www.securitymagazine.com/articles/76333-a-healthy-balance-1

A Healthy Balance

November 1, 2010

Healthcare workers are used to seeing people at their worst – illness, injury and death can cause a normally controlled situation to become unpredictable. But add to that the pressures on people who are struggling financially and the picture can worsen. Healthcare workers today are dealing with more instances of identification fraud by people who seek medical services, increased cases of patients with mental health problems, and the ever-present threat of an on-site active shooter in the healthcare environment.

Healthcare professionals are squeezed by so many different demands, yet they ultimately strive to achieve a healthy balance between patient care and security. Security practitioners in this sector are concerned not only about protection of patients, but sometimes about protection from patients – especially in those facilities that treat prisoners. Technology can play a role, but ultimately it is just one solution in a multi-faceted approach that also has to take into account restrained budgets.

Sister publications Security and SDM brought together professionals in healthcare security – five practitioners and four systems integrators – who specialize in finding solutions to the security issues in this sector. Here, they discuss the unique needs, the technology solutions, specific applications and what they wish they could have to improve the overall task.

The roundtable discussion is moderated by SDM Editor, Laura Stepanek.

Laura Stepanek: What are the unique security needs in healthcare facilities that you have responsibility for, and what problems do you spend the most time on to mitigate the risk?

Linda Fite: Hospital security is a very unique animal. I would say that our biggest need of balancing family-patient-centered care – which is sort of a new buzzword with rules, balancing convenience with security [is] always a tough one. Access control is difficult in healthcare. Getting visitors in with their families is tough in our birthplace area. We sometimes have up to 30 people wanting to visit; it becomes very, very difficult. We deal a lot more with identification fraud, people presenting as someone else. Maybe it’s a family member or maybe it’s just a name that they made up. Getting medical records can become mixed up with that.

In this economy we’re seeing a lot more people without insurance and people with mental health issues. Those are the biggest challenges right now.

Tony Venezia: Since Tampa General Hospital is a level one trauma center, we often see people at their worst. Unfortunately, we see families dealing with hardships every day; and people grieve in different ways and that can lead to violence on staff members. We try to train our people to recognize potential violence, de-escalate situations while being compassionate, customer service ambassadors.

Michael Parks: Here at Mercy Medical Center in Baltimore we are just about completing our new hospital building and that in itself presents a lot of challenges to us. It will double the size of our campus once we move in December. But some of the challenges that the other two speakers said before me are the same here in Baltimore – trying to balance a wide variety of what we feel are necessary security measures with a target rich environment for customer service is really a serious challenge for all of us.

There are so many different entrances into a hospital setting, mostly because there have been a number of building projects that have attached themselves onto other buildings. When you do that there are just so many different ways that folks have access to your building, so access control really does become a major player.

Here at Mercy we spent a great deal of time trying to mitigate incidents of theft. I think you can imagine in the downtown setting, a lot of foot traffic comes into our buildings. We do a lot of things about crime prevention with employees, and work with downtown agencies trying to mitigate these kinds of problems.

John Williams: A lot of the same things are occurring here and I think that’s really consistent across the country. This is a unique environment that we’re dealing with; we’re asked to be open 24 hours a day, seven days a week, but at the same time we try to balance that with “how do we secure it from unwanted activities?” and sometimes that’s a moving pendulum. You really can’t pick one answer or one process that’s going to work 100 percent of the time. You have to be flexible and innovative. Change is really not an option for us in healthcare public safety; it’s mandate. You have to be flexible. You have to be willing to make changes after, evaluating the whole set of circumstances against a policy or a procedure – what’s really vital, do what’s best for the patient, staff and their family as long as it doesn’t harm anyone else or cause liability.

Teaching that to an officer who may have a mentality of “I like things to be black and white. I don’t want a gray area; gray areas confuse me sometimes, gray areas makes things more difficult. The policy says this and I want to do that.” That’s one of the more difficult things to do along with getting them to see the big picture and not just that one little task. Along with that is having our hands tied by federal regulations to some extent. Some regulations really swung the pendulum from one side all the way to the other side rather than trying to find a happy medium.

