Health-care Security a Lot to Tackle

By Staff October 1, 2006

Providing security and life safety in health-care facilities is much more than just posting armed guards. In fact, according to a panel of security experts, that’s the last thing one should do.

At the recent American Society of Industrial Security conference and tradeshow in San Diego, a panel of health-care security managers provided a brief glimpse into the world of protecting hospitals.

“We really should be looked at as a partner in a hospital, not law enforcement,” said Marylin Holjer, who heads security operations at the University of Michigan Hospital. “And hospitals don’t want guns in a facility or even cuffs for that matter. And if you do cuff somebody, you’d better be able to document why.”

Beyond the threat of violence—the price many hospitals pay for being in or near areas with high crime rates or gang activity—a number of other pressure points are making security directors re-evaluate their plans and policies: HIPPA, for protecting electronic patient records; infant abduction; drug dispension; and securing any money-handling areas.

But beyond these critical areas, health-care facilities, according to Linda Fite with the University of Minnesota Hospital, are also now having to monitor oxygen tanks and even power plants.

So what solutions are there beyond well-trained personnel? It’s all about technology, according to Eliot Boxerbaum, a Cincinnati-based security consultant. “You have to rely on technology because you’re not going to get additional staff,” he said. For the most part, he noted, security is still about access control and CCTV, but with a fundamental difference: It’s all digital.

“Everything is now IP-based,” he said. “And that’s being driven by information technology. Frankly, if you’re not partering with your IT staff, you’re dead.”

Another driver behind the need to pursue Internet-based technology is the fact that more hospital staff are now working remotely. Fite said 17% of her staff does.

Boxerbaum added that many more areas in hospitals need to be better secured and monitored. But beyond improved techology, it’s critical to implement a culture that understands and respects these more secure areas. Fite concurred, pointing to a security evaluation her hospital recently conducted. In general, she said, they had good hardware in place, but were inconsistent about enforcement. For example, they’d be very strict during the day, but not so much in the evening. “You definitely need to ID your deficiencies, but view it as a way to improve your facility, not because you need to,” said Fite.

Still, Ron Morris with Cincinnati Children’s Hospital said you have to be prepared to make the business case for any improvements. Frankly, he said, that means spelling out your liability exposure to the hospital board.

Morris suggests getting doctors and nurses on your side as they tend to have a voice that resonates with most boards. But in doing so, hospitals also have to overcome cultural inertia. “We use lots of access control, but we have to constantly remind the nurses to close these doors,” he said.

A strategy he’s employing is placing more value on the cards, making them necessary for access to the garage and the like.

Boxerbaum also warns about not selling technology as an end-all, be-all. “The TV show CSI has been the worst thing to happen to security, because all these administrators believe cameras can zoom in [from] 300 yards away and read registration stickers on cars; they can’t!”

He also recommends that hospitals be leading-edge, not bleeding-edge, as they may not need every bell and whistle. “Not everything out there is ready for prime time,” he said. Instead, be standards-based and mostly importantly, plan for the future.