Security Management for Healthcare: Proactive Event

Prevention and Effective Resolution

Visit the link below to download the full version of this book:
https://cheaptodownload.com/product/security-management-for-healthcare-proactive
-event-prevention-and-effective-resolution-1st-edition-full-pdf-download/
Security Management for
Healthcare
Proactive Event Prevention
and Effective Resolution

By
Bernard J. Scaglione

A PRODUC TIVIT Y PRESS BOOK

First edition published in 2019
by Routledge/Productivity Press
52 Vanderbilt Avenue, 11th Floor New York, NY 10017
2 Park Square, Milton Park, Abingdon, Oxon OX14 4RN, UK

© 2019 by Taylor & Francis Group, LLC

Routledge/Productivity Press is an imprint of Taylor & Francis Group, an Informa business

No claim to original U.S. Government works

Printed on acid-free paper

International Standard Book Number-13: 978-0-367-08680-0 (Hardback)

International Standard Book Number-13: 978-0-367-08677-0 (Paperback)
International Standard Book Number-13: 978-0-429-02370-5 (eBook)

This book contains information obtained from authentic and highly regarded sources. Reasonable efforts have been
made to publish reliable data and information, but the author and publisher cannot assume responsibility for the valid-
ity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright
holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this
form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we
may rectify in any future reprint.

Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or
utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including pho-
tocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission
from the publishers.

For permission to photocopy or use material electronically from this work, please access www.copyright.com (http://
www.copyright.com/) or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923,
978-750-8400. CCC is a not-for-profit organization that provides licenses and registration for a variety of users. For orga-
nizations that have been granted a photocopy license by the CCC, a separate system of payment has been arranged.

Trademark Notice : Product or corporate names may be trademarks or registered trademarks, and are used only for
identification and explanation without intent to infringe.

Visit the Taylor & Francis Web site at

http://www.taylorandfrancis.com
Contents

Acknowledgement..................................................................................... xi
Introduction.............................................................................................xiii
1 Regulatory Compliance.................................................................1
Introduction..................................................................................................1
Joint Commission on Accreditation of Healthcare Organizations
(The Joint Commission)...............................................................................1
Sentinel Event...............................................................................................3
Root Cause Analysis.....................................................................................3
Process Improvement...................................................................................4
Security Management Plan..........................................................................4
Training Competencies................................................................................5
Security Education.......................................................................................6
Forensic Personnel.......................................................................................6
Emergency Preparedness.............................................................................7
Security Officer Licensure............................................................................7
Centers for Medicare & Medicaid Services..................................................8
Survey Inspection........................................................................................9
Use of Restrictive Devices...........................................................................9
Abuse or Harassment.................................................................................10
Behavioral Health......................................................................................10
Patient Safety..............................................................................................12
Health Insurance Portability and Accountability Act................................12
Occupational Health and Safety Administration.......................................16
National Center for Missing and Exploited Children................................18
Nuclear Regulatory Commission...............................................................20
Global Threat Reduction Initiative............................................................21
Regulatory Inspection Preparation............................................................21
References..................................................................................................24

v
vi ◾ Contents

2 Management of Personnel..........................................................25
Introduction................................................................................................25
Span of Control..........................................................................................25
Management of Personnel.........................................................................27
Theory X....................................................................................................27
Theory Y....................................................................................................28
Managing Personnel Using Theory X and Theory Y...............................29
Staff Supervision and Engagement............................................................32
Scheduling Staff.........................................................................................32
Staff Performance.......................................................................................36
Recruiting the Right Staff...........................................................................38
Employee Onboarding...............................................................................40
The Promotion Process..............................................................................41
References..................................................................................................42
3 Training Security Personnel.......................................................43
Introduction................................................................................................43
Creating the Training Program Curriculum...............................................43
Training Policy...........................................................................................44
Training Goals and Objectives..................................................................45
Training Scope...........................................................................................45
Training Standards.....................................................................................46
The Lesson Plan.........................................................................................46
General Training Topics.............................................................................48
Teaching Methods......................................................................................49
On-the-Job Training...................................................................................50
Training Competencies..............................................................................51
Additional Training Methods.....................................................................52
Mini-Lessons...............................................................................................52
Computer-Based/Online Training.............................................................53
Midpoint Competency Evaluations............................................................53
Training Staff..............................................................................................54
Evaluation of the Training Program..........................................................55
Data Collection...........................................................................................56
An Example of a Data-Driven Training Program.....................................57
4 Proactive Crime Prevention........................................................61
Introduction................................................................................................61
Leading Research.......................................................................................61
 Contents ◾ vii

