Think of hospital security like peeling an onion. Each layer – from the property perimeter to the innermost highly-sensitive areas – presents its own set of challenges that need to be addressed. To achieve the best solution for each layer you need input from a team of stakeholders who can provide their own perspective on what needs to be done. Without the diverse input, a solution that appears optimal to one party might, in fact, inadvertently create a whole host of problems for another party who was left out of the decision-making process.
A prime example is a hospital where I was previously employed. The administration directed the architect to redesign the Emergency Department to be a more open environment for patients and visitors. The project turned out beautifully. Unfortunately, the renovation allowed non-hospital people to wander into areas where they shouldn’t be. There were issues with gang members and feuding family members gaining access to the ward and causing disturbances. The missing element in the design process was input from the people who really understood the potential problems. If the medical staff had had input, they could have shared their expertise with the architect about what really happens in the emergency department on a daily basis and what they needed from the redesign to protect their patients. If the Security and Facilities Departments had been involved in the decision-making process they would have suggested other layers of protection that needed to be included. But they weren’t asked. As a result, the hospital ended up spending a lot of money to retrofit the newly renovated area with network drops for programmable door locks, access control systems, surveillance cameras, etc. to correct the safety and security deficiencies that no one had considered at the onset of the project.
Peeling the onion
There are four major layers of the hospital security onion – property perimeter, building perimeter, interior perimeters and the innermost sensitive areas. To ensure maximum protection at each layer, design decisions need to be informed by a risk assessment team well-versed in the unique safety and security challenges of that layer. Depending on the layer, that team might consist of representatives from a range of departments such as security, facilities, IT, infection control, medication safety, the specific area’s medical staff, environmental management, human resources, and even custodial services. Overarching all these inputs, of course, are HIPAA mandates and the requirements from the Joint Commission that oversees the hospital’s accreditation.
Defining the layers
The outermost layer of a medical center is the property perimeter. It’s an open environment that includes the adjacent streets and alleyways where the general public passes by and through. The next layer is the building perimeter where you want to control the way people flow in and out of the facility. The next layer encompasses interior perimeters, areas where you want to segregate public areas from staff areas and control visitor access to certain areas of the building. And then at the core of the onion are the highly sensitive areas – the pharmacy, the blood bank, the operating theaters, the intensive care units, the neonatal and post-partum areas where security needs to be at its highest.
Mitigating property perimeter risks
One of the foremost strategies for securing a property perimeter is called CPTED, Crime Protection Through Environmental Design. This involves using physical structures such as flower boxes and bollards (concrete posts) to block motorists from encroaching on certain areas, such as walkways, or smashing their vehicles into the building. CPTED could also include using fencing and signage to guide traffic and pedestrians along specific pathways. While there are certainly design aesthetics involved, security and facilities should have input into strategic placement of structures, etc., to ensure that mitigating measures won’t impede first responders in an emergency or hamper people from quickly exiting the building during an evacuation.
Mitigating building perimeter risks
Property beautification is always an element of designing building perimeters. But it’s important to make sure vegetation is properly trimmed to prevent obstructed views from windows. Large shrubs present a potential danger because they provide nefarious individuals a place to hide and wait to ambush unsuspecting visitors or staff. In addition to security and facilities, the landscaping teams should be included in the discussion to ensure that the selection and maintenance of the flora provide the right balance between aesthetics and safety.
The other important consideration is how to control the flow of people in and out of the building at different times of the day. Foot traffic is very different at eight o’clock in the morning than it is at eight o’clock at night when there is less staff in the hospital. Input from the medical staff and the security team can help the hospital make an informed decision about which doors should be locked after certain hours or where security patrols would be most effective.
Equally important is the ability to quickly lockdown the facility in case of an emergency. Case in point, in the hospital where I worked there was a shooting out on the main street. Given the way we designed our door systems, we were able to automatically lock all the outer doors and prevent the shooter from running into the hospital with that weapon.
Mitigating interior perimeter risks
One of the simplest ways to delineate between public and staff-only areas is through signage, which usually falls under the purview of the Facilities Department. In addition to these navigation aids, Security and IT, along with medical staff, need to be part of the preplanning to determine which doors might require addition security measures such as door locks and keycards or biometric access controls and how best to install the technology. For instance, waiting rooms may be open to the public. But the offices behind those rooms that might contain patient records and people’s belongings would need to be protected by some admittance restriction system.
Mitigating sensitive area risks
Highly sensitive areas generally require multiple levels of progressively tighter security. They can run the gamut from signage designating areas for “Authorized Personnel Only” to automatic door locks to badging systems that limit individual access to departments, specific rooms, medication carts and pharmacy stockrooms. These areas would also need to be under video surveillance so that in case of an event (such as theft of narcotics) the hospital would be able to verify who accessed those locations and when. But the strategic planning of what measures get implemented and where requires team input from a host of hospital departments – IT, Security, the medical staff, Facilities, Human Resources and more. For instance, one of common weak points of a keycard system is keeping the database up to date to prevent breaches. There needs to be agreement on who will be responsible for credentialing new employees, changing the access authorization of staff who switch departments, and de-activating credentials for individuals who no longer work for the hospital.
Getting it right the first time
The underlying message is that preplanning should be a team effort. In the long-run, it’s far more cost-effective for multiple disciplines to sit down together to hash out the safety, security and operational pros and cons of a proposed solution than it is to remedy deficiencies after the fact.
Paul Baratta is the healthcare industry business development manager for Axis Communications.
See the latest posts on our homepage