The Clery Vision

The Clery Vision

Impact on hospitals and other healthcare settings

Security directors in hospitals and other healthcare settings need to understand pertinent aspects of the Clery Act, and how to partner with colleges and universities to establish, maintain or enhance compliance with this federal law. Although the law does not apply directly to privately owned healthcare facilities, security directors in these settings can play an integral role in helping ensure an affiliated higher education institution is complying with the requirements of the Clery Act. By working together on Clery compliance initiatives, institutions and affiliated healthcare facilities can promote safety of students, employees, patients and visitors within these settings.

The Jeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act (the Clery Act1) is a landmark federal campus safety law that applies to any U.S. institution of higher education that participates in any of the federal financial assistance programs authorized under the Higher Education Act of 1965 (HEA).

Among other mandates, the law requires institutions to develop, publish and disseminate an Annual Security Report (ASR) that contains certain crime statistics and statements of policy across a wide spectrum of safety and security-related topics. The intent of the law is to provide current and prospective students and employees with relevant information that will help them to make informed decisions regarding their safety and security at the institution.

Clery Geography: Own, Lease or Use

One of the perennial challenges facing institutions of higher education with affiliated healthcare facilities is how these facilities fit into the institution’s overall “Clery Geography,” which refers to the location categories defined by the law, to include On Campus, Noncampus and Public Property locations. For example, does the college or university own or lease healthcare facilities? Does the institution use space within privately owned healthcare facilities, with or without a formal written agreement, memorializing use of space? Any of these arrangements create potential Clery Act reporting requirements that must be further evaluated from a Clery Geography perspective.

Understanding how the physical parameters of crime reporting apply to healthcare facilities affiliated with a college or university is of critical importance. A college or university cannot accurately disclose crime statistics by location (a requirement of the Clery Act) if it has not conducted a comprehensive evaluation of its real estate holdings from a Clery Geography perspective. This is especially true for healthcare facilities given the various models that are in place.

For example, a college or university may own a hospital that is located within its campus boundaries. In such instances, the hospital is treated no differently than other on-campus locations—from a Clery Act perspective—when it is owned or controlled by the institution and is used in direct support of, or in a manner related to, educational or institutional purposes.

However, other institutions may own or control a hospital that is not “reasonably contiguous” to the main campus. Such arrangements require an assessment to determine if the hospital meets the non-campus or separate campus definitions established by the Act.

The 2016 Handbook for Campus Safety and Security Reporting provides new guidance to institutions of higher education regarding the circumstances in which a hospital or medical center is being “controlled’ by the institution, even without a written agreement establishing such control for Clery Act purposes. These factors include:

  • Whether the facility has overlapping faculty/doctors.
  • Whether the facility has overlapping boards of directors or officers.
  • Use of the hospital or medical center as part of the institution’s educational program.
  • Geographic proximity.
  • An ongoing relationship between the institution and the hospital.
  • Whether students consider the hospital or medical center to be part of the campus.

Institutions will need to consider these factors when determining whether hospitals or other medical centers (or spaces contained therein) are “controlled” by the institution and, therefore, Clery-reportable.

Campus Security Authorities

Regardless of the applicable Clery Geography category into which an affiliated healthcare facility may fit, there are some important considerations that institutions owning or controlling these facilities must address. First, the institution will need to identify what the Clery Act calls Campus Security Authorities (CSAs), who are associated with the facility regardless of whether those individuals are employed by the institution or the healthcare facility. Minimally, CSAs include, but are not limited to, the campus police/public safety personnel that provide safety and security services in the healthcare setting, regardless of whether these individuals are:

  • Part of the institution’s campus police or public safety department that provides such services for the rest of the college/university.
  • An entity unto themselves (such as a police or security force that provides security and patrol services exclusively to a hospital affiliated with an institution), or;
  • Are contract security officers that provide supplemental security services to healthcare facilities.

CSAs also include any official of the institution that has significant responsibility for student and campus activities, or persons that do not work for the campus police/public safety department but who provide security-related services, such as monitoring access to a college or university owned or controlled facility or parking lot.

