Healthcare Security Industry Guidelines · 2020. 1. 3. · Raymond V. Johnson Russel F. Jones Robert Koverman Chris Leibfried Thomas L. Kramer * Martin Lawlor Keith MacKellar Richard

Healthcare SecurityIndustry Guidelines

Spring 2015

Handbook

3

Copyright © 2015 by International Association for Healthcare Security and Safety (IAHSS)PO Box 5038 Glendale Heights, IL 60139 888-353-0990 http://www.iahss.org

3

“Leading Excellence in Healthcare Security, Safety and Emergency Management.”

What is I.A.H.S.S.?

The International Association for Healthcare Security and Safety, or IAHSS for short, is the only organization solely dedicated to professionals involved in managing and directing security and safety programs in healthcare institutions. IAHSS is a professional organization comprised of security, law enforcement and safety professionals dedicated to the protection of healthcare facilities worldwide. IAHSS strives to combine public safety officer training with staff training, policies and technology to achieve the most secure hospital environments possible. Additionally, the IAHSS partners with other organizations representing risk managers, emergency managers, engineers, architects, nurses, doctors and other healthcare stakeholders to further patient security and safety.

International Association for Healthcare Security & Safety

P. O. Box 5038, Glendale Heights, IL 60139Telephone 630-529-3913 • Fax 630-529-4139

1-888-353-0990Colleen Kucera, Executive Director

[email protected]

Nancy Felesena, Executive AssistantE-mail: [email protected]

Mission Statement

5


4

Honorary Members Robert Bilhorn* Dr. Kenneth Christian* Ellie Christian Raymond C. Farber Dr. A. F. Knyvett Kevin M. McShea John Rabun, Jr. David Sowter Norman Spain

Active Charter Members Russell L. Colling Thomas L. Dailey Raymond V. Johnson Thomas L. Kramer

Life Members Gerald Bagley Gary Baker Dan D. Ballard Gary Barth Joseph B Belino* Lindberg Bell* Al Breitzman * James L. Brodie Paul Calandra Sam Cannizzaro*Lloyd E. Charboneau Wayne Church Russell Colling James Costello Ronald Cundiff Thomas Dailey William A. Farnsworth, Jr. Edward Flores* Philip A. Gaffney

Linda Glasson

* George Goodspeed

Ed Guy Joseph A. Hoppe William Irwin* C. Earle Jenkins Raymond V. Johnson Russel F. Jones Robert Koverman Chris Leibfried Thomas L. Kramer* Martin Lawlor Keith MacKellar Richard C. Meharg* John Merrigan Evelyn Meserve Carl Mogavero* Norman D. Osthoff* Edward C. (Pedziwiatr) Page Anthony N. Potter Jr. Walt Pry Fredrick Roll* Carmen N. Romano Hilary L. Ryniewicz Lewis Schatz Art Slauer Thomas A. Smith Jim Stankevich Edwin Stedman Albert Sweet John R. Thompson* Frank Tenore Bradley Williams George Winters Roy Zettlemoyer

Past Presidents Russell Colling 1968–1969* Lindberg Bell 1970–1971 William Moran 1972–1973* Philip A. Gaffney 1974* James L. Brodie 1975 Louis Weiner 1976 Keith R. MacKellar 1976–1977 Thomas L. Kramer 1977–1979* Edward C. (Pedziwiatr) Page 1979–1980 Hilary L. Ryniewicz 1980–1981 Thomas C. Seals 1981–1982 Dan D. Ballard 1982–1983 Edwin W. Stedman 1983–1984* Stanley Price 1984–1985 Thomas L. Kramer 1985–1986 Michael S. Stultz 1986–1987 Robert B. Koverman 1987–1988 Ronald A. Cundiff 1988–1989 Albert J. Sweet 1989–1990 Fredrick G. Roll 1990–1991 Linda Glasson 1991–1992 Louis D. Gasbarro 1992–1993*Lloyd E. Charboneau 1993–1994 William A. Farnsworth Jr. 1994–1995 Bonnie S. Michelman 1995-1996 William A. Farnsworth, Jr. 1996–1997 Russell F. Jones 1997–1998 Edward Flores 1998–2000 Bradley J. Williams 2000–2002 Carl Mogavero 2002–2004 Fredrick Roll 2004–2006 Thomas Smith 2006–2007 Tony York 2007–2008 Bonnie Michelman 2008–2009 Joseph Bellino 2009–2010 Jim Stankevich 2010–2011 Bryan Warren 2012-2013 Lisa B. Pryse 2013-2014 Marilyn Hollier 2014-2015

* Deceased

Membership and Past Presidents


5

Guidelines Preamble

Healthcare Facilities (HCFs) are responsible for providing a safe and therapeutic environment while respecting the rights and privacy of those entrusted to their care. These guidelines are intended to assist healthcare administrators in fulfilling their obligation to provide a safe, secure and welcoming environment; while carrying out the mission of their healthcare organization.

“Healthcare Facility” (HCF), for purposes of these guidelines, shall mean any facility or organization involved in providing healthcare service or treatment simultaneously to four or more patients:

• who may be primarily incapable of self-preservation due to physical or mental limitation; or

• who are undergoing treatment or testing which may temporarily render a patient incapable of taking effective action under emergency conditions without assistance from others*.

“Security”, for the purpose of these guidelines, shall mean security or any staff having security functions.

The statements and intents of these guidelines are designed to be applicable to all HCFs. It is recognized that the actual implementation of these guidelines will vary from facility to facility - dependent upon, among other considerations: the nature, size and location of the facility; and the reasonably foreseeable risks to be protected against.

These guidelines support the need to comply with all national, state/ provincial, county and local requirements and are intended to be in harmony with all regulatory, accreditation, and other healthcare professional association requirements and guidelines.

These guidelines are periodically reviewed by the IAHSS Council on Guidelines. Changes, modifications and new guidelines are posted on the International Association for Healthcare Security and Safety (IAHSS) website throughout the year, upon being approved by the IAHSS Board of Directors. Visit the website for the most current edition of the guidelines: http://www.iahss.org.

Comments and suggestions are encouraged and may be directed to the IAHSS Council onGuidelines, P.O. Box 5038, Glendale Heights, IL 60139, [email protected]

* National Fire Protection Association [NFPA] # 730 - Guide to Premises Security.

Cite this document as: IAHSS Council on Guidelines, Healthcare Security Industry Guidelines, 2013.

Copyright © 2013 by International Association for Healthcare Security and Safety (IAHSS), PO Box 5038, Glendale Heights, IL 60139, http://www.iahss.org

PREAMBLE

7


7

Table of ContentsSecurity Guidelines for Healthcare

01. Program Administration

.01.01 Security Management Plan ........................................................ 9

.01.02 Security Master Plan .............................................................. 10

.01.03 Security Administrator ............................................................. 11

.01.04 Security Risk Assessments .................................................12-13

.01.05 Program Measurement and Improvement ................................ 14

.01.05.01 Security Incident Reporting ........................................ 15

.01.09 Violence in Healthcare ........................................................16-17

.01.09.01 Targeted Violence ..................................................18-19

.01.09.02 Management of Weapons ........................................... 20

.01.11 Media and External Relations..............................................21-22

02. Security Department Operations

.02.01 Security Staffing and Deployment ......................................23-25

.02.02 Security Officer Training ....................................................26-27

.02.02.02. Stopping & Questioning Persons of Interest ............... 28

.02.02.03. Incident Response .................................................... 29

.02.02.05. Use of Force ............................................................. 30

.02.02.06. Defensive Equipment and Use of Force Tools ............. 31

03. Investigations

.03.01 Investigations (General) ........................................................... 32

.03.03 Covert Investigations .........................................................33-34

04. Systems

.04.01 Physical Security (General) ................................................35-36

.04.02 Electronic Security Systems .................................................... 37

.04.03.01 Indentification System ........................................................ 38

.04.03.03 Facility Restricted Access (Emergency Lockdown) .39-40

.04.03.04 Visitor Control -Patients .........................................41-42

.04.04 Video Surveillance ..............................................................43-44

.04.09 Testing of Physical and Electronic Security Systems ...........45-46

.04.10 Security Signage ................................................................47-48

05. Services-Patient

.05.02 Security Role in Patient Management .................................49-50

.05.04 Searching Patients and Patient Areas for Contraband ............... 51

.05.05 Patient Elopement Prevention and Response ......................52-53

.05.06 Security in the Emergency Care Setting ..............................54-55

.05.07 Behavioral/Mental (General) ................................................56-57

.05.08 Pediatrics Security ..............................................................58-59

.05.08.01 Infant/Pediatric Abduction Response and Prevention .. 60

.05.10 Prisoner Patient Security ....................................................61-62

06. Services Staff [All]

.06.01.01 General Staff Security Orientation and Education ................ 63

.06.02 Home Health Provider (Community Provider Services) .............. 64


98

07. Specific Areas

.07.01 Security Sensitive Areas ......................................................... 65

.07.02 Pharmacy Security .............................................................66-67

.07.02.01 Drug Diversion ......................................................68-69

.07.03 Cash and Other Monetary Processing Systems ...................70-71

.07.05 Parking-General .................................................................72-73

.07.06 Security of Biological, Chemical, Pharmaceutical, Radioactive Materials ................................................................. 74

.07.07.07 Protection of Critical Materials ............................................ 75

.07.07.010 Long Term Care Facilities .................................................. 76

08. Emergency Management

.08.01 General .............................................................................77-78

.08.02 Security Role in the Emergency Operations Center (ICS) ....79-80

.08.09 Active Shooter ...................................................................81-82

.08.11 Communicable Disease Response ......................................83-84

Council on Guidelines Members .......................................................... 85

Current and Proposed Guidelines ...................................................86-89

Table of Contents cont.Security Guidelines for Healthcare


9

Copyright ©2014 by International Association for Healthcare Security and Safety (IAHSS) PO Box 5038 Glendale Heights, IL 60139 888-353-0990 http://www.iahss.org

STATEMENT: Healthcare Facilities (HCFs) will develop a Security Management Plan (SMP). The plan should include preventive, protective, and response measures designed to provide a safe and secure environment. INTENT:

a. The plan should be based on the risk assessment and needs of the HCF.

b. The plan should include, but not be limited to: 1) Security program mission statement 2) Statement of program authority (e.g. a facility organization chart depicting reporting levels)

3) Identification of security sensitive areas 4) An overview of security program duties and activities 5) The documentation system in place (i.e. records & reports) 6) Training program for the security staff and all other staff 7) Planned liaison activity with local public safety agencies and other HCFs as appropriate 8) Security organizational chart 9) A copy of the most recent SMP annual program evaluation report and plan for improvement

c. The plan should be evaluated annually, as well as modified as required as an ongoing activity.

Annual reviews should be evidenced by affixing the evaluation date to the current plan. REFERENCES:

- Security Issues for Today’s Health Care Organization, (2002), Joint Commission on Accreditation of Healthcare Organizations, Oakbrook Terrace IL.

Approved: January 2006

Last Revised: October 2011

01. Program Administration 01. Security Management Plan

01. Program Development 01. Security Management Plan


1110

Copyright ©2014 by International Association for Healthcare Security and Safety (IAHSS)

PO Box 5038 Glendale Heights, IL 60139 888-353-0990 http://www.iahss.org

Security Master Plan STATEMENT: Healthcare Facilities (HCFs) should develop and maintain a security strategic master plan. The confidential document should be used to guide the development and direction of the organizational security plan. INTENT:

a. A Security Strategic Master Plan (master plan) is a document delineating the organization's security philosophies, risk, mitigation and preparedness strategies, goals, programs, and processes.

b. The master plan should be developed in concert with and in support of the HCF’s overall strategic

plan and goals and aligned with facility master planning efforts.

c. The master plan should describe the current security program and management plans while addressing current, planned and anticipated security needs for the environment, patients and staff. The master plan should include the impact of security systems, infrastructure, hazard vulnerability assessments and risks unique to the HCF.

d. The master plan should outline the organization’s protection philosophy and direction regarding

six (6) major elements:

1. Organizational Alignment - reflect the needs of the HCF regardless of size and complexity, reporting lines or department responsible for providing security services. Plan development should address and involve primary stakeholders; i.e., senior leadership, risk management, finance, information services/technology, facilities planning and construction, patient safety, human resources and leaders in areas of higher risk.

2. Enterprise Risk Management and Mitigation - reflect the organizational approach to risk

management, use of security assessments and how vulnerabilities are identified and assessed to determine if mitigation is necessary.

3. Operating and Capital Budget Management - address the organizational expectations for

justification of funding requests in terms of both risk mitigation and return on investment to include annual operational and capital budget planning. This may include the anticipated future costs of labor and the maintenance costs associated with technology solutions.

4. Campus Space Planning - identify planned changes to the environment and address

anticipated staffing and technology solutions. Special considerations should be given to temporary periods of construction, renovation or decommissioning. The plan should reflect

01. Program Administration 02. Security Master Plan 01. Program Adminstraton

02. Security Master Plan


11


02. Program Management 01. Security Administrator

STATEMENT: Security Administrators play a critical leadership role in Healthcare Facilities (HCFs) security management program. INTENT:

a. Each HCF should identify an individual, designated by leadership, to be charged with primary responsibility for managing the security program.

b. The designated Security Administrator should be responsible for providing or engaging security expertise and possess policy-making authority in keeping with the review and approval process of the HCF.

c. The designated Security Administrator should be actively involved in:

1) Developing HCF security strategy involving personnel, deployment, training, equipment, policies and regulatory requirements

2) HCF Risk Assessment and Reporting 3) Planning, design, building, and operational phases of all construction and renovation

work

d. The designated Security Administrator should possess the authority to immediately and independently address any imminent threat that may result in serious injury, death, or significant loss of property. This authority should include standing authorization to deploy and implement timely interim measures.

e. Provision should be made for continued professional development of the designated Security

Administrator. Membership in at least one professional security organization, participation in security educational programs and obtaining the Certified Healthcare Protection Administrator (CHPA) credential is strongly encouraged.


Last Revised: November 2013

01. Program Administration 03. Security Administrator

01. Program Development 03. Security Administrator


1312

continued on next page

Copyright ©201 4 by International Association for Healthcare Security and Safety (IAHSS) PO Box 5038 Glendale Heights, IL 60139 888 -353 -0990 http://www.iahss.org

STATEMENT:

Security Risk Assessments will be conducted on a regular and on-going basis. The objective of the Security Risk Assessment is to identify assets of the Healthcare Facilities (HCFs) primary mission and operations, threats to and vulnerabilities of those assets, and develop reasonable risk mitigation strategies to protect the assets.

INTENT:

a. Security risk assessments should be conducted by a qualified professional who has training and experience in healthcare security.

b. Identify assets of the HCF:

1) People assets may include direct care providers and patients along with other persons such as visitors, family, and support personnel

2) Property assets include not only buildings but tangible assets used to provide patient care (such as medical gases, medical equipment, utilities and supply lines), intangible assets, such as the organization’s reputation, and information assets

c. Inventory current security measures in place to protect critical assets including policies and

procedures, physical/electronic security equipment and systems, and security personnel.

d. The inventory process should include a review of all available security documentation such as security plans, security officer deployment, training, and post orders.

e. The inventory may be accomplished using: 1) an outside-in approach (begin at the perimeter and work toward the

identified critical assets through each line of defense) 2) an inside-out approach (begin at each critical asset and work out to the

perimeter)

f. Threats should be identified, assessed and trended quantitatively and qualitatively related to the prioritized list of the HCFs identified assets. Data should be gathered from several sources, including:

1) Internal data from security incidents, facility statistics, and staff interviews

2) Local police crime statistics 3) IAHSS Healthcare Security Design and Basic Guidelines 4) Exchange of information with similar organizations 5) Other security and law enforcement sources 6) Industry publications and news clipping sources


04. Security Risk Assessments

01. Program Administration 04. Security Risk Assessments


13


g. Consider improvements of the organization’s protection of assets in light of the threats to and vulnerabilities identified to determine security enhancements needed to mitigate risks. A cost-benefit analysis of options may be needed to select appropriate measures that reduce risk to an acceptable level and comply with applicable healthcare industry standards, guidelines, and regulatory agency requirements.

h. Results of formal risk assessments should be documented for on-going review and forwarded to

appropriate leadership.

