Outbreak Detection and Surveillance
On December 30, 2019, ProMED-mail distributed reports of pneumonia of unknown etiology in Wuhan, China. This email-based outbreak reporting system, operated by volunteers monitoring global media sources, provided one of the first public signals of what would become COVID-19. Meanwhile, GISAID enabled real-time genomic surveillance as the pandemic unfolded, with researchers sharing over 15 million SARS-CoV-2 sequences that tracked viral evolution with single-nucleotide precision. Strong biosurveillance cannot prevent pandemics, but it compresses the critical window between first cases and coordinated response when hours and days determine whether containment succeeds or fails.
- Understand the IHR (2005) legal framework for global biosurveillance
- Distinguish between indicator-based and event-based surveillance
- Evaluate major surveillance systems (GISRS, ProMED, GPHIN, GISAID, wastewater)
- Recognize One Health integration of human, animal, environmental surveillance
- Assess surveillance capabilities for detecting deliberate biological attacks
Introduction
Biosurveillance is the systematic collection, analysis, and interpretation of biological data to detect public health threats. It serves as an early warning system for infectious disease outbreaks, whether emerging naturally, released accidentally from laboratories, or deployed deliberately as bioweapons.
International Governance and the Biological Weapons Convention examined why the BWC can’t verify compliance. Biosurveillance partially compensates: if you can’t prevent bioweapons development, at least detect outbreaks quickly enough to respond effectively. Strong surveillance compresses the time between first cases and coordinated response.
When our team in Nebraska identified what would become one of the first Omicron clusters in the United States, the genomic surveillance infrastructure we’d built allowed us to sequence, analyze, and report within 48 hours of specimen collection. That speed, enabled by years of investment in laboratory capacity and bioinformatics pipelines, made contact tracing actionable. A week’s delay would have meant the cluster had already seeded secondary transmission chains across multiple states.
This chapter covers the legal framework (IHR 2005), surveillance approaches, major systems (GISRS, ProMED, GPHIN, GISAID, wastewater), One Health integration, deliberate release detection, and persistent gaps.
International Health Regulations (2005): Legal Foundation
IHR Purpose and Scope
The International Health Regulations (IHR), adopted by the World Health Assembly in 2005 and entering force in June 2007, legally bind 196 WHO member states to prevent, detect, control, and respond to international disease spread while avoiding unnecessary interference with travel and trade.
The IHR (2005) established the first binding legal framework for global biosurveillance, replacing earlier regulations focused narrowly on cholera, plague, and yellow fever.
In June 2024, the 77th World Health Assembly adopted amendments to the IHR (2005) through resolution WHA77.17. These amendments, which entered into force September 19, 2025, incorporate lessons from the COVID-19 pandemic and strengthen provisions for equity, capacity building, and sustainable financing. States Parties that have not rejected or filed reservations are now bound by the amended regulations.
PHEIC Notification Requirements
States Parties must assess potential Public Health Emergencies of International Concern (PHEICs) within 48 hours using a decision tool in Annex 2. An event is notifiable if it meets at least two criteria: serious public health impact, unusual or unexpected, significant international spread risk, or significant travel/trade restriction risk.
Certain diseases always require reporting: smallpox, wild-type poliovirus, novel influenza subtypes, SARS. If notifiable, States Parties must report within 24 hours through designated National IHR Focal Points (NFPs).
Core Capacities
IHR (2005) mandates States Parties develop and maintain 13 core capacities:
National legislation, policy, financing. IHR National Focal Point coordination. Surveillance systems. Response capabilities. Preparedness planning. Risk communication. Human resources. Laboratory diagnostics. Points of entry (airports, seaports, ground crossings). Zoonotic event detection. Food safety. Chemical event detection. Radionuclear emergency detection.
These requirements apply at local, intermediate, and national levels. Joint External Evaluations (JEEs) assess country capacity and identify gaps.
Implementation Challenges
Many low- and middle-income countries lack resources to fully implement IHR core capacities. Surveillance infrastructure, laboratory diagnostics, and trained epidemiology workforces require sustained investment often unavailable.
The IHR creates legal obligations but provides limited enforcement mechanisms or funding for capacity-building. This produces uneven global surveillance capability, with strong systems in high-income countries and major gaps elsewhere.
For discussion of the financing and governance mechanisms that determine whether IHR obligations translate into operational capacity, see The Future of Biosecurity.
