When it comes to protecting against a myriad of threats, the healthcare sector has proven to be one of the most challenging security environments. Not only does a hospital security manager have to secure equipment, medicine and personal data, they must also strike a delicate balance between patient care and ensuring that the safety and security measures they have in place are adequate.
The healthcare market has certainly seen its share of security challenges over the past year. In addition to numerous data breaches that have put patient information at risk, there have also been physical acts of violence reported at hospitals across the country in recent months, particularly in parking lots. In November, a woman was shot and killed in the University of Illinois at Chicago Medical Center parking garage and last month, a man was seriously injured after being shot in a parking deck at a hospital in Dalton, Ga.
Despite advancements in technology, securing newborn babies also remains a challenge at hospitals. Last week, police say a woman disguised herself as a nurse and attempted to steal a baby at a metro Atlanta area hospital.
One security executive who is tackling these issues head on every day is Joseph V. Bellino, system executive, security, for the Memorial Hermann healthcare system in Houston, Texas. Memorial Hermann is the largest healthcare system in Texas, consisting of 13 hospitals, 27 medical office buildings and more than 135 other facilities such as outpatient imaging and physical rehabilitation centers.
In this "At the Frontline" interview, Bellino discusses how he's addressing these various security challenges and the evolution of healthcare security as a whole.
SIW: What are your day-to-day responsibilities at Memorial Hermann?
Bellino: As a system executive, I am responsible for oversight of the whole security management program here for Memorial Hermann. Anything like command and control during a weather emergency and working with our top executives to corporate-wide investigations, training, selection and recruitment, just total oversight of the day-to-day operations. I have over 300 security officers and law enforcement officers on staff here.
SIW: What are some of the biggest threats that you have to mitigate against as a hospital security director?
Bellino: I think the biggest challenge for us is workplace violence because we're dealing with patients and their families and we have to take care of them. Sometimes that can be very difficult because we're not a police state; we're not a police organization even though we have police officers and security officers. You just can't arrest people because they're being difficult. We have to find ways to deal with difficult people in a humane manner so we can provide them the healthcare they need and then move them out of the system and back into the community, either to their homes or outpatient treatment.
Working with risk management, our legal team and the privacy office to maintain and assist in the total security of PHI (protected health information) is also a challenge. We assist here in helping with protection of PHI and protecting out patients' privacy. The other thing is just dealing with the routine crimes we have. Making sure that we're following up, trying to track and trend any issues. Auto theft is a big (issue) with staff and one is too many, but we've really worked hard to reduce the number of auto thefts throughout the system and we've done a really good job in reducing auto thefts but they still happen. Our goal is to get to zero auto thefts and vehicle break-ins and we've reduced, exponentially, the number of auto thefts and break-ins on our campuses.
And then, of course, there is pilferage and making sure we have the proper procedures in place to prevent equipment, supplies, materials, patient property and all of those types of things from leaving our facilities. Like anybody else, we're trying to do more with less. Everybody is getting squeezed and everybody has been asked to become more efficient.
SIW: How have hospital security measures evolved as it relates to protecting against kidnappings in their birth units?
Bellino: I think I can speak for my colleagues nationwide and internationally, we've done a really good job hardening hospitals and making it difficult and that's why we are better at catching these people and when it does happen of recovering the infant very quickly. I think what we need to do is when mom and dad go home, give them the information needed so that when they get home they can protect them because we know that people will prey upon newborn parents, not necessarily abductions, but there are all types of scams and things of that nature. We have had some abductions that have occurred at the home after they've left the hospital. I think it's important that we tell people 'this is what you need to do, here are some best practices to protect your baby after you leave our hospital.' For instance, I don't advocate publishing the birth whenever we can, I mean the hospitals continue to do that but when you get home don't put the stork on your front lawn. Make sure you vet people that call.
We here at Memorial Hermann have been doing a lot of work around infant security and standardizing our infant protection throughout our hospitals so that we have good, reliable systems in place and good, reliable training of our staff. I think there was recognition that electronics aren't the be all and end all with infant protection and that the best defense is the staff. We need to train not only the maternity and women's center staff that are in the birthing centers, but train the whole team so that when an abduction occurs, everyone in the hospital has an understanding of what their role is and what they're supposed to do to help retrieve the baby and/or prevent the baby from leaving the campus. I think sharing of information is important too. We share a lot of information in the Houston area. The hospitals are pretty close. We do a good job of sharing information amongst ourselves in a way that doesn't violate PHI or branding or any of that kind of stuff because it gets to be competitive, but there comes a point where we have to take care of each other regardless of our brand.
SIW: There have been a number of security breaches as it relates to the unauthorized access of patient data at healthcare facilities in recent years. What are some of the biggest challenges in protecting this information and where do you think the industry can improve?
Bellino: I think that goes back to education quite honestly. We have logins to our computers and time outs and all that other type of stuff, but again when we do have breaches its usually human error. Someone lays a chart down inadvertently; they get busy, because we are very busy and very schizophrenic at times. You just can't do that stuff anymore. You've got to be very conscious of it. We for instance, we had a very high-profile VIP at our organization and we had team meetings and we stressed to our staff how important it was to protect this VIP and we had the VIP for five months and there were no breaches. Again, you can instill some pride and sense of ownership in your team and you can do that by training where they don't want to violate that person's confidentiality.
I think its cultural and building that corporate culture. I think it took a while, but I think people are catching on. Vetting you third-party vendors that may be doing billing for you that's very, very important because it's our vendor, if they breach PHI we're still liable for it. It's making sure that everybody in your system, everybody that touches that medical record, whether it's a vendor, a billing office or whoever, that everybody is on the same team with the understanding that our main goal is to protect that information at all costs. We also do a good job of securing our medical records using security systems, card access, etc., which provides a good audit trail when you need to do audits of who access a medical record file room. Is it 100 percent fail safe? No, but it's better than having nothing.
SIW: How do you balance patient care with security and prevent domestic and other disputes that sometimes spill over into the parking lots and emergency rooms of hospitals?
Bellino: The patient is always going to come first. If that mean upsetting a family member and having that family member leave to prevent any violence then that's what we're going to do. My theory is that as more and more the American public goes from patient to consumer - because I think today, even myself, I'm more of a consumer of healthcare because I'm paying for it – and I think the more that people pay for something, the higher their expectation is. If you've noticed, over the last 20 years, we've paid very little for our healthcare. We were ok with waiting and being patient. Today, because you and I are having more come out of our pocket, I don't think we are as patient as we used to be and we're more demanding and we expect our doctors to take care of us. I'm seeing a lot less tolerance from people that used to be tolerant with wait times and understanding the role of the physician and what not. The other thing is, unfortunately, more and more people are going to the ER than ever before. We're really stressing the capacity of our ERs around the country. We're having to figure out ways to increase our throughput, take care of the patient and make them feel like a patient and not a consumer and not a number. We are always trying to find that balance.