REFERENCES:

- Colling, Russell L. and York, Tony W. (2010). Hospital and Healthcare Security. Woburn: Butterworth-Heinemann.

- Vellani, Karim H. (2006). Strategic Security Management: A Risk Assessment Guide to Decision Makers. Woburn: Butterworth-Heinemann.

- “Risk Assessment Toolkit CD”, (November 2012), IAHSS.

- “Healthcare Security Industry Guidelines”, (June 2013), IAHSS

- “Security Design Guidelines for Healthcare Facilities”, (March 2012), IAHSS

Approved: April 2009 Last Revised: October 2012


04. Security Risk Assessments

01. Program Administration 04. Security Risk Assessments


1514

STATEMENT:

01. Program Administration 05. Program Measurement and Improvement

Healthcare Facilities (HCFs) will formally evaluate the effectiveness of their security program on a regularly scheduled basis and will identify areas in which improvement is appropriate. Goals, process for improvement, and elements for measuring progress will be identified in the Security Management Plan or in a security improvement performance plan.

INTENT:

a. It is essential that performance measurement(s) be in place to evaluate the security program.

b. Security performance improvement goals should be consistent with the HCF organizational goals.

c. The improvement of security performance and achievement of improvement goals should be

approached as an ongoing and continuous process.

d. Performance measurement should be goal driven. If a goal is to reduce a certain activity, or increase a perception of security, the measurement should reflect a starting and ending point. If the goal is to mitigate risks associated with potential emergencies the measurement should reflect the implementation of the identified mitigation.

e. An annual assessment may reveal the need to re-prioritize the program goals. The annual

assessment may include a hazard vulnerability assessment to assist in prioritizing specific training, drills and emergency plans.

f. The tools to gain information should be reliable and consistently used from one measuring

time to the next. Charts, graphs, heat maps and other visual enhancements may be useful in presenting the data in a concise and clear manner.

g. Trending of performance improvement data is a common methodology for benchmarking

security performance or analyzing elements of activity and incidents. A security program should track security incidents and a statistical summary of those incidents, by category, should be maintained on a monthly basis. This summary should reflect the number of incidents and should compare the current and previous months and allow for comparison of specific months within the current and previous years for more in depth incident trend analysis.

Approved: October 2008

Last Revised: July 2013


01. Program Administration 05. Program Measurement and Improvement


15

01. Program Administration 05. Program Measurement and Improvement 01. Security Incident Reporting


STATEMENT: Healthcare Facilities (HCFs) will develop procedures for reporting and documenting security incidents. Reports serve many purposes including sharing of information in a timely fashion, and compiling facts and circumstances for later review. INTENT:

a. Alleged crimes, emergency responses, incidents involving injury, loss or damage, and physical interventions, which come to Security’s attention, should be documented as soon as practicable. The initial security report should be completed prior to the end of the shift.

b. Documentation should be in written form – either in hard copy or electronic format. If electronic,

data backup and recovery procedures should be developed and periodically tested.

c. Report forms should be formatted to assist in gathering pertinent information and in compiling trends and comparisons.

d. Statistical trends should be periodically reviewed for the purpose of taking proactive action as

indicated.

e. Follow-up reports, referencing initial reports, should be filed indicating additional notifications, information received, and actions taken.

f. Reports will sometimes contain allegations or personal information that is inappropriate for

dissemination into the public domain. As such, each HCF should develop procedures for when and how reports may be released.

g. The report system should include a written report retention policy in keeping with the HCFs

overall document retention policy. SEE ALSO: - IAHSS Healthcare Security Guideline 01.05, Program Measurement/Improvement General Approved: December 2006 Last Revised: October 2010

Last Reviewed: October 2011



STATEMENT: Healthcare Facilities (HCFs) will develop procedures for reporting and documenting security incidents. Reports serve many purposes including sharing of information in a timely fashion, and compiling facts and circumstances for later review, and providing data for trend analysis. INTENT:

a. Alleged crimes, emergency responses, incidents involving injury, loss or damage, and physical interventions, which come to Security’s attention, should be documented as soon as practicable. The initial security report should be completed prior to the end of the shift.

b. Documentation should be in written form – either in hard copy or electronic format. If electronic,

data backup and recovery procedures should be developed and periodically tested.

c. Report forms should be formatted to assist in gathering pertinent information and in compiling trends and comparisons.

d. Incident reports may include photographs, video, statements or documentation of secured

evidence which should be noted and attached in the incident report or referenced as to its location.

e. Statistical trends should be periodically reviewed for the purpose of taking proactive action as

indicated.

f. Follow-up reports, referencing initial reports, should be filed indicating additional notifications, information received, and actions taken.