Indicator-Based vs. Event-Based Surveillance
Indicator-Based Surveillance
Indicator-based surveillance is what most epidemiologists do daily: reviewing lab reports, tracking notifiable disease counts, monitoring syndromic trends in emergency departments. It relies on routine, structured data collection from established healthcare systems and laboratories.
This includes sentinel surveillance networks monitoring specific diseases at designated sites, healthcare facility reporting of legally notifiable diseases, laboratory-based surveillance capturing diagnostic test results, and syndromic surveillance tracking symptom patterns before confirmed diagnoses.
Indicator-based surveillance provides systematic, quantifiable data but requires functioning healthcare infrastructure and reporting compliance. It detects trends in known diseases well but may miss novel pathogens or outbreaks in areas with weak health systems.
Event-Based Surveillance
Event-based surveillance scans informal information sources (media reports, online discussions, rumor surveillance) for signals of unusual health events. This approach detects unusual clusters not yet reported through official channels, outbreaks in areas without formal surveillance capacity, novel or re-emerging pathogens before laboratory confirmation, and events governments may be concealing. ProMED-mail and GPHIN exemplify this model.
Event-based surveillance provides faster signals but requires expert verification to separate true threats from noise.
Complementary Approaches
Effective biosurveillance combines both. Indicator-based systems provide reliable data on known threats. Event-based systems offer early warning on novel or politically sensitive events. Neither alone suffices.
Influenza Surveillance: GISRS
History and Structure
The Global Influenza Surveillance and Response System (GISRS) was established by WHO in 1952, making it one of the oldest disease surveillance networks. The network comprises 142 National Influenza Centres (NICs) in 115 countries collecting clinical specimens and isolating viruses, 5 WHO Collaborating Centres performing advanced characterization, 12 H5 Reference Laboratories specializing in highly pathogenic avian influenza, and 4 Essential Regulatory Laboratories evaluating vaccine viruses.
This global network monitors influenza virus evolution year-round, detecting antigenic drift in seasonal strains and identifying novel viruses with pandemic potential.
Functions
Vaccine strain selection: WHO convenes consultations twice yearly to select influenza vaccine strains based on GISRS data (CRICK). This ensures seasonal vaccines target circulating strains.
Novel virus detection: GISRS identified H5N1 highly pathogenic avian influenza, H7N9 emerging in China (2013), pandemic H1N1 (2009), and other zoonotic influenza viruses before they caused major outbreaks.
Antiviral resistance monitoring: Laboratories test circulating viruses for susceptibility to oseltamivir (Tamiflu) and other antivirals, tracking emergence of resistant strains.
Data sharing through FluNet: WHO’s FluNet platform provides public access to virological surveillance data from GISRS laboratories. National Influenza Centres upload weekly data on virus detections, enabling global tracking of flu activity.
Limitations
Despite 70+ years of operation, GISRS has gaps. Geographic coverage remains uneven, with stronger capacity in high-income countries. Many low-income countries lack National Influenza Centres or submit data irregularly. Zoonotic surveillance (monitoring animal reservoirs) is limited in many regions where novel influenza viruses emerge.
But GISRS demonstrates that sustained global surveillance networks can function across diverse political contexts when tied to clear public health benefits.
Event-Based Surveillance: ProMED, GPHIN, and Automated Systems
ProMED-mail: Expert-Curated Reporting
ProMED-mail (Program for Monitoring Emerging Diseases) launched in 1994 as one of the first internet-based disease outbreak reporting systems. Operated by the International Society for Infectious Diseases (ISID) since 1999, it pioneered event-based surveillance.
The model: monitor global media, online sources, local observers, and official reports for infectious disease outbreak signals. Expert moderators screen reports, verify when possible, add context, and distribute to subscribers within hours.
ProMED-mail is open-access, free, and operates independently of governments, enabling transparent reporting without political constraints.
Notable early detections: Multiple Ebola outbreaks reported before formal WHO notifications. SARS (2003): early reports of unusual pneumonia in Guangdong Province, China. MERS (2012): cases reported as clinicians shared observations. COVID-19: distributed reports of pneumonia of unknown etiology in Wuhan on December 30, 2019 (ProMED, Britannica).
