Security departments in all types of facilities have to negotiate a tricky balance between appropriate levels of security and appropriate levels of accessibility. But for hospitals, this balancing act is particularly critical. The primary stakeholders in this environment—staff, patients and visitors—have divergent perceptions of appropriate security.
Hospital visitors want unrestricted access to their loved ones, and patients want their friends and family to arrive unhindered. Patients often are in pain and uncomfortable, which translates into stress and anxiety for their visitors. The last thing a family member wants or needs is to come face-to-face with a security program that makes visitation inconvenient or adversarial.
Conversely, hospital security satisfaction surveys show that the number-one concern of staff is the under-restricted access that visitors—both authorized and unauthorized—have to the hospital.
To address these diametrically opposed concerns, hospital directors of security must develop a program that protects all people and assets while interacting with a culture that expects unencumbered access. And by the way, it should be cost effective at the same time.
Review Codes and Guidelines
The security industry, unlike other disciplines, has no statutory requirements. The appropriate level of security for a healthcare institution is generally determined by industry best practices. Hospital security directors must determine the level of their program by reviewing available security literature and industry-specific codes or statutory requirements for other disciplines. Consider the following:
• The Joint Commission on Accreditation of Hospital Organizations' (JCAHO) Environment of Care Manual
• Occupational Safety and Health Administration (OSHA) regulations
• Healthcare Insurance Portability and Accountability Act (HIPAA)
• National Fire Protection Association (NFPA) Section 101
• NFPA Section 99 for Healthcare Facilities
• NFPA Section 730 Guide for Premises Security (new). Section 730 covers the security vulnerability assessment, designing a security plan, interior protection, exterior protection, security guards, special events, and security measures for occupancies
• NFPA 731 (new), Standard for the Installation of Electronic Premises Security Systems, covers the application, location, installation, performance, testing, and maintenance of physical security systems and their components
• International Association for Healthcare Security and Safety (IAHSS) Security Officer and Supervisor Training Program
Assess Your Risk
Once you've reviewed the applicable guidelines, how can you determine how much security is enough for your particular facility? The most reliable method is to conduct a risk assessment that identifies specific criticalities including threats to the building(s), adjacencies and people, their respective impacts, and recommendations to mitigate the impacts or threats.
Generally, a risk assessment should consider
• the geographic location of the hospital and the impact of crime on its location.
• the operation and type of hospital being assessed. Does the hospital have an emergency department, psychiatric/behavioral health unit, labor & delivery/pediatrics unit? Has the hospital developed a security program that meets the needs of these specialized care units?
• the security staff. Does the hospital maintain a security staff? Does it adequately train them as well as hospital employees to prepare for and respond to critical incidents?
• security technology. What technology is in place? Does it meet the protection requirements of the hospital, its people and assets? Is it cost effective? Consider card access control, video surveillance, intrusion detection and door monitoring systems, infant protection systems, and duress alarm systems.