Then we have to worry about crime trends in every hospital, as they’re a reflection of their communities. Whatever happens outside in your community can happen inside your doors or in your parking lots. Hopefully you’ve done enough to prevent the real serious things from happening. I tell every new employee every two weeks in new employee orientation: We haven’t had any murders, riots or robberies here, but it could happen today. We try to do our best to deter somebody from wanting to do something like that here, but you can’t stop a motivated person who is willing to do whatever it takes to commit their act.

Jim McNeil: I concur with my colleagues here about the challenges in healthcare. I did not grow up in this industry; I came to healthcare with a different background. One of the greatest challenges is, as Linda pointed out, trying to balance the need to have an open and welcoming environment with the need to provide security for people, many of whom are quite vulnerable. If people in hospitals are physically in need – some of them have psychiatric problems – they bring all of those issues with them to the hospital along with their family members and others.

So it’s a very challenging environment and it’s very difficult to control access. If you look at how security is provided in most industries, the foundation of it is deciding who can come in and who’s not allowed to come in. In healthcare, for the most part, we don’t have the ability to do that very well. Here, for example, we open hundreds of doors every day to our patient population and so we have to manage the security risks differently than controlling who comes in.

The other challenge is to make sure we don’t lose sight of the things beyond the day-to-day. We can very easily get caught up in the day-to-day managing the security risk, but we also have to focus on things I would regard as the low-likelihood, high-consequence event – things like an active-shooter scenario or an infant abduction. The likelihood of those things happening is very, very small, but the consequences are very high and so we need to pay attention to those as well.

Laura Stepanek: What is new in terms of healthcare regulations and how does it impact your role?

Linda Fite: Just recently we got an alert from the Joint Commission about infant protection and what kind of steps are we taking and there was a fair amount of paperwork to fill out on that. Periodically things like this come forward. And then we always have our HIPPA issues. We have difficulty sometimes working with our local police agencies in that they want more information than we are able to give them. Someone is coming in with a fraudulent identification card or something; the police may get involved with wanting information maybe on the patient’s medical history. We can’t give that without court order.

Tony Venezia: Recently The Joint Commission sent out an alert on workplace violence to several healthcare facilities. Recent violence in healthcare facilities has made us rethink our approach to handling acts of violence in hospitals. Tampa General has worked very hard in educating our staff on potential violence. We have encouraged staff to alert security anytime there is the potential for violence in the hospital. Tampa General has implemented a Disruptive Patient policy. This process involves a collaborative effort with clinical, security and administrative personnel to help identify potential violence, and allows for a process to resolve conflicts before a violent episode unfolds.

Michael Parks: Actually, shootings in hospitals are occurring every year in this nation. If you go onto the Internet and start looking you’d be amazed at the number of incidents that range from Tennessee to Connecticut, Las Vegas and Louisiana – many of them are domestic related, and many are fatal incidents. What really concerns us here in Baltimore as it relates with acts of violence where death could result are those incidents that involve prisoner patients at our hospital.

We have all the major correctional holding facilities for the state of Maryland located here in Baltimore and we annually receive anywhere from 700 to 800 prisoner-patients through our doors. Maryland has suffered more than its fair share of incidents where a prisoner has escaped from the officer guarding them and had deadly results. These are some of the things that we are concerned with here at our campus. A lot of man-hours are devoted each day by our staff to ensure that the police officers and the correctional officers who are guarding these prisoner-patients are doing their jobs to make our campus safe.

John Williams: One of the things that happened in about 2004 or 2005 is CMS came out with a new ruling about the use of forensic devices on patients, and that was based primarily on some bad outcomes at some behavioral health facilities where they were used and the patient died. It needed to have some formal federal backing to it, but they swung the pendulum all the way to the other side.

Prince William Hospital is part of the 13 hospitals in the national Capitol region, and after 9/11 those 13 hospitals formed a non-profit themselves to seek government grants and to plan for regional disasters, called the Northern Virginia Hospital Alliance. That alliance actually works for us to gain federal grants for disaster preparedness and response. Out of the money that comes every year, there is a certain percentage of it that the hospitals have agreed to put to a regional cache, so while other hospitals in the country were having a hard time getting PPE during the H1N1 [epidemic], the regional warehouse that we had stocked over the years had that these hospitals could pull from.

