Securing Health

Consulting engineers have new reasons to revisit the security risks at health-care facilities. In addition to the increasing risks of theft, infant abductions and emergency-room violence, there are increasingly stringent standards. Most noteworthy is the issuance by the Joint Commission on Accreditation of Health-Care Organizations (JCAHO) of its "Environment of Care" standards, which represen...

By GERALD R. SCHULTZ, P.E., Principal, and DAVID POLENSKY, Senior Security Designer, Gage Babcock Assoc., Oak Brook, Ill. May 1, 2001

Consulting engineers have new reasons to revisit the security risks at health-care facilities. In addition to the increasing risks of theft, infant abductions and emergency-room violence, there are increasingly stringent standards. Most noteworthy is the issuance by the Joint Commission on Accreditation of Health-Care Organizations (JCAHO) of its “Environment of Care” standards, which represents the commission’s first written foray into the arena of security issues in hospitals and other health-care facilities.

The Environment of Care standards will, for example, ask hospitals to demonstrate that their facilities and trained employees can effectively and consistently deliver a safe environment for patients and staff (see ” JCAHO Mandate: Plan for Security,” page 52). Security engineers have long been involved with security for this specialized environment. In considering how to design health-care facilities, it helps to examine the security issues that have been identified in various hospitals to determine the most effective solutions for these challenges today.

Inside out, or outside in?

In evaluating security, one can work from the inside out or the outside in. In the health-care environment, the evaluation should start from the outside and progress to the inside.

  • Parking facilities. The first area that visitors and staff encounter each day is the parking facility. For convenience, the hospital tries to locate parking near the main entrance to the building. Visitors need to feel that parking areas are safe, and the main method of doing this is by ensuring adequate lighting. A lack of adequate lighting can lead to feelings of vulnerability on the part of visitors.

Lighting should be improved to a minimum of 2-footcandle luminescence. In addition, emergency-telephone alarm systems should be provided to allow people to call for immediate help in a personal or medical emergency. At many hospitals where people are likely to be leaving after normal hours, escort services are offered to walk people to their cars. In an attempt to maximize parking and offer an added service to visitors, some hospitals provide valet parking, which also makes the environment more secure for visitors by limiting risks.

While visitor parking is fairly easy to address, staff parking often presents a bigger challenge. Many hospitals, in their attempts to best serve patients and visitors, locate staff parking in remote lots that may not be as well-lighted as visitor lots, and may be used outside of normal hours of visitation. In addition, staff members regularly leave their facilities in the early hours of the morning. Again, an escort service may address this problem, but budgetary concerns can leave hospitals without enough escorts or with no service at all. Staff may tire of waiting for someone from security to respond, and if they leave on their own, they may expose themselves to danger.

  • Access control. The next area to be evaluated should be access to the building. Typically, a person enters a hospital through the main entrance, the outpatient services area or the emergency room (ER). ER security should be addressed separately (see page 52). In reviewing access through the main entrance and outpatient services, the following issues should be analyzed:

  • Can the front desk clearly view the main entrance?

  • Are people channeled to the main desk?

  • How is the main desk staffed?

  • What responsibilities do main-desk personnel have?

  • Prior to reaching the main desk, are there any other directions an individual may go?

  • Can waiting areas accommodate family members?

  • An important issue is visitor screening. Typically, the main desk is responsible for phone administration, handing out visitor cards and providing information regarding patients—e.g., room number and bed number—and general information and directions. Taken together, this is a tremendous responsibility, and these staffers are asked to perform their duties while maintaining a courteous and responsive attitude. They are also oftentimes the initial contact a visitor has with the hospital. Outpatient entry, on the other hand, is much more controlled, with hospital personnel registering patients and directing them to service providers.

From our experience, security personnel usually function as doormen and greeters, while volunteers typically take care of the front desk at the main entrance. These volunteers cannot be asked to enforce security procedures while being charged with many other responsibilities. As an example, hospitals typically have a visitor-pass program that consists of two paper passes per patient; visitors receive the passes upon arrival, and they are told to keep the documents while visiting. When both passes are gone, the patient has reached their visitation limit. Yet, all too often, patients have more than two visitors in their rooms during peak visiting hours. Also, as in other professional settings, business attire denotes authority, and individuals wearing “the uniform” can quite often wander freely throughout a facility without being questioned.

Badging and access

Of course, one should not de-emphasize the importance of a badge program, particularly for employee identification and access control. Some leading hospitals, for example, use photographic identification badges that are color-coded to allow access into controlled areas. Maternity badges may have bright pink and white stripes, and badges for staff with access to infants can be fluorescent green or pink. ER badges and those for the psychiatric floors also have their own colors. Staff should be trained and willingly participate in checking badges. A simple question, such as, “Can I help you?” or, “I noticed your badge, is there something I can locate for you?” provide critical control. The most successful badge programs actively involve all hospital personnel, including, and most importantly, the doctors.

