Hospital Security and Healthcare Safety: The “All-Hazards” Planning Approach

Setting aside coronavirus and pandemic-related safety issues, hospital security, and healthcare worker safety trends are still alarming on their own. According to the latest edition of the AFL-CIO’s annual worker safety report, Death on the Job: The Toll of Neglect, “workplace violence is a growing and serious threat, particularly to women workers and in the health care and social services sectors.” The report specifically found that healthcare accounted for roughly one-quarter of all workplace injuries/illnesses resulting in days away from work. For women, it accounted for over 80 of such missed workdays. And the numbers become even grimmer when we focus specifically on violence-related injuries. Since 2009, the workplace violence injury rate in private hospitals and home health services has more than doubled, and it’s been found that most deadly attacks committed in healthcare facilities involve a firearm.

Hospital Security Infographic

While most news reports focus on incidents in large urban hospitals, these trends include the full range of healthcare facilities: urgent cares, walk-in clinics, residential care facilities, and so on. According to the AFL-CIO report, healthcare-related workplace violence occurs almost twice as often in nursing and residential care facilities than hospitals.

“People naturally focus on what most easily comes to mind,” says Total Security Solutions CEO Jim Richards. “That’s going to be those dramatic incidents that receive a lot of news coverage. Hospital security is no exception. But good security and safety improvements always mitigate multiple risks at the same time. That’s why TSS strongly advocates for an ‘all-hazards’ approach.”

Download our checklist on the 5 Key Components of a Healthcare Facility Security Plan

A Four-Step All-Hazards Approach to Healthcare/Hospital Security and Safety Planning

The Department of Homeland Security (DHS) explains that, when addressing hospital security and healthcare safety, administrators “should take an ‘all hazards’ approach. There are many different threats or hazards. The probability that a specific hazard will impact your business is hard to determine. That’s why it’s important to consider many different threats and hazards and the likelihood they will occur.”

DHS has collected many handy resources for organizations performing their all-hazards risk assessment. The CDC has also produced that can be adapted to many other healthcare settings. (Healthcare facilities responsible for the temporary care of children and youth will find these additional resources extremely useful.)

All Hazards Approach Chart

Most security experts advise the following four-step all-hazards security planning process, based on DHS recommendations:

Step #1: Identify Hazards

Take a comprehensive look at the many hazards that your facility/organization faces. This list on the website is an excellent starting place. It’s easy to get focused on items in the news. Don’t neglect risks like fire, which are so familiar we often forget how common (and deadly) they can be.

Now rate each hazard in terms of probability (how likely it is) and magnitude (how bad it is).

For example, a small community psychiatric clinic might rate fires as a high probability event with low magnitude. (There are an estimated 9,000 fires in office buildings each year, but most will be confined to a single room, and result in a few hundred deaths or injuries.) Meanwhile, an active shooter event has a low probability, but has an extremely high magnitude and can be enormously disruptive, in terms of lives lost, lives damaged, public anxiety, reputational damage, trials and lawsuits, and more.

Step #2: Consider Your Assets

When considering assets, DHS points out, “injuries to people should be the first consideration of the risk assessment. Hazard scenarios that could cause significant injuries should be highlighted to ensure that appropriate emergency plans are in place.”

While people are no doubt your most valuable assets, they are far from your only assets. Your asset list will include physical assets (buildings, equipment, etc.), as well as less tangible assets (data, reputation, community confidence, staff and client mental health, etc). Rate these in terms of how vital they are to your organization, both in terms of core values and delivering services.

Now identify each asset’s vulnerabilities: What makes that asset likely to fall prey to one of the hazards you listed in Step #1? Are there aspects of your business practices or daily operations that expose that asset? Is the asset especially attractive for some reason?

In general, a vulnerability will increase the probability of an event (it makes the event more likely), increase the hazard’s magnitude (it makes such an event more damaging), or both.

Step #3: Assess the Impacts

Go through your list of hazards from Step #1 and consider the potential impact on each asset identified in Step #2.

For example, the community mental health clinic we mentioned earlier might list the following assets:

  • Workers/volunteers/clients
  • Their building
  • Medical supplies and pharmaceuticals
  • Company vehicles
  • Office equipment
  • Decades of physical documentation
  • Community trust
  • Reputation

A building fire during a long holiday weekend may destroy the office and computers, damage the shuttle van, and spoil supplies, but it’s unlikely to harm your reputation with grantor foundations or shake the confidence of your clients. Meanwhile, a staff member disclosing patient information to a third party won’t cause any material damage to any asset but can cripple an organization because of the reputational damage or financial fallout from litigation.

When possible, pin down the monetary costs associated with the damage or loss of each asset. This calculation may seem heartless—especially when it comes to human lives and livelihood—but it’s important. There is always going to be some stage in your hazard reduction program when costs need to be justified. You need to be ready to show what’s at stake, both in hearts and minds, and dollars and cents.

Step #4: Weigh Possible Mitigations

Mitigation reduces the impact a hazard can have on your assets (and thus your organization). Mitigation might do this at any stage—by eliminating a hazard or vulnerability, by reducing the probability of an event, by lessening the magnitude of the event, or by easing its impact. Some mitigation strategies will reduce risks at multiple stages. For example, installing a new fire suppression system won’t just reduce the probability and magnitude of a fire (addressing the hazard directly), but will also reduce your insurance rate, allowing you to purchase more coverage and thus ease the impact if a freak accident should one occur. Likewise, installing a bullet-resistant or non-bulletproof barrier reduces specific threats (like armed attack or infectious disease), while also decreasing associated risks just by having a physical barrier present. It also increases the sense of safety and security among staff and volunteers.

Increasing Healthcare and Hospital Security Using the All-Hazards Process

TSS CEO Jim Richards encourages every healthcare organization—from the smallest family pharmacy to multi-campus healthcare systems—to engage in a comprehensive safety and security assessment and planning process.  “As our name implies, we develop total security solutions; they are attractive, integrated solutions that fortify a building in general. You take a comprehensive look at your challenges, and we’ll help you come up with a comprehensive system for addressing them. Yes, we focus on the physical means to protect you, your staff, and your visitors. But those measures have a ripple effect. When you start refining your workplace to increase safety and security, you can make your entire facility a better, safer place to spend your days.”

Healthcare - TSS Bulletproof Glass Installation

Back to Blog