International Association of Healthcare Security and Safety ASIS International Board Certified Physical Security Professional Achieved PSP status on July 29th, 2011 (IAHSS Basic Certification) CHSO Achieved August 30th 2012 (IAHSS Advanced Certification) CAHSO Achieved September 19th 2012 Valid for three years
What is IAHSS? The International Association for Healthcare Security and Safety, or IAHSS for short, is the only organization solely dedicated to professionals involved in managing and directing security and safety programs in healthcare institutions. IAHSS is a professional organization comprised of security, law enforcement and safety professionals dedicated to the protection of healthcare facilities worldwide. IAHSS strives to combine public safety officer training with staff training, policies and technology to achieve the most secure hospital environments possible. Additionally, the IAHSS partners with government agencies and other organizations representing risk managers, emergency managers, engineers, architects, nurses, doctors and other healthcare stakeholders to further patient security and safety.
Who is the IAHSS? The IAHSS has the basic purpose of promoting professionalism in healthcare security and safety. The IAHSS was founded in 1968, as a non-profit organization and has members throughout the United States and other Countries. The IAHSS is a progressive Certification. I have satisfied the first of three levels. (Basic, Advanced and Supervisory) August 30, 2012. I have satisfied the second of the three levels or advanced Sept. 19, 2012.
Who is the IAHSS? The IAHSS created a guideline for Healthcare Facilities to base Security Designs off of. Parking and the External Campus Environment Buildings and the Internal Environment Inpatient Facilities Emergency Departments Behavioral/Mental Health Areas Pharmacies Cashiers and Cash Collection Areas Infant and Pediatric Facilities Areas with PHI Utility, Mechanical and Infrastructure Areas Biological, Chemical and Radiation Areas Emergency Management
Opening Doors The IAHSS is recognized in the Healthcare Arena
Speak Your Language Obtaining the CHSO and CAHSO allows me insight into facility requirements and how the system may be utilized Short term Long term Reoccurring
IAHSS Created A Risk AssessmentToolkit Our Customers Hospital may be a large inner city institution or a small rural facility. Healthcare security professionals, regardless of hospital size or location, should conduct an initial and annual assessment of risk relative to their facility. Risk assessments can include identification of threats, vulnerabilities, and based on both, an analysis of problem areas and the steps required to reduce or mitigate loss. Determining the process and what steps or controls are required to protect critical and sensitive assets adequately, and in a cost effective manner, is the challenge they all face. Determining how critical the asset is to the facility and the value of that asset to an adversary is a basis for how likely it is for a loss to occur and what the potential impact of that loss might be to the institution. ESCO has a CD toolkit which includes an explanation of a risk assessment, sample forms and sample policies.
Basic Training Manual for HealthcareSecurity Officers – Fifth Edition The book is broken down into six sections. There are a total of thirty-eight chapters. Medical Records and HIPPA The Healthcare Organization Support Units and Ancillary Services Security Services in the Healthcare Organization Vulnerabilities and Risks in Healthcare Customer Relations: Public, Employee and Labor Relations Issues Settings Customer Service Integration and Use of Physical Teamwork and Team Building Security and Access Control Patrol Procedures and Techniques Equipment Use and Maintenance Security Interactions in Various Situations Identity Theft Risk Reduction: Restraints, Self-protection and Defense Overview of the Incident Command System Professional Conduct and Self-development Basic Safety Protection of Officers Crisis Intervention Fire Prevention, Control and Response Interview and Interrogation Terrorism Report Preparation and Writing Bomb Threat Response Planning Report Value and Liability Emergency Management Judicial Process, Courtroom Procedures and Testimony Civil Disturbances Parking and Crowd Control Violence Issues: Domestic, Workplace Patient Care Units and Hostage Situations Business Office and Financial Services Criminal and Civil Law Pharmacy: Physical Security, Narcotics and Dangerous Drugs Statutes and Standards Affecting Emergency and Behavioral Units Security Actions Infant and Pediatric Units Regulatory Agencies Public Safety Interaction and Liaison
Advanced Training Manual – ThirdEdition There are a total of fourteen chapters. Security Awareness and Crime Prevention Enhanced Customer Service Premise Liability Methods of Patrol Investigative Techniques, Reports and Procedures Off-campus Security and Safety Workplace Violence Patient Risk Groups Interacting with Patients Special Security Considerations Security in Sensitive Areas Electronic Security Technologies Critical Incident Response Advancing Professionalism
