Security assessment checklist ideas for healthcare facilities
by Paul Kazlauskas
A hospital can be an emotionally charged place. Most times, patients are not happy to be there. Their family may disagree with the patient’s care, causing tension. This tension can lead to aggression.
Violence in hospitals is an epidemic. No healthcare worker should be assaulted while trying to perform their job. So it is critical for your security department to conduct an outside security assessment with a certified healthcare security professional. With the help of an outside expert, your hospital security department can determine the correct procedures and train all staff on how to react, no matter the situation.
Security assessments are a holistic look into the overall physical security of a building or facility. It involves a walkthrough of the facility with evaluations of security tools and their functionality. Many organizations never evaluate their existing physical security tools. They may spend thousands of dollars on physical security controls, but don’t know whether they are the correct tools and if those tools were implemented correctly. A security assessment can take an objective look at the tools in place, identify where security is strong, and make recommendations on areas that need improvement.
A security assessment for a healthcare facility starts with defining objectives. These can be simple goals such as “maintain hospital operations,” “critical asset protection,” and “patient and staff safety.” Your objectives should take into consideration any disruption to the functions outlined, which could result in significant destruction of the healthcare facility or involve injuries to people.
Each objective has multiple functions that need to be assessed for hazards and susceptibilities. These functions are static, for the most part, regarding the risk management framework directive, which is process that integrates security and risk management activities into the system development life cycle. These functions of the plan must be followed:
- Identify the risks
- Protect the assets and services
- Detect what is happening, when it is happening, and where it is happening
- Respond with the appropriate level of resources
- Recover from the event to keep the essential services operational (Continuity of Operations Plan or COOP) for the public good
A successful security assessment of a healthcare facility should include these three components (in collaboration with your security team):
1. Definition of the objectives and what you need to keep safe
If the objective is “personnel safety,” identify the types of people in the building and where they congregate, for example, smoking areas, break rooms, and/or parking lots. Defining objectives cannot be overlooked or blended into other phases. It’s critical that security teams and management work together to clearly identify objectives.
2. Identification of the threats, vulnerabilities, and risks
Threats are defined as an event that would significantly reduce or destroy the functionality of a healthcare facility. These could be naturally occurring or happen because of people’s actions. Vulnerabilities include where and what would be attacked and how to prevent it. Risks are identified as what an attack would do to operations and what is likely or unlikely.
In this step, you identify the types of dangers to personnel. Their likelihood should be listed and given a “rating” as to their probability. The rating system is determined by the security team, but it must make sense and be scaled.
The Department of Homeland Security lists the following as the most likely threats to a healthcare facility:
- Active shooters
- Disgruntled or violent persons
- Bomb detonation
- Criminal violence
- Proximity to neighborhood violence
- Dangerously-close proximity of the hospital to other high value targets such as military bases, power stations, and government buildings.
3. Application of risk mitigation techniques
At this step in the planning, a meticulous review of resource allocation is required to include the “rating” designators discussed in step 2 to rate the likelihood of one event and its impact versus another. The team should take into account the single-loss expectancy and consider that against the annual rate of occurrence to compute a loss expectancy over a year’s time. Once the decision is agreed upon, it’s time to decide on the types of solutions to implement at your facility.
There are numerous possible areas to protect and account for in a healthcare facility. Security integrators can provide guidance to not only select the correct product(s), but also to properly deploy the solutions and give your facility a plan for what success will look like. Here is a sample of the types of solutions available that can help healthcare facilities protect their patients, employees, and facilities.
- Access control systems
- Visitor management software
- Perimeter detection systems and alarms
- Intelligent lighting systems
- Sensors on doors and windows
- Surveillance cameras
What other procedures can be added to the list so healthcare facilities can conduct the most thorough security assessments possible? Please join the conversation by adding your thoughts in the “Comments” section below.
Want the latest, best security practices delivered straight to your inbox? Enter your email address in the "Subscribe" area (on the left side navigation).
Download Free Whitepaper ›
Our exclusive "Guide to Choosing a Visitor Management System"
Posted on 5/17/2018