Why Integrators Should Help Hospitals with Their Security Audits

Oct. 17, 2011
Healthcare security audits

Today, security needs are a high priority in many healthcare environments. From the time a patient hands over her medical information to follow-up consultations after a procedure, every step of the journey takes policies, protocols and precise execution in order to ensure a successful experience. Healthcare providers must take great care and extensive measures to make certain that not only is the patient well cared for but that they also do their best to accommodate visitors as well as maintain fairness for its employees.

Not only must hospitals go to great measures to enforce adopted rules and measures, but they also take a fair amount of time in analyzing and reviewing that their policies and procedures assure they are meeting these regulations. Such a self-examination, sometimes call a “hazards vulnerability assessment,” helps them stay within accredition standards while also allowing them to assess risk, identify security needs and help ensure a safe environment of care for their patients, staff, volunteers, and visitors. If you help your hospital customer with their security audit, you are in a much better place to sell them what they find out they need.

Safety planning review vs. security audit

Hospitals accredited by the Joint Commission on Healthcare Organizations, now referred to as The Joint Commission, are required to perform an annual Hazard Vulnerability Assessment (HVA). The review covers all hospital departments and takes an “all hazards” approach in identifying critical organizational assets, the impact of significant incidents, community resources and capabilities, the organization’s overall preparedness, and many other aspects of emergency planning, response and recovery. Reports, evaluation plans, and number-crunching are all part of the review.

These security audits assess the organization’s compliance with standards they are required to meet or have agreed to abide by. For instance, if a policy and procedure have been written, an audit determines if the organization is doing what it has said it will do. If they have determined that they should practice an emergency lockdown twice a year, have they done so? As an integrator, you can show them how to solve their lapses by suggesting new equipment and systems.

An assessment process identifies needs and helps determine whether or not the need is being effectively addressed. For instance, if, during the lockdown exercise, it is determined that the process took a total of 20 minutes, the assessment would spell out where the doors didn’t close. You can help them find out why they didn’t close and make recommendations for those doors.

Replace, repair, repeat

Depending on the results, hospitals typically follow the recommendations of the audit and update the hospital's security. Hardware repair, equipment replacement, policy changes, retraining, procedure drills, and follow-up audits and assessments could all be a part of the next phase.

Security audits vary in size an scope. Some audits might cover all aspects of security whereas others might be scheduled to analyze a single segment of the process. Such scheduling usually depends on the performance of the previous audit, with exceptions including an administrator's desire for unpredictability. Some hospitals might find such work to be superfluous while other hospitals consider security audits vital to their prosperity. Not every hospital performs at the same level, which means some facilities need a little more effort to maintain efficiency than others. Such levels of performance also determine the frequency of security audits, if and when they are scheduled.

What all facilities have in common is that they need to have a safe environment for their patients, visitors and staff while complying with regulatory requirements. Third party, non-profit accrediting bodies such as The Joint Commission have, in recent years, decided not to schedule their inspections. This means that hospitals can no longer anticipate and prepare for inspections. They now have to make sure they're running at optimal efficiency in order to insure they don't run the risk of losing accreditation.

With so many factors included, they will look forward to the help and assistance of a well-versed systems integrator.