Hot Spot Theory........................................................................................62

Crime Mapping...........................................................................................63
Repeat Offender and Victim......................................................................63
Crime Prevention through Environmental Design....................................64
The Development of a Crime Prevention Program..................................66
Identification of Trends and Patterns........................................................ 67
Hot Spot Identification and Detailed Analysis..........................................68
Identifying Solutions to Reduce Crime......................................................69
Directed Patrol...........................................................................................69
Neighborhood Watch Program..................................................................70
Incorporating CPTED into the Security Program.....................................71
Victim and Offender Tracking...................................................................72
Awareness Programming...........................................................................73
Security Survey..........................................................................................74
References..................................................................................................74
5 Incident and Event Investigation................................................77
Introduction................................................................................................77
Characteristics of a Successful Investigation.............................................77
Conducting the Investigation.....................................................................80
Team Approach to Investigations..............................................................82
Data Collection...........................................................................................82
Physical Security/Crime Prevention...........................................................83
Lost-and-Found Program...........................................................................84
Reference....................................................................................................86
6 Emergency Response..................................................................87
Introduction................................................................................................87
Preparing for an Emergent Event..............................................................88
Determining Preparedness Needs: The Hazard Vulnerability
Assessment.................................................................................................89
Incident Command System........................................................................90
Emergency Operations Plan......................................................................91
General Security Procedures in Disaster Response..................................93
Incident Notification..................................................................................93
Initial Response by Security......................................................................94
Identification of Exposure.........................................................................94
Lockdown Procedures...............................................................................95
Full Facility Lockdown...............................................................................95
viii ◾ Contents

Partial Facility Lockdown..........................................................................96

Emergency Department Lockdown...........................................................96
Decontamination/Treatment Process........................................................97
Biological Agents........................................................................................97
Hazardous Chemical Agents......................................................................98
Radiation Exposure....................................................................................99
Pandemic Flu..............................................................................................99
Personal Protection Equipment...............................................................100
References................................................................................................100
7 Customer Satisfaction: Enhancing the Patient Experience.......103
Introduction..............................................................................................103
Hospital Consumer Assessment of Healthcare Providers and Systems....... 104
Customer Service Research and Ideology...............................................105
Creating a Customer Service Program..................................................... 110
Integrating Security into the Customer Service Process......................... 112
Staff Training............................................................................................ 113
Attentiveness............................................................................................ 114
Dignity and Respect................................................................................. 115
Communication........................................................................................ 115
Courtesy/Manners.................................................................................... 117
Responsiveness......................................................................................... 117
Consistent Service.................................................................................... 118
Last Word on Customer Service.............................................................. 118
References................................................................................................120
8 Predictive Analytics: Metrics Use and Evaluation....................121
Introduction.............................................................................................. 121
Starting a Metrics-Based Program...........................................................123
A Metrics-Based Program in Action........................................................124
Data Analysis............................................................................................128
Examples of Success................................................................................129
Financial Value.........................................................................................132
Perception of Security..............................................................................133
Metrics-Based Risk Assessment...............................................................134
References................................................................................................136
9 Violence Prevention..................................................................137
Introduction..............................................................................................137
Reduction Resources................................................................................138
 Contents ◾ ix

Methods for the Reduction of Violence.................................................. 141