g. Reports may contain allegations or personal information that is inappropriate for dissemination

into the public domain. Each HCF should develop procedures for releasing reports and documentation of same.

h. The report system should include a written report retention policy in keeping with the HCFs

overall document retention policy. SEE ALSO: - IAHSS Guideline 06.01 – Program Measurement/Improvement General Approved: December 2006 Last Reviewed: July 2014



1716

01. Program Administration 09. Violence in Healtlhcare

continued on next pageCopyright ©2014 by International Association for Healthcare Security and Safety (IAHSS) PO Box 5038 Glendale Heights, IL 60139 888-353-0990 http://www.iahss.org

02. Program Management 02. Violence in Healthcare

STATEMENT: Healthcare Facilities (HCFs) will implement an interdisciplinary protocol addressing workplace violence prevention and response. INTENT:

a. The protocol should elaborate on the five main components of an effective safety and security program, whose components also apply to preventing workplace violence:

1) Management commitment and employee involvement 2) Worksite analysis 3) Hazard reduction and response 4) Training 5) Record keeping and program evaluation

b. A multidisciplinary team should be appointed to develop and maintain the workplace violence

program. The team should have express support of the facility’s CEO along with authority for the program.

c. Security should have a clearly defined role in the HCFs workplace violence program. Security

often takes the lead role in coordinating the team. The team should receive orientation and training in evaluating and responding.

d. Each HCF should establish a system such as patient record flags, electronic warnings, chart tags,

log books, or verbal census reports that identify patients and clients who may present assaultive or threatening behavioral challenges.

e. Each HCF should establish policies and procedures prohibiting the carrying of firearms and other

weapons onto the facility with the exception of authorized law enforcement officers, weapons carried by the facility’s security, and others specifically authorized, such as armored car personnel.

f. Each HCF is encouraged to post ‘No Weapons’ type signage at entrances to the facility.

g. Each HCF should incorporate Targeted Violence protocols (written in accordance with IAHSS Guideline 01.09.01-Targeted Violence) into its Violence in the Workplace policy or create a separate policy for preventing and responding to targeted violence (including domestic violence).

01. Program Administration 09. Violence in Healthcare


17


02. Program Administration 02. Violence in Healtlhcare


REFERENCES: – Violence Occupational Hazards in Hospitals, DHHS (NIOSH) Publication No. 2002-101, April 2002 – Guidelines for Preventing Workplace Violence for Health Care & Social Service Workers, U.S. Department of Labor Occupational Safety and Health Administration OSHA 3148-01R 2004 – Workplace Violence Prevention and Response Guideline, ASIS International, ASIS GDL WPV 09 2005 - TJC Sentinel Event Alert, Issue 45, June 3, 2010 02. Program Management Approved: January 2006 Last Revised: October 2010a Last Reviewed: October 2011re



1918


STATEMENT: Healthcare Facilities (HCFs) will provide responses to manage targeted violence. INTENT:

a. Definition: Targeted Violence – a situation where an individual, individuals or group are identified at risk of violence, usually from another specific individual such as in cases involving domestic violence. Often the perpetrator and target are known to each other prior to an incident.

b. The three major functions of a threat assessment are; identification of the perpetrator (s), assessment of the risks of violence posed by a given perpetrator at a given time, and management of both the subject and the risks that he or she presents to a given target. The level of threat will determine the scope and timing of the response.

c. The HCF policy should identify responsibility of staff to report a risk of targeted violence as quickly as possible so the threat can be assessed and preventative measures can be initiated.

d. Mechanisms should be in place to require reporting of threats where personal safety may be at risk.

e. All identified threats of targeted violence should be treated seriously and assessed through a process that analyzes the threat and recommends the appropriate level or type of intervention to be initiated.

f. Security should play a lead role in the threat assessment process and design of any safety plan.

g. HCF staff involved in the process of assessing the threat to determine the appropriate level and type of intervention required should receive training for this role.

h. Where warranted by risk in specific circumstances, HCFs should employ preventative measures

to protect the potential target. Measures that should be considered include: 1) Placing a no information/privacy block on patient information system or, if a worker,

protecting information related to work location, schedule or personal information 2) Communicating with security to provide updated information 3) Information to be shared with workers or other individuals in the area as appropriate 4) Involvement of staff or family members for support as necessary 5) Consideration of moving the person at risk to another care area or another site 6) Consideration for work and parking space and transportation alternatives 7) Restriction on visitors or access to the potential target, including lockdown of the area if

required 8) In appropriate circumstances notify law enforcement 9) Document risk and preventative measures initiated

i. The safety of the individuals, including the potential target, staff, patients, and visitors should be

of primary concern at all times.


01. Targeted Violence

01. Program Administration 09. Violence in Healthcare 01. Targeted Violence



19

01. Program Administration 09. Violence in Healthcare 01. Targeted Violence


REFERENCES:

- Canada, Department of Justice, (2004) “Criminal Harassment: A Handbook for Police and Crown Prosecutors”.

- U.S. Department of Justice, National Institute of Justice, (1995) “Threat Assessment: An Approach To Prevent Targeted Violence”.

- U.S. Department of Labor, OSHA Directive CPL 02-01-052, (2011, September 8). “Enforcement Procedures for Investigating or Inspecting Workplace Violence Incidents.”

