In a recent Campus Safety webcast focused on hospital security Ben Scaglione (director of healthcare security for DVS, a leading security consulting and engineering firm) noted that “since security isn’t a profit center, it’s important to get it right from the start.”
Nonetheless, he’s found that healthcare organizations consistently make one key mistake. This invariably leads to their security costing more while delivering fewer benefits.
As Scaglione explains, “People are very, very smart: Patients, visitors, and staff who go through the facility feel unsafe when they see doors propped open, old security devices hanging off the walls, lights burned out at night, and people walking into areas without being checked, or not checked consistently. … [This all contributes to] that perception that the hospital really isn’t paying attention to security.”
In many cases, the hospital security measures in question are perfectly adequate. But a slapdash appearance—mismatched door hardware, dangling wires, nonsensical screw holes, and perpetually deactivated alarms—degrade the organization’s credibility among those they serve and their staff. This then decreases patient and employee satisfaction, creating a vicious cycle that does result in lowered security.
But how is it that hospitals so consistently end up with security that costs more, but leaves everyone feeling less safe?
They don’t bring security to the table at the beginning of the design process.
Common Problems in Healthcare and Hospital Security
In Scaglione’s experience, there are four tell-tale signs that hospital security was a late addition or afterthought to a construction project. These include:
- Inconsistent door hardware and access-control technology
- Examples: Doors that don’t need returns have them, doors are missing locks or have redundant locks, locking mechanisms are inconsistent or mismatched
- Equipment installed incorrectly or put to the wrong use
- This includes mag-locks or other systems modified to fit on a door type for which they weren’t designed
- Fire doors with exterior handles when not required by code/law
- Scaglione: “All that is is a handle for someone to pull on and force the door open” or a handy tie point for someone to prop that door open and start bypassing security as a matter of “convenience”
- Redundant cameras or cameras mounted too close to lights
- Cameras too near security lights will be blinded at night; redundant cameras leave staff and visitors wondering how well the security is thought out—and would-be criminals doubting the cameras function at all
A Note on Security Cameras and Deterrence
Although not very common in hospital security, Scaglione is extremely opposed to leaving up a non-working video camera as a “deterrent.”
First, he’s quick to point out that the presence of a video camera has never been shown to act as a consistent deterrent to crime on its own. On top of that, the idea that you sought to deter crime with a camera you knew did not work creates a huge liability:
“I was involved early in my career, in the ‘70s, with a Fortune 100 company in New York City that made the decision to install a fake camera, because it was too expensive to run the cable [at that time]. … A woman was raped in view of the [fake] camera. … That institution paid tens of millions of dollars to that individual … Here’s the thing: If you think you need the camera there, then you’ve determined there’s a risk. So, if you determined there’s a risk, you need to mitigate the risk.”
Possible appropriate measures would have included putting up more lighting, adding the area to a regular security patrol, or mounting working monitored security cameras. “Putting a fake camera up that doesn’t work doesn’t mitigate a risk, there’s no proof that happens. … So the liability is extremely high.”
Six Steps to Providing Hospital Security for Patients, Visitors, and Staff
According to Scaglione, there are six steps that will help you successfully address hospital security through facility design:
1. Include Security at the Beginning of the Design Process
This is number one. In the absence of comprehensive planning, you almost always make design choices that run counter to good security practices, or run afoul of the operational needs of the facility. This leads to expensive last-minute changes. It also manifests as good, properly specced equipment that isn’t used or activated. Often, that’s because it’s functionally redundant, or because using it hinders some vital business or healthcare operation.
If you’re practicing CPTED (Crime Prevention Through Environmental Design), bring in the landscape architects early, and connect them with your security consultants. It’s extremely common to see otherwise secure facilities undermine safety with poorly thought out landscape elements. Although an increasing portion of landscape architects are knowledgable about security, it still isn’t the norm across the industry. Expect they’ll need security guidance.
2. Perform a Comprehensive, Facility-Wide Risk Assessment
This is another situation where it’s important to have as many people “at the table” as early as possible. A good, comprehensive risk assessment will leave you with a broad understanding of the risks and threats to the building, staff, patients, and visitors. This should take into account attackers of all motivations (ideology/terrorism, emotionally disturbed patients/visitors, spillover domestic violence, economically motivated crime, etc.) as well as natural disasters, weather-related events, and social instability/civil disturbances caused by outside factors.
3. Work with the End Users
Not including end-users (e.g., nurses, technicians, doctors, maintenance, etc.) in your planning is the second great cause of the sorts of mistakes listed above. When security gets in the way of people doing their day-to-day jobs, they will circumvent the security. This isn’t malicious—it’s human nature. And if a person can accidentally circumvent your security, what hope does that system have of protecting your people from a motivated attacker?
Additionally, end users have the deepest insight into the “unpredictable” things confused or stressed hospital visitors do. Consulting with nurses early will prevent huge headaches later.
4. Coordinate Door Hardware with Fire Safety
The interaction of building codes, fire safety codes, ADA-compliance, and the safety realities of a specific organization and community can be maddening. But, in the end, most contractors can sort it out with a safe result. The real problem is that you end up with nonsense redundancies, like door returns on doors without fire ratings. This creates needless visual clutter, undermining security by fostering a sense that the “people in charge don’t know what they’re doing.”
5. Help the Security Director/Consultant Follow Through the Entire Process
It’s not uncommon for vendors, integrators, or installers to make minor changes during installation. But they only work on one part of a complex system. They are no in a position to understand the knock-on effects and stacking errors such “tweaks” create. For example, swapping out a specific door because of some unforeseen issue may make it infeasible to later install the access control system used elsewhere in the building.
6. Make Sure the Security Director/Consultant Validates the System
The same security consultant who shepherded this project from the start should walk through and validate the entire system at the end. What was installed? Was it installed correctly? Does it look good? Does it work as expected?
Little errors and adjustments happen at every stage of any project. Over the course of events, they stack up. A slightly wider than necessary gap between the door and jam isn’t a big deal. Neither is swapping in a different strike plate, because the specified plate was out of stock. And every door is going to have some play in it. But all of this taken together can make for a situation where a dead latch doesn’t engage properly. Your expensive building-wide cloud-controlled access control system won’t help if the door latch can be defeated with a butter knife.
Hospital Security in an Age of Coronavirus
Total Security Solutions CEO Jim Richards notes that “We’ve seen an uptick in hospitals” looking to secure their ERs and triage areas with ballistic barriers. But he’s quick to note that this is not a sign of brewing social unrest.
“This has been a long-term trend. For at least the past five years, violence against hospital workers has been on the rise. We are, as a society, more security conscious. Improving security is just part of what hospitals need to do when renovating now.”
But in this age of coronavirus, what truly worries Jim is cybersecurity:
“In the news, we’re hearing about phishing attacks that take advantage of people’s fears about coronavirus, and foreign nations spreading misinformation about the disease. They’re even targeting the computers of hospitals and health agencies. And there’s been a huge growth in remote work. With everyone who can do so working remotely, we know this is only going to increase—and get even more disruptive. I’m telling everyone in my organization: Let’s continue to operate with extreme caution and common sense. Security is in what you do, not just where you do it.”