Strengths: Speed (24/7 monitoring, rapid distribution), global reach (subscribers in 185+ countries), independence (not subject to government censorship), One Health approach (human, animal, plant diseases).
Limitations: Reliance on volunteer moderators (resource constraints), dependence on open-source information (may miss deliberately concealed outbreaks), lack of formal verification authority, variable signal quality.
GPHIN: Automated Event-Based Surveillance
The Global Public Health Intelligence Network (GPHIN) was established in 1997 by Canada’s Public Health Agency in collaboration with WHO. GPHIN pioneered automated event-based surveillance, monitoring news reports in multiple languages for disease outbreak signals.
At its peak, GPHIN monitored 20,000+ news reports daily in 9 languages, providing alerts to WHO and member countries. The system contributed approximately 20% of WHO’s epidemic intelligence during the 2000s (CPHI).
SARS detection: GPHIN detected unusual respiratory illness signals in China in late 2002, alerting WHO and contributing to early SARS recognition.
2019 shutdown controversy: Canada controversially reduced GPHIN staffing and alert distribution in 2019, limiting its effectiveness. An independent review in 2021 recommended revitalization, but capacity remains diminished.
WHO EIOS: WHO developed Epidemic Intelligence from Open Sources (EIOS) as a complementary platform for event-based surveillance, partially filling gaps from GPHIN’s decline.
HealthMap and Academic Surveillance
HealthMap, developed by Boston Children’s Hospital, provides automated disease outbreak surveillance using web-based data sources. The platform aggregates news reports, official alerts, and online discussions to map disease activity globally.
While less extensive than GPHIN at its peak, HealthMap demonstrates academic contributions to global surveillance infrastructure.
Genomic Surveillance and Data Sharing: GISAID
Pathogen Genomics: Enabling Precision Public Health
The transformation of public health through pathogen genomics represents one of the most significant advances in outbreak detection and response. As Armstrong et al. describe in the New England Journal of Medicine, rapid advances in DNA sequencing technology, particularly “next-generation sequencing,” are enabling what they call “precision public health.”
Key applications:
| Application | Traditional Approach | Genomics-Enabled Approach |
|---|---|---|
| Foodborne outbreak investigation | Compare PFGE patterns; limited resolution | Whole-genome sequencing reveals transmission chains with single-nucleotide precision |
| Tuberculosis control | Culture and drug susceptibility testing (weeks) | Rapid resistance prediction; transmission cluster identification |
| Influenza surveillance | Serological characterization | Real-time tracking of antigenic drift; vaccine strain selection |
Transformation in practice:
Faster cluster detection: PulseNet, the CDC’s molecular surveillance network for foodborne disease, transitioned from pulsed-field gel electrophoresis (PFGE) to whole-genome sequencing. The result: outbreak clusters are identified faster and with greater precision, linking cases that would previously have appeared unrelated.
Drug resistance prediction: For tuberculosis, genomic analysis can predict drug resistance patterns before culture results are available, enabling appropriate treatment within days rather than weeks.
Real-time evolution tracking: During influenza seasons, genomic surveillance enables near-real-time tracking of viral evolution, informing vaccine strain selection decisions that must be made months before the next season.
The term “precision public health” captures the goal: using genomic data to target interventions more effectively, trace transmission more accurately, and respond more rapidly. Just as precision medicine tailors treatment to individual patients, precision public health tailors interventions to specific pathogen strains, transmission clusters, and outbreak dynamics.
Establishment and Evolution
GISAID (Global Initiative on Sharing Avian Influenza Data) was established in 2008 to address data sharing challenges in influenza genomics. Traditional sequence databases lacked mechanisms ensuring data contributors received appropriate credit or preventing commercial exploitation without contributor consent.
GISAID created a data sharing framework recognizing contributor rights while ensuring rapid, broad access for public health purposes. The model worked: virologists shared influenza sequences that might otherwise have remained private.
When SARS-CoV-2 emerged in late 2019, GISAID rapidly expanded to accommodate coronavirus genomic data.
COVID-19 Genomic Surveillance
GISAID became central to global SARS-CoV-2 surveillance. Over 15 million sequences were shared during the pandemic, enabling real-time tracking of viral evolution and variant emergence.
Variant identification: GISAID data enabled researchers in South Africa to identify the Omicron variant (November 2021) and share sequences within days. Our work with the Africa CDC contributed to generating over 100,000 SARS-CoV-2 sequences from the continent, published in Science, providing crucial data for understanding African variant evolution and transmission dynamics.
