Biosafety and biosecurity for pathogens and toxins news: Q3, October 2022 issue

On this page

Human Pathogens and Toxins Act and Regulations: Evaluation report and consultations

The Human Pathogens and Toxins Act (HPTA) and associated regulations (HPTR) came into full effect on December 1, 2015. Their purpose is to protect the health and safety of the public from risks posed by human pathogens and toxins.

The Public Health Agency of Canada (PHAC) committed to a legislative review every 5 years as part of the regulatory life-cycle of the Human Pathogens and Toxins Act and Regulations (HPTA/R) to ensure that the regulations continue to be appropriate and effective, and achieve their intended policy objectives. The COVID-19 pandemic delayed the first review.

PHAC's Office of Audit and Evaluation (OAE) led an evaluation on the HPTA/R, which focused primarily on issues of effectiveness and efficiency related to the implementation of the HPTA/R from 2015 to 2021. The evaluation identified 3 recommendations related to:

The Centre for Biosecurity (CB) developed a Management Action Response Plan (MRAP), which identified key actions to address the recommendations. This included a commitment to complete a comprehensive legislative review of the HPTA/R in these areas.

The final HPTA/R evaluation report, including the MRAP, is now available.

In accordance with the Cabinet Directive on Regulations, PHAC will consult with stakeholders and interested parties about the policy development and proposed regulatory amendments to the HPTA/R. We'll keep you posted as we plan these consultations.

Resources to support compliance with the Human Pathogens and Toxins Act and Regulations

We've developed several resources to support compliance with the HPTA/R. This will help reduce the risks posed by human pathogens and toxins, and expand your knowledge on the subject. The following online biosafety and biosecurity training resources are in PHAC's e-Learning portal:

You can access these courses by creating a free account in the PHAC e-Learning portal.

Other CB resources include:

Legislative and regulatory requirements

Under the HPTA/R, facilities conducting controlled activities involving human pathogens or toxins have specific legislative and regulatory requirements, in addition to the requirements described in the CBS, 2nd Edition. Section 1.3 of the CBS outlines a non-exhaustive summary of these requirements. Facilities are responsible for understanding their obligations under both the HPTA and HPTR, in addition to the applicable requirements set out in the CBS, and their conditions of licence.

For more information, refer to the HPTA and HPTR, and the Understanding the HPTA/HPTR course in the PHAC e-learning portal.

Under the Health of Animals Act (HAA) and the Health of Animals Regulations (HAR), facilities have legislative and regulatory requirements beyond those in the CBS if they import:

Section 1.4 of the CBS, 2nd edition includes a partial summary of these requirements. Facilities are responsible for understanding their obligations under:

For more information, please visit our biosafety and biosecurity website or contact us at pathogens.pathogenes@phac-aspc.gc.ca.

How to change a biological safety officer and add or remove an alternate biosafety contact

It is the responsibility of the LH or BSO to ensure their licence information is up to date.

You must notify PHAC within 30 days of a change to the designated BSO. Refer to section 36(6) of the HPTA for BSO notification obligations.

You can initiate the change of BSO and add or remove alternate biosafety contacts (ABCs) in the Biosecurity Portal. To help reduce the administrative burden, upon request CB can now complete the change of BSO as well as add or remove ABCs in the portal.

In order for CB to change your BSO or ABC upon request, you must meet the 2 following criteria:

If you have any questions, please contact the licensing program by email at licence.permis@phac-aspc.gc.ca or by phone at 613-957-1779.

LINC data 2021: Laboratory exposure incidents

The annual Laboratory Incident Notification Canada (LINC) report describes laboratory exposure incidents in Canada, as well as the individuals affected by these incidents. This year's report describes the incidents that occurred in 2021, the sixth year of LINC's operation. We will publish the full report in fall 2022 in the Canadian Communicable Disease Report (CCDR).

In 2021, LHs reported 43 exposure incidents involving 72 individuals. 3 of these incidents resulted in suspected or confirmed laboratory-acquired infections (LAIs). Of the 72 exposed individuals, most worked as:

The most common education levels among them were:

Most were exposed through inhalation (52.8%) or sharps-related incidents (16.7%), which is similar to 2020.

Among the 43 exposure incidents, common root causes were issues relating to human interactions (67.4%) or standard operating procedures (SOPs) (46.5%).

Microbiological research was the most common laboratory activity leading to exposure incidents (41.9%), followed by in vivo animal research (27.9%).

Among the 44 pathogens and toxins involved, most exposure incidents involved non-security-sensitive biological agents (86.4%), or human risk group 2 (RG2) pathogens (61.4%). This was similar to 2020 results.

The most common implicated RG2 agents were Neisseria meningitides and Streptococcus agalacitiae (6.8% each). The most common human risk group 3 (RG3) agent was SARS-CoV-2 (13.6%).

The 2021 annual incident exposure rate was 4.2 incidents per 100 active licenses. This was similar to 2020, which saw 3.9 incidents per 100 active licenses.

Cybersecurity awareness: Malicious cyber actors continue to exploit vulnerabilities

Sensitive information related to human pathogens and toxins is often stored electronically on internal computer networks and cloud storage solutions. You should routinely review and update cybersecurity measures in your biosecurity plan based on Canadian Centre for Cyber Security (CCCS) alerts to ensure access to this information remains restricted to authorized individuals (CBS 4.10.12).

In June 2022, CCCS issued an alert update on previously reported Log4j-related vulnerabilities. This alert update highlighted that malicious, state-sponsored advanced persistent threat (APT) actors routinely exploit Log4Shell vulnerabilities in VMware products. In one confirmed compromise, these APT actors were able to collect and extract sensitive data.

CCCS and its partners recommend the following actions:

You can also contact Public Safety at ps.rrap-perr.sp@canada.ca to test your IT systems for vulnerabilities and identify improvements. They offer optional assessments and free Review and Analysis Tools. If a private company assesses your IT system, please ensure they have the appropriate security clearance to have access to information about your access control methods.

CCCS is Canada's national authority for cybersecurity. If you have a question about your systems, CCCS is your first point of contact. For more information, please contact health-par-sante@cyber.gc.ca or refer to The Canadian Centre for Cyber Security.

RegFacts: #DYK: Notice to Minister before making changes

Did you know that section 6 of the HPTR requires that a LH (for those authorized to conduct controlled activities with human pathogens that fall under RG 3, RG 4, or prescribed toxins) must give notice to the Minister before making any change to:

Additionally, if an LH makes any changes to their name, they must notify the Minister in writing, within 30 days of the name change. These notifications can be made through the Biosecurity Portal.

If you have any questions about whether you need to report a change, please contact CB at biosafety.biosecurite@phac-aspc.gc.ca.

The modernized Pathogen and Toxin Licence: Stay tuned

CB will soon release a redesigned and modernized Pathogen and Toxin Licence (PTL).

The new PTL will:

When the release is official, the modernized version will replace the old version, and will be available on the Biosecurity Portal. Following the approval of a licence variation or a renewal, we'll include a note with the confirmation email to let you know that the modernized version is now in force.

The old version will remain valid until its expiry date, but we recommend using the modernized version once it's available.

Page details

Date modified: