The Clery Vision

The Clery Vision

Impact on hospitals and other healthcare settings

Security directors in hospitals and other healthcare settings need to understand pertinent aspects of the Clery Act, and how to partner with colleges and universities to establish, maintain or enhance compliance with this federal law. Although the law does not apply directly to privately owned healthcare facilities, security directors in these settings can play an integral role in helping ensure an affiliated higher education institution is complying with the requirements of the Clery Act. By working together on Clery compliance initiatives, institutions and affiliated healthcare facilities can promote safety of students, employees, patients and visitors within these settings.

The Jeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act (the Clery Act1) is a landmark federal campus safety law that applies to any U.S. institution of higher education that participates in any of the federal financial assistance programs authorized under the Higher Education Act of 1965 (HEA).

Among other mandates, the law requires institutions to develop, publish and disseminate an Annual Security Report (ASR) that contains certain crime statistics and statements of policy across a wide spectrum of safety and security-related topics. The intent of the law is to provide current and prospective students and employees with relevant information that will help them to make informed decisions regarding their safety and security at the institution.

Clery Geography: Own, Lease or Use

One of the perennial challenges facing institutions of higher education with affiliated healthcare facilities is how these facilities fit into the institution’s overall “Clery Geography,” which refers to the location categories defined by the law, to include On Campus, Noncampus and Public Property locations. For example, does the college or university own or lease healthcare facilities? Does the institution use space within privately owned healthcare facilities, with or without a formal written agreement, memorializing use of space? Any of these arrangements create potential Clery Act reporting requirements that must be further evaluated from a Clery Geography perspective.

Understanding how the physical parameters of crime reporting apply to healthcare facilities affiliated with a college or university is of critical importance. A college or university cannot accurately disclose crime statistics by location (a requirement of the Clery Act) if it has not conducted a comprehensive evaluation of its real estate holdings from a Clery Geography perspective. This is especially true for healthcare facilities given the various models that are in place.

For example, a college or university may own a hospital that is located within its campus boundaries. In such instances, the hospital is treated no differently than other on-campus locations—from a Clery Act perspective—when it is owned or controlled by the institution and is used in direct support of, or in a manner related to, educational or institutional purposes.

However, other institutions may own or control a hospital that is not “reasonably contiguous” to the main campus. Such arrangements require an assessment to determine if the hospital meets the non-campus or separate campus definitions established by the Act.

The 2016 Handbook for Campus Safety and Security Reporting provides new guidance to institutions of higher education regarding the circumstances in which a hospital or medical center is being “controlled’ by the institution, even without a written agreement establishing such control for Clery Act purposes. These factors include:

  • Whether the facility has overlapping faculty/doctors.
  • Whether the facility has overlapping boards of directors or officers.
  • Use of the hospital or medical center as part of the institution’s educational program.
  • Geographic proximity.
  • An ongoing relationship between the institution and the hospital.
  • Whether students consider the hospital or medical center to be part of the campus.

Institutions will need to consider these factors when determining whether hospitals or other medical centers (or spaces contained therein) are “controlled” by the institution and, therefore, Clery-reportable.

Campus Security Authorities

Regardless of the applicable Clery Geography category into which an affiliated healthcare facility may fit, there are some important considerations that institutions owning or controlling these facilities must address. First, the institution will need to identify what the Clery Act calls Campus Security Authorities (CSAs), who are associated with the facility regardless of whether those individuals are employed by the institution or the healthcare facility. Minimally, CSAs include, but are not limited to, the campus police/public safety personnel that provide safety and security services in the healthcare setting, regardless of whether these individuals are:

  • Part of the institution’s campus police or public safety department that provides such services for the rest of the college/university.
  • An entity unto themselves (such as a police or security force that provides security and patrol services exclusively to a hospital affiliated with an institution), or;
  • Are contract security officers that provide supplemental security services to healthcare facilities.

CSAs also include any official of the institution that has significant responsibility for student and campus activities, or persons that do not work for the campus police/public safety department but who provide security-related services, such as monitoring access to a college or university owned or controlled facility or parking lot.

Any person meeting the definition of a CSA needs to be notified of this designation and trained in their responsibilities, which primarily include documenting and promptly forwarding reports of Clery Act crimes brought to their attention to the reporting structure of the college or university. This is important because institutions of higher education are required to collect crime reports from all CSAs at least annually, including from CSAs that may be employed by an affiliated hospital or medical facility.

The Daily Crime Log

An additional matter raised by healthcare settings with their own security departments pertains to the daily crime log. All institutions subject to the Clery Act that have a campus police or security department must create, maintain and make available a daily crime log, which is intended to capture all crimes reported to the department, not just those Clery Act crimes.

The scope of the log is limited to those crimes reported to the security department that occurred On Campus, on Public Property affiliated with the campus, in or on non-campus buildings and property, or within the security department’s expanded patrol jurisdiction, if one exists. Typically, the institution’s campus police or public safety department is responsible for managing the log for the main campus.

However, if there is a hospital or other affiliated healthcare facility that is part of the main campus, and the facility has its own security department that is independent of the campus police or public safety department, then the institution should implement a system to ensure that crimes reported to healthcare security are added to the log by the institution’s campus police or public safety department within two business days of the healthcare security department learning about a crime.

Given the presence of a stand-alone security department on the main campus, it is recommended that a copy of the Log be available at the main campus police or public safety department, as well as the healthcare facility’s security department office. This will ensure the daily crime log is accessible on site, as required by law, regardless of whether the healthcare facility is part of the institution’s main campus or is considered under the Clery Act to be a separate campus.

Toward an Integrated Approach

Healthcare facilities that are affiliated with an institution of higher education or are allowing an institution to use space within their facilities play a valuable role in evaluating a campus’s Clery compliance program in light of the specific compliance considerations presented by these types of arrangements. While some of the more foundational issues have been reviewed, it would serve institutions well, given the current compliance environment, to consider a myriad of other ways in which compliance with the Clery Act can be nuanced for its affiliated healthcare facilities, regardless of whether those facilities are owned or operated by the college or university. A proactive, collaborative review of pertinent policies, procedures and practices pertaining to these facilities can help stave off noncompliance findings in the event of a Department of Education audit.

This article originally appeared in the March 2017 issue of Security Today.

Featured

  • Survey: 54% of Organizations Cite Technical Debt as Top Hurdle to Identity System Modernization

    Modernizing identity systems is proving difficult for organizations due to two key challenges: decades of accumulated Identity and Access Management (IAM) technical debt and the complexity of managing access across multiple identity providers (IDPs). These findings come from the new Strata Identity-commissioned report, State of Multi-Cloud Identity: Insights and Trends for 2025. The report, based on survey data from the Cloud Security Alliance (CSA), highlights trends and challenges in securing cloud environments. The CSA is the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment. Read Now

  • Study: Only 35 Percent of Companies Include Cybersecurity Teams When Implementing AI

    Only 35 percent of cybersecurity professionals or teams are involved in the development of policy governing the use of AI technology in their enterprise, and nearly half (45 percent) report no involvement in the development, onboarding, or implementation of AI solutions, according to the recently released 2024 State of Cybersecurity survey report from ISACA, a global professional association advancing trust in technology. Read Now

  • New Report Series Highlights E-Commerce Threats, Fraud Against Retailers

    Trustwave, a cybersecurity and managed security services provider, recently released a series of reports detailing the threats facing the retail sector, marking the second year of its ongoing research into these critical security issues. Read Now

  • Stay Secure in 2024: Updated Cybersecurity Tips for the Office and at Home

    Cyber criminals get more inventive every year. Cybersecurity threats continue to evolve and are a moving target for business owners in 2024. Companies large and small need to employ cybersecurity best practices throughout their organization. That includes security integrators, manufacturers, and end users. Read Now

Featured Cybersecurity

Webinars

New Products

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3