Hospitals & Medical Centers

Secure, Yet Open

A conversation with hospital security professionals

November 22, 2011
Trans

Keeping staff and patients safe while maintaining an open facility is just one of the challenges facing security teams in hospital and healthcare settings. Security and SDM find out more from both ends of the syringe: healthcare end users and integrators. Diane Ritchey, editor of Security, and Laura Stepanek, editor of SDM, recently spoke with end users and integrators in healthcare security about what drives this important market.

Diane Ritchey: What are the unique security needs in healthcare facilities for which you have responsibility? What problems require the most time to mitigate the risk?

Larry Gilbert: Healthcare security is unique in the respect that we not only have to deal with traditional law enforcement-type needs in security, but we also are the front door and the front face for a lot of our organizations. We do a lot of PR and take on a lot of other roles to help the facility in carrying on everyday functions. We assist the engineering department in several of their duties. We’re the jack of all trades and a master of none. A lot of the problems that we spend the most of our time on are the violent and drug-seeking entities that come into this facility. In this region, there is a lot of misuse of prescription meds, and we’re seeing more of it. We’re mitigating a lot of security situations in our ER, which have included a lot of policy changes and formal operating procedures.

Martin Green: Hospitals are very unique animals. We all face the same challenges regardless of where we happen to be. My biggest concern for my two facilities is access. They’re wide-open facilities and operate 24/7. We’re not able to lock them down and we must be sensitive to why people are present at our facilities – hospitals are typically not a destination of choice. It’s very difficult for us to deal with who’s coming into the facility, knowing who’s in the facility, restricting access and making it easily accessible for people to get into the hospital without unnecessary restrictions to movement. Unlike some hospitals in the United States, we don’t have guards at the door, and we don’t have metal detectors. We have controlled access at night, but our emergency department and our front doors are still open. We mitigate risk through the use of video surveillance techniques. If we can’t stop them from coming in, at least we get an idea of who is coming into the hospital and who’s leaving.

Eric Smith: The fact that we are open 24-7 makes it very difficult to restrict who comes in. We cannot turn people away if they’re seeking medical care. And that would include somebody who is coming in to seek drugs. The person still has to be seen and get in front of a doctor before we can perhaps escort him out if we need to. Access control is a big problem. The threat of violence is one of our most significant factors. Violence in health care has been getting a lot of attention. We have to deal with mental health patients or substance abusers – these factors cause people to perhaps act in ways that they wouldn’t normally. Or we become the dumping ground for those individuals. At some of our hospitals, like Saint Joseph Hospital, we have to worry about our external environment as well with nurses coming and going 24 hours a day in a high-crime neighborhood.

 

Laura Stepanek: We’ve heard from the end users about their needs and challenges. For the systems integrators, what has stood out in your experience in working with clients in the healthcare sector? What trends are you observing, and what technologies are you implementing to meet their needs?

Shane Meenan: The overriding theme that we see in the larger urban hospitals is doing more with less. We’re all in a business that has two percent to three percent operating margins, and capital is hard to come by. Our team can’t sell just maglocks, door strikes and cameras. We really need to sell business solutions. So we need to help our customers do more with less and become more operationally efficient. A trend I’m seeing is customers telling me, “Don’t come in and just talk to me about cameras. Tell me why that particular application is going to make me more operationally efficient, safe and secure.” The two product domains that we see most in need are identity management and asset tracking.

Richard Rao: Matrix Systems is seeing the same types of scenarios that were just mentioned, along with challenges of securing pharmacies and bringing biometric card readers into the hospitals. We’re also seeing a lot of interest in the distribution of alarms as they occur real time through the software, whether it’s e-mail, pager or smartphones, and a lot of interest with IT cameras in association with their alarms.

Walter Helms: I see a trend to secure many smaller pieces of the facility. We’re seeing an increase to wireless readers on doors that don’t have the installation cost of a full card reader magstripe – this allows someone, for a lower price, to tie many places into the integrated system through wireless connections. Also accelerating is the use of electronic keys and replacing door cylinders with electronic locks. This information can be fed back through the system so we can give you trails of who’s using what, how often and when. We’re getting more requests to add biometrics to smaller areas, such as where nuclear materials are stored, taking that security up a level beyond just PIN confirmation of normal readers. The overall tie is video surveillance. The locks and barriers that we can put in place are OK for people who are going to physically force their way through things or try to get permission. The physical presence of that surveillance does a lot to dampen down misbehavior.