Defining Healthcare Security A common error for healthcare organizations is to view security as being closely aligned with the law enforcement function. Security Law Enforcement• Prevention of • Apprehension Incidents Administrative Law Enforcement of Offenders• Protecting an Remedies Remedies • Protecting Organization Society• Administrative To resolve a To resolve a • Legal Remedies remedies situation in the best situation in • Statute defined• Organization interests of the accordance with • Tax Supported defined organization local, state and • Public Opinion• Private and Tax federal laws Funding• ROI Moral responsibility, legal concerns, complying with accreditation/regulatory requirements, contribute to quality patient care, maintaining the economic/business foundation of the organization, and maintaining sound public, community and staff relations. Hospital and Healthcare Security – Fifth Edition (Russell L. Colling Tony W. York Butterworth-Heinemann page 20
Influencing Organizations on Healthcare Security TJC (The Joint Commission) NCMEC (National Center for Missing or Exploited Children) CMS (Center for Medicaid and Medicare Services) IAHSS - International Association of Healthcare Security and Safety (I currently hold the CHSO and CAHSO Certifications) ASIS International (I am a Board Certified Physical Security Professional with ASIS International) ENA (Emergency Nurses Association) NFPA (National Fire Protection Association) (I previously held install and inspections licenses for Kentucky, Ohio and West Virginia) State Health Departments Federal, State and Local Legislation/OrdinancesHospital and Healthcare Security – Fifth Edition (Russell L. Colling Tony W. York Butterworth-Heinemann page 35
Safety and Security Inspections There are two categories of inspections: Hazard Surveillance Rounds Security Surveys Both are critical in managing the Environment of Care Standards – and – are required by The Joint Commission Hazard Surveillance rounds are a Joint Commission requirement, findings from this inspection are reported to the safety committee of the healthcare organization. Patient care buildings require inspections twice a year as do satellite health centers. Fire hazards – corridor obstructions, blocked sprinkler heads, difficult to see signage Employee knowledge and understanding of the fire and emergency plans Hazardous Materials and MSDS sheets Medical gas shutoff policy Familiarity with the safe medical devices act and how to respond if equipment fails. Non-patient-care buildings and the exterior grounds require an annual inspectionAdvanced training manual for healthcare security personnel 3rd Edition – Chapter 1 page 1-4
Basic Healthcare Security Risks/Vulnerabilities Assault Grounds Imposter/Medical Imposter Theft (From) Internal Kickbacks/Fraud Patient Staff External Kidnapping/Abduction Visitor Sexual Stranger Facility/Organization Bomb threat/Bombing Domestic Vandalism Burglary Labor Actions Facilities Slowdowns Vehicles Strikes Dissident Group Actions Loss of Critical Information Internal Patient Elopement External Robbery Drug Abuse/Loss Internal Embezzlement External Fire/Explosions Stalking Hostage Taking Terrorism Homicide Against Facility Collateral Damage Identity TheftHospital and Healthcare Security – Fifth Edition (Russell L. Colling Tony W. York Butterworth-Heinemann page 53
Premise Liability Security Department helps mitigate and reduce premise liability and the expensive outlay of financial resources typically associated Property Owners have: Legal duty to maintain the property in a reasonably safe condition. Depending on the state, an invitee who is authorized to be at the site may have different rights than a trespasser. Premise liability stems from a variety of conditions around the property, including the physical condition; it may also include activities taking place on the property. Negligence has four elements Legal duty Breach of duty Proximate cause Damages or injury For a tort claim to be successful, the individual would need to show by a preponderance of the evidence that negligence by the owner resulted in all four elements.Advanced training manual for healthcare security personnel 3rd Edition – Chapter 3 page s 3-1 and 3-2
Negligent Security – or – Totality of Circumstances? “When acts of violence occur against patients, visitors, contractors, or off-duty staff, the premise liability tort focuses on claims that the security was negligent. As mentioned earlier, cases frequently center on the following”: Poor Lighting Ineffective access control Defective doors or locks Poor surveillance systems Low visibility Premise liability claims related to security risks strive to demonstrate a breech of duty in one of the following areas: Failure to perform a security assessment Failure to correct documented problems Failure to provide qualified security management and staff Lack of training Inadequate security staffing levels Inadequate patrol coverage Lack of basic equipment, such as lights or radiosAdvanced training manual for healthcare security personnel 3rd Edition – Chapter 3 page s 3-6 and 3-7