Jim McNeil: We have recently learned that Joint Commission will be changing their methodology for surveys in the future where they will be holding healthcare institutions accountable to CMS standards rather than Joint Commission standards; the importance of that is that Joint Commission standards are very subjective in a lot of ways and are sometimes subject to the interpretation of particular surveyors. CMS standards are going to be much more prescriptive and I think there are pros and cons to that, but I think I personally like that because whether you like the standard or not, at least it’s something you can look at and find out how you can comply.

Laura Stepanek: We’ve heard what the challenges are, so to the systems integrators what has stood out in your experience in working with clients in the healthcare field and what trends are you observing in the technologies that you’re implementing?

Teresa May: What we keep in mind as we look at that patient-level security are three key factors: The medical facilities need to maintain an open environment, which we heard from everyone – the idea that security could not interfere with the delivery of medical care. And in addition to providing general security at their hospitals, medical facilities need to take additional measures for the high risk. We talked about infants at risk of abduction, children in custody dispute, adults at risk of wandering, staff violence, and as we take a look at solutions it’s not just a simple integration of systems, but needs to be a solution that contributes to improving the care and efficiency so just a plain security system needs to be interconnected with patient flow systems, nurse presence and other technologies for managing patient care.

We’re working together to offer products and services to the hospitals to help reduce complexity for users, as well as reduce the overhead and increase overall efficiency in productivity. We’re also looking to push towards hosted solutions for data to benefit from the higher levels of security and more proactive management of events. That model is pretty well established in the broader security industry, but from our experience is a little bit newer within the healthcare industry.

Ed Pederson: The healthcare industry is, by far, the most unique security environment that we have because it’s not like a chemical plant or distribution center or a standard office. They are so entrenched in the community and so very important to the community. They’re so in the public eye and there’s a lot of concern with having an open, warm environment, but at the same time there are a lot of things that they have to protect – infant protection, infection control and prevention, tracking secured substances, tracking prisoners, patient wandering. It’s just an amazing challenge that these folks have to deal with and we attempt to help them using electronics.

Some of the trends I’ve seen are integrating the access control and CCTV technology together; that’s really not big news. But physical security information management systems, PSIM, that’s become a popular software solution because you have these guards that, as somebody said earlier, really want it black and white and a lot of these facilities have tight budgets and it’s not like they can replace with the latest and greatest technology. These PSIM systems help bring them all together so that guard can just use one joystick or one computer, look at one monitor and not have to swing back and forth in the security room to manage the system. I see that moving real fast.

The other thing is emergency alert systems (EAS). A lot of hospitals are similar to universities in having campuses where you need to have mass notification either using text or pop-up boxes on people’s computers or display boards that are posted throughout the entire facility or sending voice mails to cell phones. There have been a lot more requests for that kind of technology.

One last point is we see that the IT folks are now heavily involved in the electronic side of things; not only are the systems going over the IT networks but the IT folks are now getting the budgets to be able to pay for these things and they’re heavily involved in the decision-making.

Ray Cherry: One thing that makes doing security work in hospitals unique is if you’re installing an access card reader or a magnetic lock or a camera in part of the hospital that’s in use, you’ve got to go great lengths to make sure the dust doesn’t get out and you have to put up dust buggies. It takes a great deal more labor and you’ve got to be more skilled. That’s one thing that sets the hospitals apart from regular security work, is the cleanliness and the noise control when you’re doing your work.

One thing we’re seeing in this area is in emergency rooms the security people are concerned when somebody is shot and they’re brought there as a patient. They’re worried about the person that shot him following him in there and having an issue there in the hospital. One trend we’ve seen here lately is they have beefed up the access and cameras around emergency rooms.

Another thing is the control of the information; the access to the computers and the information. A lot of [healthcare facilities] want to have a card and a keypad or a card and fingerprint reader before they can be granted access to either a room or to some of the computers to get online.

Another thing we’re seeing is some of our hospital administrators are having us once or twice a year come in and test the magnetic locks to make sure they unlock on fire alarm, which they should anyway but just to make sure – they’re paying a lot more attention to that.

Bob Fecteau: The thing that really stands out for me in the healthcare field is the sheer number of risks that healthcare institutions face that makes them a unique vertical market.

