Access Control Systems Reevaluated in Wake of Mass Shootings

The mass shooting at a Tulsa hospital leaves many facilities rethinking access control

By Mackenna Moralez

Five people, including the gunman, were killed June 1 in a mass shooting at Saint Francis Health System’s Natalie Building in Tulsa, Oklahoma. That same day at Miami Valley Hospital in Dayton, Ohio two people were also shot and killed.  

“There is nothing more this community can do for us than pray for the families and loved ones for the victims of this senseless act,” says Cliff Robertson, CEO of Saint Francis Health Systems said at a press conference. “There are over 10,000 of us [healthcare workers] who are part of the Sant Francis Health System that every day commit their lives to taking care of people in need. This horrible, incomprehensible act is not going to change that.”  

The mass shootings occurred just one week after 19 children and two teachers were murdered at Robb Elementary School in Uvalde, Texas, and  weeks after 10 people were killed at a grocery store in Buffalo, New York.  

As more details of the shootings have been revealed, many healthcare facilities managers have begun reevaluating their organizations’ active shooter plans and reconfiguring access control systems. These systems or programs can be physical, electronic or a combination. The main goal, though, is to only allow people with approved access to enter a facility. All businesses and facilities must be organized for a robust response to disaster events.  

“We use the term all-hazards plan, and some people think it’s an answer to any disaster,” says Scott Cormier, vice president of emergency management, EC, and Safety with Medxcel. “What it really means is that for any disaster, we have a common process in the early stages of the event: acknowledging there is a disaster, making notifications, communicating with internal and external partners, and coordinating resources. We then write specific plans for our top hazards and vulnerabilities, such as a tornado, hurricane or mass causality incident. The plan also includes resources and contact lists to respond to other events.” 

When creating a plan, managers must lay out who and what they are trying to protect and why. There are various stages of vulnerabilities when it comes to protecting people and critical infrastructure, so it is up to managers to find appropriate access control systems and ensure that the right people have access to certain areas and information so that no one or thing gets harmed. 

Among the access control components used in healthcare facilities are: 

  • physical security 
  • barriers 
  • uniforms/ID 
  • key  
  • cipher lock 
  • passive card 
  • active card 
  • smartphone 
  • biometric. 

Managers must also ensure that front-line technicians maintain access systems so they are always updated. Whether it is changing the code when an employee is terminated or regularly training those who are allotted access, it is essential that there is not a gap in judgment when it comes to security.   

“What happens in healthcare is that we see senior executives worry, and they’ll do a knee-jerk reaction of, ‘Well, you know we’ve had vulnerabilities in our access control systems, so let’s do something now that’s a bit over the top,’” Cormier says. “It’ll keep the senior executives happy, but you can’t sustain that. Pop-up programs are usually the first things to get cut. You need to think of it as how you can implement and sustain a program without it potentially getting cut whenever the budget gets cut.” 

Access control is sometimes viewed as a revenue-depleting portion of healthcare. While many organizations try to run these systems with limited funding, it is essential that managers incorporate these into their operations so that they can maintain an open and healing environment. This allows for trust to be built within the greater community and proves that they can be relied upon when disaster strikes. 

“Healthcare facilities need to understand that during a disaster, they are a critical asset to their community,” Cormier says. “Closing or curtailing services because you do not have an adequate plan or resources is not an option. We need to be resilient and have a proper plan and process to ensure we are making the right decisions so we can continue to be that critical asset to our communities, as well as protect our patients and staff.”  

Mackenna Moralez is the associate editor with Healthcare Facilities Today.

June 3, 2022

Topic Area: Safety , Security

Recent Posts

How Location Data and Analytics are Revolutionizing Site Success

True site success prioritizes important mission and business objectives, such as patient volume and physician utilization.

Memorial Hospital of Lafayette County to Rebrand

The rebranding will coincide with the opening of a new location in January 2025.

Man Dies by Suicide at Wisconsin Hospital

The incident appears to be part of a murder-suicide.

What to Expect at NFMT 2024

Returning this March, NFMT brings a must see offering of events and activities.

Orlando Health and Acadia Healthcare Break Ground on New Hospital

The 144-bed behavioral health hospital is slated to open in spring of 2025.


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.