2. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 2
Our Agenda
● The Hospital Basics
● The Healthcare Security Environment
● Impact Organisations in Healthcare Security
● The Healthcare Security Management Plan
● Real World Examples
● A Security Leader’s Perspective
● The Healthcare Security Director’s World
3. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 3
Healthcare & Security –
The Hospital Basics
4. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 4
Healthcare & Security –
The Hospital
The Hospital’s Responsibility and Mission
The # 1 responsibility and mission of the
healthcare organisation is patient care!
5. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 5
Healthcare & Security –
The Hospital
The Security & Safety Department Mission Statement
The corporate security & safety department is committed
to providing a secure and safe environment for all
its clients, visitors and staff – through mutual respect and
cooperation, through all departments, by supporting the
security and safety needs of the individual as well as
those of the organisation itself.
6. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 6
Definitions of Healthcare Security
● Healthcare Security is defined as a system of safeguards designed to
protect the physical property of the facility and to achieve relative
safety for all people interacting with the organisation and its environment
● Security is not static and is often regarded as a state or condition that
fluctuates (continually)
● Protection or Security programs are designed to reduce incidents and
probability, they do not eliminate all risk
● A Customer Service Organization – where knowing your customer
is the first step in providing flawless customer service
7. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 7
Knowing Your Customers!
Security can have a positive or a negative effect
Security often sets the tone for the external customer’s entire
visit and the internal customer’s (employee’s) acceptance
and participation in a safe and secure environment
The way a security officer interacts with a customer influences
that person’s opinion of your healthcare institution
Security. . . . . . .relationships, communication and collaboration
The Customer Experience
8. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 8
Healthcare & Security –
The Healthcare Security Environment
9. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 9
Healthcare & Security – The Environment
Internal Environmental Factors
Internal Customers
Security Program Resources
Security Related Education
Professional Development of Staff
External Environmental Factors
External Customers
3rd Party Risk Assessments
Crime Statistics and Trends
Regulatory Surveys and Reviews
Industry Environmental Factors
Healthcare Security Best Practices
Regulatory Requirements
Participation in Professional Groups,
Conferences and Seminars
The Factors
that create your
Security Environment
10. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 10
Knowing Your Customers – Internal
Internal Customers
Co-Workers
Direct Reports
Other Employees
CEO, COO, CNO, CMO
Nursing Staff
Social Work
Behavioral Medicine
Psychology Staff
Department Directors
11. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 11
Knowing Your Customers – External
Inpatients
Outpatients
The VIP Patient
The Infectious Patient
The Combative Patient
The Forensic Patient
The Wandering Patient
The Missing Patient
The Infant Patient
The Pediatric Patient
The Psychiatric (BH) Patient
The Handicapped Patient
External Customers
Patients & Families
Visitors
Contractors
Outside Guests
Regulatory Agencies
12. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 12
Knowing the Customers…….and the Risks
Healthcare is usually provided 24 hours per day and hospitals
are required to be publicly accessible
Healthcare staff are predominately female (in most locations)
Workplace Violence is an increasing problem
Drugs are used and stored in the facility
Money is handled throughout many healthcare facilities
Healthcare facilities can be considered targets for acts of terrorism
Issues of Risk
13. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 13
The Healthcare & Security Environment
Risk Based
Incident Driven
14. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 14
Healthcare & Security –
Impact Organisations and Design
Considerations in Healthcare Security
15. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 15
Impact Organisations in Healthcare & Security
16. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 16
Impact Organisations in Healthcare & Security
17. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 17
Crime, Workplace Violence, Security & Risk
Occupational Fraud is a major problem – as the typical organization loses
an estimated 5% of its annual revenue to occupational fraud, according to
the 2012 Global Fraud Study (by the Association of Certified Fraud Examiners)
Fraud is discovered / detected most by a “tip” --- 43.3%
Workplace Violence is a major problem – as the Joint Commission issued
in June 2010, Sentinel Event Alert 45.....
