Hospitals are in the business of serving people and their families. Their primary goal is to provide patients with medical care, comfort, and peace of mind. Traditionally security systems in healthcare have been used for access control, providing forensic video and personal alerts for staff in cases of violence, and monitoring at-risk populations such as infants or patients suffering from dementia to protect against kidnapping or wandering.
“The purpose of healthcare security management is to contribute to the protection and safety of all those delivering medical service and safeguarding public and private assets against loss, theft, fraud, damage, and disruption, which could be detrimental and a risk to the continuation of patient care. Patients, employees, and visitors assume that since hospitals take care of the community they are immune from local crime and the ills of society,” said Nick van der Bijl, an honorary president of the National Association for Healthcare Security in the U.K. and former healthcare security manager. However, by their nature, hospitals are violent places, some of which are of a clinical nature — post-operative trauma, serious mental health, and pain. But there are also instances when violence is of a criminal nature, such as violence against others.
Behind the scenes, hospital security teams face numerous challenges that involve the safety and security of employees, patients, visitors, and confidential personal information, as well as safeguarding dangerous materials, pharmaceutical supplies, and more. A breach in any of these areas can cause financial, legal, and reputational damages.
In addition, hospitals have to work under a strict regulatory environment complying with numerous standards. First and foremost is of course safeguarding patients' medical information. Many other regulations influence a hospital's daily operations: from financial regulations (for example in case the hospital accepts credit card payments) to regulations regarding the storage of hazardous and radioactive materials. The need for compliance is a significant factor for the performance of healthcare providers. “Healthcare by nature is a very open environment so any security systems put in place must work within this construct, providing a secure environment to patients, employees, hospital property, and regulated health information while having a negligible impact on the flow of patients, visitors, and staff,” explained Drew Neckar, Director of Security Services at the Mayo Clinic Health System.
With many different departments, entrances, elevators, parking areas, etc., and a constant flow of staff, “hospitals are ultimate high-traffic sites,” explained Courtney Dillon Pedersen, Corporate Communications Manager at Milestone Systems. “Monitoring all of these scenarios can be aided by comprehensive video monitoring and access control, which today is in hot demand as a unified solution for greater efficiency.”
Frequent M&As Creates New Demand
Recent changes in the healthcare business environment in the U.S. have led to a series of mergers and acquisitions (M&As) between healthcare providers. These are driven by regulatory changes and strategic initiatives. Hospitals merge to gain economies of scale and deal with reimbursement cuts, to get a better strategic position in the market or purchase smaller, less profitable hospitals that became too strained financially as a result of high compliance costs.
According to a report from strategic advisory and investment banking firm Hammond Hanlon Camp, in 2012, more than US$143.3 billion in healthcare M&As took place in the U.S., one of the highest volumes recorded in a decade. The U.S. is the global leader in healthcare M&As; however, this trend is not limited to the U.S. and appears also in Europe (mainly the U.K., Germany, and France) and APAC (Thailand, China, India, and Australia).
From the security perspective this convergence has had two implications. The first is overcoming the challenges of managing a multi-site environment often with different systems that now need to work together. A second implication is a growing need for security systems to show a return on investment (ROI) that will justify their expense.
“Security nowadays is turning into an ROI perspective — security managers need to prove they have a benefit and contribute financially for example through loss prevention,” said Sean Ahrens, Security Consulting Services Practice Leader at Aon Global Risk Consulting Security Practice. One way of achieving loss prevention is by preventing theft. In addition, the data collected by security systems is also useful. For instance, access control systems can provide information about how many people pass through a certain door. This data too has implications, if more people than planned pass through the door the hospital might want to schedule maintenance or re-plan emergency evacuation routes. This way the hospital can avoid potential bottle necks because too many people pass through one door.
A major challenge in multi-site management is interoperability, an issue presented by M&As that requires the merging of several facilities. “Each one of these hospitals has different systems and the challenge is how to combine them successfully. This raises many issues — how to register all the employees to the system quickly and efficiently and how to prevent them from using multiple cards. Another key issue is employees or contractors not removed from the systems in time. For example, in one hospital I encountered 3,000 active cards in the system for only 700 employees,” said Ahrens. An additional constraint is that oftentimes hospitals do not have situational awareness in mind. There is no dedicated area to set up a control room and this hurts the efficiency of security operations.
