Strengthening weak zones for total hospital security

With 24/7 operation, hospitals need to be open enough to allow the flow of patients and staff, while restrictive enough to prevent unauthorized people from entering sensitive areas within the building. Hospitals house pharmaceuticals, which need to be secured around the clock; patient records, which need to be protected; and infants in the maternity ward, who need to be monitored to prevent abduction. Security directors face a myriad of challenges as they strive to protect patients, employees, and visitors.

Hospitals are unlike other environments. “Hospital security is far more complex than simply understanding the threats posed to a particular facility based on its contents. It is important to understand how most hospitals manage access to specific departments,” said Scott Bartlett, CEO at Southwest Surveillance Systems. “There are typically two critical steps in a modern hospital. The first step is in the physical layout and construction of the hospital campus. Modern hospitals are built from the ground up with efficiency in mind. This means that the physical structure of the hospital facilitates proper security but does not hinder the productivity of the staff.

For example, a new hospital construction firm will interview the future staff of a new hospital to understand the typical workflow of an ER surgeon and the systems and facilities that she must access to effectively do her job. During this interview, the construction firm understands how to make the surgeon's job easier by ensuring that he or she doesn't have to cover great distances or traverse multiple security checkpoints to take care of their patients. The more work done during this phase, the easier it is to implement automated access control in the second phase. This is because it is very important for a hospital to balance security needs with its efficiency. This is a huge problem in older institutions and may present an opportunity for the right technologies.”

“The second step in securing a hospital is to implement some ID-based security policy,” added Bartlett. “This typically includes badging to identify a staff member's level of access or maybe even a magnetic key card that is used to provide electronic access to facilities housing information systems or other systems that contain patient information. Unlike financial institutions or intelligence firms, hospitals cannot be locked down, due to the nature of the health care business. Staff members must be allowed to quickly and efficiently navigate the hospital campus to ensure positive patient outcomes.”

Management with Access Control
More hospitals today choose an enterprise-level access control system to streamline their operations. By replacing keys with access control credentials, health care security directors can improve the security of pharmacies and data centers by knowing who accessed a specific area, in the event of an incident. “The main focus of access control in hospitals falls on two things,” said Matt Vellek, Southeast Regional Sales Manager at AMAG Technology. “First, the importance of controlling access to sensitive information or critical areas of the hospital is high. Secondly, having the audit ability to identify who was granted access to those areas is increasingly important for investigatory and audit ability reasons.”

Pharmacies, for instance, may need to be able to demonstrate traceability of drugs. “Nurseries need to restrict access to authorized staff and family members, to protect the safety of infants,” said John Davies, Managing Director at TDSi. “Psychiatric wards need to restrict entry to unauthorized people in order to protect the vulnerable patients and also to monitor and restrict the exit of patients who may be unsafe leaving the area unaccompanied. Any areas using radiation or dangerous substances, such as X-ray rooms, need to guard against unauthorized access due to the hazards present.”

Unified Video
Hospital security is complex and electronic access control alone cannot solve all security problems. Surveillance sees new uses in hospitals. Areas such as the ER, parking lots, and entrances need to be constantly monitored to ensure that patients and employees are safe. In addition, hospitals should thoroughly consider the location of security monitors to ensure full viewing by the appropriate personnel so security officers can respond swiftly to an incident.

“By implementing IP surveillance monitoring with integration to other information and access control systems, hospitals can monitor workspaces and even staff members through their workflows and trigger alarms or automatically secure sensitive areas from unauthorized access. To accomplish this, cameras would be installed in literally every functional space in and outside the hospital walls,” said Bartlett. “This is why HD network cameras will become essential to modern hospital facilities. One doctor we interviewed suggested that if cameras could trigger audits or access-control events based on badge colors, barcodes on a badge or maybe a particular image memory, then most access control could finally be automated without endangering patients.”

Taking access control a step further and integrating it with video surveillance turns these individual components into a powerful security management tool that can provide data to the hospital leadership. “Technology available today allows for the creation of different types of access for various departments to be established through the permission-based settings programmed into the software, which operates the hardware,” said Kenneth Mara, President and CEO at World Wide Security. “For instance, we can design a system utilizing biometrics to provide or deny access to certain employees designated to be in that area. We would also incorporate a camera to provide a clip, or extended surveillance, of the activity of that person in a high-risk or elevated-security area. There are many reasons a hospital may need to know who is coming and going, such as where pharmaceuticals are stored or where medical record information could be compromised.”

HD Picture of Health
HD cameras provide direct benefits with higher clarity and resolution. Analog cameras used to be for point protection only. With HD quality, cameras have a wider field of view. This is changing the need for PTZ, with fewer costs less for labor, materials to install and operation, said William Plante, Director of Professional Services at Aronson Security Group.

Hospitals often have good working relationships with local police, who may request footage of individuals during investigations. HD cameras may prove their worth for their superior video clarity. They may also lead to increased employee satisfaction, as personal property thefts could be investigated with better success, said Ben Myers, Director of Plant Operations at Deaconess Medical Center.

Biometric Identification
There is a requirement within hospitals to restrict access to specific areas, such as X-ray rooms and children's wards. In these areas, there may also be the requirement for multiple forms of identification before access is granted to add an extra layer of security, said Andrew Fulton, Senior Director of Global Sales at CEM Systems.

“For the highest security areas, hospitals can implement multifactor authentication including, for instance, biometrics, which increases the probability that an individual presenting a card to a reader is the same person to whom the card was initially issued,” said Sheila Stromberg, Director, Corporate End User Strategies at HID Global. “Since these identifiers, such as fingerprints, hand, and face geometry, or patterns found in the eye's iris, can't be borrowed or stolen, biometrics provide identity authentication with a strong degree of confidence.”

Control of restriction levels is more easily accomplished in a networked access control environment. “Biometric readers can be installed where needed, and as each user presents his or her smart card and fingerprint for identity verification, the entry records are uploaded in real time to the central server through a controller over a TCP/IP network,” Stromberg said. “If the system is based on an open architecture, the controller can also be integrated with other application modules for centralized management and reporting, enabling this biometric entry log data to be correlated with other information.”