Using risk-based security to stem the tide of violence in hospitals

Changes in the healthcare environment demand a more proactive security program


Hospital and healthcare security is experiencing a major increase in violence, instigated by patients, patient families and even healthcare staff. 

Just last year, there was an active shooter incident in Reno, Nev., in which two physicians were shot, and in Houma, La., a hospital administrator was shot to death by a terminated nurse. As recently as Easter Sunday in California, two nurses were stabbed at the hospitals where they worked. One was stabbed in both the upper and lower torso and is in critical condition. These two incidents add to the more than 100 violent incidents in 2013 and the first half of 2014.

Since 2010, violence in healthcare has skyrocketed. As a result, the Joint Commission has issued a "Sentinel Event Alert" on the issue and contributed to numerous articles on shootings in U.S. hospitals. The Department of Homeland Security and a consortium of state and local hospitals recently released a standard for active shooters in healthcare. These all point to the conclusion that the current law enforcement-based hospital security model is not working.

The changes in healthcare, including the increase in insured Medicaid patients and increased traffic to emergency departments, highlights the fact that very well-intentioned people are working with an outdated security model that hasn’t evolved to address a changing healthcare environment. The change in billing and reimbursements for healthcare organizations, such as tracking of readmission rates, has squeezed hospital profits causing reductions in funding in many security departments at a time when violent events are steadily increasing.

A new risk-based model for hospital security is emerging that is less linear and more cyclical.  It uses technology to a greater extent, employs forecasting and statistical models to predict the likelihood of future incidents, and is proactive instead of reactive, focusing money and energy on preventing events instead of simply responding to them. This model also uses risk assessment formulas to quickly assess the current security profile of a hospital, clinic, hospice, or behavioral health facility, factoring in heightened threat-risk environment, not only for the facility in question, but also adding in the wealth of healthcare data that’s now available.

A major focus of this model is the continual assessment and evaluation of preventive security controls, which are reviewed quarterly, semi-annually, or annually to discover gaps in controls, and to fix gaps as soon as they are identified. This dovetails nicely into the assessment models already required by the Joint Commission, OSHA and new CMS standards.

Looking at recent high-profile security events that took in place in hospitals shows that incidents happen because of exploited gaps in the existing security of the healthcare facility. In the past, security officers successfully worked hard to reduce response time so that often officers could arrive in under two minutes, but it’s still too long.  In the Reno shooting, response time was under two minutes, but that was long enough to kill two doctors.

Focusing on prevention makes sense for healthcare, much in the way the Joint Commission focuses on patient safety, by continually assessing controls, reducing discovered gaps in controls, and mitigating gaps by reassessing and tightening security, which creates a cycle of continual improvement in the healthcare security environment.

The healthcare risk-based security model takes advantage of technology. Instead of waiting for manual recording of security incidents every day, software programs allow hospital security officers to enter data at the end of each shift, and that means security directors can map what’s happening in the hospital or facility on a daily, weekly, monthly and yearly basis.  This can go a long way to identifying trends early and help facilities make appropriate changes in controls so that negative trends can be reversed quickly and both patient and staff security is increased.

This content continues onto the next page...