“In healthcare's current climate of acquisitions, reorganizations, and uncertain finances, a security professional rarely has the opportunity to choose a single new security system as a solution for a new installation in multiple sites. It is more often the case that they are tasked with allocating resources to integrate existing, often outdated, systems to work in parallel while trying to provide a seamless user experience at all facilities,” added Neckar.
Placing More Emphasis on Training
As in other verticals, the proper use of security systems and achieving their full potential is a challenge. All too often users fail to understand a system's capabilities and therefore underutilize the system. “The pressing problem about security systems is that we don't know what we are buying. We install them, but don't fully use them to their full potential — it's more of a ‘check-the-box,'” said Ahrens.
Apart from the technological challenge, the human factor is important. “When integrating hospitals and other healthcare facilities, sometimes the technology isn't the problem as much as the psychology of the people involved and their different approaches to security,” explained van der Bijl. For example, employees of a mental health institution will have a more pro-security culture as opposed to a community care facility where employees have lower security awareness. In this case, the integration of the two facilities is more complex than just integrating the security systems. Van der Bijl recommends making security a concern for all hospital staff and not just security officers. “One of the roles of the security function is also to make sure security is visible and promoted among the employees. Reporting security incidents should not be in a stand-alone system but should be part of the hospital's reporting system,” noted van der Bijl. At the end of the day, a lot still depends on the quality of the security officer. “Smart security officers are highly critical, they are the face of security and should have the proper training on how to behave in a hospital,” he concluded.
Choosing the right security system seems like the biggest challenge, however, healthcare operators should also emphasize education and training for their systems to ensure its proper use.
Role of Video Analytics in Healthcare
In the open and busy environment that exists in the majority of healthcare facilities, traditional analytics such as line crossing or license plate recognition have provided limited benefits. “Analytics are still at a price point that healthcare institutions can't justify,” stated Drew Neckar, Director of Security Services at the Mayo Clinic Health System. “However the next generation of ‘smart' analytics that rely less on a set of pre-programmed rules and more on providing alerts when situations vary from the ‘normal' conditions show significant promise.”
A robust video surveillance set-up combined with powerful video analytics can alert security staff to incidents before they occur by flagging anomalies in movement or behavior. “Certain behaviors can be indicative of imminent criminal activity or an incident; intelligent video solutions can recognize these actions and alert security personnel, freeing up their time to respond to incidents rather than monitoring banks of screens,” said Daniel Wan, UK Channel Marketing Manager at Honeywell Security. Additionally, integrated systems with access control can let teams know who is entering premises and more importantly who is leaving and with what.
Potential Role of PSIM in Hospitals
Physical security information management (PSIM) solutions have the ability to overcome the obstacles of separate access control systems and integrate multiple disparate security systems. They can also add multiple sub systems in addition to video management software (VMS) systems and access control such as public announcements, patient tracking, equipment traking, panic buttons, IT systems and building management systems. “The benefit of PSIM is that it answers the requirement for standardization, however it should come after a thorough evaluation of pros and cons,” said Sean Ahrens, Security Consulting Services Practice Leader at Aon Global Risk Consulting Security Practice.
PSIM can also help make sure the proper procedures are followed. “For instance, if equipment is tracked by RFID sensors and if it is not properly sterilized, the PSIM can alert to this missed step, allow for a corrections to be made, and save the hospital non-compliance fines. This is one way PSIM results in a strong return on investment (ROI) for healthcare customers,” explained Ellen Howe, VP of Marketing at Vidsys. Though its potential is recognized, PSIM in hospitals is still not widespread. “Many hospitals postpone decisions due to price concerns, but there is definitely a significant ROI when comparing this to running separate systems, for example in monitoring and auditing access logs, or in the case of an alarm,” said Ahrens. For example, if there is an alarm for an abducted child, the security officer can immediately see what the perpetrator looks like and take action instead of searching for footage in different systems.