Hospital Security: The Past, The Present, and The Future

[Editor's note: This featured column begins a regular series of columns on healthcare security. Author Jeff Aldridge and others from Security Assessments International have agreed to discuss the changing needs of security in hospital settings, and will be addressing new technologies, procedural changes and new issues affecting today's healthcare facilities. Look for these articles to appear each month on our Healthcare Security section, as Jeff and his associates begin this in-depth review.]

On July 15, 2005, a state-of-the-art infant protection system thwarted an infant abduction from Presbyterian Hospital in Charlotte, N.C. An infant protection system sounded an audible alarm when a baby was snatched from the hospital nursery. The high-tech "Hugs" infant protection system is part of an elaborate security management program designed to protect the hospital's patients, visitors, and staff.

The kidnappers were immediately arrested and identified as the mother and father of the recovered, 4-day-old baby boy. In less than a minute the mother and father were able to snatch their son from a seventh-floor nursery, place him in a duffel bag, and run from the hospital.

A quick response by an alert staff set into motion a well-rehearsed plan that lead to the immediate recovery of the missing baby. Suspecting child abuse, the Department of Social Services had earlier taken the couple's other children into custody. Believing their youngest son would also be taken, the couple made a frantic attempt to steal their baby from the hospital. The community was outraged that someone would enter a hospital nursery with the intent to steal a baby. Decades ago this type of crime would have been unheard of in a hospital setting.


Hospitals and churches have always been considered sacred, at least as far back as I can remember. During my youth it was inconceivable that anyone would violate the sanctity of a hospital and commit a crime, much less steal a baby. Unfortunately, hospitals are no longer immune from criminal assault. Crime continues to find its way into our hospitals at an alarming rate. Why does this happen? Well, for one thing, hospitals are institutions of tradition, and historically have resisted becoming bastions of security. The emphasis has always been on providing open and friendly access to the public.

Part of a hospital's image has been to maintain an open door policy for anyone and everyone that wished to visit a sick family member or love-one. Heck, I remember when people used to go to the hospital just to see the babies. There was nothing unusual at all for strangers to be seen on the baby floor.


As crime continues to grow in this country, we find we are not safe in our businesses, or our schools, and now, even in our hospitals. All of these places have become targets of criminal assault, and as a result, we have been forced to increase security in every facet of our public and private life to keep crime away. Most hospitals have been slow to follow suit. Even today, many hospitals still have the same open door policy they have practiced for decades.

Hospitals are targets because they are open to the public 24 hours a day, seven days a week. These public access facilities have been conditioned over the years to allow scores of people from all walks of life to enter these institutions unchallenged. The definition of "public access" means that all persons that enter a hospital seeking treatment, or to visit a love-one, have the right to come and go as they please…and for many facilities, this is still is the practice. This mind-set does not take into consideration there are people in our society that hold no institution sacred, and their sole reason to enter a hospital is to commit a crime against a person, or the hospital, or both.

Unfortunately, because of the continuing criminal threat against hospitals, it's no longer possible to practice an open door policy. For a hospital to be safe in today's world, everyone coming into and going out of the facility has to be identified and their access controlled. This is essential to prevent unauthorized persons from entering a hospital to cause harm. Access control has been extremely difficult in the past because of unrealistic and misinterpreted fire codes. Strict enforcement of fire codes have prevented hospitals from securing fire doors that lead to the outside. An unsecured fire door leading to the outside provides an escape route for anyone that has committed a criminal act against a hospital. After what seems like forever, old fire codes are now being replaced with new codes which will now allow fire exits to be locked and alarmed by a time-delay lock and alarm system. This type of "lockdown" capability can prevent unauthorized persons from entering or leaving the hospital undetected.

Another significant problem with providing security for older hospitals is their inherently open design which makes them more difficult to secure. Traditionally hospitals have been designed for patient and family convenience. Security was never taken into consideration during the design and construction phase. Because of this inherent problem, retrofitting security protection in older facilities is a security nightmare, not to mention unbelievably expensive.