SEE ALSO:

- IAHSS Healthcare Security Guideline 01.09, Violence in Healthcare

Approved: July 2008 Last Revised: October 2012


01. Targeted Violence


2120

01. Program Administration 09. Violence in Healthcare 02. Management of Weapons

STATEMENT:

Weapons present a risk to the healthcare environment and should be controlled or restricted to the extent reasonably possible.

INTENT:

a. Definition: Weapon - A weapon is any instrument that can be used to injure, kill or destroy. This includes, but is not limited to, firearms, knives, clubs, electrical weapons and self-defense chemical sprays.

b. The policy should address HCF concerns and applicable jurisdictional laws, regulations, and procedures. The HCF should consider prohibiting weapons from the facility.

c. All HCFs should have a policy in place regarding weapons on the premises. The policy should address the following key areas:

1) Weapons in possession of law enforcement personnel, HCF security staff, and others authorized to carry a weapon in the course of their job function such as correctional and armored car service personnel

2) Enforcement measures of the policy regarding staff, physicians, contractors, visitors and other HCF-related personnel in possession of weapons

3) Safe management, control and disposition of weapons obtained while enforcing the policy

4) Exceptions to the policy should be authorized by a designated manager, supervisor or administrative position

d. Signage should be posted at building entrances to reflect the prohibition of weapons in the HCF.


Last Reviewed: June 2014

Copyright ©2014 by International Association for Healthcare Security and Safety (IAHSS)PO Box 5038 Glendale Heights, IL 60139 888-353-0990 http://www.iahss.org


21


STATEMENT: Healthcare Facilities (HCFs) should establish policies and procedures that define appropriate response to media requests for access or information. HCF responses should consider maintaining a patient’s right to privacy, the HCF’s image and reputation, and requests for information. INTENT:

a. HCF personnel and primary security personnel should be aware of their responsibility to advise those with responsibility for approving the on-site presence of media personnel of any unscheduled or unapproved visits. Implemented procedures may include coordination of a Media/Public Relations staff escort as well as providing services such as door openings, crowd control and trespass removal.

b. The HCF should clearly define the permissions and restrictions on media

representatives and the use of recording devices. Restrictions should include the definition of internal and external institutional property and social media release of information by HCF staff and employees.

c. The HCF should identify its representative(s) having authority to permit or restrict

media activities or recording devices.

d. Procedures should be established to connect the individuals with responsibility for

approving the on-site presence of media personnel, determining appropriate gathering locations and contact with: 1) Unit(s) or department(s) authorized to visit 2) Personnel authorized to interview 3) Time restrictions of visit/interview, if appropriate 4) Confirmation of patient approval, if involved

e. HCF personnel including those providing security services should be familiar with

patient privacy requirements and be able to either verbally articulate or provide written guidelines to requests for information from the media and others.

f. Specific attention should be paid to restricting access to sensitive areas or operations

of historical interest to media representatives or others seeking information. Such areas may include trauma departments, research laboratories or perceived controversial operations such as women’s health or animal research.

g. HCF areas housing patient health information should be restricted from unauthorized

media access.

01. Program Administration 11. Media and External Relations




2322



h. The HCF should address the presence of media during both the crisis and

consequence management phases of emergencies. Media gathering area(s) should be identified as part of the emergency operations plan. Considerations should include: 1) Location - away from patient care, family or staff gathering areas designated in

emergency operations plan or other places that may disrupt the delivery of service

2) Space – adequate to accommodate multiple media relations representatives and room for authorized HCF personnel to provide regular updates, press releases and other information. Separate location for coordination with information officers from responding agencies

3) Basic services – vending, rest-room, electricity, internet access, voice and data systems

4) Access control – plans for extended period of restricted access into the facility, visitor management and security escorts

SEE ALSO: - IAHSS Healthcare Security Guideline 07.01, Security Sensitive Areas - IAHSS Healthcare Security Guideline 01.09.01, Targeted Violence - IAHSS Healthcare Security Design Guidelines 02 Buildings and the Internal Environment

Approved: June 2013



23

02. Security Department Operations 01. Security Staffing and Deployment

continued on next pageCopyright ©2014 by International Association for Healthcare Security and Safety (IAHSS)


STATEMENT:

Several factors affect the staffing model required to provide reasonable protection for Healthcare Facilities (HCFs), and its patients, visitors and staff. No single formula determines an appropriate staffing level for a given HCF. Staffing must provide for inspection, response and service capabilities.

INTENT:

a. Staffing levels are best determined after conducting a security risk assessment by a competent security professional or security administrator.

b. The HCFs philosophy may emphasize a responsive (after-the-fact) posture or more strongly toward a preventative posture. A consideration of the factors listed below can lead to a reasonable and appropriate staffing configuration.

1) Philosophy of the Organization – The level of protection provided and the services rendered by the security department are based on the individual facility’s philosophy and identified priorities to meet their unique needs.

2) Staffing Models - Staffing models include proprietary, contract, off-duty law enforcement, and various combinations of same. Smaller facilities, without dedicated security, will likely assign responsibility to other departments such as Facility Services. Regardless of the model selected, effective training must be provided.

3) Crime Analysis – Consider the type and volume of criminal activity occurring in and around the HCF. Also consider potential untoward circumstances in the event the HCF may provide services to crime victims (i.e. being a Level I Trauma Center).

