Katarina “Kat” Kemper is Director of Physical Security for HCA Healthcare, a Nashville, Tenn. leading provider of healthcare services, comprising 187 hospitals and approximately 2,000 sites of care, with more than 35 million annual patients and 275,000 staff members.

At HCA, Kemper has built the enterprise security program from the ground up, developing and implementing physical security measures to support patient care, privacy and cybersecurity goals. Kemper’s experience, education and leadership have helped HCA achieve the delicate balance of caring for patients while protecting staff from workplace violence and preserving strict legal, regulatory, clinical and ethical standards. 


Security: What is your background, current role and responsibilities? 

Kemper: I have more than 23 years of experience in healthcare quality, risk, safety, security and emergency preparedness, and I have previously worked as a state investigator. I have a Bachelor’s degree in criminal justice from Chaminade University and a Master’s degree in organizational leadership from Colorado State University.

I am currently enrolled at Fielding Graduate University to obtain my Ph.D. in organizational development and change. I also hold a Certified Healthcare Protection Administrator certification amongst several others that I have gathered throughout my career. In my spare time, I assist the International Association for Healthcare Security and Safety Foundation (IAHSS) as the Tennessee Chapter President, IAHSS Guidelines Council member, IAHSS Data Warehouse Council Project member, and IAHSS Women in Security Co-Chair and Mentor.

I have been with HCA since 2005. Currently, I am the Director of Physical Security for HCA Healthcare, the largest private sector healthcare provider in the U.S.. where I develop and direct the strategy and operations of the physical security program to protect the company’s 185 hospitals, 1400 outpatient clinics, 275,000 employees, and 35 million patient care encounters each year in the U.S. and U.K. I currently oversee subject matter specialists in Nashville, Tenn., to help implement and manage the enterprise program. In addition, I am an advisor to several different enterprises and division-based committees such as infant and pediatric security, medication security, asset protection, active shooter, and numerous information security efforts within HCA Healthcare.  

Security: Could you discuss how you built and justified a multi-year strategy to certify and implement enterprise technology systems to minimize risk, increase efficiency and reduce costs?

Kemper: The program is an enterprise program that is facility-focused. It is a risk-based program developed utilizing data to include community crime statistics, facility statistics, claims and injuries. We then conducted an overall security vulnerability assessment focusing on risk, impact and preparedness. From there, we determined what technology would be a force multiplier to the security workforce to reduce risk starting from the outer perimeter and to work our way into our units and security-sensitive areas. Over the past few years, we have been developing our “Digital Transformation” program that focuses on standardization, consolidation and centralization in an effort to obtain enterprise risk and trends to further increase efficiency and be a financial steward.

Security: How do you manage a multi-million dollar budget for security technology, and what security tech did you prioritize and why?

Kemper: We have focused our funding on the highest-volume and highest risk security threats at our largest facilities, and we work our way down the list. We created a great interdisciplinary team of subject matter experts who could support rolling out a multi-million dollar technology investment. Access control was critical to minimize threats entering our facilities and security-sensitive areas. Cameras, duress buttons, patient protection systems, wayfinding and lighting, were also included as a force multiplier.

Security: What role have you played in developing HCA Healthcare’s 24x7x365 security operations center (SOC)?

Kemper: I would say we are still in the infancy stage of our SOC compared to other large Fortune 50 “blue chip” companies. I am excited to see where the future takes us over the next 36 months as we evolve our SOC/ GSOC further with our enterprise systems. We are looking at utilizing artificial intelligence features and collecting data to provide us business intelligence to take the program to the next level.

Security: How have you continuously improved physical security measures to support patient care, privacy and cyber goals?

Kemper: Yes, physical security is one of a few programs that touch every aspect of people (patients, visitors, workforce), processes, systems and buildings. With my background working at hospitals overseeing quality, risk, safety and security, I provided the bridge to clinical operations and their programs. I have led and advised in teams related to infant and pediatric security, medication security/ diversion, workplace violence, labor relations, asset protection, information protection and cyber.  

Security: How do you balance the challenging task of caring for patients amid complexities such as behavioral population needs while protecting staff from workplace violence?

Kemper: Hospitals, specifically Emergency Departments, treat a significant amount of patients that are not feeling well and are basically in a crisis. Understanding what the patient is experiencing and trying to meet their immediate needs help reduce behavioral crises. I believe the company’s culture supports our patients and the security program by providing workforce training, conducting agitation assessments, and environmental, situational awareness have been the key to mitigating severe events.