Any person meeting the definition of a CSA needs to be notified of this designation and trained in their responsibilities, which primarily include documenting and promptly forwarding reports of Clery Act crimes brought to their attention to the reporting structure of the college or university. This is important because institutions of higher education are required to collect crime reports from all CSAs at least annually, including from CSAs that may be employed by an affiliated hospital or medical facility.

The Daily Crime Log

An additional matter raised by healthcare settings with their own security departments pertains to the daily crime log. All institutions subject to the Clery Act that have a campus police or security department must create, maintain and make available a daily crime log, which is intended to capture all crimes reported to the department, not just those Clery Act crimes.

The scope of the log is limited to those crimes reported to the security department that occurred On Campus, on Public Property affiliated with the campus, in or on non-campus buildings and property, or within the security department’s expanded patrol jurisdiction, if one exists. Typically, the institution’s campus police or public safety department is responsible for managing the log for the main campus.

However, if there is a hospital or other affiliated healthcare facility that is part of the main campus, and the facility has its own security department that is independent of the campus police or public safety department, then the institution should implement a system to ensure that crimes reported to healthcare security are added to the log by the institution’s campus police or public safety department within two business days of the healthcare security department learning about a crime.

Given the presence of a stand-alone security department on the main campus, it is recommended that a copy of the Log be available at the main campus police or public safety department, as well as the healthcare facility’s security department office. This will ensure the daily crime log is accessible on site, as required by law, regardless of whether the healthcare facility is part of the institution’s main campus or is considered under the Clery Act to be a separate campus.

Toward an Integrated Approach

Healthcare facilities that are affiliated with an institution of higher education or are allowing an institution to use space within their facilities play a valuable role in evaluating a campus’s Clery compliance program in light of the specific compliance considerations presented by these types of arrangements. While some of the more foundational issues have been reviewed, it would serve institutions well, given the current compliance environment, to consider a myriad of other ways in which compliance with the Clery Act can be nuanced for its affiliated healthcare facilities, regardless of whether those facilities are owned or operated by the college or university. A proactive, collaborative review of pertinent policies, procedures and practices pertaining to these facilities can help stave off noncompliance findings in the event of a Department of Education audit.

This article originally appeared in the March 2017 issue of Security Today.


  • Report: 15 Percent of All Emails Sent in 2023 Were Malicious

    VIPRE Security Group recently released its report titled “Email Security in 2024: An Expert Look at Email-Based Threats”. The 2024 predictions for email security in this report are based on an analysis of over 7 billion emails processed by VIPRE worldwide during 2023. This equates to almost one email for everyone on the planet. Of those, roughly 1 billion (or 15%) were malicious. Read Now

  • ASIS Announces ANSI-Approved Cannabis Security Standard

    ASIS International, a leading authority in security standards and guidelines, proudly announces the release of a pioneering American National Standards Institute (ANSI)-approved standard dedicated to cannabis security. This best-in-class standard, meticulously developed by industry experts, sets a new benchmark by providing comprehensive requirements and guidance for the design, implementation, monitoring, evaluation, and maintenance of a cannabis security program. Read Now

  • ISC West Announces Keynote Lineup

    ISC West, in collaboration with premier sponsor the Security Industry Association (SIA), announced this year’s dynamic trio of speakers that will headline the Keynote Series at ISC West 2024. Read Now

    • Industry Events
  • Government is Top Targeted Industry for DDoS Attacks in Q4 2023

    The government sector experienced a surge of DDoS attacks in Q4 according to Lumen Technologies (NYSE: LUMN), a global leader in integrated network and cybersecurity solutions. The Lumen Quarterly DDoS & Application Threat Report for Q4 2023 analyzes data from its DDoS mitigation platform and application protection partner, ThreatX, to provide an overview of the DDoS and application-layer attacks that targeted organizations in the last quarter of 2023. Read Now

Featured Cybersecurity


New Products

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3

  • Hanwha QNO-7012R

    Hanwha QNO-7012R

    The Q Series cameras are equipped with an Open Platform chipset for easy and seamless integration with third-party systems and solutions, and analog video output (CVBS) support for easy camera positioning during installation. A suite of on-board intelligent video analytics covers tampering, directional/virtual line detection, defocus detection, enter/exit, and motion detection. 3

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction. 3