Navigating the Labyrinth of Healthcare Security Regulations and Best Practices

Here’s how hospital public safety and security practitioners can translate and merge seemingly incompatible requirements into a manageable system of assessment and program validation.

Healthcare is one of the most highly regulated and scrutinized industries, and for very good reason. The outcome of healthcare services after all, directly impacts the health and well-being of its clients and customers. Similarly, healthcare security is highly regulated from a wide assortment of agencies, all reviewing differing aspects of the profession and its impact on patient care.

For example, in the United States, OSHA (the Occupational Safety and Health Administration) focuses on the safety of the healthcare workers themselves, while CMS (the Center for Medicaid/Medicare Services) has its focus on the patient. Add to this volatile mix any number of additional regulatory agencies, each with their own specific agendas and standards, and one can easily appreciate the complexity facing a modern healthcare security practitioner.

While this may seem an impossible task, there are certainly a significant number of best practices, guidelines and other resources available to assist in crafting an effective healthcare security program. The IAHSS (International Association for Healthcare Security and Safety) and ASIS (American Society for Industrial Security) offer a wide variety of reference materials as well as invaluable networking opportunities for information sharing and lessons learned, but much of this information does not exist in formats that lend themselves as consolidated assessment tools.

In healthcare, as with many other businesses, we have an increased need to create documents and spreadsheets to track a number of indicators. These can range from a simple inventory of equipment to the tracking of the number of incidents for any given location, time frame or type of event. With this high demand for metrics and an assessment of the current state of readiness of your organization’s security program, the question becomes, “Can we repurpose existing guidelines, standards and other disparate reference materials into tools with which we can validate our existing processes and identify opportunities for improvement?”

The issue comes down to a) taking the time to reinvent the wheel; or b) to transform existing standards and other reference materials into a consolidated format to meet a specific need. With ever-dwindling resources and increasing time restraints, one should always opt for re-purposing existing information when possible. Not only can we reduce the development time, but we already have industry standards that have been created by regulatory authorities to guide us. Developing and using information that reiterates and supports existing best practices shows a consistency for your program and the healthcare security industry as a whole.

Consolidated Tools Track Guidelines
For example, IAHSS publishes operational and physical security guidelines for healthcare security professionals in order to assist them in meeting and exceeding current regulatory requirements when it comes to the safety and security of patients, visitors and staff in the hospital environment. These guidelines include categories detailing program administration, departmental operations, investigations, emergency management, staff/patient services and physical security considerations, to name a few.

Taken separately, each one of these guidelines works well in educating the security practitioner in a particular facet of their overall program, but none are optimized for use as a consolidated, easy-to-use assessment tool. Considering that these guidelines have already been categorized into logical sections, based upon subject matter, it is a fairly straightforward task to transform them from academic reference into a practical tool with which to evaluate existing processes and procedures.

For example, by taking the existing IAHSS guideline regarding program administration and the development of a security management plan (SMP), you can take the various steps outlined in this guideline and translate them into a checklist with which to inspect your own security program. This can be done in a variety of formats. For ease of use, however, we have found that by using an electronic spreadsheet, we can further automate the task by creating drop-down columns to easily record elements of performance, findings, actions required, persons responsible and progress status should improvements be required.

Per the IAHSS guideline, some of the elements of an SMP should include the following, each of which can be measured independently as part of the entire security management plan review process:

  • 1. Security program mission statement
  • 2. Statement of program authority (e.g. an organization chart depicting reporting levels)
  • 3. Identification of security sensitive areas
  • 4. An overview of security program duties and activities
  • 5. The documentation system in place (e.g. records and reports)
  • 6. Training program for the security staff and all other staff
  • 7. Planned liaison activity with local public safety/other healthcare facilities as appropriate
  • 8. Security organizational chart
  • 9. A copy of the most recent SMP annual program evaluation report and plan for improvement

By placing these details in an assessment tool format, you can quickly determine if the element exists, if it is sufficient and up to date or who is responsible for mitigation and in what time frame. Consider the various items in question form for review.

In reviewing element No. 1, for instance, the first question would be “Does a security program mission statement exist?” If not, this will have to be assigned to a responsible party for creation and a deadline for completion established. If one does exist, is it current and does it meet the needs of the existing program it is intended to describe?

What about addressing element No. 3, “The identification of security sensitive areas”? Experience has taught us that being overly descriptive with such areas can result in unwanted scrutiny from regulatory surveyors; however, a complete lack of documented security sensitive areas can likewise appear unusual. In this case, a properly formatted assessment tool can provide the means to quickly examine the current list of such areas, make a determination as to their number (too many, too few or none at all) and create a mitigation plan and assign responsibility for resolution. Such details, when reviewed in a uniform and objective manner, make it easier to evaluate existing security program elements and identify regulatory gaps and opportunities for improvement.

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century

This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!

Get Our Newsletters
Campus Safety Conference promo