Security-Sensitive Area These areas are considered security-sensitive areas at healthcare facilities: Women’s Services Labor and Delivery Infant Toddler Emergency Department Pharmacy Cashier Utility generation Each security-sensitive area must have the following procedures and controls: A detailed access control plan A specific, written security plan for the department or area A specific, written critical incident response plan for the department or area Initial training for all newly hired employees and annual refresher training for all employees on the specifics of the security plan and the critical incident response plan for this area.Advanced training manual for healthcare security personnel 3rd Edition – Chapter 11 page 11-3
Examples of Security in a Security-Sensitive Area Women’s services is one area for which many organizations have standards and guidelines. NCMEC and Joint Commission state hospitals must at least have the following security measures in place: Access control measures to account for every person gaining access A specific, written security plan to prevent infant abductions Another specific, written security plan for responding to an infant abduction if one were to happen A training program that tells each new hire, including physicians, what the security measures are, what the procedures are to prevent abductions, and what the procedures are if abduction occurs Annual refresher training for each person working in this area regarding the security measures and procedures to prevent and react to infant abductions A unique form of identification for each person authorized to handle infants; this distinctive badge must be known by and be able to be recognized by the mother and father (or significant other) Locks, alarms, and controls on all doors to and from the area Surveillance camera mounted at adult chest/head height at all entrances to the area – taking and recording pictures of everyone who enters. This is not an all inclusive list, only a few…Advanced training manual for healthcare security personnel 3rd Edition – Chapter 11 page 11-3
Examples of Security in a Security-Sensitive Area Pharmacies must follow strict federal and state guidelines in addition to other jurisdictional entities. All pharmacies must be protected with some type of controlled access This can be as simple as a mechanical key Electronic Access Controlled system (EAC) card plus pin (dual input identification) CCTV recording ingress/egress of person(s) All ingress/egress leading into or out of Schedule II locations All retail sales counters (including those considered over the counter (OTC) Storage of Schedule II drugs requires a secured room or cabinet. Often, Schedule II drugs are protected by a dual-key access, alarm systems and strict distribution logs. Compounding areas – are an additional zone of protection and may have card access with a even more restricted access level Each checkout station will have a silent duress or panic button Pyxis and Omnicell type drug dispensers may be connected to the EAC or another alarm system as well as under video surveillanceBasic training manual for healthcare security personnel 5th Edition – Chapter 18 pages 18-3 and 18-4
Examples of Security in a Security-Sensitive Area Cashiers and Business Offices Each Cashier station will have a silent duress or panic button CCTV recording cash transactions Sound masking (HIPAA) Frequent – unscheduled Security Officer Patrols Physical barriers between Cashier and Customer Bullet resistant glass – and walls CCTV Recording Caution! Caution – Care should be taken when positioning cameras, so that computer screens, files/documents, and other forms of media are not recorded that could contain HIPAA information.Basic training manual for healthcare security personnel 5th Edition – Chapter 18 pages 18-3 and 18-4
Infants (under 6 Months) Abducted by Nonfamily Members from US Healthcare Facilities from 1983 to June 2009 Abducted Mothers Room Nursery Pediatrics On Premises 126 Abductions during this timeline – Indiana accounted for 2 of the 126Hospital and Healthcare Security – Fifth Edition (Russell L. Colling Tony W. York Butterworth-Heinemann page 509
119 Abductions were thwarted 07 were successful Outcome Recovered Still Missing States with the most attempts: California – 34 Texas – 33 Florida – 20 Illinois – 16 Maryland, New York and Ohio – 10 Georgia – 9 Pennsylvania – 8Violence to Mothers – occurred 9 timesHospital and Healthcare Security – Fifth Edition (Russell L. Colling Tony W. York Butterworth-Heinemann page 510
Timeline of Healthcare Security 1950 1960 1975 1990 2000 2009 2012 Future Primary duty General law In-house Safety and September Convergence was a fire watch as a function of maintenance and engineering enforcement approach evolved security departments Security two separate entities, Risk Management starts being developed 11, 2001 and Katrina change function of Security, Ris k of IT and the modifications to the environment of care ? and Management implemented continues growth, TJC combines Security and SafetyHospital and Healthcare Security – Fifth Edition (Russell L. Colling Tony W. York Butterworth-Heinemann page 25
Can assist you with Design, Installation, Service,Assessments and Inspections: Nurse Call Mass Notification Sound Reinforcement Fire Alarm Systems Physical Security Audio/VisualsWWW.escocomm.com Toll Free 1-800-613-3726 Direct 317-298-2975