What we find when we’re working in the healthcare environment are the unique operational requirements. Because they have to balance the hospital’s unique requirements against their workflow, we’re often asked to make the systems we put in do special functions. So as we start to deploy a system, it’s got to be flexible, it’s got to be scalable because we don’t know what we’re going to be asked to make it do tomorrow.

Virtually everything that we’re deploying now is network-based, which means that the technicians in the company as a whole need to be more IT savvy. We’re working with IT professionals now who own these systems – or are at least responsible for their maintenance and operation. We’re seeing a much higher degree of integration – people wanting to do more with the same graphical user interface, see more information, integrate their patient information systems like nurse call systems and so on. The trend that we’ve seen much more, probably due to consolidation, has been standardization. Gone are the days where the client will support multiple platforms across multiple sites. They’re basically demanding standardization.

Laura Stepanek: If you have parking lots and garages within your domain, what are the challenges that you face there and how are you solving them?

Linda Fite: We have both ramps and surface lots and of course we like the surface lots better because it’s a lot easier to keep track of them. Our biggest issue is with car break-ins and the biggest issue with that is trying to get our staff, our visitors to recognize that they should not be leaving visible valuables. It’s rare that someone breaks into a car and there’s nothing that they can see to take. Staff gets extremely upset about that and [ask], “What are you doing about it?” We increase patrols. We’ve sent out alerts if we have a pattern that’s emerging in the ramp. We do what we can, but it’s sort of an unsolvable problem. We have cameras, we record them, but of course you never get the entire facility.

Tony Venezia: We have a large, 4,500-space parking facility on our campus and we also maintain offsite parking locations. We deal with not only overcrowding issues, but the challenge of maintaining a safe garage. Tampa General Hospital recently implemented a security Segway patrol that allows our security team to patrol and respond to calls for service quickly. Tampa General Hospital maintains a relatively safe garage all due to our security presence, constant patrolling of the garage and surveillance equipment. Like everybody else we have had vehicle break-ins, accidents and have dealt with unauthorized persons, but we have minimized them with the diligent efforts by our security forces. We’ve installed roughly 95 emergency call stations (Blue-light) at every exit stairwell, increased our lighting and painted it a brighter color.

In our efforts to maintain a safe garage, Tampa General Hospital encourages escorts of our staff and visitors after hours. We have courtesy shuttles that patrol and provide transportation from the garage to the hospital. While cameras are a great deterrent and help with investigations (we have about 500 cameras on the campus) it’s just as important to have a visible security presence inside the garage.

Michael Parks: As you can imagine, having a parking garage in a large metropolitan city as Baltimore is very challenging. Mercy Medical Center has three parking garages; one has been identified as the largest parking garage in Baltimore. [We have] a lot of different security applications for our garage – IP cameras and many, many emergency call boxes, not only on the ends of the driving lanes, but also in every elevator lobby.

I think that here in Baltimore we’re a little bit more unique than most of the hospitals across the country. Mercy has had K-9 patrols here at our campus since the early 1990s and I currently have five teams of handlers and dogs here at our hospital. We aggressively patrol the garage with these handlers and their dogs.

We also have Segway patrols. All of our garages are posted against trespassing and individuals that we find trespassing are detained immediately, arrested, and charged with trespassing. We do a lot of work with the downtown partnership, which is an organization here in Baltimore of all the downtown businesses, trying to determine different ways in which we can reduce acts of thefts from vehicles. But we are primarily concerned with crimes against people as opposed to crimes against property, because obviously our hospital has a large percentage of its client base coming from outside of the city limits. We would not want to have regular incidents reported on the nightly news, so a lot of emphasis here on the campus is to mitigate incidents where we could have violent acts specifically occurring inside our parking garages.

John Williams: Prince William Health System doesn’t have any parking garages at this time. There’s one on plan. Prior to coming here I was in charge of security at a large university medical center, where we had garages, so I’m familiar with the issues. We had a lot of emergency call boxes in the parking deck and being able to properly identify where that person is calling from so you could get staff there quickly both from a medical emergency standpoint and from a criminal standpoint were really the big challenges, and that’s going to be a challenge with our new deck when it’s built as well.