Transmission chain analysis: Genomic data revealed importation events, superspreading clusters, and cryptic transmission, allowing targeted interventions.
Vaccine updates: Sequence data informed decisions to update COVID-19 vaccines targeting Omicron and subsequent variants.
Genomic surveillance teams have submitted hundreds of sequences to GISAID. The submission-to-publication cycle can be under 48 hours when prioritized. That speed matters for identifying concerning variants before they become dominant. But it requires dedicated bioinformatics capacity, which many jurisdictions lack.
Data Sharing Challenges
Despite success, GISAID faces persistent challenges. High-income countries produce and share far more sequences than low- and middle-income countries, creating surveillance blind spots. Some countries delay sequence sharing for weeks or months, reducing early warning value. Sequence quality, metadata completeness, and annotation standards vary widely.
Genomic surveillance works best when sequencing capacity, rapid data sharing norms, and analytic expertise align. This happens inconsistently across geographies.
Wastewater Surveillance: Population-Level Monitoring
Emergence During COVID-19
Wastewater surveillance detects SARS-CoV-2 RNA shed in feces, providing population-level signals of community transmission independent of clinical testing. Research showed wastewater viral RNA concentrations correlate with COVID-19 hospitalizations and can provide 1-4 day lead time before hospital admissions (Nature Biotechnology).
The CDC launched the National Wastewater Surveillance System (NWSS) in September 2020 to coordinate wastewater monitoring across state, tribal, local, and territorial health departments.
Advantages
Wastewater surveillance offers unique benefits. It detects community transmission before symptomatic cases seek testing, providing population-level signals independent of healthcare-seeking behavior. Viral shedding begins before symptom onset, giving 1-2 week lead time. It captures both symptomatic and asymptomatic infections and covers entire sewershed populations efficiently.
Wastewater also detected the 2022 poliovirus outbreak in New York, demonstrating value beyond COVID-19.
Limitations
Wastewater surveillance requires laboratory infrastructure for sample collection, processing, and PCR or sequencing analysis. Standardization challenges exist across different sewershed sizes, population densities, and wastewater treatment systems. Interpreting viral concentrations in terms of case counts remains imprecise. The approach doesn’t cover populations using septic systems rather than centralized sewerage.
Despite limitations, wastewater surveillance proved sufficiently valuable during COVID-19 that many jurisdictions maintained capacity post-pandemic for routine monitoring. However, RAND has called for sustained funding of wastewater surveillance capabilities beyond emergency responses. The National Wastewater Surveillance System funding expires September 2025, potentially dismantling infrastructure that could enable pathogen-agnostic detection of novel threats, a critical biosecurity capability.
One Health: Integrating Animal and Environmental Surveillance
WAHIS: Animal Disease Reporting
The World Animal Health Information System (WAHIS), managed by the World Organisation for Animal Health (WOAH, formerly OIE), collects and disseminates information on animal disease outbreaks globally. WOAH member countries report terrestrial and aquatic listed diseases affecting domestic animals and wildlife, plus emerging diseases.
Between 2005 and 2023, nearly half of diseases notified to WOAH were zoonotic, demonstrating the critical connection between animal and human health surveillance (WAHIS).
Why Animal Surveillance Matters
Most emerging infectious diseases affecting humans are zoonotic (transmitted from animals). H5N1 avian influenza, Nipah virus, MERS-CoV, Ebola, and numerous other pathogens originate in animal reservoirs. Animal surveillance provides upstream detection, identifying pathogens before human spillover occurs.
WAHIS enables early warning when animal outbreaks occur that might threaten human populations. For example, detecting H5N1 in poultry flocks allows containment before human exposure.
Tripartite Collaboration
WHO, WOAH, and the Food and Agriculture Organization (FAO) collaborate through the Tripartite framework on zoonotic disease surveillance and One Health approaches. This recognizes that human, animal, and environmental health are interconnected and require integrated surveillance.
However, coordination between human and animal health systems remains inconsistent in many countries, creating gaps where zoonotic spillovers could occur undetected.