 

Diane Ritchey: Larry, what is happening in terms of healthcare regulations, and how does it affect your role in security?

Larry Gilbert: There are new standards on suicidal and psychiatric patients. They’re very specific on what we can and cannot do with these patients. They have provided some challenges for us. Security has conducted a lot of training in de-escalation and non-violent techniques with such organizations as the Crisis Prevention Institute. All of security in my facility now must have International Association for Healthcare Security and Safety (IAHSS) certification. The standards have forced us to integrate a lot more training. Violence has increased. I have charted it over the last 5 years, and it’s increased substantially.

Martin Green: I’ve been in the industry 32 years, most of it working in healthcare. I’m dealing with situations now that I never knew existed back then. But nothing has really changed from the Canadian perspective in regulations. We don’t have the Joint Commission up here, but in the last year there have been changes in Ontario with legislation for tackling workplace violence and harassment. It’s making life challenging for us, ensuring that our patients and our employees are safe and free from workplace violence and harassment. Also in Ontario, the regulations regarding private security officers have changed, and they are putting a greater onus on training and accountability for the training. We’re using IAHSS standards at our two hospital campuses.

Eric Smith: I’d say one of the biggest impacts is from a general business perspective because there’s so much uncertainty around the healthcare market with ObamaCare and the recession causing a decline. Our patient census is down, and elective procedures are being put on hold. That’s having an impact on us in terms of being able to get the capital or increase staffing. We’re finding that we have to do a better job of documenting training so that if The Joint Commission shows up we can prove the kind of training that we’ve gone through.

 

Diane Ritchey: Is there ever a surprise inspection?

Eric Smith:Yes, there can definitely be surprises. The Joint Commission now has a new policy in which for five percent of the hospitals that they visit in the U.S., they will go back to make sure that we’re following up on any action plans. So we had a surprise visit of that sort a couple of weeks ago. It really had nothing to do with security. But it still kind of gets you going when you hear that they’re here for a surprise visit.

 

Diane Ritchey: Larry, would you share a success story about your facility that involves access control, ID management or video surveillance?

Larry Gilbert: I came here to start the security. This facility had no security prior to 2005. In the beginning, the biggest success story would be video surveillance. When I first arrived, we had a rash of thefts from automobiles in our main parking lots. We’d have about a dozen per year. In the last three years, we have had zero. I think the decrease was from updating our surveillance systems. When I first came here, we had six cameras. We have more than quadrupled that to about 35. The outside perimeters are now totally covered with all the technologies that come with surveillance, such as motion detection. We can alert the on-duty officer when there is movement outside, and license plate recognition cameras can identify a stolen vehicle.

Martin Green: Our success stories over the years have been with access control, and some has come out of negative occurrences. For example, in 2003 SARS here in Toronto had a great impact on my facility. My ability to lock the facility down and add more card and access control was certainly supplemented by that occurrence. Over the years we’ve seen the benefit of having access control as we renovate areas of the hospital or build additions. We’ve had two major construction projects, and I was fortunate enough to be involved right from the very beginning when pen hit paper to design the facilities and the layouts and build security into it. Our video surveillance technology has increased as well. When I started at the hospital 12 years ago, we were still running on VHS tapes. Now one hospital is IP-based, and the other hospital is all on DVR. Cameras have grown, too – I’ve gone from 33 cameras across the two hospitals to over 150.

Eric Smith: I would say that our biggest success story has been access control. We’re in an urban environment – some of the highest-crime neighborhoods in Denver border us within a few blocks. We’re smack in the middle of an area we really wouldn’t ideally want to be, so a few years ago we added video cameras at all the doors. But our biggest success has been implementing a visitor management program. That was a huge challenge. We used to have a lot of disturbances. Labor and delivery surprisingly is one of our big areas for disturbances. We get fights in our labor and delivery unit involving sometimes 15 gang members, so it is very high risk. We have been able to mitigate a lot of that with the visitor management system. I’ve written a report that’s available on Amazon about it because it’s been such a successful program. But it is a challenge to keep it going. It takes a lot of full-time employees and a lot of effort to keep it running smoothly.

 

Laura Stepanek: Let’s hear from the integrators. Tell us about some of your success stories in the healthcare field that involve access control, IT management or video surveillance.