Training.................................................................................................... 142
Policy........................................................................................................144
Media Relations........................................................................................ 146
Law Enforcement Response..................................................................... 146
Violence Prevention Drills.......................................................................146
Difficult Patient Review Committee........................................................ 147
Reference.................................................................................................. 147
10 Information Security Management........................................... 149
Introduction.............................................................................................. 149
Regulations and Guidelines..................................................................... 150
ISO 27001................................................................................................. 151
Risks Associated with Electronic Information Management Security.......... 152
Keeping Your Network Secure................................................................ 154
Employees and Staff................................................................................. 154
Vendors and Contractors......................................................................... 155
Contingency Plan..................................................................................... 156
References................................................................................................ 156
11 Evaluating Security Technology............................................... 159
Introduction.............................................................................................. 159
Advantages to Digital Security Technology............................................160
Understanding How Digital Security Systems Work............................... 161
How a Network Operates........................................................................ 161
Network Bandwidth................................................................................. 162
Switches and Routers............................................................................... 163
Transmission Mediums............................................................................ 163
Network Configurations...........................................................................164
Internet Protocol Cameras.......................................................................166
Internet Protocol Video Recorders.......................................................... 167
Assessing Digital Compression Technology............................................168
Security Equipment Standardization....................................................... 170
System and Procedural Failure ............................................................... 171
Reference.................................................................................................. 172
12 The Security Survey.................................................................. 173
Introduction.............................................................................................. 173
Guidelines and Standards for the Assessment of Risk........................... 173
Aspects of the Security Survey................................................................ 174
x ◾ Contents

Recommendation Process........................................................................ 177

Recommendation Implementation and Tracking.................................... 178
A Metrics-Based Model for Risk Assessment ......................................... 179
Reference.................................................................................................. 181
Appendix 1: Sample Facility Information Security Plan.................183
Appendix 2: Sample Hospital Security Survey Schedule................ 191
Appendix 3: Sample New Employee Orientation Program.............195
Appendix 4: Sample New Employee Orientation Check List...........199
Appendix 5: Sample Training Policy...............................................201
Index...............................................................................................203
Acknowledgement

During my career, I have come across many people that have influenced
my life in a positive way. For me, the influences that impacted me the most
were those individuals that stressed education and the pursuit of learning:
using knowledge to continuously improve the quality of life and career. This
pursuit for knowledge focused on not only education but learning from oth-
ers, respecting other people for who they are and understanding that every
individual is unique, and understanding that every person provides their
own distinctive set of knowledge and skills developed through life. The first
person in my life that helped me recognize the importance of education
and knowledge was my mom, the woman who recently, at the age of 88,
was admitted into college to pursue her doctorate degree. Growing up, she
was able to balance her life, raising three kids, manage the household and
attend college on a part time basis. She was able to obtain her bachelor’s
and master’s degrees while I was growing up. Thanks, mom, for being you
and allowing me to understand the importance of education and knowledge.
As my career advanced, I have had the distinct pleasure to know and work
with a man whose persistence and mentoring led to this book, a man whose
forward thinking and understanding of the security field broadened my
knowledge and experience. Thank you, Charlie Schnabolk, for your mentor-
ing and knowledge throughout my career. Lastly, I need to thank my wife
of 33 years, who I have known for 43 years and who has certainly been a
major influence in my life and career, providing advice and being a partner
in life and career. This book is dedicated to the three individuals that have
influenced my life and career the most. Thank you all for your advice, sup-
port and guidance.

xi
Introduction

The beginning of the 21st century has brought many challenges to health-
care security, from the possibility of a terrorist attack to pandemic flu, work-
place violence including an active shooter, strict legislative requirements,
and continued financial constraints. Moving forward, healthcare security
executives will need to have a better understanding of legislative require-
ments. Monies previously available for staffing and technology will shrink.
Healthcare security professionals will need to manage staff and resources
differently, increasing service levels while reducing costs. This will require
security executives to be more data driven and to look at alternatives to tra-
ditional methods of supplying security services.
In today’s terrorist-conscious society hospitals need to address access
restriction—identifying all persons entering their facilities and controlling
access to high-risk areas like the emergency department and infrastructure
portals. In 2003, the Office of Homeland Security (OHS) published “The
National Strategy for the Physical Protection of Critical Infrastructures and
Key Assets.” This publication identified hospitals as the primary caretaker of
emergency service personnel and injured attack victims, as well as providing
medical services to their surrounding community. Moreover, the report high-
lighted the need for formulating protective strategies to prevent contamina-
tion from biological, chemical, and radiological agents; theft of toxic agents;
and possible sabotage of the hospital’s infrastructure.
In response to potential catastrophic events, hospitals need to control
access to prevent contamination. Entrances that have historically never been
secured now need to be lockable. In emergencies, hospital security must
stop all persons wishing to gain entry so that they can screen for biological,
chemical, and radiological contaminants. Security staff must be trained to
identify basic toxic agents, and hospital staff must provide decontamination