For the ER, access is a key consideration. This hospital zone is challenged by unique problems that reflect society’s tendency towards violence. All too often, the ER is the front line of the battleground or the flashpoint of conflict, where domestic violence spills into the workplace or where gangs hope to complete what they started on the street. To help avoid such tragedies, all ER visitors—including family and friends—should be funneled from a common point of entry. Triage usually includes questions about how injuries occurred. Gunshot-wound victims should be isolated with a minimum of carefully screened visitors; all other visitors should be directed to a waiting area. The ER should have one or two security officers present; one in the ER and a second on consistent patrol. The room should be capable of providing secured entry as needed. This can be accomplished via access-control systems put into use as situations dictate.

Individual risks

After evaluating parking areas and key access points such as visitor entrances and the ER, the security-engineering firm should consider other individual risks.

  • Maternity wards. The risk that has received the most press in recent years is on the maternity floor. Every facility faces the threat of infant abduction, and most hospitals are utilizing electronic radio-frequency-based surveillance systems that have been modified for monitoring infants. All of these systems perform similar functions: that of alarming when an infant is taken beyond a certain point and locking doors in the path of exit.

When specifying an infant-monitoring system, several issues must be considered, including:

  • How is the device attached to the infant? An infant’s bones are more flexible than an adult’s are, and it may be possible to slip a wrist or ankle bracelet off. Several systems have devices that alarm when removed. The device may also be attached to the remaining umbilical cord; however, parents may be understandably squeamish about this.

  • Is the baby being constantly monitored? There are infant-monitoring systems on the market that help instantly identify on a computer where the infant or device is at any time, anywhere in the hospital.

  • Does the device provide positive feedback to the monitoring system? Some devices send signals back to the monitoring points that reflect tampering, and if the bracelet is clipped or covered—aluminum foil over a bracelet can negate the signal being sent—an alarm will sound.

  • Will the device lock exit doors when the baby is brought too close or just sound an alarm? The exiting issue is one which requires resolution. The locking of exit doors violates the requirement of most building codes and the National Fire Protection Association’s Life Safety Code (LSC). The 1999 edition of the LSC states that when exit doors are locked, they are to unlock upon a fire-alarm condition. This fire-alarm condition can be activated by someone pulling a manual pull station—which are often located at the exit—or by activating a sprinkler or detector. In any case, the doors unlock and the infant is gone. Most fire codes allow fire doors to be locked for 15 seconds upon alarm, allowing time for staff to respond.

Maternity programs that employ an infant-monitoring system can integrate the system with closed-circuit television (CCTV) systems that monitor floor exits and nurseries. Infant monitoring systems should be alarm-monitored both locally on maternity floors and also at a central security console. These technology-based systems should be augmented by strict procedures outlining infant access and nursery access control. Nurseries typically are not only controlled via an electronic access-control system, but visual badges are also required and multiple levels of access tokens, cards and personal-identification numbers must be presented to operate nursery doors. In addition, nurseries are staffed at all times by maternity nursing staff. It is important to ensure that infant-access procedures do not rely solely on alarm systems.

Developing procedures, training staff members and educating new mothers are key complementary measures for maintaining a safe and secure environment on maternity floors. Finding the best combination of technology, people and solutions are the keys to safeguarding infants.

Other special risks

  • Psychiatric and geriatric areas. Similar to maternity areas, one may also find radio-frequency-based monitoring systems installed on psychiatric floors or geriatric floors. The reasons were brought into stark relief last year when a psychiatric patient in a high-rise hospital entered a stairwell and gained access to the roof, where the patient froze to death.

  • Pharmacies. Another area of concern is pharmacy. Hospitals are doing a good job controlling access into the pharmacy drug vaults and storage cabinets. Based on the authors’ experience, it is one of the best-controlled and most secure places in the hospital. Strict procedures and key control, coupled with CCTV and alarm systems, contribute to the security inherent in pharmacy and drug dispensing.

Many who evaluate and design hospitals are aware of the security risks, but the scope of employee theft issues may come as a surprise. For example, several years ago, medical scrubs were a fashion statement and hospitals were suffering substantial financial losses in clothing. In the seriously cost-conscious world of hospitals, it is extremely important to evaluate the controls in place to minimize losses. Security searches of bags and severe penalties to include termination on the first theft offense, have reduced these incidents.

JCAHO Mandate: Plan for Security

While it may seem surprising, violence in the workplace is the second leading cause of fatal occupational injuries in this country. Hospitals represent a higher-than-usual risk, and a major accreditation body is taking action to address the situation.

The Washington, D.C.-based Joint Commission on Accreditation of Health-care Organizations (JCAHO) has issued their “Environment of Care” standards. This is the fist time that the JCAHO is requiring a written plan to deal with security issues. Hospitals are now required to prove that they offer safe environments to patients and staff.

