Surveillance is the ongoing, systematic collection, analysis, and interpretation of health data used to guide public health action. Passive surveillance relies on mandatory reporting from clinicians and laboratories; active surveillance involves direct outreach to identify cases. Sentinel surveillance monitors a representative subset of sites to estimate trends efficiently. Modern surveillance increasingly uses syndromic data (emergency department visits, pharmacy sales) and genomic sequencing to detect outbreaks before clinical diagnosis confirms them. Effective surveillance systems are only as useful as their capacity to trigger a timely, appropriate response.
Examine a real surveillance architecture such as the US CDC's National Notifiable Diseases Surveillance System or the WHO's Global Outbreak Alert and Response Network. Trace how a positive lab report travels from a clinician to actionable public health intelligence.
Surveillance is not the same as research. Research answers questions about disease; surveillance watches for disease — continuously, systematically, and with the explicit goal of triggering action. The core cycle is collect, analyze, interpret, and respond. A surveillance system that generates data but does not produce timely, actionable intelligence has failed at its primary purpose.
The most familiar mode is *passive surveillance*: clinicians and laboratories are legally required to report certain conditions (notifiable diseases) to public health authorities. The list of notifiable diseases varies by jurisdiction — in the US, the CDC maintains a nationally notifiable disease list, but reporting is ultimately managed at the state level. Passive surveillance scales inexpensively to national scope but misses mild and asymptomatic cases and is subject to reporting fatigue and lag. *Active surveillance* reverses this — public health authorities reach out directly to providers to identify cases — achieving higher completeness but at much greater cost. *Sentinel surveillance* is a practical middle ground: a representative network of sites (emergency departments, primary care clinics, laboratories) provides intensive, high-quality data that can be used to estimate national trends without monitoring every case everywhere.
Modern surveillance increasingly reaches beyond clinical diagnosis. Syndromic surveillance monitors pre-diagnostic signals — emergency department chief complaints, over-the-counter drug sales, school absenteeism — to detect outbreak signals before laboratory confirmation is available. Genomic surveillance tracks pathogen evolution through whole-genome sequencing, enabling identification of novel variants (as seen with SARS-CoV-2) and transmission chain reconstruction. Both approaches extend the surveillance window earlier in the outbreak timeline, when intervention is most effective.
A fundamental limitation of all surveillance systems is undercounting. Only a fraction of infections become confirmed, reported cases: many are asymptomatic, many symptomatic individuals never seek care, many who seek care are not tested, and many test results are not reported. Epidemiologists use several methods to estimate true burden from observed counts: *multiplier methods* apply empirically derived correction factors to confirmed cases; *seroprevalence surveys* measure antibody prevalence in population samples to reconstruct cumulative infection rates; *capture-recapture* methods estimate total population size from overlapping detection sources. Reported case counts should always be interpreted as a floor — the true burden is higher, often by an order of magnitude.
Finally, interpreting surveillance data requires baseline awareness. A spike in reported cases may reflect a genuine outbreak, but it may also reflect a new diagnostic test, expanded reporting requirements, or increased healthcare-seeking behavior (e.g., driven by media coverage). Distinguishing signal from artifact requires knowing what "normal" looks like — historical baselines, seasonal patterns, and an understanding of how and why the data are generated. This is why surveillance infrastructure is built during non-outbreak periods, not improvised during emergencies.