Hospital Security Lapses in 2013 Turn Spotlight on Security Officer Training

On September 19, 2013, 57-year-old Lynne Spalding was admitted to San Francisco General Hospital for a bladder infection. Last seen in her hospital room on September 21, she was found dead in a stairwell at the hospital on October 8th. Her body was discovered on the fourth-floor of a rarely-used exterior stairwell by a member of the hospital's staff. A different staff member saw a body in the stairwell and reported it to security prior to October 8, but the report was never followed up.

During the 17 days she was missing, her family scoured the city and passed out thousands of fliers. Although several searches were conducted of the 24-acre hospital campus, the stairwell where the incident occurred was never searched. Security video was not immediately available for review, and surveillance video coverage in the hospital was scarce. As a result of the incident the hospital reviewed technical problems with the security surveillance equipment and camera placement, policies and procedures were reviewed and daily patrols of fire exit stairwells was implemented and the hospital hired an independent consultant to investigate the hospital's security and search protocols.

On November 23, 2013 a family was summoned by phone to return to the Robert Wood John University Hospital in New Brunswick immediately after their 93-year-old grandfather took a sudden turn for the worse. They arrived at the hospital and entered the Emergency Room. A security officer buzzed them through to a back elevator that was the quickest route to their grandfather’s room. However, a second security officer then prevented them from using that elevator, instructing the family to exit the hospital and reenter at the main entrance.

The family complied and was met by a group of security guards who stopped them and "read them the riot act." Eventually the family members were allowed to proceed under escort, to the Cardiac Care Unit, where the doctor told them their relative had just died. The hospital denies the incident but did state that the family was told to exit the Emergency Department and reenter through the main lobby. In a statement following the incident (and after one of the family members posted a long complaint on the hospital’s Facebook page), the hospital promised an “exhaustive” review of the events to determine if it needs to make changes to its security policies. The statement also said that the hospital will determine if “enhanced training” is needed for security staff.

These incidents, although tragic, exemplify the need for professional healthcare security to be present at hospitals, clinics and nursing homes. A well-seasoned director and team reduce risk and provide a caring and safe environment for patients, visitors and staff. The need for professional security services is not only necessary in healthcare, but in any specialty market like higher education, petro-chemical, banking, government and residential communities. Security services, whether in-house or contracted, must have expertise in providing specialized service. Seasoned, professional individuals understand the programs and services necessary for that particular market and provide valuable information that not only mitigates risk and provides professional service, but reduce overall security costs to the institution. The incidents described above clearly demonstrate this point.

Hospitals traditionally have policies for both eloped and missing patients. These policies include the searching of the facility until the patient is found. Searches generally include the entire campus and its buildings, including roofs, mechanical rooms, tunnels, wooded areas, areas with lots of vegetation and, of course, stairwells. Healthcare security experts know that rooftops, mechanical rooms and stairwells are important areas to search because of years of experience dealing with high-risk patients who find their way to the rooftop in order to commit suicide. Elderly patients, children and behavioral health patients can all wander off.

Healthcare security professionals, even if they do not personally experience these incidents, should educate themselves on the risks associated with their profession. Through news articles, professional organizations and other healthcare security directors, hospital security staff can learn about the perils of eloped and missing patients along with other high-risk events that are common in the healthcare arena.

A professional security team also understands the need for a caring, patient-centric environment: an environment where the patients and visitors are treated with dignity and respect while providing a safe and secure environment; an environment where visitation policies are well defined and nursing and security work together so that the hospital can provide a high-level patient experience.

Again, a seasoned healthcare security program would have provisions in place for family members who need special services whether it’s quick access, priority parking, wheelchairs, detailed directions or general information, or escorts to and from the parking areas. Every professional security director knows that providing a caring, empathic environment is the hospital’s number one mission, especially in the era of the Affordable Care Act when hospitals will increasingly compete for patients and patient services.

Unfortunately, many hospitals do not see the need to invest time and money on security services. This is usually because senior administrators do not always see the value a professional security department can provide. They lack the understanding of what services and programs can be valuable to the hospital environment. Common programs within the hospital security include the controlling of access, patrol of internal and external areas, the investigations of missing patient property and, of course, the response to emergent situations like eloped patients, infant abductions, bomb threats and the influx of patients during a community disaster. Although this list only demonstrates a small number of situations where hospital security staff can play an integral role, hospital administrators should look to evaluate their security program, especially with the financial changes that are occurring with the advent of the Affordable Care Act. They should look to hire and promote a professional security team.

Security personnel should have healthcare specific training and experience working in the healthcare environment. Security management should be allowed to professionally grow within their specialty by attending seminars by organizations like the International Association of Healthcare Safety and Security (IAHSS) and ASIS International. They should be encouraged to attend local association meetings in order to network with their peers and subscribe to market-specific publications. Professional growth should not be the first budget item to be cut, but evaluated so that development can continue even during tough financial times.

The aforementioned security incidents in 2013 could cost each hospital thousands of dollars, either in restitution or lost business from a tarnished reputation and negative publicity, all due to a lack of professional, organized healthcare security.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.

Organizations rely on application innovation, particularly API-driven applications, to fuel their business transformation and growth. Attackers know this and are constantly looking for ways to find the unfindable and break the unbreakable. They’ve got tools, motivation, and time on their side.