Hospitals aim to provide a caring environment for the sick and injured, and, today, they face heightened violence and crime that drive demands for more integrated security measures.
Hospitals and clinics are getting more involved in external conflicts, said Yannick Bietenholz, Senior Manager of the Healthcare Ver tical at Siemens Building Technologies Group. ¨While increased violence is being targeted against staff, other patients and visitors could also be attacked. Relatives of a car accident victim may,〃 he said, ¨seek revenge on the hospitalized perpetrator or the husband of a deceased woman may chase down the doctor who, as he sees it, is responsible for her death.〃
According to a report by GE Security, healthcare and social service workers were at a high risk of violent assault. In 2000, the U.S. Bureau of Labor Statistics noted that 48 percent of non-fatal injuries from assault or violence occurred in a healthcare environmentone of the highest among occupations. ¨Assaults on staff by people under the influence of alcohol or drugs in emergency wards are rising. Confused patients in psychiatric units or stressed families can also become increasingly aggressive,〃 said Bietenholz.
Compared with other verticals, demand at hospitals lags because of budget restraints. ¨Hospitals invest capital on revenue-enhancing projects or patient care first, before looking at security infrastructure,〃 pointed out Jennifer Stentz, Director of Healthcare Solutions at Johnson Controls. ¨That goes for whether it is new medical equipment or technology, or recruiting new physicians or specialists; security historically is at the very bottom of the list.〃
Bob Weronik, Client Manager of the Healthcare Solutions Team at GE Security, agreed. ¨Hospitals have to work on security as cost-effectively as they can. The technology can do anything with open APIs. The reality, however, is that it can be costly and require extensive maintenance, support and staff competency.〃
As competition increases, hospitals are differentiating themselves; this business-oriented approach is driving demand. ¨If hospitals provide a stronger security platform for patients and staff, they can improve market share and attract better staff,〃 suggested Stentz. ¨As cost-effectiveness becomes the central theme, hospitals are optimizing spending to ensure efficiency of care processes, including security,〃 pointed out Bietenholz.
Regulation and Risk
As outlined in the GE report, regulatory measures established by organizations such as Joint Commission on Accreditation of Healthcare Organizations (JCAHO) in the U.S. set a minimum standard for hospital funding. These offer the most expedient method of compliance with government healthcare reimbursement requirements. These security compliance standards include managing security of facility occupants, implementing security controls, identifying people entering the facility, controlling access into and out of security-sensitive areas, and implementing infant and pediatric abduction security procedures. ¨Clearly, security technology has the capability to enhance an organizationˇs compliance efforts with these standards,〃 said Weronik.
Before deciding on which security technologies to install, the very first step that hospitals should take is to conduct a comprehensive risk assessment, while formulating a master security plan. Each hospital has unique security demands, stressed Bill Nesbitt, President of Security Management Services International. ¨The security solution is situational; all depends on the unique environment of each healthcare facility.〃 Crime environmenthistorical data, past incident reports and geographical settingis one factor. Others include hospital access and visitor management, security design, integration of alarms and CCTV, and effectiveness of security personnel, added Nesbitt.
Weronik seconded this. ¨Senior management may not have a clear under s tanding of the regulator y necessity to safeguard not just patients, but also staff, visitors and critical assets. At the end of the day, hospitals really have to make an early decision on the right choice for them.〃 He suggested that system integrators explore very early on if there is agreement among senior leadership on where the risks lie. Nesbitt shared the same view. ¨Hospitals quickly pick up on vendors that do not really understand the unique needs and environment of the healthcare community. If vendors try to sell their wares on the basis of what they did for some other hospital, they run the risk of creating a real turnoff.〃
Openness vs. Security
The utmost challenge for hospitals is the paradox that, on the one hand, they need to ensure security of people and assets; on the other hand, they need to provide convenience and freedom of movement. ¨Generally, the first concern is to be available and open to all,〃 observed Bietenholz. One effective strategy is the onion peel approach. ¨This approach ensures that the outer-most edge of the hospital environment is relatively easy to access. This could be the public waiting area or emergency room. Then, as one goes in toward sensitive areas, such as archives, pharmaceutical storage and labs, one is challenged with increasing security,〃 explained Bietenholz.