4) Incident Activity, History, and Environmental Conditions – The severity and frequency of past on-site and nearby incidents will help determine staffing levels.

5) Duties and Expectations of the Security Staff a) Emergency and Service Response Time – In cooperation with senior

administration, develop and prioritize acceptable average security response times for both emergency response and routine service requests. Track, trend and monitor these response times based on the defined priority and expectations.

1. Priority I - Emergency situations such as crimes in progress, fire, and other emergency codes

2. Priority II - Urgent calls such as patient assists and responding to incidents

3. Priority III - Routine calls such as unlocking an office, patient valuables, patient transport, motorist assists, unlocking or locking perimeter doors

4. Priority IV - Scheduled tasks such as, opening or closing gates, preventative patrols, opening conference rooms, wheelchair recovery



2524



b) Patrol Frequency – Establish a desired frequency of routine day to day patrol. In planning patrol areas and frequency it is helpful to divide areas up into the following types of areas:

1. Security Sensitive 2. Parking 3. In-Patient Bed 4. Clinic 5. Public 6. Ancillary Patient Care (Radiology, Labs, Physical Therapy) 7. Support Areas such as Food Services, Medical Records, Maintenance

and Engineering, Administrative Space 8. Medical Office Buildings / Satellite / Off campus Facilities

c) Fixed Post Assignments –Fixed post assignments may reduce the ability to provide for proactive patrol and effect response times if resources are limited.

d) Scheduled Routine Functions – Evaluate the number of scheduled functions such as cash escorts, pharmacy escorts, locking and unlocking areas, deliveries, equipment checks, or other similar duties separate and apart from routine patrol.

e) Scheduled Special Functions – Based on the crime analysis of the location and within the guidelines of the HCF, provide for crime prevention activities such as personal safety talks, security assessments and security consultations designed as a pro-active service of security.

f) Non-Scheduled Activities – Evaluate non-scheduled activities and calls for service that are routinely performed by security personnel such as:

1. Investigative activities 2. Problem resolution 3. Lost and found 4. Unscheduled locking or unlocking, 5. Patient assistance including mental health watches 6. Processing court documents 7. Acting as a witness or preparing incident reports. 8. Special Assignments – Evaluate special events and celebrations which

may dictate the use of significant staffing allocations. 6) Physical and electronic security measures deployed including management and

maintenance of same. 7) Response Capabilities of Police and Fire Services - The availability and timing of law

enforcement and fire responses may affect the staffing model. A lengthy or unpredictable response by outside agencies will usually require additional HCF based staffing and capabilities.

8) Benefits – Examine benefits including paid time away from work for vacation, sick time, etc. In certain models this may affect the staffing and deployment model which may determine the need for overtime utilization or part-time or per diem personnel to maintain consistent staffing levels.




25



9) Training Time – A calculation of the amount of training required for the HCF is also helpful in determining amount of hours required for staffing.

10) Total Campus Area – The total area of the HCF (square footage / acreage) of the HCF is but one factor related to security staffing and deployment and should not be used as an exclusive factor in determining staffing levels.

11) Patient Volume, Mix & Acuity Level – Patient related factors based upon time of day, day of week or seasonal factors can have an impact on security staffing in the areas of fixed posts, scheduled and non-scheduled activities and must be considered.

12) HCF General Staffing Levels– Reductions in other HCF staff due to reduced patient days or other factors may result in the need for additional security to provide increased patrols of unprotected areas.

REFERENCES:

− Colling, Russell L. and York, Tony W. Hospital and Healthcare Security (2010). Woburn, MA: Butterworth-Heinemann.

SEE ALSO:

− IAHSS Healthcare Security Guideline 05.02, Security Role in Patient Management

− IAHSS Healthcare Security Guideline 07.01, Security Sensitive Areas

− IAHSS Healthcare Security Guideline 07.05, Parking General

Approved: February 2009 Last Revised: November 2012



2726

02. Security Department Operations 02. Security Officer Training


STATEMENT: The quality of security officer training is critical to the overall success of the Healthcare Facility (HCF) security program. Individuals performing security services should be appropriately trained to meet any legally required training standards and healthcare security industry best practices.

INTENT:

a. Security training programs should include healthcare industry best practices and information specific to the HCF and the environment being protected.

b. Job descriptions should identify specific skill levels required. HCF policies and procedures as well as those specific to the security department should be used to define capability and skill-level needs.

c. Training should be relevant to the healthcare security officer and include defined performance

objectives and a method to verify that the training received resulted in an acceptable level of competency.

d. An HCF security training program should have clearly identified learning outcomes.

e. New security officer training should provide a foundation of knowledge in the areas of protection, customer service, public relations, response to calls for service and proper documentation of security-related events.

f. The training of security personnel should be designed to establish a standard of performance within a suggested time allocation.

g. Training should guide security staff response and behavior in a manner that reflects the HCF’s

philosophy of patient care and employee safety. Such training should include: 1) Verbal de-escalation and voluntary compliance training. The program should be designed to

instruct security personnel to successfully manage aggression and the verbal or physical disruptive behavior of others

2) HCF use of force policy and related training providing specific instruction on each item of equipment carried ensuring competency is demonstrated with all equipment before initial deployment

h. Initial training in pre-determined critical tasks with demonstrated competency should be provided

prior to a security officer’s unsupervised assignment.




