Security 500 conference     

 Don’t miss the networking event of the year for security executives!
Register today for the Security 500 Conference.

Hospitals & Medical Centers

How 2012 Affected Healthcare Security


As its practitioners well know, healthcare security is a unique industry, even though it has many challenges comparable to other security professions. Due to our mission of providing a safe yet compassionate healing environment for patients, families and fellow healthcare professionals while maintaining ever increasing regulatory compliance for an ever increasing number of agencies, ours is a truly challenging assignment.

The closest environment that I can imagine is that of the hospitality industry with one major difference – rarely do people come to a hospital because they want to or to have a good time. We tend to see many people at their worst, so we have to fulfill many concurrent roles (protector, caregiver, counselor and enforcer when necessary). Add to this the unique “valuables” that healthcare facilities possess – newborn infants, drugs, cash and even nuclear materials that terrorists might be after for the creation of a weapon of mass destruction – and one can easily see that the perception of hospitals as “quiet places where nothing happens” has certainly evolved.

This year we have continued to realize increasing workplace violence issues of staggering proportions involving the healthcare industry, stemming from a multitude of sources. Reasons for this trend include behavioral healthcare patients spending days at a time in our Emergency Departments due to a lack of specialized treatment resources; gang-related violence; domestic violence spillover into the workplace; and tragically a number of active shooter scenarios within the very facilities that exist to heal others.

Statistics from several sources such as the U.S. Department of Labor as well as scientific studies from respected associations such as the Emergency Nurses Association (ENA) and similar groups in other counties across the globe show that healthcare has become and continues to be a dangerous environment. As those who have been charged with protecting those who are at their most vulnerable as well as those who are caring for them, it is critical that we as healthcare security professionals understand not only the current trends in workplace violence in our industry but work on strategically addressing the issues which cause such incidents to occur. Only by first understanding the mechanisms that drive these events can we hope to prevent them.

Another significant issue which continues to affect healthcare organizations is that of data breaches and unintentional violations of patient confidentiality. Confidentiality is a huge concern in any healthcare facility and to ensure consistency and with the Health Insurance Portability and Accountability Act (commonly known as HIPAA) as well as the Health Information Technology for Economic and Clinical Health (HITECH) Act, healthcare employees must protect health information whether medical, patient-related, staff-related, business or financial. Such data can only be used as permitted by regulatory guidelines and includes written, electronic or even verbal information (i.e. overheard conversations).

Violations of these and similar regulatory guidelines can be disastrous for an organization, in both tangible (such as the now increased maximum fine of $1.5 million per facility) and intangible (negative branding and revenue loss) effects, which is why extraordinary precautions must be taken to protect such information. While the theft of a laptop or similar portable electronic portable device from a hospital might incur a direct loss of the value of the item, far more valuable is the data that such devices contain. This is why healthcare security professionals must work closely within their individual organizations to create and maintain a robust multidisciplinary enterprise risk management program to prevent such losses from occurring.

Read More: Preventing Laptop Theft and Data Loss

Finally, one significant issue that the security industry across all disciplines has been faced with is that of metrics and “proving your value.” This is an age old conundrum faced by security. How does one prove a negative? To paraphrase Mark McCourt’s excellent article in November’s Security Magazine, C-suite executives should be saying “thanks for nothing” to those responsible for effectively managed security programs, since no news is certainly good news when it comes to security-related events. This is rarely the case however, and we are faced with coming up with ever innovative ways in which to prove our value and demonstrate the return on investment that our security programs require.

As a start, every security professional should be able to tie their goals and objectives directly into that of the businesses strategic plan and become a partner in achieving overall organizational success, rather than being viewed as a “necessary expense.” Security professionals must know what we do, how much we do and how well we do it and be able to provide valid objective evidence of this via key performance indicators if we are to survive in this increasing age of resource justification. The use of valid metrics, coupled with experience and industry knowledge is what makes effective security a craft more than an art or a science.

Change in everything is inevitable, and we all must evolve as the healthcare industry requires if we are to continue to be successful.   

Did you enjoy this article? Click here to subscribe to Security Magazine. 

Recent Articles by Bryan Warren

You must login or register in order to post a comment.



Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.


Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

Security Magazine 2014 September cover

2014 October

Security takes a look at safety and preparedness for the harshest of weather phenomena in this October 2014 edition of the magazine. Also, we investigate supply chain security and the many benefits of PSIM. 

Table Of Contents Subscribe

Adopting New Technology

How long do you wait before adopting a new technology?
View Results Poll Archive


CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.


Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.