As par t of this, said Stentz, there is increasing separation in new hospital construction of employee areas from those provided to patients and families. ¨Staff-only corridors, hallways and elevators ensure that hospital staff can move around faster. This also minimizes traffic and noise, and patients have fewer restrictions as long as they stay in patient-only areas.〃
Sensitive areas within hospitals include pharmacies, s torage of hazardous mater ial s, cashier of f ices, data cabinets, vital control installations and certain wards. Access control is the most basic strategy in preventing unauthorized entry. Scott Wiley, Global Product Marketing Manager at GE Security, identified management software as the wizard behind the scene. ¨If hospitals have areas that require audit trails (who has access to certain files and when they have access to it), access control software helps. The software allows users to set up different entry rules such as the two-man rule, which requires that two people go in instead of just one at a time.〃
Integration is key. Simon Harris, Senior Research Director of Security & ID Research Group at IMS Research, pointed out that there is strong demand for fully integrated security systemsvideo, access control and intruderin integrated systems. Weronik also stressed the importance of integration. ¨In a hospital environment, many peripheral systemspatient tracking, infant abduction, and fire and life systemsare critical. An open API access control platform that is fully integratable with these different healthcare systems, even if they are made by other specialized manufacturers, is crucial.〃
Management software allows the access control system to become the backbone of the overall security system, integrating security devices, such as video. ¨The most painstaking part of security personnel jobs may be going through hours and hours of video. Management software tags video so when doors open, an electronic index is added to that video. Users simply click on that event so hours of review are not necessary. The software also does video searches to detect motion. All you have to do is draw a box on the screen using the curser to identify every event associated with motion inside that box,〃 added Wiley.
¨If someone attempts to force the door or present an invalid credential, an alarm is raised and notification is sent to the security force. It then tags the video pop-up so security operators have visual identification of who is trying to access the area.〃
Streamlined Visitor Management
Controlling people flow at open areas such as emergency rooms and waiting areas is via a triage system- -more of a people and policy issue than electronic-based system. But electronic visitor management can be applied to keep audit trails of visitors. ¨The need that hospitals must address most is visitor management, but management is often afraid to create bottlenecks, especially when people come to see loved ones. There is a concern about long lines,〃 observed Stephen Thompson, Director of Fire & Security Products at Johnson Controls.
¨As the technology improves, you can quickly scan credentials like driverˇs licenses or other ID to generate badges,〃 said Thompson. ¨Then, you have a temporary picture badge printedthe ink fades after 24 hours so the ID can no longer be used. In addition, the badges are for general recognition not access control. Visitors are so identified. If something happens, a record of who they are and when they arrived is there.〃
A good visitor management system, asserted Wiley, should keep things moving by shaving precious seconds off the registration process for authorized visitors while still keeping unwanted visitors out . ¨Our system allows new visitors to register in less than 20 seconds; returning visitors are processed twice as fast.〃
An independent visitor management system in parallel with the hospitalˇ s existing access control system brings easier operation as there is less data to deal with. ¨Hospitals have different people utilizing visitor management systems than core security people. This may include volunteers manning front desks. Here, some level of partitioning or separation is good because we highly recommend that only authorized staff have access to the hospitalˇs central data and access control platform,〃 said Weronik.
He cautioned, however, that while the technology exists, controlling access in hospitals remains a challenge. ¨If one is not involved in healthcare on a day-to-day basis, one can easily say hospitals need to screen, document and identify visitors. In reality, however, heavy traffic flows are an immense challenge.〃
Weronik also questioned whether entry ways are set up to contain visitors and screen them. ¨Do hospitals have the personnel to do that? Will the hospitals invest in the technology to document who is coming in and out? Is it going to create an environment that goes against the hospitalˇs philosophy because they want to be a free and open environment?〃
Integrated Security in Healthcare: Part II