Shane Meenan: Identity management is the most fulfilling for us because it affects so many different departments and silos of information throughout an organization. One success story is when we automated the identity management credential to give the stakeholders better data integrity and to mitigate risk in off-boarding those who needed to be out of the system right away, in addition to increasing operational efficiencies across shared documents, for example. I think the biggest success stories come out of implementing identity management systems.

Richard Rao: Access control is a very important aspect for all of the hospitals. We took it down to a granular level, such as badge designs with the photos to designate particular employees in specific departments to even include contractors for short- or long-term projects. This is very important in maintaining accountability as far as who’s on the property at all times. Second, electronic keys with audit trails have allowed hospitals to secure closets that budgets just couldn’t take care of. This allows us to lock a particular portal, control the access to it and obviously have audit trails to determine who and when has been in those portals. And lastly what we refer to as camera tagging video surveillance is tied to alarms that occur within the access control system.

 Walter Helms:One of the things integrators bring to this entire picture is that there are a lot of different things one needs to put together to secure these kinds of environments. And some of us are more specialized in some areas than others. We find that we can take these multiple systems – infant abduction, wandering systems, visitor management, video systems – and tie them together so that people can deal with them on a consolidated basis. The better we can integrate it makes sense. And the owners of the equipment can better utilize the attributes of each specialized system without having to memorize all of the differences between each one of them.

 

Diane Ritchey: How are you handling specific security concerns in your parking lots?

Larry Gilbert: When I first came here, speed control was a small thing that was easy to fix: we just put out speed bumps. Vendors with semis delivering supplies were the biggest violators. It affected the safety of others. Hospital facilities have a lot of elderly or handicapped people, and you have to provide a safe environment from the minute they drive into that parking lot. For access, we created more handicap spots than what is required by us. Making customers happy and making sure they are safe is the number one priority. Another thing that really helped us is that all the security officers, including myself, are reserve deputies with the local county. We have a very good working relationship with local law enforcement, and they even sometimes patrol our parking lots. About those car thefts that happened when I first came here, in the last few years we’ve had zero. If you think outside of the box in reaching out to the community for some help, like go buy lunch for the Chief of Police, and it can help. Back to access, hospitals are considered by the public a public access area when in actuality they’re private property. We have homeless folks park overnight in our parking lot. Just last week we had one. You have to keep on top of it. Integration of surveillance plus law enforcement comes together to help us control our parking lots situation.

Martin Green: Our parking lots are gated and revenue-generating machines for the hospital. So we don’t have problems with people parking and spending the night. Our problem is the bump-and run or the hit-and-run in the parking lot. People will tell us somebody hit their car in the parking lot and want us to find it on camera. They don’t realize that our cameras aren’t looking at their car; they overview the parking lot. And the other challenge is lighting. When we built our parking lots, they met the standard of lighting illumination at the time. But that standard has changed, and people expect the parking lot to be lit up like a football stadium in the middle of the night.

Eric Smith: At two of the hospitals, we only have surface lots. One is in a very rural environment. So you would think we wouldn’t have as many problems, although like Martin mentioned, we have some accidents. It’s a wide open parking lot, and some of them are pretty high speed. Fortunately, we have a 16-megapixel camera at one of the main lots. It gives us good images, and we can go back and review what happened. We have even been able to give information to police departments on accidents from the highway that adjoins the property. Our downtown hospital has several parking garages. Some of them are older, so the lighting has been a big concern because it can be very dark. And we don’t have cameras in at least two of our busiest garages. We added bike patrol throughout our parking lots and garages. It’s been a big help, especially with visibility because parking lots are one of the biggest concerns that comes up in our annual staff survey. 

We encourage people to use escorts to their vehicles – we have uniformed security walk them out to their cars. In the new parking garages that we build with the new facility, I certainly expect that we’re going to have good cameras at least at all the vehicle choke points and any entrance where somebody can walk into the garage. We do get many vehicle break-ins and auto thefts, which is a big problem in the downtown facility.

 

Laura Stepanek: Let’s move to the integrators’ experiences in parking areas. Shane, what success stories can you tell us about?

