Effective Security Design and Operation of Emergency Facilities

The COVID-19 pandemic of 2020 has challenged our global society in many ways. It is truly a unique and unprecedented situation of our time, which requires communities around the world to come together to defeat the virus.

In an effort to support overcrowded hospitals, we have seen the advent of military field hospitals and public venues turned overnight into care facilities. The Javits Center in Manhattan, Colorado Convention Center in Denver and other spaces designed for public assembly have been transformed to support the fight against the pandemic. Army field hospitals are deploying and establishing hospital footprints in New York, Washington State and elsewhere as needed.

The Army Corps of Engineers has been tasked with the massive job of building temporary hospitals in potentially hundreds of American cities. They came to the conclusion that convention centers emptied of visitors because of the epidemic might be the ideal setting to care for people sickened by it.

These large conference venues are certainly not the only option. The corps is also working with states and cities to convert facilities like hotels and dormitories into temporary hospitals. But convention centers have numerous advantages because of their existing infrastructure, including numerous accessibility points for electricity, cold and hot running water and proper sewage systems that allow for adequate sanitation.

In addition, these facilities offer proprietary workforces that know how to convert the facilities into just about any conceivable configuration and are largely idle because of widespread event cancellations.

As of late March the Federal Emergency Management Agency was working with more than 100 cities to identify appropriate sites to convert into health care facilities. Local authorities’ approaches vary dramatically, with some intending to offload patients who haven’t been infected with coronavirus into the temporary hospitals; others planning to use them exclusively for COVID-19 patients; and some planning for a combination of both. In the end, we are collectively learning many lessons that will help us prepare and execute if our country experiences such a crisis in the future.

In areas without convention centers, like smaller cities, hotel-type settings likely make sense. In any event, the facilities need to be able to get up and running quickly, so the corps’ regional leaders have been reaching out directly to mayors in the hardest-hit areas to find out what they’re already planning, and what they may need for support.

Furthermore, hotels have advantages of their own. Aside from being more comfortable for patients than larger, more open facilities, they’re also easier to convert into negative pressure rooms to aid in breathing for people with COVID-19, an important treatment with this type of virus.

As these facilities take shape, it is important to have teams of experts that can support secure and safe operations for our medical professionals and their patients. In order to accomplish this, multi-functional experts from our engineering (structural, protective and civil disciplines) and security communities should come together to perform on-site assessments prior to the facilities going to full operational capability. By doing this, we can set the conditions for a smooth transition of these facilities into their new use, and help ensure the security and safety our caregivers need to cure the ill. To do this, it is important to follow these six fundamental steps:

Identifying Vulnerabilities

The first step is to conduct a realistic threat assessment in which security professionals will review a myriad of sources to determine the threat level. This analysis should be quick and detailed, covering the realistic threats associated with the location the facility will operate in. Understanding the area is the first step in setting up a secure care facility.

Based on the expedited timeline needed to get these facilities up and operational, select a highly competent security professional to conduct a rapid Threat, Vulnerability and Risk Assessment (TVRA). Having third party support in this process frees up law enforcement and medical professionals to focus on their primary duties. The multi-functional team will effectively provide an unbiased and uninfluenced security assessment. This will drive smart decisions on security investment and create a better opportunity for a positive return on that investment in vulnerable situations. Good stewardship of time is critical here as the team will have five days to conduct the assessment and two to put together a report. A professional TVRA will provide recommendations to mitigate risk, focusing first on no/low-cost recommendations as a matter of general practice thereby creating another opportunity for rapid operational capability. A prompt TVRA product sets conditions for prudent electronic security system identification, equipment specification and integration of both.

Securing the Perimeter and Establishing Access Control

First, clearly define the perimeter. The threat by hostile vehicles is a common tactic for nefarious parties. Look no further than the recent train derailment in Los Angles to highlight the need for a secure perimeter. To do this, hasty barriers and the use of crime prevention through environmental design (CPTED) principles will allow the team to set up the initial defense. Over time, the perimeter can increasingly be hardened if the facility will operate over an extended period.

Second, determine access control policy and procedures. The establishment of a testing or screening area should be considered. Additionally, the ability for emergency vehicles to enter smoothly should be part of the perimeter plan. The perimeter is the first line of defense and should have an established communications plan that facilitates patient arrival with the care facility medical professionals. The multi-functional team can address these functions as the first step in facility security.

Sensor – Data - Analysis

Identify and specify electronic technological systems while including the possibility of integrating existing technologies, and adopt new technologies that are capable of expansion and upgrades over the operational span of the facility. This is where options are presented that support the facility’s purpose and can build the bridge to a more mature system if the facility maintains functionality over an extended period. Existing facilities will go through a technology audit, while temporary facilities will require a quick technology package that integrates within a matter of days rather than weeks. In this step, the security professional identifies surveillance, access control, communication, intrusion detection requirements and how the security operations/monitoring will take place, i.e., by contract or proprietary security personnel.

Security Operations Center (SOC)

The SOC is the analytical center where sensors and collected data meet to help security personnel have a better overall understanding and situational awareness. Information is turned into intelligence in the SOC and sets the facility up for proactive responses to security situations. The SOC is the “the brain” of the security function, the beginning and the end in terms of analysis, proactiveness and decision making. The design of an SOC is a critical step in thinking holistically about security monitoring. It can be done in several ways, but ultimately, a centralized location to monitor the facility and the land around it is critical to a sensor, data and analytical mindset.

Establish Staffing Requirements and Plan for a Surge

Establish standard operating procedures, quick reaction forces, external support relationships and first responder coordination. SOCs will have different levels of manning and purpose. The operations tempo will be determined by the needs of patient treatment. Setting a tactical SOC up for the possibility of expansion is critical in this step. Physical space, workstations and smart organizational design are all areas that should get close attention. Communications is one example. Ensure that decision-makers are positioned in the SOC with direct access to the communications platform. A simple mistake of having communications on the opposite side of the SOC away from leadership is all too common and can lead to increased security risk and vulnerabilities to the staff, patients and structures.

Addressing Cybersecurity

In addition to physical security, your risk assessment should include a thorough cyber risk analysis to identify threats and vulnerabilities to the network that holds sensitive information. The risk analysis will help you ensure the protection of Personally Identifiable Information (PII), sensitive health records and cyber defense of the established network and information systems. A best practice approach is that site operators should provide ongoing cyber training and information security awareness notifications as part of an overall security plan that provides layers of defense.

As part of this training, all facility users should take care in the use of social media, and operators should consider policies and practices to address social media use in the care facilities, specifically patient screening, treatment areas and records storage areas to protect the privacy of individuals and control information flow outside of the facility.

We all need to do our part during this pandemic. Follow the rules, provide support where you can, and give our medical professionals (the true front line in this war) the ability to do their jobs in an environment that is secure and safe for everyone.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.