The rise in violent incidents sweeping through our country – and around the world – has organizations across all industries looking for new and more effective ways to control access in order to better protect and secure people and premises. One of the areas most affected by these incidents is the healthcare industry.

Impact on Hospital Operations

Hospitals and clinics face regular threats to people and property from outside sources as well as from within. Physical assaults, theft of medical supplies or equipment that contains confidential patient information, and even infant abductions are all issues that today’s healthcare administrations must contend with.    

Two additional developments in the healthcare industry have made the situation even more acute. The first is the advent of the Affordable Care Act (ACA), which has the potential to substantially increase the number and frequency of patients and visitors to what may be a growing number of healthcare facilities. These increased numbers will in turn require stronger and more enforceable access restrictions. The catch-22 is that hospitals, medical research centers and so on, not unlike school campuses, are semi-public facilities. Administrators want to maintain an atmosphere of friendliness that allows medical staff, visitors or contract workers to go about their business with relative ease. This openness must be balanced with the facility’s obligation to maintain a safe and secure environment for all.

The Affordable Care Act could initially also create a situation for healthcare facilities that results in system overload and cost-overruns. For example, if professional security officer services are reduced, the reduction in trained manpower could potentially result in less scrutiny of hospital visitors or longer action times in the event of an incident. In another example, hospital workers may be overburdened with additional paperwork required by the ACA, and not immediately notice that a patient has gone missing or that individuals are tailgating to enter restricted areas. These are real challenges facing today’s healthcare facilities. 

The second development is the trend toward removing restrictions on hospital visiting hours for family and friends. Recent reports indicate that allowing patients to spend more time with family and friends can improve health outcomes by lowering patient anxiety levels and feelings of social isolation. Studies also suggest that individuals recovering from surgery that have family with them suffer less nerve-related pain and their inflammation levels lower faster.

While this trend of relaxed visiting hours is proving beneficial to the health and recovery of patients, it places an additional security burden on hospital administration. Policies and procedures must be developed and implemented that will allow a more open environment but will protect the privacy of other patients, and the safety of patients and staff. Policies must also take into account procedures for emergency situations such as a lock-down or evacuation. Knowing exactly who is in the facility and why they are there is valuable information at any time and under any circumstance.

Automated Solutions are Key

Credentials such as visitor passes and access cards enable physical access but the true issue is the management thereof. Requiring visitors or contractors to manually sign in and out, or wear a visitor badge is a difficult if not near impossible procedure to enforce. Employee badging systems help identify those authorized to be in the hospital but in some cases badges can be easily forged, and if the badging system is not integrated with other hospital security systems they are significantly less effective as an access control solution.

For safety’s sake, everyone coming in and going out of a healthcare facility should be easily identified and have controls placed on their access. A proven solution to help mitigate the overall effect of a more open healthcare environment and lessen the potential for security breaches is the use of intelligent and purpose-built automated physical identity and access management (PIAM) software. A ready-made solution for healthcare organizations, PIAM solutions allow administrations to upgrade and enhance their physical security strategies to meet the challenges of the Affordable Care Act, and accommodate new trends while remainingcompliant with requirements mandated by various healthcare regulations.

With a centralized PIAM system, a healthcare organization can create an identity for every individual who has reason to be on the premises. By connecting diverse existing physical security, IT and other systems, PIAM solutions can automate key processes and workflows to optimize security operations, centralize control and enable compliance with regulatory mandates to be automated in real time.

Software systems can streamline time-consuming and inefficient processes from issuing ID badges to managing databases to assigning access privileges across multiple physical access control systems. For instance, when a hospital is affiliated with or physically part of a University School of Medicine, various access levels and permissions can be programmed on to a single ID badge for physicians and students.  In addition, any activity, event or status at any point in the identity lifecycle is reportable and auditable. If vulnerability is identified, hospital administrators can review and take the necessary action to rectify procedures or activities.

Managed Control to Meet Compliance

The Joint Commission for the Accreditation of Healthcare Organizations (JCAHO) oversees the industry’s accreditation process to ensure patient/personnel safety and standards compliance. Among other stipulations, accreditation requires that health care facilities identify sensitive security locations within the hospital (i.e. birthing centers, pharmacy, emergency, etc.) that may require unique security protection. Hospitals without controlled access rights to sensitive areas are at risk of losing accreditation, along with funding. Further, the Centers for Medicare and Medicaid Services (CMS) conduct their own inspections, the results of which can affect the facility’s accreditation.

Adherence to rules and regulations established by state and federal agencies is not only mandatory but it also meets best practices with regard to hospital safety. Compliance with regulatory mandates is an important element of risk management and PIAM software can enable these initiatives to be automated in real time. As an example, HL7 refers to specific standards for the exchange, integration, sharing and retrieval of electronic health information. When PIAM software is integrated with a patient’s electronic health record (EHR), the combined information provides a more holistic view for the medical professional. All information pertaining to patient identity, such as visitors, dietary restrictions, medical attendees and so on, are tied together under policy-based workflows.

The Need for Change

 Hospitals and other healthcare facilities need good access control and visitor management to maintain an open and safe haven environment. PIAM software is a holistic approach to managing access that helps ensure that each identity has the right access, to the right areas, for the right length of time. The benefits are many and ultimately provide healthcare facilities with the tools to address access control and visitor management in today’s security conscious environment.