Surveillance for Deliberate Biological Attacks
Challenges in Detecting Bioterrorism
Distinguishing deliberate biological attacks from natural outbreaks is difficult. Most bioweapon agents (anthrax, plague, tularemia) cause diseases that occur naturally. Only unusual features might signal deliberate release: atypical geographic distribution, simultaneous clusters in multiple locations, epidemiologically implausible spread, or detection of unusual strains or weaponized formulations.
BioWatch: Environmental Air Sampling
The BioWatch program, established by the Department of Homeland Security after the 2001 anthrax attacks, deploys environmental air samplers in major U.S. cities to detect aerosolized biological agents. Air samples collected at monitoring sites (often co-located with EPA air quality monitors) are transported to laboratories for analysis.
The goal: detect aerosolized pathogens before victims show symptoms, enabling prophylactic treatment and containment. BioWatch targets select agents (anthrax, plague, tularemia, smallpox, and others) that could be weaponized.
Challenges: Low base rate of actual attacks means high false positive risk. Legitimate environmental detections (naturally occurring bacteria, laboratory contamination) trigger alerts. This creates “cry wolf” concerns if multiple false alarms erode confidence.
Laboratory Response Network
The CDC Laboratory Response Network (LRN), established in 1999, integrates public health, military, veterinary, agricultural, water, and food testing laboratories to rapidly respond to biological and chemical threats.
The LRN has tiered structure. Sentinel laboratories (hospital and clinic labs) recognize suspect agents and refer samples. Reference laboratories (primarily state public health labs) perform confirmatory testing using standardized protocols. National laboratories (CDC, USAMRIID) provide definitive characterization, strain typing, and forensic analysis.
During the 2001 anthrax attacks, the LRN analyzed thousands of suspect samples, confirmed exposures, and guided prophylaxis decisions. The network demonstrates value for bioterrorism response but requires sustained funding and training to maintain readiness during long inter-event periods.
Syndromic Surveillance
BioSense and similar syndromic surveillance systems monitor emergency department chief complaints, over-the-counter medication sales, school/work absenteeism, and other pre-diagnostic indicators for unusual patterns suggesting outbreaks.
The 2001 anthrax attacks prompted expansion of syndromic surveillance to detect bioterrorism early. However, these systems generate numerous alerts requiring investigation, most of which represent natural disease variation. Balancing sensitivity (detecting real events) against specificity (avoiding false alarms) remains challenging.
Surveillance Gaps and Challenges
Capacity Constraints in Low-Income Countries
Biosurveillance capacity concentrates in high-income countries. Many low- and middle-income countries lack laboratory infrastructure for pathogen diagnostics, trained epidemiologists and bioinformaticians, sustainable funding beyond donor-dependent programs, and integration between human, animal, environmental surveillance.
When novel pathogens emerge in regions with weak surveillance, detection delays by weeks or months, enabling widespread transmission before containment attempts.
Delayed Reporting Incentives
Countries face disincentives for rapid outbreak reporting. Travel and trade restrictions follow PHEIC declarations. Economic impacts from tourism decline and export bans create political pressure to minimize outbreak severity. Fears of stigmatization (diseases associated with locations) further delay transparency.
South Africa’s rapid, transparent Omicron reporting was met with punitive travel bans, creating perverse precedent that penalizes good surveillance rather than rewarding it.
Data Sharing Resistance
Pathogen sequence data, outbreak information, and biological samples often face sharing barriers. National sovereignty concerns treat pathogen data as national resources. Intellectual property claims seek benefit-sharing agreements before data release. Commercial interests restrict information. Political sensitivities conceal embarrassing information.
The 2007 Indonesia H5N1 virus-sharing controversy threatened GISRS when Indonesia withheld samples, arguing benefits accrued to high-income vaccine manufacturers. Only the Pandemic Influenza Preparedness (PIP) Framework establishing benefit-sharing mechanisms resolved the impasse.
Political Interference
Surveillance data can become politically sensitive when revealing government failures or contradicting official narratives. Pressure to delay reporting or soften outbreak descriptions compromises surveillance independence and integrity.
Effective biosurveillance requires insulation from political interference while maintaining connection to decision-makers. That balance is hard to sustain.
The next chapter examines pandemic preparedness and response frameworks: what happens after surveillance detects a threat.
This chapter is part of The Biosecurity Handbook. For related content, see Digital Biosurveillance (AI-enabled genomic surveillance, wearables) and Global Surveillance Equity (LMIC capacity gaps and incentive structures).