As its practitioners well know, healthcare security is a unique industry, even though it has many challenges comparable to other security professions. Due to our mission of providing a safe yet compassionate healing environment for patients, families and fellow healthcare professionals while maintaining ever increasing regulatory compliance for an ever increasing number of agencies, ours is a truly challenging assignment.
The closest environment that I can imagine is that of the hospitality industry with one major difference – rarely do people come to a hospital because they want to or to have a good time. We tend to see many people at their worst, so we have to fulfill many concurrent roles (protector, caregiver, counselor and enforcer when necessary). Add to this the unique “valuables” that healthcare facilities possess – newborn infants, drugs, cash and even nuclear materials that terrorists might be after for the creation of a weapon of mass destruction – and one can easily see that the perception of hospitals as “quiet places where nothing happens” has certainly evolved.
This year we have continued to realize increasing workplace violence issues of staggering proportions involving the healthcare industry, stemming from a multitude of sources. Reasons for this trend include behavioral healthcare patients spending days at a time in our Emergency Departments due to a lack of specialized treatment resources; gang-related violence; domestic violence spillover into the workplace; and tragically a number of active shooter scenarios within the very facilities that exist to heal others.
Statistics from several sources such as the U.S. Department of Labor as well as scientific studies from respected associations such as the Emergency Nurses Association (ENA) and similar groups in other counties across the globe show that healthcare has become and continues to be a dangerous environment. As those who have been charged with protecting those who are at their most vulnerable as well as those who are caring for them, it is critical that we as healthcare security professionals understand not only the current trends in workplace violence in our industry but work on strategically addressing the issues which cause such incidents to occur. Only by first understanding the mechanisms that drive these events can we hope to prevent them.
Another significant issue which continues to affect healthcare organizations is that of data breaches and unintentional violations of patient confidentiality. Confidentiality is a huge concern in any healthcare facility and to ensure consistency and with the Health Insurance Portability and Accountability Act (commonly known as HIPAA) as well as the Health Information Technology for Economic and Clinical Health (HITECH) Act, healthcare employees must protect health information whether medical, patient-related, staff-related, business or financial. Such data can only be used as permitted by regulatory guidelines and includes written, electronic or even verbal information (i.e. overheard conversations).
Violations of these and similar regulatory guidelines can be disastrous for an organization, in both tangible (such as the now increased maximum fine of $1.5 million per facility) and intangible (negative branding and revenue loss) effects, which is why extraordinary precautions must be taken to protect such information. While the theft of a laptop or similar portable electronic portable device from a hospital might incur a direct loss of the value of the item, far more valuable is the data that such devices contain. This is why healthcare security professionals must work closely within their individual organizations to create and maintain a robust multidisciplinary enterprise risk management program to prevent such losses from occurring.
Read More: Preventing Laptop Theft and Data Loss
Finally, one significant issue that the security industry across all disciplines has been faced with is that of metrics and “proving your value.” This is an age old conundrum faced by security. How does one prove a negative? To paraphrase Mark McCourt’s excellent article in November’s Security Magazine, C-suite executives should be saying “thanks for nothing” to those responsible for effectively managed security programs, since no news is certainly good news when it comes to security-related events. This is rarely the case however, and we are faced with coming up with ever innovative ways in which to prove our value and demonstrate the return on investment that our security programs require.
As a start, every security professional should be able to tie their goals and objectives directly into that of the businesses strategic plan and become a partner in achieving overall organizational success, rather than being viewed as a “necessary expense.” Security professionals must know what we do, how much we do and how well we do it and be able to provide valid objective evidence of this via key performance indicators if we are to survive in this increasing age of resource justification. The use of valid metrics, coupled with experience and industry knowledge is what makes effective security a craft more than an art or a science.
Change in everything is inevitable, and we all must evolve as the healthcare industry requires if we are to continue to be successful.