Healthcare Facilities Step Up Security to Combat Workplace Violence, Safety Breaches
By Kelly M. Pyrek
"There are always compromises that have to be made, as you are building a healthcare facility, not a prison."
--Walter G Sarratt, CPP
The events of September 11, 2001 have forever changed the face of security, and with the specter of bioterrorism looming overhead, healthcare facilities are among U.S. institutions that are stepping up security measures. While many in-house security departments suffered under the ax of budget cuts in the 1990s, since 9/11, "security staffing has increased, electronic security systems have been installed and/or upgraded and manufacturers could not make systems fast enough," comments Bradley J. Williams of the International Association for Healthcare Security and Safety (IAHSS).
"People who were satisfied with the level of their security prior to Sept. 11 are beginning to question the depth and scope of their facility's security," says Walter G. Sarratt, CPP, regional director for Healthcare Security Services in San Diego and a former police officer and investigator. "People are asking more questions now about how their security programs measure up," adds Sarratt, who also is author of the Hospital Security Professionals' Manual. "Security is like a chess game, with moves and counter moves, strategies and counter strategies. We're finding that healthcare facilities are reacting more quickly to negative trends than in the past."
"Security professionals have tried to approach security with the following thought in mind: 'If I can control who and what comes into the facility, then I can control or at least reduce the number of opportunities to compromise the system from within,'" Sarratt writes. "This is a good rule. And in a simpler time, it might have been all we needed to know about how security should function. However, as a result of the horrific events of September 11, 2001, the entire face of security has changed. Not just on a local level, but on regional and national levels as well."
The uptick in concern about healthcare facility security emerged even before the terrorist attacks. In 2000 the American Society for Industrial Security's healthcare committee released its Healthcare Security Benchmarking Study that documented the state of the industry. The study recognized that despite the fact many healthcare facilities were facing operating losses in the millions, they planned "significant improvement to technology and security staffing." The study asked the eerily prophetic rhetorical question of, "Has there been an increase in incidents to warrant these increases? And "Are these increases a deterrent to future incidents and if so, how can these improvements be benchmarked?"
The study said, "The importance of security in healthcare has been identified through the financial investment healthcare organizations plan to make. As these campuses expand to a wider geographic area and further development of outpatient services increases to create a more efficient clinical care network, the need to increase technology to create efficiencies will be expanded and paramount."
More than 300 hospitals with freestanding facilities responded to the ASIS survey. Eighty-two percent of respondents had freestanding facilities; 73 percent had outpatient facilities; 34 percent had adult facilities and 25 percent had freestanding laboratories. The survey found that in the next six to 12 months, 8 percent of the healthcare facilities planned to increase security personnel in the freestanding areas; 17 percent planned to increase security staff training; 25 percent intended to increase technology; and 34 percent said they did not plan to make any improvement to their existing level of security.
The survey revealed that when it comes to technology, facilities were wired. Twenty nine percent of outpatient facilities had closed circuit television systems; 22 percent had VCRs; 33 percent had access control systems; 20 percent had monitoring systems; 50 percent had security alarm systems; and 19 percent had radio communications in place. The average outpatient facility security officer coverage was 19 percent for a 24-hour shift; 5 percent had day shift coverage and 3 percent had night shift coverage.
The emphasis on technology comes as no surprise, as the ASIS survey detected a trend toward the reduction in security staff in favor of hardware. While the study indicated that overall, 29 percent of hospitals planned to increase staffing, converse findings also indicate there is an expected decrease in security staff of 10.15 percent proprietary and 2.15 percent contracted, reflecting severe reimbursement reductions in the previous two years and the need for facilities to reduce all staff in order to maintain operations. The most favored technology to replace security staff was closed circuit televisions and access control systems.
While hardware can easily replace humans, Sarratt isn't sure that's the most foolproof way to go.
"We're in the people business," Sarratt says. "We serve the patient, and we serve the departments who serve the people who serve the patient. The margin for error is a lot smaller when you are protecting people than when you are protecting inventory."
He continues, "The answer to security problems is not necessarily throwing money at it; it's all about developing good security awareness among healthcare facility staff. Electronic security devices can supplement the role of security staff and expand their presence in areas in which they may be spread thin. Before you spend dollars on electronics, ask yourself, 'Will this deal with just the perception of security or will it actually cure security problems?' Well-meaning people spend a lot of money on security devices they don't know how to operate efficiently and which are high maintenance. Then they may be abandoned. I don't what is worse -- not having them or not being able to use them as intended."
Sarratt advocates a security program that places emphasis on smart technology and an even smarter security staff that is screened carefully and well trained. He acknowledges that a staffing shortage makes hiring the right security staff more challenging.
"Many are called but few are chosen," Sarratt says. "Our company puts people through psychological profiles and we conduct background investigations. They are licensed before they are placed in healthcare facilities and we do everything we can to make sure they are prepared for the job. The most important thing is that security staff members are managed and trained meticulously. If security personnel have to leave to their discretion the right thing to do, you have a 50-50 chance they're going to do the right thing and a healthcare facility can't afford that. It's like saying you have a 50-50 chance of the surgeon going into the operating room and doing a good job or a bad job of the operation, and you need better odds than that. Everything security staff does must be scrutinized."