Preventing Violence in the Healthcare Setting
Security & Risk is a major problem – “impenetrable hospital security in
an open society represents a particular challenge, and zero risk is not
achievable” (according to JHU Hospital report on shootings in the healthcare setting, 2012)
What is the “Risk Appetite” of your Healthcare Organization
18. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 18
Healthcare & Security –
The Security Management Plan
19. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 19
The Security Management Plan
The “Security of the Healthcare Organisation” – is a collaborative effort,
as the security department is seldom responsible for all the components
of the protection program and security management plan
Courtesy of “Hospital & Healthcare Security”,
5th Edition, Russ Colling & Tony York
20. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 20
The Security Management Plan
The Security Management Plan should include, but not be limited to:
Security Program Mission Statement
Statement of Program Authority (i.e. facility organisation chart)
Identification of Security Sensitive Areas
An Overview of Security Program Duties and Activities
The Documentation System in Place (i.e. records and reports)
Training Program for the Security Staff and all other Staff
Planned Liaison Activity with Local Public Safety Agencies
Security Organisational Chart
Copy of the Most Recent SMP Annual Program Evaluation Report
Copy of the Most Recent SMP Annual Program Improvement Plan
21. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 21
Guidelines & Best Practices
22. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 22
The Security Assessment
To ensure adequate risk protection measures are in place to
mitigate risk to patients, employees, staff, visitors and assets
+ risk management, policies and governance, business
continuity, asset protection, physical and fire
protection, brand reputation
To find ways the existing security measures could be improved
to increase security efficiency
+ total cost of ownership, security CAPEX, OPEX,
productivity, technology master plan
To find the business impact beyond security
+ increase revenue / profit, reduce loses / claims,
reduce operating expenses
23. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 23
Recommendations & Mitigation Tracking
SCHNEIDER ELECTRIC HOSPITAL -- SECURITY HAZARD AND VULNERABILITY ASSESSMENT TOOL
RECOMMENDATIONS AND MITIGATION TRACKING Tracking Sheet Page 1
ISSUE / CONCERN PRIORITY SECURITY RECOMMENDATION
RESPONSIBLE
PARTY
TARGET FOR
MITIGATION
COMMENTS
Doors Propped Open Low
Meet with Dept. Heads on Importance
of Door Security
Security
Department
Managers
Feb.2013
Continue education on the importance of
having a secure area with management and
staff
Entry into departments occurs without
adequate screening
Medium
Meet with Administration to develop a
procedure to properly screen
individuals entering department units.
Administration,
Security, Department
Managers
Mar. 2013
Continue education on the importance of
having a secure area with management and
staff. Research visitor management options
Educate Staff on when to call Security for
Incidents/Assistance
Medium
Meet with Administration , Safety
representative and Department heads
to educate staff as to Security role and
when to call them.
Security Supervisor,
Administration,
Safety, and
Department Mngrs
Mar. 2013
Plan to attend staff meetings and educate
new hires during orientation as well as
continuing education for existing staff
Admin door, while equipped with access
control, remains propped open
High
Keep door closed to prevent entry of
uninvited patients or visitors
Administration,
Security,
Feb.2013
Door already has necessary hardware, just
need to close door
Ponds are not fenced to prevent accidental
or deliberate entry
High
Research fencing and additional
barriers or warning signs
Facility Management Feb.2013
Research potential barriers and / or warning
signage
Pediatric Unit on 3rd floor High
Consider patient management system
or moving pediatric rooms so all
personnel would have to pass by unit
secretary
Physical Security,
Administration, and
Facility Mgmt
Feb.2013
Nursing triage desk is not facing elevators /
line of sight issue which might require
electronic system
Walking trail not covered by existing CCTV
and needs lighting upgrades
High
Consider CCTV and lighting upgrades
plus increased patrols
Physical Security,
Administration, and
Facility Mgmt
Feb.2013
Research potential upgrades to CCTV and
lighting
H - High Priority; Immediate Mitigation Required
M - Medium Priority, Mitigation Required
L - Low Priority; Non-Urgent Issue
24. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 24
Healthcare & Security – What We Can Fix
Administration Door should be closed,
propping the door open defeats the
purpose of the card reader
25. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 25
Healthcare & Security – What We Can Fix
Patient Management Alarm should be considered for
3rd Floor – Pediatric Area, since the doors are not
visible, not in the line of sight, from the nursing station
26. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 26
Healthcare & Security – Equipment Report
Helpful Tool?
Schneider Electric Hospital Video Surveillance - Equipment Report April 25th, 2013
Camera Number 46
Camera Name Emergency Ward
Camera Manufacturer Pelco
Camera Model Number Sarix IX
Asset Management Tag Number Ekahau - 83V1565
How is it Wired / Connected Network - IP Address - 10.147.5.98
Where is it Viewed Security Command & Control, Emergency Ward Visitor's Desk and Nurse Manager's Office
Where is it Recorded Security Command & Control, DVR 7
Integrated with ?? Asset Management, Access Control, Emergency Ward Zone, Building Management, Fire Alarm Control System
Camera Location Emergency Ward - Entrance Doors / Lobby
Camera View Looking at the Entrance Doors and Lobby (glass door entrance from parking area)
Installation Date August, 2009
Installation Company Schneider Electric
Service Company Schneider Electric
Last Service Date October, 2012
Last Service Performed Adjusted Camera Lense, Cleaned Housing, Network Test
Picture of Camera
27. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 27
Healthcare & Security – FTE Predictor
During an informal poll of several hospital security administrators the question was asked:
“What do you consider to be the major mistake that you have seen in the stages of security
program development in hospitals?” The consensus of opinion was that all too often
organizations decide how many security officers they need or want before they determine the
functions of the security department.