xiii
xiv ◾ Introduction

services to patients and emergency service workers before they enter the
emergency room for medical treatment.
The 21st century will see many new, challenging diseases, along with the
resurfacing of older, nearly extinct ones. Hospital staff must be trained to
immediately recognize symptoms from these illnesses. Security staff must
be more aware of possible exposures from persons on the street walking
into the hospital or clinic and of course the emergency room. The recent
epidemics of SARS, H1N1, and Ebola have demonstrated the reality of this
challenge, clearly illustrating our need for continued training and education
of security staff when it comes to the handling of high-risk communicable
diseases.
The federal government and other compliance organizations continue
to regulate healthcare security organizations. The Joint Commission (TJC)
requires the maintenance of a security plan, an annual assessment of risk,
the identification of “security-sensitive” areas, and the annual assessment of
performance. The Centers for Medicare & Medicaid Services (CMS) ensures
a safe environment for all patients. The CMS regulates how and when
patient restraints are used and how they are applied. It looks closely at the
weapons that security departments utilize in the arrest and/or restraint of
patients who cause physical harm to staff, visitors, or other patients. The
Nuclear Regulatory Commission (NRC) requires the responsible storage and
transport of nuclear and radioactive materials utilized in the treatment of
patients. These radioactive sources are considered a terrorist risk and must
be properly secured and monitored. The National Center for Missing and
Exploited Children (NCMEC) publishes recommendations on the protec-
tion of infants and children housed or visiting in healthcare institutions. The
NCMEC recommends the development, testing, and critique of a proactive
written prevention plan. The Occupational Safety and Health Administration
(OSHA) provides guidelines in the areas of workplace violence and employee
identification. In 2014, OSHA published a revised version of “Guidelines for
Preventing Workplace Violence for Health Care and Social Service Workers.”
This document concluded that healthcare workers had the highest inci-
dence of assault compared with all other professions outside of healthcare.
Moreover, the study recommends that hospitals and other health-related
organizations implement physical security measures to reduce verbal and
physical assaults. Violence will most likely increase during the 21st century.
Specifically, increases will occur in domestic violence, elder abuse, gangs,
and gun crimes. Many hospitals have delegated these antiviolence initiatives
 Introduction  ◾ xv

to the security department. Security personnel must be taught to properly

respond to disruptive patients, visitors, and staff, and trained to verbally de-
escalate and physically restrain individuals who become verbally threatening
or physically abusive. The Health Insurance Portability and Accountability
Act (HIPAA) enhances the protection of patients’ medical information. In
February 2003, hospitals were required to provide physical security controls
for medical information and implement policies to restrict and monitor the
distribution and release of medical information. At many healthcare institu-
tions, this responsibility has fallen upon security, who have been asked to
install access control technologies in medical record departments and medi-
cal record storage environments, as well as conduct training programs and
monitor policy compliance. Lastly, the “red flags rule” requires creditors to
have identity theft prevention programs in place that will identify, detect,
and respond to patterns, practices, or specific activities that point to the
identity theft of patient medical records and related information. In 2009,
the American Recovery and Reinvestment Act was signed into law. This law
requires the use of electronic health records (EHRs) by physicians and hos-
pitals. This portion of the bill is called the Health Information Technology
for Economic and Clinical Health Act, or the HITECH Act. Included in
the bill are requirements for the physical and virtual securing of medical
information.
Security departments in the new millennium will face increased financial
restraints due in large part to changes in the economy and state and federal
legislation. Political pressure will force reimbursement to decline while the
cost of providing healthcare will increase. To meet the challenge of shrink-
ing security dollars, security must rely on alternative or more innovative
methods for providing services. The use of CCTV, access control, and physi-
cal security applications will be far more important as we proceed further
into the new millennium. Security administrators will need to be more
knowledgeable of security technology and products. Beyond the expanded
utilization of security-related technologies, security executives must change
their mindset from reactive to a more proactive model of detecting crimes
before they occur. This will require a system of evaluation designed so that
the actual effect of the security program can be measured.
Security staff will deal increasingly more with different and diverse cul-
tures, many of which staff may not understand, leading to confrontations or
a reluctance to interact. Training related to the different cultures and their
customs will need to be ongoing. Hospital security will also need to hire a
xvi ◾ Introduction

more diverse group of security officers. Having security staff that can relate
to the population they serve will help them better deal with a more diverse
population.
This book offers a proactive, advanced look at healthcare security. It
provides tools and processes to help administer security services that will
meet the challenges of 21st-century healthcare security needs, as well as the
future, ever-changing environment of healthcare security.1

