A Guarded Welcome

28 February 2007 (Last Updated February 28th, 2007 18:30)

How do you make your hospital into a fortress without scaring away potential patients and visitors? Sem Security Management's Richard D Sem argues that protection need not be offputting.

A Guarded Welcome

The security of healthcare facilities creates a number of conflicting challenges. All hospitals wish to present a welcoming and friendly face to all who enter as well as to the wider community, and there are fears that security measures might imply a foreboding, fortress-like image.

Likewise, while maintaining a high level of patient satisfaction is an admirable goal, there are concerns that potentially intrusive or inconvenient security measures could cause patients and practitioners to go elsewhere.

Another important issue is the facility’s design and layout. Many healthcare facilities have grown over the decades by adding wings and buildings, often with relatively little attention paid to security. Likewise, it is not unusual to find new facilities designed with an emphasis on convenience and aesthetics, but with little thought given to security. There is often the perception that staff and tenants might resent and misunderstand increased levels of security.

But the risks and liabilities with regard to hospital security can be significant, and failing to address them can have serious repercussions. In my many years in security management, I have served as an expert witness in many lawsuits where it was alleged that harmful incidents, including rape, assault and abduction, took place due to little or poorly managed security. The news is full of stories of horrific crimes that have occurred on hospital property.

VULNERABILITIES OF HEALTHCARE FACILITIES

The underlying issue is that healthcare facilities are particularly vulnerable to attack or compromise due to a number of unique factors. Therefore, it behoves every healthcare facility to develop and maintain a strategic and reasonable security programme that addresses the facility’s history, location, risks, functions, culture and values.

I have found that, particularly since the events of 9/11, most people appreciate the presence of practical security measures. A properly planned and communicated security programme can actually enhance patient, visitor and staff satisfaction and comfort.

Many healthcare security programmes are just a random mix of physical and procedural security measures implemented over time in response to particular incidents and particular concerns. The resulting system is one that is haphazard, costly and fails to address the true risks.

"Probably the greatest challenge in healthcare security is access control."

PROCEDURAL, PHYSICAL AND STAFFING MEASURES

The ideal healthcare security programme, then, is a blend of procedural, physical and staffing measures designed to prevent and mitigate the identified risks effectively and efficiently, as well as to respond properly to actual threats and incidents. This establishes a balance between, on the one hand, an adequate level of control and protection and, on the other, a workable level of flow, convenience and aesthetics.

A good first step is to look at your facility, and all of its components, through the eyes of those who may wish to cause disruption. This could come in the form of assault, abduction, workplace violence, sexual harassment and assault, sabotage, theft, arson, terrorism, vandalism, or the risk of compromising proprietary or private information.

It can be beneficial to have a brainstorming workshop in which key staff from all departments discuss the critical assets and potential targets, methods and types of potential attack and compromise, the facility’s relative vulnerability and, in light of the above findings, the value and suitability of existing and planned security countermeasures. This can also be achieved through a formal security assessment performed by an in-house or contract expert.

One perspective I have found to be useful, especially in larger hospitals and medical centres, is comparing the facility’s security to that of a typical airport. Today’s airport usually has two levels of security: the "land-side", or the areas we encounter before security screening, which have a lower level of security, and the "air-side", or those areas past the screening area where there is a higher level of security and control.

In a hospital, the land-side would be the more public areas, such as lobbies, some waiting areas, gift shops, clinics, cafeterias, reception desks and some patient wings or floors, although the latter could be in either category. The air-side, or higher security areas, could include infant and paediatric wings and floors, labour and delivery, psychiatric wards, pharmacies, emergency treatment areas, laboratories, restricted waiting areas, and so forth.

RINGS OF PROTECTION

The analogy of an airport with distinctive zones is based on an age-old concept of security: the rings of protection. The outer ring is the property perimeter and related security measures such as fences, lights, security officers, cameras and gates. The middle ring is the building perimeters and related measures, such as doors, card readers, locks, security officers and cameras. The inner ring includes internal assets, such as people and critical departments, and related measures such as awareness, cameras, card readers and so forth.

While, ideally, a person intending to do harm must pass through the three rings, when it is not feasible or cost-effective to completely secure the outer rings security can be pulled in to the inner ring. This is particularly the case in the porous, open and welcoming hospital.

"The most powerful, cost-efficient and neglected security measure in healthcare security is awareness."

Probably the greatest challenge in healthcare security is access control. Should anyone be allowed to go anywhere at any time? Should your facility be as accessible at 3am as it is at 3pm? Should you know who is entering certain areas and what they are doing there? Should families and friends of patients have the run of the facility? How can you monitor access points while minimising costly staff expenditures?

A key rule in security, though admittedly easier said than done, is the fewer access points the better, with one being the ideal. Even five access points is better than ten. In a facility comprising many buildings and departments, dozens of doors, and a variety of parking lots and structures, the dilemma appears obvious.

So, what measures can be used to achieve the desired levels of security and control? To most, physical measures such as uniformed security officers, video cameras, lights, fences and barriers, electronic card readers, and locks and keys spring to mind, and each can be a powerful deterrent and tool if properly implemented. Video cameras, for example, can be a useful deterrent and investigative tool and can expand the range of security staff.

SIGNIFICANCE OF SECURITY AWARENESS

Procedural countermeasures, however, can be just as effective and are too often neglected or under-utilised. I believe that the most powerful, cost-efficient and neglected security measure in healthcare security is security awareness, or a sense of ownership and involvement among staff. Too often medical staff believe that security is the sole responsibility of the security staff. And yet security staff cannot be everywhere and see everything.

All too often, staff inadvertently compromise the facility’s security by holding open restricted doors for unknown and unauthorised persons, not reporting suspicious persons or situations, or failing to recognise and de-escalate confrontational or threatening conditions. Security awareness can be cultivated by means of training, communications (newsletters, posters, flyers), testing, competitions, and staff adhering to rules, thereby setting a good example.

Other potentially useful procedural measures could include comprehensive background screening of employees and contractors (the best predictor of future behaviour is past behaviour), a confidential hotline or ombudsman, worn identification, computerised incident reporting software (to track and identify trends), and comprehensive emergency and crisis plans to address incidents such as bomb threats, workplace violence, terrorism, strikes, arson and abduction ,as well as the accidents such as natural disasters, medical emergencies, fires, spills and releases.

It is impossible to define a single security programme that will be best for all facilities, but every facility can be properly secured without looking like a fortress or unduly alarming patients, visitors and staff. Security can and should be a key part of preserving the hospital’s service and reputation.