You can’t be everywhere at one time. Right now we have three different roads that traverse the campus, 10 different entrances that you can come off of those three different roads; so keeping an eye on them is really the biggest issue. And with the pressures that we have right now in staffing administration – a lot of times we’ll say, ‘Let’s put a camera over here.’ That’s great after the fact, but we’re not going to be able to watch the camera. We don’t have enough dedicated people to do that. We actually need that visible presence in that location in order to deter those things from happening.

Jim McNeil: We park about 15,000 cars a day here. We have multiple ramps and external lots. I’m happy to say I don’t have the same experiences as other people on this call. We have a very low incidence of crime in our parking lots, probably attributed to the fact that we’re a low-crime community and we employ a lot of the security measures that other people have already mentioned.

The one thing I could add to the discussion is that a few years ago, as we continued to build new ramps and new parking lots, we raised the question ourselves about the need to have some consistency among our parking because that is potentially a liability risk if we have some parking ramps that have certain security devices and others don’t. So we developed our own standard from Mayo Clinic facilities and we made sure that there was a lot of consistency in all of our parking facilities. What we found in that process and benchmarking lots of other people is we could not find a good universally accepted standard for parking lot security, and so we developed one ourselves that we’re happy with.

Laura Stepanek: Can any of the integrators tell us about solutions that they have provided for parking areas?

Ed Pederson: IP cameras obviously are becoming more prevalent in the industry, but what the IP cameras will allow us to do is see more area with fewer cameras and even get a better quality picture, especially with megapixel and high-definition cameras. In some respects you can get rid of pan-tilt-zoom cameras that sometimes you miss or even bad guys like to watch the PTZ and do things when the camera is looking the other way. With IP cameras, in some respects, you can see 180 degrees without the camera ever moving and the quality of the pictures is phenomenal. Being able to zoom in and see exactly who it is, what color shirt they were wearing – it’s incredible.

Analytics are using computer software to help create virtual barriers. Sometimes, you don’t want to create Fort Knox for your parking garage, but you want to be able to see certain areas where there might be a lot of thefts. You can draw a virtual box around that area and, like somebody said earlier, the guards can’t be watching every camera all the time but the analytic software can. If somebody goes in that “box” it can issue an alert and tell the guard. That gets back into that whole physical security information management system I was talking about earlier, where you have workflow communications; so the computer tells them there’s an alarm and then literally gives them a step-by-step on what to do if an alarm occurs in that area. It helps take the guessing game out of what a guard is supposed to do. That’s the exciting thing about where technology is helping.

Bob Fecteau: Parking always seems to be an issue. There’s never enough of it and it seems a couple of times a year a lot of our healthcare clients will ask us, ‘Hey, we’ve just taken over this property and we’re going to make it a parking lot. What can we do?’ They always seem to lack infrastructure down there, so a lot of times we’re asked to put in IT solutions. In the advent of the IT solutions we can put up not only IP cameras but also the emergency call boxes.

What seems to be coming on the scene more is license plate recognition (LPR), and it’s making its way into mainstay security. We’re seeing one manufacturer out there now that’s able to actually use a LPR camera as the access credential to let you into the parking garage. The technology isn’t necessarily there yet, but it’s coming.

Laura Stepanek: Of course, everybody wants more time and more money, so beyond those what is on your wish list in terms of solutions?

Jim McNeil: I’m sometimes accused of sounding like a recruiting poster for Mayo Clinic, but I’m in a very enviable position of not having a long wish list. I work for an organization that really values security. We spend a lot of money on it here, although it’s not visible because we do want to emphasize our open, welcoming environment. But we spend a lot of money on technology and I can honestly say I’ve never gone to the leadership of the organization with a legitimate security need and been turned down. I know that I’m in the minority and I’m very grateful for that, but it’s one of the great things about living here in the cornfields.

John Williams: One of the things I’d like to see is more government grants designed to provide free training for private security forces. We see a lot of it coming out for law enforcement (sworn officers), but unless you can work it out with the local authority so you can send some folks to that, there really isn't any free training for the private sector of our security forces.

We’re pretty lucky here too; we have an administration that does support security. I may look at it a little bit differently although I appreciate the job I have and the need for somebody in my position and the people that work for me. It really is a shame that healthcare has to spend so many dollars to provide security protection that could have been spent on improving patient care.