Hospital security is addressed in the Environment of Care Standard 1.4 titled, “A Management Plan Addresses Security.” This standard places the responsibility of determining security-related risks upon the hospital, which then must develop effective countermeasures to minimize the occurrence of incidents. The standard requires the development of a plan to establish a security program, its leadership and program goals.

The standard further identifies areas of specific action to include, such as reporting, identification, access control, vehicular access control, orientation, education, inspection, investigation and emergency preparedness.

In addition, hospitals are required to develop “security-management plans.” These studies should also include a related plan for annual evaluation of the security management plan’s objectives, scope, performance and effectiveness.

JCAHO Mandate: Plan for Security

While it may seem surprising, violence in the workplace is the second leading cause of fatal occupational injuries in this country. Hospitals represent a higher-than-usual risk, and a major accreditation body is taking action to address the situation.

The Washington, D.C.-based Joint Commission on Accreditation of Health-care Organizations (JCAHO) has issued their “Environment of Care” standards. This is the fist time that the JCAHO is requiring a written plan to deal with security issues. Hospitals are now required to prove that they offer safe environments to patients and staff.

Hospital security is addressed in the Environment of Care Standard 1.4 titled, “A Management Plan Addresses Security.” This standard places the responsibility of determining security-related risks upon the hospital, which then must develop effective countermeasures to minimize the occurrence of incidents. The standard requires the development of a plan to establish a security program, its leadership and program goals.

The standard further identifies areas of specific action to include, such as reporting, identification, access control, vehicular access control, orientation, education, inspection, investigation and emergency preparedness.

In addition, hospitals are required to develop “security-management plans.” These studies should also include a related plan for annual evaluation of the security management plan’s objectives, scope, performance and effectiveness.

JCAHO Mandate: Plan for Security

While it may seem surprising, violence in the workplace is the second leading cause of fatal occupational injuries in this country. Hospitals represent a higher-than-usual risk, and a major accreditation body is taking action to address the situation.

The Washington, D.C.-based Joint Commission on Accreditation of Health-care Organizations (JCAHO) has issued their “Environment of Care” standards. This is the fist time that the JCAHO is requiring a written plan to deal with security issues. Hospitals are now required to prove that they offer safe environments to patients and staff.

Hospital security is addressed in the Environment of Care Standard 1.4 titled, “A Management Plan Addresses Security.” This standard places the responsibility of determining security-related risks upon the hospital, which then must develop effective countermeasures to minimize the occurrence of incidents. The standard requires the development of a plan to establish a security program, its leadership and program goals.

The standard further identifies areas of specific action to include, such as reporting, identification, access control, vehicular access control, orientation, education, inspection, investigation and emergency preparedness.

In addition, hospitals are required to develop “security-management plans.” These studies should also include a related plan for annual evaluation of the security management plan’s objectives, scope, performance and effectiveness.

JCAHO Mandate: Plan for Security

While it may seem surprising, violence in the workplace is the second leading cause of fatal occupational injuries in this country. Hospitals represent a higher-than-usual risk, and a major accreditation body is taking action to address the situation.

The Washington, D.C.-based Joint Commission on Accreditation of Health-care Organizations (JCAHO) has issued their “Environment of Care” standards. This is the fist time that the JCAHO is requiring a written plan to deal with security issues. Hospitals are now required to prove that they offer safe environments to patients and staff.

Hospital security is addressed in the Environment of Care Standard 1.4 titled, “A Management Plan Addresses Security.” This standard places the responsibility of determining security-related risks upon the hospital, which then must develop effective countermeasures to minimize the occurrence of incidents. The standard requires the development of a plan to establish a security program, its leadership and program goals.

The standard further identifies areas of specific action to include, such as reporting, identification, access control, vehicular access control, orientation, education, inspection, investigation and emergency preparedness.

In addition, hospitals are required to develop “security-management plans.” These studies should also include a related plan for annual evaluation of the security management plan’s objectives, scope, performance and effectiveness.

JCAHO Mandate: Plan for Security

While it may seem surprising, violence in the workplace is the second leading cause of fatal occupational injuries in this country. Hospitals represent a higher-than-usual risk, and a major accreditation body is taking action to address the situation.

The Washington, D.C.-based Joint Commission on Accreditation of Health-care Organizations (JCAHO) has issued their “Environment of Care” standards. This is the fist time that the JCAHO is requiring a written plan to deal with security issues. Hospitals are now required to prove that they offer safe environments to patients and staff.

Hospital security is addressed in the Environment of Care Standard 1.4 titled, “A Management Plan Addresses Security.” This standard places the responsibility of determining security-related risks upon the hospital, which then must develop effective countermeasures to minimize the occurrence of incidents. The standard requires the development of a plan to establish a security program, its leadership and program goals.

The standard further identifies areas of specific action to include, such as reporting, identification, access control, vehicular access control, orientation, education, inspection, investigation and emergency preparedness.

In addition, hospitals are required to develop “security-management plans.” These studies should also include a related plan for annual evaluation of the security management plan’s objectives, scope, performance and effectiveness.