AN OPINION – IAHS Newsletter, 1968
Healthcare Security - FTE Predictor
Total Total Security Total Total Trauma Center Healthcare
Inpatient Care Area Calls / Responses Research Area Hospital 1 = Yes Security
Square Meters Per Year Square Meters Beds 2 = No FTE's
250,000 1,500 20,000 800 1 18.08
28. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 28
Healthcare & Security - Responsibilities
The first association meeting was held June 3rd, 1968 – at the New York Hilton.
This list represents the consensus of those present as to what the responsibilities
of the hospital security department were.
1) Uniform Patrol
2) Elevator Operators
3) Information Desk
4) Lost and Found
5) Key Control
6) Identification
7) Fingerprinting
8) Education of Employees (with regard to safety and fire prevention)
9) Accident Reports on Hospital Grounds
10) Manual of Procedures
11) Disaster Procedures
12) Training Security Officers
13) Alarm Systems
14) Maintaining Good Relations with Official Police
15) Transportation
16) Deceased Patients Property
29. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 29
Security in Hospitals – Needs / Safeguards
Signage
Sign-In Logs
Marking / Labeling
Aggressive Incident Investigation
Policy of Prosecution
Conditions of Employment
Enforced Disciplinary System
Greeting / Staff Acknowledgement
Way Finding & Guidance
Landscape Design / Architecture
Community Outreach
Psychological
Access Control
Video Surveillance
Visitor Management
Fire Safety
Intrusion
Infant & Patient Protection
Identification Badges
Barriers
Glazing
Communication Devices
Panic – Fixed & Personal
Physical
Encryption and the
Protection of Patient Data
Securing Network Systems
ID Security and
Password Management
Asset Management / RTLS
Logical
Lighting
Fundamental
30. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 30
Healthcare & Security –
Real World Examples…..
31. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 31
Vehicle Toyota Corolla
Year 2005 – 2008
Color Maroon / Dark Red
Tags Maryland
On Sunday, November 25th, 2012 – two individuals came to our hospital
with what appears to be the specific intent to steal cash or other items
from our Hospitality Shop.
These individuals arrived at 1:18PM and parked in our front parking lot.
They go directly to the Hospitality Shop entrance. Suspect 1 (the top
photo) enters the shop and goes to the back of the store. Suspect 2
(the second photo) enters the store a minute later and goes to the back
of the store and kneels down at a rack pretending to look at items but
looks into the improperly secured and open office area. Suspect 1 goes
up to the counter and distracts one of the two clerks by asking to look at
purses. Once the second clerk is busy with other customers, Suspect 2
enters the office area and goes directly into another unsecured room
within the area. 1 minute and 25 seconds later, Suspect 2 leaves the
office area with cash. Both of the suspects leave the shop at 1:25PM.
They return to their vehicle (bottom photo) and drive off campus.
Descriptions
Suspect 1 Black Male, in his 20’s
Bald, no facial hair
Thin, possibly 5’ 10” tall
Suspect 2 Black Male, in his 20’s
Short, Black Hair and Mustache
Thin, possibly 6’ tall
32. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 32
On Saturday, December 15th, 2012 – just after 4AM, on the 5th floor
of the hospital, where the gunman’s wife was a cardiac patient – the
suspect, 38 year-old Jason Letts, became upset over his wife’s care.
(The husband -Letts- was ejected from the hospital the previous
evening at approximately 8PM.)
He returned to the hospital with a gun and forced a security officer to
take him up to his wife’s floor. Once there, he began going room to
room, waking up patients and telling them, “get up, they’ve got guns,
they’re going to kill us”.
When officers arrived on the 5th floor, Letts opened fire on them. One of the police officers was shot
in the leg and two hospital employees were wounded. Two police officers returned fire, killing Letts.
In the aftermath of the deadly shooting, St. Vincent’s Hospital has beefed up security. The hospital
is reassessing how the hospital is accessed. The hospital has 84 “points of access” and 2,000
employees. The hospital employed “perimeter control” with limited access and use of cameras
before the incident, but is re-examining all of that to see if improvements need to be made after the
shooting. The hospital stated “we always review and continually try to improve in order to enhance
the safety for our patients, for our families and for our physicians and employees here on campus.
The hospital is adding off-duty police officers and examining the installation of metal detectors (as
they currently have a portable “wanding” device).
33. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 33
In the past two years – 2011 & 2012 – the University of Miami
Hospital has had several security challenges…..
2011 – Robbery / Thefts…..31 reported events
2012 – Robbery / Thefts…..25 reported events (through 3Q12)
After the theft of a laptop, wallet and other personal property
from the sports medicine office – security guards reported a
man was spotted in the hallways wearing a sweatshirt and hat,
before the crime was committed - and that no guards approached
him and they did not know how he accessed the building or area of
the crime, and had no photo identification. A security video was
missing 40 minutes of footage – with no audit trail available.
Earlier in the summer, an outside audit of the hospital, led to the
discovery of a large, three year drug heist, by a pharmacy technician
who stole $14M (usd) worth of drugs and narcotics from the hospital
pharmacy (security and pharmacy controls did not detect the theft).
In September, a defibrillator valued at $90K (usd) and three pacemakers
valued at $24K (usd) were stolen from the hospital campus and just a
month before, a patient had jewelry and cash stolen from her hospital
room when she left for medical tests in another area of the facility.
34. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 34
Healthcare & Security –
A Security Leader’s Perspective
35. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 35
The Risk to Healthcare Facilities
A variety of reasons account for the elevated risk to healthcare facilities.
Foremost among these is the nature of the workplace itself: hospitals,
especially emergency rooms, are open to the public 24/7, and they offer
particular allure by way of availability of drugs and/or money.
Bryan Warren, CHPA, CPO-I IAHSS President
Director, Corporate Security
Carolinas HealthCare System, Charlotte, NC, USA
The primary concerns are access control, violence generally (but
particularly in the emergency department), the threat of infant
abduction, blending customer service with a secure environment
and dealing with increased volumes of patients.
Fred Roll, MA, CHPA-F, CPP
President and Principal Consultant
Healthcare Security Consultants, Denver, CO, USA
36. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 36
The Risk to Healthcare Facilities
Communication is a large concern as it directly leads to other events
that we (as security) have to deal with…….such as patient – staff and
staff – security communication. By de-escalating a situation earlier in
the process (before it gets out of control), we can then avoid the code
black situations (and keep any disturbance at a code grey level).
Chris Rasmussen
Security Manager
St. Andrew’s War Memorial Hospital, Brisbane, Australia
The increasing risk to healthcare is the move to provide care in the
community (where we have our healthcare workers providing care
outside the walls of our hospitals) along with a rise in the clinical acuity
(sicker people in our hospitals) and finally, our threat management program
(as part of our violence prevention program) is a key to our daily activity.
Jeff Young, CHPA, CPP
Executive Director, Integrated Protective Services
Fraser Health, Vancouver, BC, Canada
37. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 37
The Risk to Healthcare Facilities
The current and emerging healthcare security concerns are…….
---the potential active shooter situation in the healthcare environment
---the increasing number of serious incidents of violence in the healthcare
setting – by patients, family members, staff, domestic violence and
the increasing number of forensic patients (situations)
---the multi-faceted issue of providing protective services in the emergency
setting (an issue that keeps growing each year despite constant
attention by healthcare security professionals)
---the current focus on the increasing use of access control, video / cctv,
exterior door locking, staff training / education and the design
challenges for the “people / vehicle” pathways,
both internally and externally to the hospital
Russ Colling
Author, Consultant
Founding Member of IAHSS
38. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 38
Healthcare & Security –
The Healthcare Security Director’s World
39. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 39
Healthcare & Security –
Fundamentals of the Security Department
● The fundamentals of the healthcare security department are:
● Selection & Recruitment
● Policy & Procedure
● Training & Education
● Technology – the Force Multiplier
The name of the hospital, the organisational structure,
the language and local culture may all be different,
but these four concepts are the
“fundamentals” in the healthcare security department
40. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 40
Selection & Recruitment
41. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 41
Policy & Procedure
42. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 42
Training & Education
43. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 43
Technology – The Force Multiplier
The Reality and Message
of Technology . . . . .
Technology should not provide
the message of a less secure
or safe environment
. . . . . it should be the Force
Multiplier to support and help
We used to look at security technology as different widgets, and
then went under a paradigm shift. Now we think about strategy
first, then technology, which concentrates and simplifies the
search for technology solutions.
Mike Howard, Chief Security Officer, Microsoft
44. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 44
Healthcare & Security –
Patient Care is the # 1 Priority
Risk Based & Incident Driven
Relationships, Communication & Collaboration
A Customer Service Organisation
45. Schneider Electric – Healthcare & Security…..Sweden, April, 2013 45
Healthcare & Security –
Tack.