Even though hospitals are faced with enormous downsizing and decreasing revenues as a result of "Managed Care", hospitals do have options. First, they can accept the risk and hope that nothing ever happens. Or they can reduce the risk by developing a plan that incorporates physical security, access control, and staff education into a state-of-the-art security management program. The Joint Commission for the Accreditation of Healthcare Organizations requires that organizations develop a written security management plan as well as conduct annual security assessments to identify security vulnerabilities.

Have You Conducted a Security Assessment?

How secure is your facility? What security measures do you have in place to insure that the security of your patients, staff and visitors meet National norms, JCAHO and CMS Standards? What is your hospital doing to prevent infant abductions and mother/baby mix-ups? How well does your hospital manage and address emergency department, pharmacy, and pediatric security issues? If you find these questions troubling you may need to invest in a security assessment.

The Purpose of the Hospital Security Assessment

The purpose of a hospital security assessment is to assist hospitals in the protection of patients, employees, and visitors by identifying organizational strengths and weaknesses in their physical protection and security practices. The security assessment analyzes existing protocols, policies, and procedures, in addition to evaluating physical security vulnerabilities and threats. Findings are analyzed, evaluated, and written recommendations made to control these threats.

All security management programs should be developed using the security assessment concept. A hospital's program should be designed to teach, implement, monitor, assess, and improve components that are part of the hospital's existing program. Security is a system concept which requires on-going training, corroboration, monitoring, and swift attention to problem identification. The ultimate success of a security program will depend upon a renewed commitment by hospital administration to support this most important process.

The assessment should be designed to identify environmental deficiencies, hazards, and unsafe practices. The professional security assessment can serve as a tool in assisting hospitals in developing their own self-assessment. An annual self assessment is required to meet the new JCAHO Standards, as well as CMS Regulations. New standards require hospital to collect information about security deficiencies and provide corrective action to improve the environment of care.

The initial security assessment of a facility should be conducted by a healthcare security professional with experience in evaluating hospital security programs. Organizations should use only healthcare security professionals with industry credentials and professional certifications. In addition, the consultant should have hands-on experience as a manager, director, or security administrator in the healthcare industry. A qualified consultant can better evaluate your hospital's security management program based on industry norms and the 2005-2006 JCAHO Environment of Care Standards, as well as CMS's "Condition of Participation.

The security assessment should evaluate JCAHO standards as well as compliance issues that require:

  • Hospitals to collect and analyze information to identify safe patient practices and implement changes to reduce the risk of future sentinel events.
  • Changes are made and evaluated to ensure that expected outcomes are successful,
  • Programs are monitored for effectiveness.

Security Management Plan

The written Security Management Plan (SMP) is designed to provide a proactive approach in the protection of patients, visitor, staff, and health system assets. This is accomplished by identifying security threats in all areas of the facility which could have an adverse impact on persons and property.

This is accomplished through the security assessment which is also designed to reduce the occurrence and severity of security incidents and promote security education and training for hospital employees and staff.

[The next part of our series on healthcare security will address the Security Management Plan, and will focus on the identification of sensitive risk areas and deployment of security technology based on risk assessment. Look for the second part to appear in mid-September on the Healthcare Security section of]

About the author: Jeff Aldridge is an internationally recognized healthcare security consult and the Nation's "Number One" expert on infant security. Jeff works with Fortune 500 Companies in the design and development of state-of-the-art security products for the healthcare industry. He founded Security Assessments International (SAI is online at in 1994 and continues to provide services for healthcare facilities throughout the U.S. and overseas. In addition, he serves as a consultant to the National media and law enforcement on infant security issues and has provided collaborative assistance to the National Center for Missing & Exploited Children. Over the past 16 years Jeff has assisted over 600 healthcare facilities throughout the U.S. and abroad with their healthcare security issue. Jeff has assisted clients in England, Ireland, Australia, and Kuwait. He has been featured on ABCs 20/20, as well as "PM Magazine", a nationally syndicated television program. He was recently interviewed by NBC, CBS, and the FOX network concerning mother/baby mix-ups in hospitals. Jeff is a much sought after speaker for national and international healthcare organizations as well as a published author. Jeff testifies as an established expert witness in high profile infant abduction cases. He can be reached by email at