System Specifications

An engineer or a system analyst approaches design problems in a manner that is fundamentally different from how a doctor or an epidemiologist approaches diagnostic problems. Engineers and systems analysts first develop functional requirements, which for biosurveillance are specifications of the diseases that must be detected, the smallest size outbreak that must be detected, and the time frame within which detection must occur. From the functional requirements, the designer then develops system specifications and finally builds a system.

When designing and building a commercial information system, the elucidation of functional requirements is a first step in the process, and it is a prerequisite for subsequent steps. If the information system is an early warning system for missile attack, for example, the functional requirements might prominently feature the detection of the attack within several minutes of launch. In the case of a biosurveillance system for an aerosol release of anthrax, the functional requirements might similarly emphasize detection as quickly as possible, but no later than within days of release.

Although a biosurveillance system is fundamentally an information system, the process of functional-requirement specification is often less rigorous than in the commercial world. Even when organizations develop functional requirements (e.g., for an electronic disease reporting system), the requirements do not specify how quickly an outbreak of disease must be detected, rather they are formulated in terms of the data that should be collected, the properties of the user interface, and system security. The functional requirements of the Public Health Information Network (PHIN) of the Centers for Disease Control and Prevention (CDC) are an example of current functional requirement specifications (www.cdc.gov/phin). To our knowledge, no organization has published functional requirements derived from explicit consideration of timeliness requirements for specific diseases. System designers have been let off the hook, so to speak, by their customers for this—arguably, the most difficult— requirement. The two published analyses that considered timeliness requirements were partial analyses: one analyzed gaps in current biosurveillance systems (Dato et al., 2001), and the second analyzed the data requirements for earlier detection (Wagner et al., 2001b).

Handbook of Biosurveillance ISBN 0-12-369378-0

Elsevier Inc. All rights reserved.

3. EXAMPLE: FUNCTIONAL REQUIREMENTS AND SPECIFICATIONS FOR ANTHRAX BIOSURVEILLANCE_

To illustrate the approach that an engineer or systems analyst (henceforth referred to as designers) would take when designing a biosurveillance system, let us consider a special purpose system for detection of outbreaks caused by the organism Bacillus anthracis, a bacterium that can form a spore that can survive for extended periods in nature. The spores can infect humans or animals through the skin, through ingestion, and through inhalation. B. anthracis causes the disease anthrax, which was once a common disease among wool handlers but now is of concern as a terrorist threat (Henderson, 1999).

A designer tasked with the design of an anthrax biosurveillance system has available two outbreaks of anthrax from which to derive timeliness (and other) functional requirements. He has available the 1979 Sverdlovsk release of B. anthracis (Kirov strain) from Soviet Biological Weapons Compound 19, described in Chapter 2, and the 2001 U.S. postal attacks ( Jernigan et al., 2001; Greene et al., 2002). The Sverdlovsk outbreak was a result of accidental release of anthrax spores into the air. Unknown individuals used envelopes containing anthrax spores to carry out the U.S. postal attacks.

3.1. Large Aerosol Release

Kaufmann et al. (1997) analyzed the available information from the Sverdlovsk outbreak and information about the disease anthrax. They demonstrated that the requirement for timeliness of detection of an aerosol release of anthrax is ideally the moment of release, but no later than 5 days after release.

Wagner et al. (2003b) used a taxonomy of surveillance data depicted in Table 4.1 to identify the types of surveillance data that might be available in this time window. They concluded that the system specifications for a biosurveillance system capable of meeting the time requirement would include components to obtain and process data from biosensors, preclinical data sources (e.g., sales of cough syrup), and early clinical data (e.g., symptoms and radiological reports). A system would have to collect and analyze these data in near real time with attention to corroborating and discriminating data from other sources, such as wind patterns and physical location of individuals in the days preceding onset of illness. They concluded that conventionally trained physicians could not be relied on to detect an outbreak of this type. In the Sverdlovsk outbreak, the earliest suspicion of anthrax came from an autopsy finding of a cardinal's cap (hemorrhagic meningitis, a pathognomonic finding for the disease anthrax) on the eighth day after the release (Abramova et al., 1993), by which time 14 individuals had died (Guillemin, 2001). At least six victims had their early symptoms dismissed by physicians as not serious, and 21 individuals had died by the time that the laboratory confirmation of anthrax was broadcast to area hospitals on the 10th day after the accidental release (Guillemin, 2001).

TABLE 4.1 Taxonomy of Surveillance Data

• Preoutbreak data: This category refers to data obtained during the period before the onset of the outbreak. Examples of data that might contribute to detection include intelligence that heightens suspicion or host factors such as vaccinations that determine susceptibility.

• Attack, release, or exposure data refers to data obtained at or very near the time of an accidental of intentional contamination. Data from this time might come from biosensor arrays, unauthorized airplane flights, or other activities.

• Presymptomatic data (incubation period data) refers to data obtained between the time that a person or animal becomes infected until the recognition of first symptoms. Examples of presymptomatic data are serology or cultures from presymptomatic individuals that are obtained serendipitously, through routine screening, or through enhanced screening because environmental conditions are favorable for an outbreak (e.g., there has been a natural disaster such as a flood).