Reference
1. Scaglione, Bernard J. and Luizzo, Anthony J. Hospital security in the 21st cen-
tury: What should we expect. Journal of Healthcare Protection Management,
Vol. 22, No. 1, pp. 75–80. 2006.
Chapter 1

Regulatory Compliance

Introduction
Regulations within the healthcare field are increasing. More and more fed-
eral, state, and local agencies are developing rules and regulations for the
healthcare industry. Complying with regulatory agencies is a very important
part of managing security in the healthcare arena. Several federal and state
agencies influence security services within the healthcare environment.
In order to comply with healthcare security regulations, it is important to
understand the rules and regulations created by each regulatory agency and
the meaning behind the regulations that they enforce. A firm understanding
of all regulations that involve security can help us to run an effective and
efficient security program.

Joint Commission on Accreditation of Healthcare

Organizations (The Joint Commission)
The Joint Commission is a nonprofit organization that has accredited thou-
sands of healthcare organizations and programs in the United States. A
majority of state governments recognize Joint Commission accreditation
as a condition of licensure for the receipt of Medicaid and Medicare reim-
bursements. The Joint Commission was formerly the Joint Commission on
Accreditation of Healthcare Organizations (JCAHO), and previous to that the
Joint Commission on Accreditation of Hospitals (JCAH).

1
2 ◾ Security Management for Healthcare

In 1951, the Joint Commission on Accreditation of Hospitals was

­created by merging the Hospital Standardization Program with s­ imilar
­programs run by the American College of Physicians, the American
Hospital Association, the American Medical Association, and the Canadian
Medical Association. The JCAH was renamed the Joint Commission on
Accreditation of Hospitals in 1951, but it was not until 1965, when the
federal government decided that a hospital meeting Joint Commission
accreditation met the Medicare Conditions of Participation, that accredi-
tation had any official impact. However, Section 125 of the Medicare
Improvements for Patients and Providers Act of 2008 (MIPPA) removed
the Joint Commission’s statutorily guaranteed accreditation authority for
hospitals, effective July 15, 2010. At that time, the Joint Commission’s hos-
pital accreditation program would be subject to Centers for Medicare &
Medicaid Services (CMS) requirements for organizations seeking accredit-
ing authority. In 1987, the company was renamed the Joint Commission
on Accreditation of Healthcare Organizations (JCAHO; pronounced
“Jay-co”). In 2007, the Joint Commission on Accreditation of Healthcare
Organizations underwent a major rebranding and simplified its name to
the “The Joint Commission.”
Hospitals voluntarily seek accreditation by paying the Joint Commission
to conduct a self-policing survey once every three years. Joint Commission
accreditation is tied directly to a hospital’s Medicaid and Medicare funding.
Originally, Joint Commission accreditation was provided on a percentage
scale, but due to complaints in the rating system it was changed to “pass-
fail” in 2005. In 2006, the Joint Commission changed from scheduled to
unannounced surveys.
A typical survey team consists of a hospital administrator, a registered
nurse, a medical practice specialist or doctor, and an ambulatory care spe-
cialist or a life safety specialist. Each surveyor has a specific role during the
survey, but as a team, their role is to evaluate all of the standards created
by the Joint Commission. The Joint Commission uses the “tracer” methodol-
ogy to conduct its surveys. The tracer method selects a patient, resident, or
client’s medical record as a roadmap to move through the hospital in order
to assess and evaluate the organization’s compliance with Joint Commission
standards. Surveyors retrace the care process through observation and dia-
logue with the staff that cared for the chosen patient. Their focus during the
survey is to determine trends or patterns that point to system-level issues
within the hospital’s safety and quality of care.
 Regulatory Compliance ◾ 3

The Joint Commission survey is not just observational; it also provides

opportunities to educate staff and leaders on proper care, as well as to
share best practices from other healthcare organizations surveyed. The Joint
Commission revises its Environment of Care Standards each year. It is a
good practice for security to review standards on a yearly basis to ensure
that no new standards have been created or current ones revised. The basic
structure of the security standards requires an operational plan and data
collection in order to analyze and continuously improve the security services
provided to the hospital and its patients, visitors, and staff.