How a healthcare facility fashions its security program is highly individual; however, Sarratt says the basics include identifying high-risk areas.
"Each facility, in its security management plan, must declare those areas they consider security sensitive, such as the ER, post-op, ICU, behavioral health units, outpatient facilities. Each area demands special attention and close scrutiny of the risks and potential problems. It's a challenge to create a solid security plan that protects the facility, its staff and patients, yet does not interfere with the progress of healthcare delivery. You also do not want to create a facility that has a police atmosphere. It's a very delicate balance between good security and timely, efficient patient-care delivery."
Healthcare facilities are obviously more vulnerable to security risks by the very nature of their operation.
"They are a 24 hour-a-day business, for the most part," Sarratt says. "They never know what or who will come through the front door. You can't separate a patient from their loved ones. You can screen visitors to the best of your ability. But there are question marks. Healthcare providers and security staff must be alert to the first signs of trouble. Security staff must understand the nature of the neighborhood the healthcare facility is in and the kind of people they will encounter daily."
While external forces present much of the security risk, Sarratt emphasizes a growing trend of internal violence and aggression.
"Of greatest concern to healthcare facilities is the workplace violence issue," he says. "We conduct workplace violence training programs within healthcare facilities and attempt to sensitize employees to the potential for violence."
Workplace violence has emerged as an important safety and health issue in today's workplace, acknowledges the Occupational Safety and Health Administration (OSHA). Its most extreme form, homicide, is the third-leading cause of fatal occupational injury in the United States. According to the Bureau of Labor Statistics (BLS) Census of Fatal Occupational Injuries (CFOI), there were 674 workplace homicides in 2000, accounting for 11 percent of the total 5,915 fatal work injuries in the United States. Environmental conditions associated with workplace assaults have been identified and control strategies implemented in a number of work settings. OSHA has developed guidelines and recommendations to reduce worker exposures to this hazard but is not initiating rule-making at this time.
In its April 2002 report, "Violence: Occupational Hazards in Hospitals," the National Institute for Occupational Safety and Health (NIOSH) reported that as many as 5 million U.S. healthcare workers are exposed to many safety and health hazards, including violence. According to BLS estimates cited in the report, 2,637 nonfatal assaults on hospital workers occurred in 1999 -- a rate of 8.3 assaults per 10,000 workers. This rate is much higher than the rate of nonfatal assaults for all private-sector industries, which is 2 per 10,000 workers.
Several studies indicate that violence often takes place during times of high activity and interaction with patients, such as at meal times and during visiting hours and patient transportation. Assaults may occur when service is denied, when a patient is involuntarily admitted, or when a healthcare worker attempts to set limits on eating, drinking, or tobacco or alcohol use.
Workplace violence ranges from offensive or threatening language to homicide. NIOSH defines workplace violence as violent acts (including physical assaults and threats of assaults) directed toward persons at work or on duty. Examples of violence include verbal threats, threatening body language, and written threats; physical assaults ranging from slapping and beating to rape, homicide and the use of weapons such as firearms, bombs or knives; and muggings.
Case reports include an elderly patient who verbally abused a nurse and pulled her hair when she prevented him from leaving the hospital to go home in the middle of the night; an agitated psychotic patient who attacked a nurse, broke her arm and scratched and bruised her; and a disturbed family member whose father had died in surgery at the community hospital, who walked into the emergency department and fired a small-caliber handgun, killing a nurse and an emergency medical technician and wounding the emergency physician. Violence in hospitals usually results from patients and occasionally from their family members who feel frustrated, vulnerable and out of control.
Although anyone working in a hospital may become a victim of violence, the NIOSH report says nurses and aides who have the most direct contact with patients are at higher risk. Other hospital personnel at increased risk of violence include emergency response personnel, hospital safety officers, and all health care providers. Violence may occur anywhere in the hospital, but it is most frequent in psychiatric wards, emergency rooms, waiting rooms and geriatric units.
Violence may also have negative organizational outcomes such as low worker morale, increased job stress, increased worker turnover, reduced trust of management and coworkers, and a hostile working environment.
The risk factors for violence vary among healthcare facilities depending on location, size, and type of care. Common risk factors for hospital violence include the following:
Working directly with volatile people, especially, if they are under the influence of drugs or alcohol or have a history of violence or certain psychotic diagnoses
- Working when understaffed--especially during meal times and visiting hours
- Transporting patients
- Long waits for service
- Overcrowded, uncomfortable waiting rooms
- Working alone
- Poor environmental design
- Inadequate security
- Lack of staff training and policies for preventing and managing crises with potentially volatile patients
- Unrestricted movement of the public
- Poorly lit corridors, rooms, parking lots, and other areas
To prevent violence in healthcare facilities, NIOSH says employers should develop a safety and health program that includes management commitment, employee participation, hazard identification, safety and health training, and hazard prevention, control, and reporting. Employers should evaluate this program periodically. Although risk factors for violence are specific for each hospital and its work scenarios, employers can follow general prevention strategies, including:
- Develop emergency signaling, alarms, and monitoring systems
- Install security devices such as metal detectors to prevent armed persons from entering the hospital
- Install other security devices such as cameras and good lighting in hallways
- Provide security escorts to the parking lots at night
- Design waiting areas to accommodate and assist visitors and patients who may have a delay in service
- Design the triage area and other public areas to minimize the risk of assault
- Provide staff restrooms and emergency exits.
