Adding video to two-way audio can instruct unwanted visitors they have entered an area they should not be in, Mara said. "Video and audio communications allow for interaction with a perpetrator in a possible crime in action and elevate it to a more serious response level for first responders. This can be important during after-hours, when guard services need a complement, or in place of guard services in remote areas as well."
Industry experts agree that relying on temporary access cards plus an existing access control system might be cost-prohibitive and insufficient in managing after-hours visitor access. On-site security personnel would still be needed, although manpower can be reduced and redistributed to high-risk areas. "The enforcement of visitor badging requires the direct involvement of the security personnel," said Mark Thummel, Account Manager of Security & Fire in Building Efficiency, Johnson Controls. "They may not be needed at the location where the badging process takes place, but their presence is critical at key entry points, such as the main elevators or main lobby entrances to other facility areas."
Visitor crime and theft occur in health care facilities due to the openness of the premises, although petty theft is more prevalent compared to serious crimes. The most costly crimes are committed by employees, such as stealing equipment, supplies and pharmaceutical substances, Cullen said.
"Theft is a serious issue within these facilities, because many of the assets are portable, expensive and difficult to track," Botti said. “Implementing real-time location services integrated with physical building controls has become a rising trend, as more health care facilities, especially around the emergency department, try to curb the loss of this equipment. Unfortunately, these initiatives are typically done outside the scope of either physical access control or logical access control and are instead often managed by supply chain management initiatives, which create yet another tower for these solutions."
Advancing with Technology
Technology brings both efficiency and risk to the table. For instance, tablet computers are useful tools for instant data retrieval and can be carried by medical personnel on rounds. However, data security and patient privacy are open to new threats.
Usability versus manageability is always a tough challenge for the enterprise, Botti commented. "In health care, the choice has been managed both ways in our experience. There were cases where no devices were allowed on the facility networks that were not directly managed by the IT department, including smart phones. In other
 |
| Philip Verner, Sales and Marketing Manager, CEM Systems (a Tyco International company) |
cases, the policy allows any device to attach to the network, with the employee community required to sign documentation stating they accept all responsibility for the management of the device and understand any breach or exposure created by the device becomes the responsibility of the individual."
"New technologies like this will surely add onto the threat level and data leakage risk," Stemp said. "To counter these issues, the security and IT departments must work together to formulate extra encryption for harder access to important information by unauthorized persons."
To fill in the gap between the two extremes, physical security is able to assist in securely locating the assets at all times. "Assets could be tagged so that an alarm would sound when the assets leave the premises," Assouline said. "Flexibility of asset management integrated with access control, combined with a good knowledge of the system integrator with a well-educated end user, will enable better processes in securing the assets and personal resources of the hospital."
Biometrics can help too. Access to data networks that have sensitive information can be tightly controlled, as can physical access to the computer rooms or the rooms that hold paper files by implementing biometric scans, Cullen said.
Dual-factor authentication can be added to access portable computer devices which contain patient or business information, Pryse said. "The data housed on the equipment should also be encrypted to prevent unauthorized access in the event of a lost or stolen tablet computer or PDA. The end users should weigh the cost of securing the access and providing adequate firewall protection against the speed or efficiency of patient data entry or retrieval in a live environment."