Hospitals & Medical Centers

How 2012 Affected Healthcare Security


As its practitioners well know, healthcare security is a unique industry, even though it has many challenges comparable to other security professions. Due to our mission of providing a safe yet compassionate healing environment for patients, families and fellow healthcare professionals while maintaining ever increasing regulatory compliance for an ever increasing number of agencies, ours is a truly challenging assignment.

The closest environment that I can imagine is that of the hospitality industry with one major difference – rarely do people come to a hospital because they want to or to have a good time. We tend to see many people at their worst, so we have to fulfill many concurrent roles (protector, caregiver, counselor and enforcer when necessary). Add to this the unique “valuables” that healthcare facilities possess – newborn infants, drugs, cash and even nuclear materials that terrorists might be after for the creation of a weapon of mass destruction – and one can easily see that the perception of hospitals as “quiet places where nothing happens” has certainly evolved.

This year we have continued to realize increasing workplace violence issues of staggering proportions involving the healthcare industry, stemming from a multitude of sources. Reasons for this trend include behavioral healthcare patients spending days at a time in our Emergency Departments due to a lack of specialized treatment resources; gang-related violence; domestic violence spillover into the workplace; and tragically a number of active shooter scenarios within the very facilities that exist to heal others.

Statistics from several sources such as the U.S. Department of Labor as well as scientific studies from respected associations such as the Emergency Nurses Association (ENA) and similar groups in other counties across the globe show that healthcare has become and continues to be a dangerous environment. As those who have been charged with protecting those who are at their most vulnerable as well as those who are caring for them, it is critical that we as healthcare security professionals understand not only the current trends in workplace violence in our industry but work on strategically addressing the issues which cause such incidents to occur. Only by first understanding the mechanisms that drive these events can we hope to prevent them.

Another significant issue which continues to affect healthcare organizations is that of data breaches and unintentional violations of patient confidentiality. Confidentiality is a huge concern in any healthcare facility and to ensure consistency and with the Health Insurance Portability and Accountability Act (commonly known as HIPAA) as well as the Health Information Technology for Economic and Clinical Health (HITECH) Act, healthcare employees must protect health information whether medical, patient-related, staff-related, business or financial. Such data can only be used as permitted by regulatory guidelines and includes written, electronic or even verbal information (i.e. overheard conversations).

Violations of these and similar regulatory guidelines can be disastrous for an organization, in both tangible (such as the now increased maximum fine of $1.5 million per facility) and intangible (negative branding and revenue loss) effects, which is why extraordinary precautions must be taken to protect such information. While the theft of a laptop or similar portable electronic portable device from a hospital might incur a direct loss of the value of the item, far more valuable is the data that such devices contain. This is why healthcare security professionals must work closely within their individual organizations to create and maintain a robust multidisciplinary enterprise risk management program to prevent such losses from occurring.

Read More: Preventing Laptop Theft and Data Loss

Finally, one significant issue that the security industry across all disciplines has been faced with is that of metrics and “proving your value.” This is an age old conundrum faced by security. How does one prove a negative? To paraphrase Mark McCourt’s excellent article in November’s Security Magazine, C-suite executives should be saying “thanks for nothing” to those responsible for effectively managed security programs, since no news is certainly good news when it comes to security-related events. This is rarely the case however, and we are faced with coming up with ever innovative ways in which to prove our value and demonstrate the return on investment that our security programs require.

As a start, every security professional should be able to tie their goals and objectives directly into that of the businesses strategic plan and become a partner in achieving overall organizational success, rather than being viewed as a “necessary expense.” Security professionals must know what we do, how much we do and how well we do it and be able to provide valid objective evidence of this via key performance indicators if we are to survive in this increasing age of resource justification. The use of valid metrics, coupled with experience and industry knowledge is what makes effective security a craft more than an art or a science.

Change in everything is inevitable, and we all must evolve as the healthcare industry requires if we are to continue to be successful.   

Did you enjoy this article? Click here to subscribe to Security Magazine. 

Recent Articles by Bryan Warren

You must login or register in order to post a comment.



Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.


Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

Security May 2015 Issue cover

2015 May

In the May 2015 issue of Security, learn how to be the bridge between busieness and security with "customer facing," how to effectively work with your CFO, and covert security.

Table Of Contents Subscribe

Body Cameras on Security Officers

Body cameras are being used increasingly by police in cities across the U.S. Will you arm your security officers with a body camera?
View Results Poll Archive


Effective Security Management, 5th Edition.jpg
Effective Security Management, 5th Edition

 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 

More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.


Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.