You got the job - Now what?

Congratulations on your promotion to Security Director! Whether you are stepping into the leadership role of a well-established security department or being asked to build a new program, chances are you are asking questions like: "Now what?" or "Where do I start?" Fear not - this job is not as hard as it seems. And like most worthwhile endeavors, the rewards usually go to those who embrace slow and steady progress over big changes.

First, take heart in the fact that you are not alone and you do not need to create a custom security program from scratch. This is where joining professional groups and networking become important. Take advantage of the existing knowledge base by seeking out peers from other hospitals in your region. It is easier than you might think - and most metropolitan areas already have professional groups dedicated to hospital security.

For a 30,000-foot national overview, you should consider groups like ASIS International or the International Association for Healthcare Security and Safety (IAHSS). ASIS is the larger of the two and sponsors a Healthcare Security Committee made up of volunteers dedicated to the advancement of healthcare security. Becoming a member of this group is as simple as joining ASIS, and then throwing your name into the ring. IAHSS is smaller - but more focused, as healthcare security is its primary concern. Both offer certification programs that can help add credibility to your role.

Regional and local professional groups run the gamut from full-blown associations with hundreds of members to just a few like-minded colleagues meeting over coffee. As a general rule, you are looking for people with similar responsibilities who come from hospitals of like size. This is especially important when you are hunting for best practices and incident data. It does little good to compare a 100-bed regional hospital with a Level One Trauma Center that treats a quarter-million patients each year. The former probably employs a single security officer, 24-hours a day; while the latter has the advantage of much larger security staffs and budgets. Likewise, the number and types of incidents that each one experiences will vary. If both are located in the same geographic area, however, you might be able to share crime data, since bad guys tend to migrate from hospital to hospital.

This does not mean that you should restrict your network and ignore resources outside of your region. Hospitals of like size and location will give you the best comparison for projects that are affected by regional crime rates, weather and the like. The bigger, more visible hospitals, like those listed in U.S. News and World Report's Annual Top 20, are great resources for historical data. If you are considering a particular course of action, chances are good that one of them has already tried it. Use that knowledge to streamline your project and avoid the hazards. Moreover, from a selling standpoint, it is never a bad idea to model a successful program.

In the business world, there is a saying that you should dress for the job you want - not the one you have. The same thinking applies to developing security programs. Find the highest point on the bar - and then aim higher.

As the go-to security person at your hospital, you might be tempted to demonstrate your value by making radical changes - always with the best intentions of course - to improve your security program. And while this is commendable, always keep in mind that the goals and values of the hospital take priority. The best security leaders specifically design their programs to enhance the hospital experience for patients, as well as their staffs and visitors. They approach their duties from an overall business perspective rather than a narrower security mindset.

For example, a regional hospital in the Upper Midwest had grown to a point where available parking was inadequate and a point of dissatisfaction. Patients complained about a lack of available spaces as employee vehicles appropriated the prime spots nearest to the buildings. The hospital's security manager was tasked with creating and implementing a parking control and enforcement program to mitigate those complaints.

From a security perspective, the assignment was simple. The capacities and usage of each parking lot was measured at different times of the day; and controls - including stickers and pavement markers - were employed to keep usage at or below capacity. To aid enforcement, employee license plate numbers were recorded into a database so that violators could be contacted and asked to move their cars.

For a number of months, the new program worked as advertised. Then, something quite unexpected occurred - winter. Suddenly, the window stickers that were the backbone of enforcement were not visible under frosted-over windshields; and the boundaries of customer-only parking areas could not be distinguished because they had been marked by painted pavement. As the months went by, enforcement officers also noted that the license plate database was becoming unreliable as hospital workers renewed their state-issued license plates. Unmarked employee cars began creeping back onto the patient lots, and the complaints began anew.

All of the aforementioned problems should have been identified in the development stage - and would have been, had the security manager chosen to benchmark with peers and pilot the program before final implementation. In hindsight, thousands of dollars were spent changing out stickers for numbered metal license plate medallions. Thousands more were invested in weather-proof signage to mark the boundaries of customer parking; and a huge amount of time was spent reprogramming the license plate database to match medallion numbers to worker vehicles. It works now - but the patchwork fixes were frustrating for everyone and devalued the security manager's credibility in the eyes of administration.

The mark of a good security executive is not how much you know - but rather, how much are you willing to learn. Over the course of your career, make absorbing knowledge a cornerstone of your professional development. Talk to peers, vendors and your public to make informed decisions with the interests of your customers in mind. Finally, once you have decided on a course of action, be humble enough to admit if your solution is not working or appropriate. The reputation you save may be your own.

David J. Moitzheim, CPP, PCI, PSP, MBA, is a security and investigative professional with more than twenty-four years of management experience. He currently works as a Security Specialist at a major Midwestern hospital and serves on the Professional Certification Board of ASIS International.