As awareness grows of the risks of vulnerabilities in medical devices, and a September 23 rule deadline for HIPAA modifications looms, health care organizations are also attempting to shift part of their energies to better addressing an alarmingly high level of physical and criminal threats to their staff and clients.
A 2012 Crime and Security Trends Survey, conducted by the International Association for Healthcare Security and Safety (IAHSS), found highly disturbing rates of crime and violence in health care facilities. It seems these safe places may not be so safe, especially for staff. Ninety-eight percent of surveyed facilities reported violence and criminal events, and “healthcare facility crime increased in nearly every category since the most recent survey in 2010, with a significant rise in the number of simple assaults, larceny and thefts, vandalism, and rape and sexual assaults. It’s also the highest number of crimes ever recorded in the history of the IAHSS Crime Survey, with 20,515 crimes reported: an increase of 5,524 compared to 2010,” as Campus Safety Magazine summarizes.
Principal survey research and writer Dr. Victoria Mikow-Porto lists greater access to guns and other weapons, 24-hour access, gang activity, psychiatric patients released early from treatment and substance abuse among the factors related to the rise in these incidents. Dr. Mikow-Porto also warns that situations can be exacerbated by conflicts, or perceived conflicts, between reporting incidents to law enforcement and protecting the organization against possible fines or litigation related to data protection and client confidentiality. These events may, in fact, be underreported.
In addition to the data collection and research performed by the IAHSS, assistance in assessing and mitigating these risks comes from inside the health care community and governmental agencies. Some vendors have also come to understand that physical security and IT security are not separate anymore and are positioning themselves to make risk management more seamless.
Health care industry non-profit The Joint Commission, which evaluates, accredits and certifies health care organizations in a number of performance areas, offers guidelines for addressing these risk in its “Sentinal Event Alert 45: Preventing Violence in the Health Care Setting.” This free guide could serve as the basis for an action plan for risk assessment and mitigation. And the Occupational Safety and Health Administration (OSHA) provides a comprehensive set of checklists addressing everything from assessment of management commitment and staff involvement all the way through record-keeping and evaluation within the “Guidelines for Preventing Workplace Violence for Health Care and Social Service Workers.” Detailed incident report forms are also included.
Later this year, The Secured Cities conference will present a series of sessions on specific tactics for improving security and safety in health care facilities. IAHSS President Lisa Pryse will present on threat management, motivating hospital staff for emergency preparedness, identifying behaviors of concern and other topics at the Baltimore conference, November 14-15, 2013.
Schneider Electric’s HealthBuildings Risk Assessment Program aims to integrate protections for health care facilities that have an infrastructure “only less complex than a nuclear facility," as described by the company’s service sales manager, Andrew Tanskey. The assessment focuses on integrating the organization’s various security technologies with plant infrastructure.
To reverse the rising rates of violence and crime within the walls of health care organizations, it’s likely going to take a combination of all of these tools: rigorous and honest assessment, policy enforcement and security technology.