Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
ManagementPhysicalSecurity Enterprise ServicesSecurity Leadership and ManagementSecurity & Business ResilienceFire & Life SafetyPhysical Security

Enterprise Services

Healthcare and incident management: Just like the doctor ordered

The Mayo Clinic’s Global Security team set about developing a single security operations center and standardizing workflows, processes, software, terminology and other investigatory and case-management aspects, all with the help of technology.

By Michael Gips
healthcare in city
healthcare author
healthcare in city
healthcare author
January 10, 2022

For 93 years, the massive bronze doors of the Mayo Clinic’s Plummer Building have closed fewer than a dozen times. Indeed, they are not easy to close, weighing in at two tons each and standing 16 feet high. The open doors symbolize that the world-renowned institution is always available to take in those who need its care.

The landmark building was designed for efficiency, ease of movement and collaboration. But those features became more difficult to sustain as the hospital grew in size, geography and complexity. For example, about 20 different departments conduct or consult on investigations and maintain or contribute to case management systems, and many use their own software, processes and terminology.

Security was balkanized as well. Until a few years ago, the department was campus focused. “Global Security as a shared service didn’t really exist,” explains Ryan Hatton, Manager, Security Technology and Global Security Operations Center at the Mayo Clinic.

The organization has three main campuses — in Rochester, Minnesota; Phoenix/Scottsdale, Arizona; and Jacksonville, Florida. It also has a health system in Minnesota, Iowa and Wisconsin, as well as facilities in London, England. Each campus maintained its own security operations centers, technology, procedures, data collection and terminology. In the case of terminology, incidents might be defined differently among campuses based on state law, so a battery in Wisconsin would be equivalent to an assault in Minnesota. That proved confusing.

“We recognized that we needed to change,” Hatton recalls.

Several years ago, Mayo brought in a well-regarded chief security officer (CSO) to temporarily lead the security team as the clinic searched for a long-term candidate. Brad Brekke, former CSO of Target, answered the call. The security team credits him with centralizing security and laying the foundation for improved professionalism, standardization and innovation.

Matt Horace succeeded Brekke as CSO, joining Mayo in May 2019. “I came in with a blueprint,” Horace recounts. Leveraging available funding and a highly capable staff, he reinvigorated the security brand. “We changed our name from Security to Global Security because we are transnational; we serve people all over the world,” Horace says. “It was important to have the brand change to elevate the perception of security and to move away from the gates, guards and guns of the past.”

Security’s plan aligned perfectly with Horace's vision: to develop a single security operations center and to standardize workflows, processes, software, terminology, and other investigatory and case-management aspects. As part of this effort, the security team began scoping software tools that combined security risk management, case and incident management, investigations and command center management.

After putting out a request for proposals and reviewing the submissions, Global Security selected Resolver’s suite of software tools. The Global Security team reports to Risk Management, and in early 2020, Mayo Clinic leadership tasked Risk Management with streamlining all investigative teams into a single tool. They leveraged Global Security’s ongoing efforts and chose the same software suite. Delayed by the COVID-19 pandemic, the project was in development for almost two years before the software was implemented in the summer of 2021.

“We heard from other teams with the same issues,” Hatton says. The project caught the attention of Mayo leadership, which set out to see whether the software could help standardize procedures and practices beyond security — to all departments with incident/case management, investigations and similar processes. Mayo has to comply not only with a bevy of federal, state, local and international laws and regulations, but with the requirements of the Joint Commission, the organization that accredits healthcare institutions in the United States.

Previously, an employee might have had issues with HR, privacy and security, but because of the size and complexity of the organization, the incidents would be siloed. For example, says Amy Runkle, Manager of Investigative and Legal Discovery, “[The Investigative and Legal Discovery group] might have reached out to Compliance to see if there were any hotline reports, to Security to see if there were global security issues, or to HR for other historical matters, and merge the information.”

Sara Elton, Principal Risk Analyst, was tapped to project manage the task of getting multiple departments on board. The various groups she wrangled had their own concerns. An external audit determined that there was no consistent process for investigating possible fraud. Also, Mayo’s personnel committee wished to streamline its own investigative process. “Global Security had a relationship with Resolver, so it made sense to use them, though we looked at a couple of other products too,” Elton says.