Shane Meenan: I would hesitate to say this because we’re an integrator, but nothing beats patrol. Parking lots are challenges, and most of our successful customers are diligent in a patrol of the parking lots themselves. From a technology perspective, emergency call boxes and access control where appropriate in gating garages and video surveillance are technologies that we have used for years. However, megapixel technology has changed the game. So when we’re talking about parking structures, we’re usually talking about the high cost of installation, with lots of conduit for multiple cameras. With megapixel technology, low light was a major problem. I think the manufacturers have come a long way. We have been very successful in putting in some effective solutions using megapixel technology. Our successes are a lot better performance, a lot better image quality and a lot greater field of view, which all cuts down on costs.

Richard Rao: Obviously, access control has been a big point of patrolling parking areas, along with intercoms and call stations that are obviously hospital–visitor-friendly. And when those (alarms) comes in, taking advantage of CCTV systems within a parking facility or garage can expedite response, whether it’s an officer on foot, bike or patrolling, to determine what has happened and to help a visitor.

Walter Helms: I think we’ve covered a lot of the areas. The quality and resolution of video systems now lend themselves to things that were impossible not too many years ago. With the right infrared lighting sources and a few other things, you can get over some of the day-night problems. We are finding wireless mesh very useful – it came over from airports where there are large remote surface lots. It ties IP cameras together without all the wiring costs that it would normally take. Wireless mesh gives you a lot of flexibility to put large numbers of cameras anywhere you need them and have a pretty robust backup system when there are problems with the network themselves. They are self-healing. They give you the kind of throughputs you need, and they really reduce production costs.

 

Laura Stepanek: What are specific solutions, both technology-based as well as policies and programs that you may have, that you have implemented to prevent violence at your healthcare facility?

Larry Gilbert: The biggest thing would be education and communication. Staff don’t expect to come to work and get beat up, hit, abused or verbally assaulted. But they do just about every day. We need to educate those individuals that this is now part of their job description. How do we mitigate that and train these individuals so that they can better deal with that situation? Non-violent training, verbal de-escalation training and security training help. Don’t forget to document that training and annual awareness. We put out monthly general safety and security awareness bulletins to remind staff because you have to keep pounding this into their clinical heads that it needs to happen this way. We also have a code system: code yellow, green or different colors where they need to activate that particular code when a certain critical incident happens. In terms of technology, as former law enforcement I know my two-way radio used to have a duress button on it, a little orange or red button that was on the radio. We have put several of those radios throughout different departments where staff can contact security directly. If they are in a duress situation, they can push that little orange duress button, or panic button. The mike opens for 40 seconds, and they can scream or tell us to come running.

Martin Green: I can’t add much to Larry’s comments. It’s all about training. Our challenge is getting the education out to the staff, making sure they know the backup they have and what’s available to them, and encouraging them to report it so that we can take action. Security staff will respond, and if necessary, we will call in the police for backup so that the offenders are charged. We have had some success, but it does take a long time.

Eric Smith: I agree completely about the education and training. One of the biggest challenges is that staff doesn’t recognize [when they need help], and they don’t act on the early warning signs. We have just begun rolling out a team blue and gold training that’s similar to CPI. We have also added Tasers for our security supervisors. I would add to look at violence from other sources, as well. We do a lot with our emergency management committee, such as looking at active shooter and planning drills. It’s been a great opportunity to work with the local police to get staff trained and thinking about that.

 

Laura Stepanek: Shane, why don’t you tell us what you’ve done to help your clients prevent violence at their facilities?

Shane Meenan: As big of a brand as we are, part of our duty is to advance the industry. You’re going to see us invest in ENA and IAHSS to try to raise awareness on workplace violence in healthcare institutions. On the technology side I’ll talk about two different technologies, one an older, simplistic technology that we see an increased demand for and an increased demand in institutions that you wouldn’t think would implement them. Full-height turnstiles and X-ray machines in emergency departments is a big deal for us these days. So very large (Ivy League) institutions and medical centers that have fought for this technology for years and got pushback are beginning to implement them – and there are hundreds of items of contraband confiscated a month. We have multiple examples of people coming to the emergency room, seeing that there were metal detectors and actually throwing whatever they were trying to hide into the bushes. These are full-height metal detectors, older technology – but we’re seeing an increased demand because of the increased violence in the emergency department. A newer technology that helps the clinical staff alert their team members that they’re seeing violence is duress button. These are not our traditional duress buttons that are hard-wired duress buttons or radio that we have to go get or a wireless duress button that doesn’t tell us exactly where that nurse or clinician is located. Some of the technologies that we’re implementing work off RTLS, real time location, and RFID operates on the existing wireless infrastructure that is hosting all the clinical applications. So there’s no infrastructure to install. Not only can I tell you that this nurse is under duress, I can tell you the level of duress based on what button she pushed, and I can tell you exactly where she is. Before, Nurse Smith under duress ran over to push something underneath a desk, and then the person was more aggravated. Now, she’s simply taking somebody’s blood pressure and he is talking in a way that makes her uncomfortable, she can just reach over to hit a specific button. It communicates that an officer should walk by and show a visual presence. If she hits it again, then the officer walks into the room. It’s all based off of RFID and real time location. Two technologies – one older and one newer – are both designed to prevent workplace violence in ED.

Walter Helms: Part of what we can provide is a great deal of discussion about processes, training and procedures, all of which have to work together. The tools that are provided by the integrator are also key. The technologies that were just discussed helped facilitate a lot of that. One of the things the integrator can bring to this if he is part of the process is how to best utilize the equipment and the systems that are already in place. We tend to have the ability to know what the systems are capable of. If we’re invited to be part of the process, we can help trying to configure the systems to produce the kind of outcomes you’re looking for. Just having the equipment itself without being able to tie it together properly means simple things like the proper way of configuring systems for lockdowns and propagating alerts. We can help enhance the systems’ capability by proper use. So any time we can be included in that process, the better. This doesn’t have to happen at the front end of a purchase. This can happen on an ongoing basis as hospitals and healthcare systems up their procedures and modify what they’re attempting to do. If they bring the integrator in as part of that, we may not be in a position at that point. It may not even be necessary to sell you extra hardware. It’s just better to utilize what you already have. N

 

The Roundtable Participants

Larry Gilbert is manager of security operations at Jefferson Memorial Hospital, a 58-bed rural facility, in Jefferson City, Tenn.

Martin Green is the manager of Security and Parking for the Rouge Valley Health System in Toronto, Ontario, Canada.  He manages both proprietary and contract security staff at the hospital’s two acute care hospital campuses and three satellite facilities.  A health care security management professional with 32 years of diverse leadership experience within the field of asset protection, he has been working in security management within the healthcare sector since 1985. Throughout his career in healthcare security, he has provided security design input to major redevelopment projects and designed and implemented security programs at major medical facilities within the province of Ontario.

Eric Smith, CPP, works for HSS, Inc. as the security director for Exempla Healthcare, a three-hospital system in the Denver, Colo. area. He is the current president of the Colorado Chapter of IAHSS. He is also the author of the security blog, Business Karate, www.businesskarate.com.

Shane Meenan is the director of Healthcare Solutions for ADT. With more than 22 years of experience in enterprise level security solutions, he has held a variety of sales leadership roles in manufacturing, distribution and integrated solutions. He came to ADT through their acquisition of Security Services and Technologies (SST) in 2008.  Prior to the acquisition by ADT, he led the Central Mid-Atlantic sales team for SST who specialized in complex solutions in the healthcare, higher education and petro chemical markets.  Before joining SST, he spent more than six years as a regional manager in various roles for Honeywell Integrated Solutions.

Richard Rao is regional sales manager for Matrix Systems for the Southwest region, where his responsibilities include development and continual support of the Southwest region dealer network. He has been with Matrix since 2001.

Walter Helms is vice president and CTO of Matrix Systems. He has been involved in providing solutions for a number of healthcare customers such as the Cleveland Clinic and OSU’s medical center. The 16 years prior to joining Matrix Systems, Helms served as vice president of Engineering at Cincinnati Time, a provider of parking, access control and attendance systems to a wide range of market sectors, including healthcare.

Did you enjoy this article? Click here to subscribe to Security Magazine. 

Recent Articles by Diane Ritchey

You must login or register in order to post a comment.

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

September 2014

2014 September

In the September issue of Security Magazine, find out who this year's most influential people are in the security industry are. Also, take a peek at the technology products that ASIS 2014 will be showcasing at the upcoming event. Read about the lessons learned from security at the World Cup, find out why tactical medical training is a must for your enterprise and how Atlanta increased security by sharing surveillance.
Table Of Contents Subscribe

Adopting New Technology

How long do you wait before adopting a new technology?
View Results Poll Archive

THE SECURITY STORE

comptiahighriseproductphoto
CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.  

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+