It would be nice to see more of the technology moving towards WiFi and wireless integration along with video – radio communication, access control and I know some of them are now and the ability actually of that to piggyback on our current in-house WiFi system rather than installing something completely brand new those would be – that would be my wish list.

Michael Parks: I, too, believe that I am very well supported by senior leadership about the security here on the campus; they really have gone out of their way to provide to me the latest in technology with all of our expansion. But if I had to choose one thing – I think it’s something that all of my colleagues around the country are experiencing – that is the ease and affordability in the converting of existing, yet aging analog cameras from recording on digital video recorders onto a hospital’s network. That’s a very costly proposition at this moment, but I think it’s something that we really need to address. There are hundreds of campuses across this nation, and Mercy is included, that have many, many analog cameras and it’s just cost-prohibitive to change out all those cameras from analog to IP. It only makes sense to be able to convert them to record on the network and many of the DVRs that are in existence today are no longer manufactured – at least the parts are not available. So we’ve come to a crossroads with the technology that we really need to spend some energy in converting analog to the network.

Tony Venezia: Security system technology changes constantly, and in the past we had invested heavily in analog cameras and recording devices. Currently IP systems have become popular due to their video storage solutions and better picture quality. What is a cost-effective method of converting the older systems, like the analog camera, to the newer IP system? We have looked into this issue, but you lose some picture quality and they are cost prohibitive. I believe we need a cost-effective solution that allows us to convert older, analog cameras in IP quality systems.

Another desired solution would be a high-quality visitor management system that is user-friendly. Part of our issue is that we’re an open campus during the day and, like most other facilities, we restrict access after normal visiting hours are over. How do you manage the visitors that are in patient rooms after you have restricted visitation?

Linda Fite: We’re in the preliminary stages of putting together a proposal to get Tasers for our security officers. I don’t know if it is a Midwestern thing, but several of the hospitals in the Minneapolis-St. Paul area have gone to using Tasers and their experiences have been very positive. They had a reduction in officer injuries and that’s one of our biggest motivations for going there. We have a fair amount of officer injuries in dealing with violent patients and violent visitors.

Bob Fecteau: The two things that are on my wish list are more platform unification, as integration becomes more important and you have disparate platforms that you’re trying to integrate and they’ve got different development paths. It becomes difficult if somebody makes a software change; it breaks that integration and that affects the client.

The other one is more dedicated networks. I’d like to own the network because most of my clients, specifically in this market, think that these systems are mission-critical and we get that phone call in the middle of the night on a Saturday night that IT took the network down for routine maintenance and repair, and it takes out all the cameras.

Ray Cherry: A lot of our clients have doctors and staff that go to other hospitals and they want to use the same access card at other facilities or at medical office buildings close to the hospitals. Something on our wish list is it would probably help them if the manufacturers could make it easier to have cards read with either. It’d be a good idea for our hospital clients if it were easier to get the doctors and staff using the same card at all the facilities.

Ed Pederson: One of my wish list items is for the IT department and the security groups to work better together. It seems like as we’re starting to put more and more technology on the network, IT wants to control things, doesn’t want you to put cameras on their network or reduce the bandwidth, so that the number of cameras we can put on is limited. There just needs to be a little more joined at the hip with both IT and security.

As far as solutions, physical security information management systems are becoming more and more popular. That helps a lot with converting your systems you’ve spent hundreds of thousands of dollars on. You don’t have to do it immediately; you can do it over time. The PSIM allows you to be able to combine analog and IP on the same system.

I talk about it a lot with end users and it seems nine out of 10 times they haven’t heard of it. And that’s our job to get out there and make sure we share that the technology exists and you don’t have to go and buy a 100-percent brand-new IP-based camera system. You can create a three- or four-year trend to help replace this system and, again, it reduces the number of guards – that’s got an ROI to it. It helps make sure the guards do the right thing.

Teresa May: The vision is to provide healthcare facilities with visibility and the status of the patient. So, anything from the baby systems to the pediatric ward to the adult patient in the ER or in a psychiatric area where more visibility is needed to staff communications and equipment, but also could start improving efficiency and care. They talked about WiFi and RFID, as well as hardware systems, continuing to evolve that range of technology and pull them together to provide that stronger solution, but not do anything to minimize the level of security that we’re currently providing.