Elton reached out to 20 or so departments to participate, and the 10 with investigative/case management responsibilities have signed on, joining Global Security. Overall, six departments (Global Security, Compliance, Privacy, Revenue Compliance, Education Compliance, and Health Information Management) are live; three departments (Operational Risk Management, Manufacturing Compliance, and Human Resources) are in the requirements process; and two departments (Research Compliance and the Drug Diversion Response Team) will join in 2022. Other departments, such as Legal, will have a consulting role.

In his department, Privacy Officer John Signorino needs to maintain a record of privacy investigations, corrective actions, individuals involved and related information to meet regulatory requirements in case of an audit. In this project, he saw the opportunity to integrate workflows. “Now, you could do that by taking an off-the-shelf risk management product, but we took the more difficult path of taking an existing tool focused on security and updating it so it could enhance all other compliance workflows.”

Signorino had already worked with various software tools, such as Compliance 360 and CompliancePro, but realized it made sense to use one that Global Security had already put to the test.

A critical part of the process has been developing metrics that translate across departments. Clifford Hodde, Manager, Security Standards, Data, and Training for Global Security’s Support Services, says that security had practitioners design a standard set of report metrics to enable better data analytics. For example, users will better be able to identify hotspots, which may differ from one campus to the next.

“We were really conscious of how people reported things like terms and definitions,” Hatton explains. Security worked with Resolver on populating fields and customizing reports, then integrating the information with Mayo’s patient databases. “So now we only have one record per person,” Hatton says. The security team also added a training program on how to limit reporting differences when entering data into the system.

The departments are just getting up to speed on the new system, though results so far have been favorable.

“We can get things that we couldn’t get before,” Horace says. “When we are managing critical incidents, it’s going to be much more visible and relevant; we can see what data is coming from the interviews, did we recover items, did the incident involve weapons or mentally ill persons, and so on. We can use that to figure out why this happened, what it meant and what is next. It gives us the ability to get more info now and to understand the data points in real time.”

Though the implementation is still in its early stages, “Efficiencies will come down the line,” predicts Signorino, as consistent reporting yields enhanced data analytics, eliminates duplication, and saves time and expense. Staff from different departments will get to know the look and feel of interview notes, for example. “Strategically, workflows will become familiar to both users and external stakeholders so that the experience of a privacy investigation is not entirely unlike the experience of an ORM or legal inquiry,” he adds.

Every new tool has its limitations, but Runkle says the software provider has been highly responsive to Mayo’s requests and concerns. For future improvements, Mayo is looking for enhancements in the user interface and more robust workflow tools in the software. “It’s the first time [the tool] was built beyond [use by] security,” Runkle says, pointing out that the company has worked hard to tailor its software for such broad use.

And interdepartmental collaboration is essential, adds Director of Security Services Scott Anderson, because, “Bad guys don’t care how you’re built.… They don’t care about our silos or that we don’t talk. You can’t deliver incredible healthcare if you don’t feel safe.”

The software both helps fulfill the Plummer Building’s original purpose to foster a more collaborative environment and plays a key role in ensuring that the facility never has to figuratively close its massive doors.


KEYWORDS: enterprise security healthcare security risk management security operations security operations center

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Michael gips headshot
Michael Gips is a Principal at Global Insights in Professional Security, LLC. He was previously an executive at ASIS International. Columnist image courtesy of Gips

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

Laptop with coding on ground

Stepping Into the Light: Why CISOs Are Replacing Black-Box Security With Open-Source XDR

Gift cards and credit cards

Why Are Cyberattacks Targeting Retail? Experts Share Their Thoughts

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Doctor held at gunpoint

    Weapons detection in healthcare: A snapshot and guide

    See More
  • Data breach graphic

    The five W's of third-party incident management

    See More
  • Smart Card Uses Continue to Expand Across Sectors

    The future of ID management in healthcare

    See More

Related Products

See More Products
  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

  • 9780367259044.jpg

    Understanding Homeland Security: Foundations of Security Policy

See More Products

Events

View AllSubmit An Event
  • January 16, 2025

    Preparing for the 2025 Threat Landscape

    ON DEMAND: In 2024, businesses faced a barrage of critical events with far-reaching impacts. From record-breaking storms and costly infrastructure failures to contentious election cycles and sophisticated cyberattacks, companies are navigating an increasingly complicated threat landscape.
  • July 17, 2025

    Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

    From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing