What security integrators can do to implement a successful hospital project

This article, originally published in 2021, has been updated with cybersecurity recommendations.

Hospitals increasingly turn to security technologies for protection. This note discusses how SIs can play an instrumental role in this regard.
 
Amid reports of violence against medical staff, hospitals now turn to security technologies to protect staff and assets. In this regard, systems integrators play a critical role in making sure that the project meets the hospital end user’s requirements. Below are things SIs can do to implement a successful hospital project.
 

Know user needs

 
For starters, the SI should gain a deep understanding of what the hospital user’s needs are. “Integrators should be able to listen to the needs and challenges faced by each hospital and its staff to ensure they implement useful and specific technology for those needs,” said Jermaine Santoya, Industry Marketing Manager at Genetec.
 
“To deploy hospital security systems, it is important for integrators to start with the process for human behavior. By understanding the process and the environment, they are then able to better understand the unique security needs of that facility. For example, a hospital in a rural community may have different needs than a hospital in the heart of downtown,” said Kyle Gordon, VP of US Field Sales at STANLEY Security.
 
As an example, the SI may want to listen to the end user on where violence is more likely to happen in the hospital, and deploy security accordingly.
 
“Violent incidents are more likely to occur in areas where the public meets the hospital staff. For example, an emergency room (ER), a lobby cafeteria and parking areas are the most likely to see violent incidents. In ER’s, there is the threat from irritated family members or potential patients who grow angry with long waiting lines. In parking lots and entrances, there are often issues with individuals loitering and even committing aggressive or violent acts towards others,” said Chris Sessa, Director of Key Accounts at Salient Systems.
 

Understand technologies

 
SIs should also be knowledgeable of hospital-centric security technologies, which include and are not exclusive of: video surveillance, body-worn cameras, video analytics, access control, panic buttons and even metal detectors.
 
“Traditional metal detectors can play an important role in the hardening of healthcare security. However, there are two distinct pitfalls to consider: long lines with crowds and close contact with people who are handling your belongings. It’s a very high-contact process that, overall, slows down entry operations,” Gordon said. “Weapons and threat detection solutions are more robust than traditional metal detectors. Using AI technology, they are more accurate and can detect weapons without guests having to empty bags, allowing medical facilities and other organizations to streamline and simplify the screening process.”
 
To avoid these devices working in silos, a unified platform that integrates them and provides a single dashboard for the operator can be ideal.

"A unified open platform VMS can provide situational awareness to healthcare institutions, as well as an integrated approach. Panic button, nurse call and other alarm integrations into a video platform allow for a direct correlation of specific alarms to a direct video feed for immediate visibility of the situation – ultimately leading to a better, more intuitive response,” Sessa said. “Integration with access control or visitor management platforms can reduce the number of visitors for specific areas, such as lobbies, ER departments and other areas where people gathering can be an issue. Open platforms lead to a more flexible system that allows healthcare facilities to utilize technologies for their specific needs.”  

“A fully integrated security system means more efficiency for the medical facility, which ultimately means having more capacity to serve the community and the patients. Without the integration of these solutions, hospitals are missing out on the huge impact of this technology to help manage operations and contribute to a safer and more secure healthcare environment,” Gordon said.
 

Cybersecurity and privacy

 
Integrators should also be well-versed in securing networked security/IoT devices in hospitals. This is especially important at a time when attacks on hospital IoT devices have become more common. In fact, according to a recent whitepaper, “Internet of Things: Embedded Security Guidance” by Center for Internet Security (CIS), 80 percent of healthcare organizations were targeted with cyberattacks in recent years and 25 percent of cyberattacks against hospitals involved IoT.
 
That said, making sure that networked devices in hospitals are hardened against cyberattacks becomes key. According to the CIS whitepaper, the following may be done to ensure the security hygiene of the healthcare facility:
 

• Secure devices with product integration:
       * Next-generation firewalls
       * Network access control
       * Wireless management solutions
• Network segmentation
• Regular audits of devices carrying personal and confidential information along with the retirement of such assets if they’re not being managed
• Ensuring multi-factor authentication on all devices
• Key management

 
Privacy, meanwhile, has also become critical, especially if analytics and body-worn cameras are used. “There are a number of things to consider when looking to roll out body-worn cameras. BS 8593:2017 Code of practice for the deployment and use of body-worn video is a useful starting point. It covers the 12 guiding principles of the Surveillance Camera Code of Practice, which aims to ensure that the purpose of a rollout is justifiable, appropriate and proportionate to the requirements of the person wearing it, while the privacy of those being recorded is respected,” said Chris Allcard, Lone Worker Services Director at Reliance Protect.
 
To meet cybersecurity and privacy requirements, there should be close collaboration between the hospital end user, vendor/integrator and manufacturer. “Vendors should take the time to understand current security measures in the case there is room to incorporate those into the new product. Additionally, there should similarly be a collaborative effort in the supplying process between vendor and manufacturer. Vendors should work to influence the manufacturer to list out known vulnerabilities so that issues can be communicated early and often to clients,” the CIS whitepaper said.
 

Think beyond traditional security

 
Finally, it’s important that the integrator should think beyond conventional security. They should look at new technologies developed in recent years and see how they can meet hospital users’ complex needs.
 
“Integrators should not be afraid to look outside the traditional means of security.  Video analytics, real-time location services, and license plate recognition are just a few of the technology advancements that can significantly improve the overall safety and situational awareness in a hospital," Santoya said, adding real-time location solutions can be especially helpful.

"Hospitals can go one step above access control by deploying a real-time location solution for staff and even patients. This technology would allow hospital security staff to precisely know where each individual is located on the premises, to complement access control and video monitoring,” he said.