Healthcare Security Regulatory Requirements: More Than Just Good Ideas

Published: October 31, 2012

Most traditional security industries share certain similarities, such as uniformed officers and preventive patrols. Things such as proper patrol techniques, being a “trained observer,” proper report writing and customer service are all basic tenets of being a security officer in any environment. 

In the healthcare world, however, there is much more to the security role than guards, guns and gates. Because of the complexity and challenge of providing a safe and secure environment for patients, visitors, staff, students and the multitude of others who enter hospitals every day, the regulations governing those charged with such responsibilities must be extraordinary and tailored specifically to address such roles. A significant number of regulatory requirements specific to hospitals and healthcare providers necessitate that healthcare security personnel be educated above and beyond that of the basics of the traditional security employee.

In the following series of articles, which will appear in upcoming editions of Campus Safety, we will investigate some of the more prominent regulatory issues that best illustrate some of the fundamentals of the healthcare security industry that should be included as a part of any training program for today’s healthcare security worker. These articles are not intended to be exhaustive in their scope or considered as a complete representation of the many regulations that healthcare organizations must comply with. Rather, they will provide some snapshots of certain agencies, an overview of the rules that they enforce and why these are important to maintaining an effective healthcare security program.

Rules Don’t Just Govern Medical Care

——Article Continues Below——

Get the latest industry news and research delivered directly to your inbox.

There are myriad agencies in existence that govern the providing of healthcare related services, and while some are well known to most industries (such as the Occupational Safety and Health Administration [OSHA] in the United States or Canada’s National Centre for Occupational Health and Safety [CCOHS]), others are not as well-known unless you work specifically in a hospital or healthcare related facility (such as the Centers for Medicare and Medicaid [CMMS] or Health Canada). While many of these regulatory agencies are focused primarily on the clinical aspects of healthcare organizations, there are more than a few practices that involve security and safety that must be observed. If not, there could be severe repercussions for the organization, both tangible (in the form of fines) and intangible (such as branding issues and negative press). 

Some of these regulations are fairly straightforward, while others can be interpreted rather broadly. For example, it is common knowledge, or at least it should be to everyone in the healthcare security industry, that handcuffs and shackles cannot be used during a medical intervention or patient restraint or seclusion, but at what point does a patient encounter become a seclusion or restraint? Is physical contact required for a restraint to take place? Can seclusion take place in an unlocked room? The answers to such questions are not always as straightforward as one might imagine.

Not All Regulations Are Created Equal

One way to view healthcare security regulations, guidelines and best practices is to consider them as “must haves,” “should haves” and “nice to haves.”

The “must haves” are issues that must be addressed because of legal or regulatory requirements, and compliance is mandatory in most circumstances. Failure to follow such regulations can result in significant difficulties for an organization, including monetary fines and other penalties and punishments up to and including the potential closing of the facility.

Violations of certain CMMS rules, for example, can result in an immediate jeopardy status. This is one of the most serious issues a healthcare provider can face since failure to resolve such situations properly can result in the loss of Medicare and Medicaid funding.

Immediate jeopardy is a situation in which the hospital’s noncompliance with one or more requirements of licensure has caused, or is likely to cause, serious injury or death to the patient. A situation meeting these criteria becomes an immediate jeopardy at the time it occurs, and correction of the situation does not mean it is no longer an immediate jeopardy. If, when the situation occurred, it was an immediate jeopardy, the facility can still be cited for the situation at a time after the immediate jeopardy has been abated, and the department has completed its investigation and evaluation of the situation.

Such abatements can take the form of additional education and training of staff or the updating of procedures and processes. It can even include changes to the physical environment of the facility. This is an excellent example of a “must have,” since the vast majority of acute care facilities must have Medicare and Medicaid funding to survive. Other “must haves” can include compliance with OSHA, National Institute for Occupational Safety and Health (NIOSH) or CCOHS safety rules, The Joint Commission standards or compliance with federal or governmental acts such as the 1996 Health Insurance Portability and Accountability Act (HIPAA) in the United States or Bill C-45 (the Westray Bill) in Canada.

Implementing Guidelines Can Mitigate Threats

“Should haves” typically describe adherence to industry guidelines that are not mandatory in nature, but by following such guidelines a facility will likely be in a much better position to mitigate potential threats and hazards. For example, the International Association for Healthcare Security and Safety (IAHSS) offers a free booklet called Security Guidelines for Healthcare Facilities, which focuses primarily on the principles of Crime Prevention Through Environmental Design (CPTED). These principles, when applied early in a construction or renovation project, can be integrated into any healthcare facility design to provide layers of concentric protection for patients, visitors and staff. These guidelines have been created and reviewed by subject matter experts in the healthcare security field and include sections on campus perimeters, individual building perimeters, and interior perimeters including public v. staff areas and any security sensitive areas that might suffer from regulatory related issues.

These guidelines are not mandated, but when used properly as part of a well-rounded security program, will offer significant advantages to any healthcare organization. Other “should haves” might include compliance with the National Center for Missing and Exploited Child
ren’s Guidelines on Prevention of and Response to Infant Abductions for Healthcare Professionals or OSHA publication # 3148 — Guidelines for Preventing Workplace Violence for Health Care & Social Service Workers.

Posted in: News

Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series