At the Frontline: 2009 ASIS President Michael Cummings recently caught up with Michael Cummings, CPP, the 2009 president of ASIS International, and the Director of Loss Prevention Services for Aurora Health Care in Milwaukee, Wis. Mr. Cummings shared with us his vision for ASIS in 2009, and discussed what he’s facing in the world of healthcare security and security management.

A member also of the International Association for Healthcare Safety and Security (IAHSS), he oversees security for Aurora Health care, which is a not-for-profit affiliation of healthcare, hospital and pharmacy organizations in Wisconsin. Mr. Cummings faces security challenges and compliance mandates for some 14 hospitals and over 100 clinics and over 100 pharmacies. The people he has to protect include some 3,400-plus physicians who practice at the Aurora group of hospitals, plus all of the support staff, nursing staff, pharmacy staff and all of the patients, and friends and family members of patients who visit the Aurora hospitals, clinics and pharmacies. Despite what sounds like more than seven days of work each week, he has found time to become highly active in ASIS International and even volunteers his services as president of the organization. We’re pleased that he also took the time to share insights into ASIS and healthcare security with the community:

SIW: How did you start in the world of security?

Michael R. Cummings, CPP: I began my career in my senior year of college as a part time job. My first security job was as a store detective on a part-time basis. After graduation I had the opportunity to move to a full-time position with some additional responsibilities and I took that. I ended up moving to a manager position in my first location, and then I transferred laterally to Chicago where I managed one of the more challenging stores there for about five years.

After over 12 years in retail, I was offered an assistant director of security position in healthcare. I was ready for a change of "pallets" on which to practice my profession, but knew I didn't have a wealth of healthcare security insights. I looked to ASIS right away and joined the Healthcare Security Committee , as it was known back then. I figured that is where the knowledgeable people within health care lived and worked. Over the intervening years -- that was 1985 [when I made the change into healthcare security] -- I moved first to the director level position and then experienced the growth of my role within the company as the company’s operations and scope grew. In some meaningful ways, the job has morphed about every five years, which has kept me fresh and interested and challenged.

You’re heading security at Aurora Health Care at a time when hospitals seem busier than ever. What does your position entail and what are some of the security concerns you’re having to deal with on a regular basis?

When I first began in healthcare, my responsibilities were connected to the security needs of a single hospital. After that hospital joined to form Aurora in 1987 I needed to adapt to be able to provide security leadership in many healthcare-related settings, each having their own set of needs. For example we have 14 hospitals, over 100 clinics, over 100 pharmacies, a visiting nurse division and other smaller single and multi-location functions, including a business office. An ongoing challenge has been to assess the many differing needs of these types of businesses within the business and match the right combination of people, technology and procedural elements to meet the needs in a cost effective manner. I have been blessed by having a very supportive senior leadership team who have provided the financial support that has allowed me to build the infrastructure to use technology in a very effective manner.

Staff development and having the right people with the right skills to do the work is a big part of my job. Another big part of the job is to constantly evaluate the department's organizational structure to meet my internal partner needs. The vast array of regulatory and legislative issues, not to mention policies and procedures, within healthcare that are security related present challenges too.

When I look some of the areas that need ongoing and dedicated support, I consider access control issues in an environment that is open to some degree 24/7. I also look at the protection for especially vulnerable patients such as newborns, elderly and those here unexpectedly, such as emergency room patients. The issues of narcotics controls is also a high priority.

Added to this thumbnail sketch of some considerations is the backdrop of what all security directors are dealing with now: the macro economy and a very complex society with many "opportunities" for things to go wrong. Our violence in the workplace prevention program, which we first developed in 1995, is one tool we use in a collaborative manner to be proactive.

How has ASIS helped you in your professional career and how long have you been a member?

I first joined ASIS in 1978. My involvement in the Healthcare Security Committee, later renamed the Council on Healthcare Security, provided access to the best and brightest for me to learn from across the country. I had always networked well on the local level through my ASIS chapter, but this really gave me access to ideas and processes I could implement. Then of course there are all of the educational and other support features available through ASIS. I have found the Resource Center very helpful with project work and the many workshops on healthcare security and of course the sessions in the Seminars outstanding. In recent years, the vast array of information available on the web page has become immense. Whether it is a status on guidelines or standards, information created by the Foundation's work, or specifically focused data, or the [ASIS] CSO Roundtable I can always find an answer or at least the start of obtaining more information.

What are your goals for 2009 as president of ASIS International?

I always speak about stewardship and continuity. Our continuity of purpose model is tied to our strategic plans, and it is the guiding beacon for any president we have and the volunteer leadership team as a whole. This year we are focusing on several areas in addition to all of the things we routinely do. I see four in particular:

- Continued efforts in the area of public policy. We need to be monitoring and staying involved in legislation, regulation and the like or we will be in a purely react mode when laws are passed that might not really be in the best interest of securing our communities and work places.

- Continued leadership in the areas of guidelines and standards. Through the ANSI and ISO process and with the involvement of so many members who can contribute, we are ideally placed to have global impact in the most positive sense. Like public policy, we need to lead, follow or get out of the way. Personally, I think we need to lead and I think we are now leading.

- Migrating toward partnerships and serving communities of interest within the profession as we mature and find our role in the enterprise security risk management world and ultimately enterprise risk management. This will include identifying partners who compliment us in our journey and continuing our efforts with the newly formed CSO Roundtable.

- Continued global outreach in the continuation of the offshore seminars and workshops we produce such as Asia Pacific, European and as planned at this point, the Middle East in December. These are complimented by our work in the above listed areas that are truly global such as standards writing. We are also positioned to have our first non-US-based president in 2012 which speaks to how really global we are.

What are some of the top ASIS programs which you have championed?

I am very much a champion of guidelines and standards as well as the new CSO Roundtable. Admittedly I was one who needed to have the case made early on regarding standards as this was huge departure for ASIS, but I have come to embrace it fully. While we are doing the things listed under my fourth point above, we cannot lose sight of the fact that we need to make sure we serve all members in their educational and networking needs. This, after all, was our core mission. We will find new and better ways to do that (e.g., web-based and virtually), but we cannot abandon what got us to this point either. I also need to put in a plug for the applied research aspect of our profession. Through the ASIS Foundation we are going to be able to have an impact on the security body of knowledge here too. I don't want to sound pollyannish, but I am so proud of what ASIS does across the board that I could list everything.

The world of security is changing ever so rapidly, and the scope of what “security” means is broadening, as well. How do you keep a professional association like ASIS International relevant in this ever-changing security landscape?

I would argue that because of the factors you cite, it is the exact wrong time for security professionals to even consider abandoning ASIS. The complexity of our jobs and the demand to do more with less is why we need ASIS International more than ever. The vast number of resources as discussed above can only help us be more efficient, not less. Now is not the time to become an island. There is something for everyone in our profession under the umbrella.

To learn more about ASIS International, visit