogens and the security
services if they suspect pathogenic material is being misused.
In addition, the agencies who have responsibility for human and
animal health should be informed so that they may best respond
to outbreaks of disease and account for possible sources of disease
in contingency planning. Where accidental release is involved,
as at Pirbright, identifying the causative agent and its source
at the earliest opportunity is vital. Dr Matthew Penrose of the
HSE told us that such links do exist but he accepted that:
I guess it is fair to say that your question
about the Department of Health is something that we need to work
on, in terms of improving our relationship with the Health Protection
Agency. That is something we have identified and are working closely
on.[109]
55. We recommend that the new regulatory framework
require the HSE to maintain records of work on dangerous pathogens
at a more detailed level than is currently the case and introduce
clear guidelines as to whether organisations notify the regulator
at a laboratory, site or organisational level. The new framework
should be retrospective and should compel all those working with
dangerous pathogens to notify the regulator. We urge the HSE to
build relationships with those that may require access to such
information, such as the animal and public health authorities
and security services.
86 