Sentinel Event
The Joint Commission started a program in 1996 to improve patient care by
collecting and sharing knowledge and statistics on adverse events occurring
within the organizations it accredited. Called a “sentinel event,” each hospital
organization is required to report unexpected occurrences, such as acciden-
tal death, serious physical or psychological injury, and infant abduction. The
hospital completes an in-depth analysis to determine what caused the event
and how the event can be prevented in the future. An adverse or undesir-
able event includes patient falls, medication errors, procedural errors/compli-
cations, completed suicidal behavior, and missing patient events. The Joint
Commission has also requested that healthcare members investigate “near
misses.” A near miss is a situation that could have resulted in an accident,
injury, or illness but did not. An example of a near miss would be a surgical
or other procedure almost performed on the wrong patient due to lapses in
verification of patient identification but caught at the last minute.

Root Cause Analysis

The Joint Commission expects organizations to conduct a full investigation
into why the adverse event occurred and determine what can be done to
prevent it from recurring. The process that the Joint Commission utilizes
for the investigation and prevention of adverse events is called “root cause
analysis.” Root cause analysis is a process for identifying the basic or contrib-
uting factors that contribute to variations in performance. A root cause analy-
sis focuses primarily on systems and processes, not individual performances.
4 ◾ Security Management for Healthcare

Root cause analysis is not about blame or negligence; it is about finding

methods or processes to improve the situation in order to prevent its recur-
rence. Security may be involved in a root cause analysis when an event
involves a process that security is part of, for example, an infant abduction
or patient elopement.

Process Improvement
The Joint Commission requires hospitals to collect information to monitor
conditions in the hospital environment and improve security program pro-
cesses. This information or data is collected in order to manage risk, risks
that are identified by the security department through internal sources such
as ongoing monitoring of the Environment of Care, results of root cause
analyses, and results of annual risk assessments. External sources such as
sentinel event alerts, trade publications, and local, state, and national news
events. The collection process must include the continued monitoring,
reporting, and investigating of security-related incidents that involve patients,
staff, visitors, and volunteers, as well as the analysis and trending of col-
lected data on potential high-risk incidents. The collection of data should
include a yearly assessment of risk within the hospital and the identifica-
tion of high-risk areas or what the Joint Commission calls “security-sensitive
areas.” The security department should use the results of data analysis to
identify opportunities to resolve security issues and minimize or eliminate
the identified security risks. As part of the analysis process, the security
department must develop and monitor what are called performance indica-
tors. These are data metrics developed from the collection and analysis of
security-related data. The resulting data analysis should be used to measure
improvement in security issues and risks.1

Security Management Plan

The Joint Commission requires all hospitals to development and implement
a written “security management plan.” The plan should describe how the
organization establishes and maintains a program that protects staff, patients,
and visitors. The plan should designate those persons responsible for devel-
oping, implementing, and monitoring the plan and address all of the Joint
Commission standards within the plan. For example, the plan should outline,
 Regulatory Compliance ◾ 5

but not detail, the controlling of access to and from sensitive areas or how
the security department will provide for vehicular access to the emergency
department. The plan should be written in plain English and outline the
activities and actions of the security department, including its mission state-
ment and department values. Many hospitals write their security plan by
recording the individual standards and then describing the processes that the
hospital uses to meet each standard. This is the best technique in writing the
plan. The Joint Commission prefers this type of written plan because a sur-
veyor can easily review the plan and see how the plan meets the standards.
The security management plan should be reviewed annually when the new
standards are published. This will keep the plan up to date and allow the
security department to stay in compliance with the Joint Commission while
modifying operations and processes as necessary to meet standards.