- Install deep service counters or bullet-resistant and shatterproof glass enclosures in reception areas.
- Arrange furniture and other objects to minimize their use as weapons.
- Design staffing patterns to prevent personnel from working alone and to minimize patient waiting time.
- Restrict the movement of the public in hospitals by card-controlled access.
- Develop a system for alerting security personnel when violence is threatened.
- Provide all workers with training in recognizing and managing assaults, resolving conflicts and maintaining hazard awareness.
The NIOSH report presents examples of prevention strategies that have worked, including:
- A security screening system in a Detroit hospital included stationary metal detectors supplemented by hand-held units. The system prevented the entry of 33 handguns, 1,324 knives and 97 mace-type sprays during a 6-month period.
- A violence reporting program in the Portland, Ore. VA Medical Center that identified patients with a history of violence in a computerized database. The program helped reduce the number of all violent attacks by 91.6 percent by alerting staff to take additional safety measures when serving these patients.
- A system restricting movement of visitors in a New York City hospital used identification badges and color-coded passes to limit each visitor to a specific floor. The hospital also enforced the limit of two visitors at a time per patient. In 18 months, these actions reduced the number of reported violent crimes by 65 percent.
"All hospitals should develop a comprehensive violence prevention program," the NIOSH report admonishes. "No universal strategy exists to prevent violence. The risk factors vary from hospital to hospital and from unit to unit. Hospitals should form multidisciplinary committees that include direct-care staff as well as union representatives (if available) to identify risk factors in specific work scenarios and to develop strategies for reducing them. All hospital workers should be alert and cautious when interacting with patients and visitors. They should actively participate in safety training programs and be familiar with their employers' policies, procedures, and materials on violence prevention."
While most outpatient facilities and surgical hospitals don't face the kinds of high-risk situations some tertiary-care hospitals in urban areas do, Sarratt says ambulatory surgery facilities have their own set of cautions.
"Outpatient facilities have a significant flow of people in and out constantly," Sarratt says. "An ever-changing patient demographic mix necessitates anticipating varied security needs. Every facet of security and public relations skills comes into play in an outpatient surgery facility because these facilities are simply microcosms of a tertiary-care hospital. Security staff for outpatient facilities don't have to deal with many high-risk situations, but many security concerns remain the same."
The security programs of outpatient facilities must be as carefully planned as those of traditional hospitals, Sarratt says.
"The planning and programming phase of any healthcare construction project should include a security consultant," Sarratt adds. "It's the easiest way to deal with the many demands of such a project, such as getting the crime profile for the community in which you are building. It's all detail work: you must determine how your exits should be staged, what your perimeter looks like, etc. Everything from a security standpoint starts from the outside in; if you can control what's outside and what comes in the door, you have the upper hand. There are always compromises that have to be made, as you are building a healthcare facility, not a prison."
Sarratt says the two principles to bear in mind in the design phase is to limit the number of entrances and exits, as good security begins with a strong perimeter, and to monitor the physical or electronic areas between the perimeter and the compartmentalized protection of the offices and working units. Once the facility is built, operational dynamics come into play, Sarratt says.
"Insurance carriers, the Joint Commission on the Accreditation of Healthcare Organizations (JCAHO), and ultimately the public have increasingly place demands on hospital administrators, resulting in a more clearly defined role for security in the healthcare environment," Sarratt writes. He says administrators must conduct a facility's vulnerability analysis that reflects how likely a security breach is to occur, the severity of the incident and what steps must be taken to mitigate the likelihood and effects of the event. According to Sarratt, determining the level of security a facility needs requires taking the following factors into account:
- Analyze the type of structure that needs securing to determine the reasonable amount of time required to respond to an emergency
- Determine the number and location of entrances and exits
- Determine the number of parking spaces, as parking enforcement is paramount to good security
- Determine the number of waiting rooms, operating rooms and recovery rooms and the general patient population; more staff is required for larger numbers of ambulatory patients
- Identify and assess the stability of the physical environment, including doors, windows and locking mechanisms
- Assess the scope, age and effectiveness of the security equipment available
- Research and document state, local and federal ordinances that affect the facility
- Determine the level of staffing in other facilities in the area to establish the "due diligence standard"
"A lack of focused leadership with regard to security will get facilities into trouble," Sarratt emphasizes. "Security must be a systemic effort. Focused management by experienced security professionals makes all the difference in the world."