• Prediagnostic data refers to data from the period between the onset of symptoms in an individual and when the illness becomes more fully developed and distinguishable from other illnesses. Examples of prediagnostic data include diarrheal symptoms or upper respiratory symptoms. Examples of data sources of potential value for the detection of individuals experiencing early symptoms include sales of over-the-counter cold medicines, vital signs, physical findings, and absenteeism.

• Specific syndrome data are data that either singly or in combination strongly suggest a specific agent. Examples include selected symptoms, histories of exposures, vital signs, physical findings, laboratory results, radiology results, and preliminary results from microbiology laboratories (e.g., Gram stains).

• Diagnostic data are data that are sufficient on their own to conclude that a patient has a disease. Examples include microbiology cultures or autopsy reports. Diagnostic data usually can be obtained during the specific syndrome period but can also be found during other periods through screening, routine testing, or testing of the environment. Three additional categories of data in the table do not fit neatly on a timeline. They are:

• Epidemiologic data, which refers to the whereabouts of individuals before onset of disease, food and water consumption, contacts with affected individuals, and location information (work, home addresses; feedlot number). These data are often only available for analysis after the onset of the outbreak because they are not routinely collected, but some characteristics may be routinely recorded electronically in various databases.

• Zoonotic data, which refer to data from veterinary and public health sources. Examples include small animal deaths, positive mosquito pools for malaria, animal vaccination status, and sentinel chicken serology.

• Environmental data refer to data about the environment. Examples include weather, refrigeration temperature, ventilation plans, and water supply areas.

3.2. Postal Attack (2001)

After the fall 2001 attack, the U.S. Postal Service developed the biohazard detection system (BDS), an air monitoring system based on a DNA polymerase chain reaction (PCR) test for B. anthracis (U.S. Postal Service, 2004; Military Postal Service Agency, 2004). BDS attaches to mail-sorting machines. There is little doubt that the U.S. Postal Service designed this system with the functional requirement of early detection of an anthrax postal attack based on a careful postincident analysis of the 2001 postal attack. A mail-sorting machine is both a single point through which all mail passes (except locally routed rural mail and larger packages) and a nearly ideal device for expressing spores from all but the most tightly sealed envelops (because the sorting process compresses envelops), enabling the detection of spores by BDS.

A comprehensive system for detection of a postal attack, however, would require additional components to monitor human health to detect individuals that become infected via envelops and packages that were either well sealed or not sorted by a monitored mail sorting machine. The additional components would have to detect (1) an individual case of anthrax in a recipient of a single envelop, (2) a cluster of cases in a home or office in which the envelop was opened, or (3) a pattern of individuals or building clusters that might indicate an attack that used multiple letters or packages. The system would also have to monitor for suspicious cases in local postal facilities not defended by locally installed sensors either directly or through sensing upstream of their facility in the mail processing network.

3.3. Building/Vessel Contamination

An analysis by Wagner et al. (2003b) identified two additional anthrax attack scenarios: building/vessel contaminations and premonitory release. Specifically, a building or vessel contamination refers to the distribution of anthrax (or other agent) via the mechanical components in a building or ship. This is a serious threat because of our modern reliance on heating, ventilation, and air-conditioning systems, which can effectively disseminate spores throughout a building. The functional requirement for time of detection is similar to that of an outdoor release because many individuals would be exposed simultaneously. Recognition of a release contained within a structure, however, produces somewhat different requirements. Specifically, the requirement is the detection of a cluster of illnesses common to a relatively small number of individuals sharing a domicile, a place of employment, or a social facility.This detection requires recognition and analysis of these relationships. A detection system ideally would have access to data about heating, ventilation, and air-conditioning systems, identity of occupants, and hours of occupation. The building contamination with B. anthracis of a postal facility in New Jersey during the 2001 postal attack is an interesting example for study (Greene et al., 2002). Tracing the illnesses to the specific building required the knowledge of work times, responsibilities, and routines for a large number of postal workers.

3.4. Small Premonitory Release or Contamination

The term premonitory release refers to intentional or accidental infection of one or a limited number of individuals with an unusual organism such as B. anthracis. The functional requirement here is one of sensitivity for single cases and small outbreaks, not extreme timeliness. To detect a single case, a biosurveillance system must have extremely high case detection sensitivity, specificity, and diagnostic precision (or the prior probability must be extremely high, e.g., owing to intelligence information). A biosurveillance system would have to rely either on case detection by the healthcare system or on computer-based case detection. Computer-based case detection would have to be capable of diagnostic precision at least at the level of finding individuals with Gram-positive rods in the blood or cerebrospinal fluid and pneumonia on chest radiograph (which would be highly suggestive of anthrax). Examples of potential computer-based components include clinical information systems with decision support at the point of care, systems to monitor laboratory reporting of microbiology cultures; and free-text processing algorithms that scrutinize autopsy reports, newspaper stories, and obituaries for unusual deaths of animals or humans. If there are multiple cases, the demographics of the victims or the discovery of a geographic clustering of victims could help to identify a common cause with case detection at lower levels of diagnostic precision. In the absence of astute clinical diagnosis, it is likely that a single case of disease caused by a weaponized organism will progress to fatality. The requirements, therefore, include biosurveillance components (manual or automatic) that analyze unexplained deaths.

The problem of detecting a single case is identical to the problem of accurate diagnosis in medicine, and there is great deal of literature on clinical decision support describing relevant techniques, which is summarized in Miller (1994).

0 0

Post a comment