Training Competencies
The Joint Commission wants security departments to evaluate staff per-
formance based on their job responsibilities and training. This evaluation
should be conducted at least yearly or as necessary to ensure the high-
est level of staff performance. This evaluation should be documented and
completed especially where job functions involve direct patient care. For
security, that means competence in patient restraint, patient watches, cus-
tomer service, and any other job functions that relate to patient care. The
Joint Commission requires that this assessment method utilize competencies
in skills that are necessary to perform security officer work. Competency
­methods include test taking, demonstration/observation, and the use of
simulation. Staff competence should start at orientation and be utilized
through all training conducted with the security staff for their entire career.
Competency assessments should be documented and stored in each employ-
ee’s personnel file. When a staff member’s competence does not meet
expectations, the Joint Commission wants hospitals to document corrective
actions. For example, job functions for each security post or job should be
broken down to the essential job components. For officers that stand in the
main entrance, competencies may include where the officer stands, what he
says to greet patients and visitors, or the checking of employee IDs or visi-
tor passes. Failing a competency evaluation means the security department
should provide documented additional training and reassessment to ensure
that the officer meets the competency.
6 ◾ Security Management for Healthcare

Security Education
The Joint Commission requires that all hospital staff be oriented and edu-
cated about the security processes within their area of work and that they
possess the knowledge and skill required to perform their responsibilities
under the security management plan. The standard requires that personnel
be able to describe or demonstrate knowledge of security risks, like infant
abduction and reporting procedures for security incidents involving patients,
visitors, personnel, and property. Under the Human Resource Standard,
hospital personnel that work in designated security-sensitive areas should
be able to describe or demonstrate the security risks associated with their
area, how to minimize them, emergency procedures for security incidents,
and the reporting procedures for security incidents specific to their area.
Many hospital security departments use new employee orientation and
annual i­n-service training to review security policy and practices with staff.
Many hospitals include procedures like workplace violence, active shooter,
and escort services and basic crime prevention information in their security
­orientation and annual in-service training.

Forensic Personnel
Training under the Joint Commission includes training community personnel
that visit or stay within the hospital. Published within the Human Resource
Standard, most hospitals require security to provide training to and act as
a liaison with law enforcement personnel while on hospital property. The
Joint Commission wants law enforcement personnel to be oriented on hos-
pital and security procedures. Procedures like fire response, smoking, and
patient restraint should all be taught to law enforcement personnel who are
in the hospital for prisoner security or treatment escort. Because of a num-
ber of events that have occurred in healthcare facilities with law enforce-
ment personnel and their prisoner patients, the Joint Commission requires
the education of law enforcement personnel that are present in a healthcare
facility. This standard includes law enforcement personnel who are guarding
an inpatient who is a prisoner or who visit the hospital facility on a regular
basis and are present within the facility for an extended period guarding
outpatient prisoners. The standard requires that these law enforcement per-
sonnel be educated on hospital policy and procedure that may affect them
during their time within the hospital. Law enforcement personnel need to
 Regulatory Compliance ◾ 7

be educated on basic safety protocols like fire response and patient restraint,
visiting hours, the smoking policy, and the procedure for emergent medical
situations like a heart attack. The standard requires the creation and mainte-
nance of a logbook documenting training sessions. Security must document
law enforcement personnel training and provide some written educational
material to law enforcement personnel. Many hospitals place all of the
required information on a laminated card that fits into the officer’s memo
book. This way the law enforcement officer has immediate access to the
information when needed. Some hospital security departments attend local
law enforcement roll calls and provide the necessary information annually.

Emergency Preparedness
Hospitals must have a written emergency management plan in place that
includes security. The plan requires advance preparation to support security
during an emergency and describes the response procedures to follow when
emergencies occur. The plan must coordinate its security activities and uti-
lize an “all-hazards” approach that is flexible enough to address the duration,
scale, and cause of a specific emergency. The plan should identify security’s
capability and response procedures during a disaster and coordinate security
activities with community agencies when those services are available. The
plan should include procedures to control or close entrances into and out
of the healthcare facility and control movement of individuals and vehicles
within the healthcare facility.

Security Officer Licensure

Many states require security staff to be licensed. Whether in-house or a
contract service, the Joint Commission requires all licensed personnel that
come in any sort of contact with patients to have an active license while
working. The hospital must be able to verify that a working employee has
an active license, one that has not expired or been suspended. To ensure a
license is active, the Joint Commission requires primary source verification
of licensure. Primary source verification is verification of an active license
from the original source to determine the accuracy of the qualifications and
license status. The hospital, or security department, must have a process in
place that will provide primary source verification. A copy of each security