Hospital Security: The Past, The Present, and The Future

Healthcare security consultant Jeff Aldridge addresses today's and tomorrow's needs

Unfortunately, because of the continuing criminal threat against hospitals, it's no longer possible to practice an open door policy. For a hospital to be safe in today's world, everyone coming into and going out of the facility has to be identified and their access controlled. This is essential to prevent unauthorized persons from entering a hospital to cause harm. Access control has been extremely difficult in the past because of unrealistic and misinterpreted fire codes. Strict enforcement of fire codes have prevented hospitals from securing fire doors that lead to the outside. An unsecured fire door leading to the outside provides an escape route for anyone that has committed a criminal act against a hospital. After what seems like forever, old fire codes are now being replaced with new codes which will now allow fire exits to be locked and alarmed by a time-delay lock and alarm system. This type of "lockdown" capability can prevent unauthorized persons from entering or leaving the hospital undetected.

Another significant problem with providing security for older hospitals is their inherently open design which makes them more difficult to secure. Traditionally hospitals have been designed for patient and family convenience. Security was never taken into consideration during the design and construction phase. Because of this inherent problem, retrofitting security protection in older facilities is a security nightmare, not to mention unbelievably expensive.


Even though hospitals are faced with enormous downsizing and decreasing revenues as a result of "Managed Care", hospitals do have options. First, they can accept the risk and hope that nothing ever happens. Or they can reduce the risk by developing a plan that incorporates physical security, access control, and staff education into a state-of-the-art security management program. The Joint Commission for the Accreditation of Healthcare Organizations requires that organizations develop a written security management plan as well as conduct annual security assessments to identify security vulnerabilities.

Have You Conducted a Security Assessment?

How secure is your facility? What security measures do you have in place to insure that the security of your patients, staff and visitors meet National norms, JCAHO and CMS Standards? What is your hospital doing to prevent infant abductions and mother/baby mix-ups? How well does your hospital manage and address emergency department, pharmacy, and pediatric security issues? If you find these questions troubling you may need to invest in a security assessment.

The Purpose of the Hospital Security Assessment

The purpose of a hospital security assessment is to assist hospitals in the protection of patients, employees, and visitors by identifying organizational strengths and weaknesses in their physical protection and security practices. The security assessment analyzes existing protocols, policies, and procedures, in addition to evaluating physical security vulnerabilities and threats. Findings are analyzed, evaluated, and written recommendations made to control these threats.

All security management programs should be developed using the security assessment concept. A hospital's program should be designed to teach, implement, monitor, assess, and improve components that are part of the hospital's existing program. Security is a system concept which requires on-going training, corroboration, monitoring, and swift attention to problem identification. The ultimate success of a security program will depend upon a renewed commitment by hospital administration to support this most important process.

The assessment should be designed to identify environmental deficiencies, hazards, and unsafe practices. The professional security assessment can serve as a tool in assisting hospitals in developing their own self-assessment. An annual self assessment is required to meet the new JCAHO Standards, as well as CMS Regulations. New standards require hospital to collect information about security deficiencies and provide corrective action to improve the environment of care.

The initial security assessment of a facility should be conducted by a healthcare security professional with experience in evaluating hospital security programs. Organizations should use only healthcare security professionals with industry credentials and professional certifications. In addition, the consultant should have hands-on experience as a manager, director, or security administrator in the healthcare industry. A qualified consultant can better evaluate your hospital's security management program based on industry norms and the 2005-2006 JCAHO Environment of Care Standards, as well as CMS's "Condition of Participation.