Counter Attack

Healthcare security threats can be avoided through careful planning and systems integration

  • By W.H. Hobbs, RCDD, NTS
  • Sep 05, 2007

HEALTHCARE providers today deal with threats not thought of a few years ago. In the past, a family’s gravest concern was infectious disease, and if there were significant security threats, many people were comfortably oblivious of them. Today, healthcare facilities must be aware of multi-dimensional threats such as infant abduction, drug theft, workplace violence and even terrorism.

Emphasis on homeland defense since Sept. 11, 2001, has brought to light the ever-increasing importance of protecting critical infrastructures, including healthcare facilities. The role of the security industry is to help healthcare institutions ensure total patient safety by providing systems that protect the assets, people and data within a facility. Planning for protection of a healthcare facility requires an in-depth understanding of the security and healthcare landscapes.

Systems Integration
Multi-layered threats exist in today’s world; therefore, organizations should take a multi-layered approach to deterring risk through integration of disparate systems and selective use of technological advances.

It’s seems straightforward. Hospitals must protect people and data, therefore they must employ the systems to make that happen. But the priority in healthcare is always direct patient care so the availability of funds for anything other than that is lowered. A 2007 survey on hospital infrastructure conducted by Health Facilities Management and the American Society for Healthcare Engineering found there is indeed strong demand among America’s hospitals for upgrading and replacing security systems, but respondents have no expectation of increased funding.

Budget cuts have forced many healthcare facilities to reduce the number of full-time employees, as well. For instance, it’s not economically practical for security guards to be chained to a desk waiting for something to happen. Healthcare executives can instead consider an in-house wireless paging system integrated with panic and other alarm systems—an automated way to quickly summon guards to an incident. Several vendors provide systems that will send a pre-set message with the location of the alarm to one or multiple pagers. These systems are cost effective and simple to operate and will permit security personnel to be mobile, yet easily accessible.

Unfortunately, healthcare organizations will continue to work under slim margins, and employees will be increasingly asked to do more with less. If healthcare security executives could better justify the cost of and return on systems, it may be easier to secure the funding. Executives should work with industry experts—dealers, integrators and manufacturers—and discuss how system integration provides reduced installation and operating costs, and enables streamlined operations for staff. The value of systems integration is two-fold—it can simplify the complex operations of today’s healthcare systems while increasing the level of security. @

Proactive Assessment
Investing in the auditing process will save pain, time and resources in the future. An audit will take a holistic look at each facility in order to ensure the protection of patients, employees, physicians and visitors by identifying strengths and weaknesses in physical protection and security practices. While a security self-assessment is an annual requirement to meet The Joint Commission Environment of Care standards, a qualified consultant can evaluate a hospital's security management program and review existing systems to identify gaps in protection or system redundancies.

To ensure safety, security personnel must first understand potential threats. For example, don’t allow the emergency department entrance to be used as an employee entrance. The potential traffic flow through the lobby area may desensitize staff to noticing what’s happening around them. Controlling in-bound and out-bound traffic to the facility by routing staff, patients and visitors through a minimum number of ingress and egress points is critical.

From a planning standpoint, don’t down-play potential security threats outside the facility. Parking lots are prime targets for criminal activity. Price predicts quality in this industry, and a clear image provided by installing cameras appropriate for the situation will be the key during incident review and potential prosecution.

Systems also must provide easy access to the data they acquire from all points inside and outside of the facility. It is just as critical to be able to lock down doors and view real-time video from a command post outside of the building as it is from the security center inside the building. The worst situation for a responding officer is to enter an area where they have no idea what the tactical situation entails. Remotely accessible video can be the difference between an effectively measured response and one of simple brute force. @

Equipment Lifecycle
According to the Health Facilities Management 2007 infrastructure survey, security systems were cited by 20 percent or more of survey respondents for having replacement or upgrade cycles of less than three years, and the top reasons for replacement are obsolete technology or failed components.

Cutting-edge security companies have combined digital video surveillance, access control and environmental health monitoring solutions to put customers in control of their IT-based security assets. This level of integration, visibility and predictive monitoring mitigates the most common causes of security system failure that could result in an HIPAA violation—human error, sabotage, environmental threats and power vulnerabilities. The value of these integrated systems is complete transparency into the real-time health of security systems, extended equipment lifecycles and lower total cost of ownership.

These integrated IT security solutions are ideal for situations in which security equipment is housed in public or high-risk locations—such as decentralized, small wiring closets pervasive throughout many healthcare facilities.

Migration of Video Surveillance
Reputable security manufacturers and integrators are now bringing converged systems to life with the migration of CCTV video surveillance systems to IP-based digital systems that are seamlessly integrated into an existing network.

During the last few years, the security surveillance industry has seen a new group of players emerge, those whose systems are based on 100-percent digital signals and generated at the edge of the network by IP-enabled cameras. It is now possible to manage all components of a video system through the standards-based simple network management protocol (SNMP) suite of protocols, including cameras, network switching equipment, recording servers, storage and uninterruptible power systems. This allows IT directors to manage the security components in the broader context of the enterprise IT systems in the same manner as the rest of the enterprise network devices.

The shift to network video is a scalable and powerful long-term solution. Revolutionary new digital video surveillance software applications allow users to monitor and manage any combination of analog and IP devices through a single-client interface. These future-proof solutions enable customers to progressively build hybrid systems, and at the same time, increase capabilities of and safeguard the investment in legacy devices. An integrated system’s open architecture platform allows for flexibility and further addition of devices and advanced feature sets.

Access Control
There’s no room for downtime of access control systems. High availability electronic access control (EAC) systems are imperative to the basic protection of people and data in a healthcare facility. In terms of average system downtime, a few minutes is all that’s needed for unauthorized entry—perhaps making the difference between life and death.

An IT director may flinch at the idea of putting more strain on the hospital’s network with security devices. But with network health monitoring systems in place, this becomes less of an issue. Similar to IT’s five nines (99.999 percent) expectation for system uptime, the security industry is beginning to demand benchmarks for system uptime and equipment protection. Integrating network health monitoring devices with security systems will decrease the likelihood of EAC system failure.

The multi-layered nature of today’s security threats should dictate a multi-layered approach to access control. The most effective access security systems are those that allow for a single credential and integrate with video surveillance to provide visual verification of the person using the credential. Multi-layered credentialing can be accomplished by using a PIN in conjunction with an access card, or a smart card technology such as Mifare, combined with biometric identification. As with video surveillance, legacy access control systems can be integrated with new systems that are IP-based and PoE-enabled.

A New Facility or Retrofitting
Even though an increasing number of America’s 5,800 hospitals are raising funds for replacement hospitals, the majority must continue to add on to existing facilities in a framework that is not user friendly for visitors. Increasing regulations also are forcing healthcare facilities to retrofit their aging facilities, which can be exponentially more cumbersome and expensive than new construction.

As plans are made to build a facility or retrofit an existing one, care must be taken to ensure that any systems put into place provide security, ease of use, flexibility and expandability. Hospitals were once built for the convenience of patients and visitors. However, 30 years ago, no one could have imagined that someone would wander into a birthing center and escape with someone else’s newborn in a duffel bag.

Whether building new or updating an existing unit, security in the birthing center, for example, must start with a verifiable and accessible list of who should have access to this area. Limiting the ingress and egress points is critical; preferably no more that two access points to the birthing center should exist, and all access points must be controlled by an EAC system with multiple layers of identification, as well as video verification. The protection of all infants and young children is of the utmost importance, thus an infant abduction system is the best choice for a third layer of protection. Be careful to design a system that easily integrates with the other layers of protection in the security environment. Simply setting off a local alarm will not provide sufficient time to prevent abduction. Once the infant abduction system goes into alarm, immediate notification of the security and nursing staff is required; again, a wireless paging system is an effective choice. Video surveillance of all ingress and egress points in the facility should be automatically triggered by an alarm event, and locking down these access points must be automatic. Time is the most important component in any abduction incident, and multi-layered, integrated systems can be the key to providing the time needed to prevent a tragic event.

The healthcare industry is at high risk of terrorism, violence and criminal activity. The security industry’s responsibility is to be a strategic partner to healthcare institutions struggling to ensure total safety and protection of its most important assets. Increased efficiencies, streamlined operations and effective risk management are all potential outcomes of careful planning and security systems integration.

Featured

  • 2025 Security LeadHER Conference Program Announced

    ASIS International and the Security Industry Association (SIA) – the leading membership associations for the security industry – have announced details for the 2025 Security LeadHER conference, a special event dedicated to advancing, connecting and empowering women in the security profession. The third annual Security LeadHER conference will be held Monday, June 9 – Tuesday, June 10, 2025, at the Detroit Marriott Renaissance Center in Detroit, Michigan. This carefully crafted program represents a comprehensive professional development opportunity for women in security this year. To view the full lineup at this year’s event, please visit securityleadher.org. Read Now

    • Industry Events

  • Report: 82 Percent of Phishing Emails Used AI

    KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, today launched its Phishing Threat Trend Report, detailing key trends, new data, and threat intelligence insights surrounding phishing threats targeting organizations at the start of 2025. Read Now

  • NRF Supports Federal Bill to Thwart Retail Crime

    The National Retail Federation recently announced its support for the Combating Organized Retail Crime Act of 2025. The act was introduced by Chairman Chuck Grassley, R-Iowa, Senator Catherine Cortez Masto, D-Nev., and Representative Dave Joyce, R-Ohio. Read Now

  • ISC West 2025 Brings Almost 29,000 Industry Professionals to Las Vegas

    ISC West 2025, organized by RX and in collaboration with the Security Industry Association, concluded at the Venetian Expo in Las Vegas last week. The nation’s leading comprehensive and converged security event attracted nearly 29,000 industry professionals and left a lasting impression on the global security community. Over five action-packed days, ISC West welcomed more than 19,000 attendees and featured 750 exhibiting brands. Read Now

    • Industry Events
    • ISC West

  • Tradeshow Work Can Be Fun

    While at ISC West last week, I ran into numerous friends and associates all of which was a pleasant experience. The first question always seemed to be, “How many does this make for you?” Read Now

    • Industry Events
    • ISC West
Most   Popular

New Products

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.

  • Hanwha QNO-7012R

    Hanwha QNO-7012R

    The Q Series cameras are equipped with an Open Platform chipset for easy and seamless integration with third-party systems and solutions, and analog video output (CVBS) support for easy camera positioning during installation. A suite of on-board intelligent video analytics covers tampering, directional/virtual line detection, defocus detection, enter/exit, and motion detection.