27



i. Training is not a one-time event. Security staff should receive on-going training to address changes in the environment, to learn, improve and further develop their professional skills. Reinforced or refresher training in critical functions such as use of force; defensive equipment; prevention and management of aggressive behavior should be conducted to established standards.

j. Training records for each individual should be maintained by the HCF according to the HCF record retention policy.

k. Training records should include the subject matter, time, date, duration of training, instructor’s

name and affiliation, and competency verification.

l. Security staff members should be encouraged to achieve and maintain progressive certification levels developed by IAHSS.

m. If a local authority having jurisdiction prescribes mandatory training for contract officers, but not

proprietary officers, the HCF should provide an equivalent level of training for proprietary officers.

n. Off duty law enforcement providing a security function for the HCF should receive an equivalent

level of training. This is particularly important in areas of use of force. GENERAL INFORMATION: - IAHSS Healthcare Security Guideline 02.02.06, Defensive Equipment and Use of Force Techniques - IAHSS Progressive Certification Training Programs; www.iahss.org/certification Approved: January 2006 Last Revised: June 2013



2928


STATEMENT: All Healthcare Facilities (HCFs) strive to provide patients and visitors with an open and welcoming environment. Campus designs and layouts can make way finding and visitor screening challenging. INTENT:

a. All HCFs should have a policy, along with appropriate staff training to provide guidance for staff members on the provision of positive customer service and security. Access control and facility security is enhanced when all staff members, including Security, practice good customer service skills.

b. Patients and visitors should be greeted and welcomed to the HCF and area of care. Persons of interest observed inside the HCF who appear in need of assistance should be acknowledged and assisted.

c. The behaviors that may prompt a staff inquiry of a person of interest include:

1) Actions that appear out of the ordinary for the environment 2) Lost, confused or distracted individuals 3) Persons observed in a restricted area without appropriate identification 4) Persons acting out in an inappropriate manner 5) Persons who are not recognized or appear out of place

d. Staff should be educated on their personal safety awareness in stopping and questioning persons of

interest (written in accordance with IAHSS Healthcare Security Guidelines 06.01.01 – General Staff Security Orientation and Education).

e. Persons should be approached in a calm and professional manner. Once the nature of the person’s presence is determined a decision should be made as to the need to assist, guide, provide information, or to seek other staff assistance.

f. Persons behaving suspiciously or in a manner that makes the staff member uncomfortable should not be approached alone. This person should be monitored from a safe distance while assistance is summoned.

g. If a person has no legitimate business in the facility there should be an effort to obtain some form of identification. It may also be helpful to issue a written trespass notice to the individual to serve as a record of intent and advisement. In some jurisdictions a record of preventive trespass advisement is necessary to initiate a criminal trespass charge.

h. The posting of signage prohibiting: “trespass, solicitation or loitering” may give law enforcement greater

authority to act on the HCFs behalf and support the staff inquiry as to the purpose for being on the property.

Approved: October 2010 Last Revised: June 2013


02. Stopping and Questioning Persons of Interest

02. Security Department Operations 02. Security Officer Training 02. Stopping and Questioning Persons of Interest


29


STATEMENT:

Healthcare Facilities (HCFs) will develop procedures for responding to internal security incidents. Internal security incidents generally refer to manmade vs. natural occurrences. Procedures may include initial response to, and the securing of, an incident scene, providing necessary assistance, law enforcement contacts, appropriate investigation and documentation.

INTENT:

a. Proceed quickly and safely to the scene. Observe people or vehicles leaving the vicinity. Upon arrival identify key staff and obtain additional available information.

b. Quickly and carefully assess the scene, gathering facts about who, what, when, where and how. Evaluate the nature and extent of the problem to determine an initial course of action. Utilize personal protection equipment (PPE) if warranted.

c. Alert other parties or agencies which may include other security officers, security supervisor, hospital supervisor/administrator, police/fire department, and others potentially affected by the incident.

d. Secure the scene to mitigate further damage or injury and to preserve evidence.

e. Direct security related actions at the scene by exhibiting leadership to mitigate damage and injuries. Transfer leadership once designated authorities or administrative staff has arrived.

f. Take notes and obtain verbal/written statements which may be used in preparing the security incident report. Complete required documentation and provide information to assist authorities.

Approved: October 2009 Last Revised: October 2010 Last Reviewed: October 2011


03. Incident Response

02. Security Department Operations 02. Security Officer Training 03. Incident Response


3130


02. Program Management 05. Security Officer Physic

STATEMENT: Healthcare Facilities (HCFs) will develop policies and procedures that include the identification of situations, both clinical and non-clinical, in which security is permitted to use force. The amount of force to be used will be that which is objectively reasonable and takes into account the totality of the circumstances. INTENT:

a. Use of force is defined as any force beyond a guiding touch. Applicable government requirements, accreditation and regulatory guidelines should be consulted in the development of this policy.

b. The policy should contain a use of force educational element such as a matrix or a continuum. This element would provide guidance to security detailing appropriate response to the level of resistance being encountered.

c. The HCF will determine if weapons are to be carried by security personnel. This decision should

be based on a security assessment of the individual facility, local crime statistics and other factors as deemed necessary and will help determine what specific weapons, if any, are authorized.

d. The HCF will determine what physical restraints, if any, will be carried by security personnel and under what circumstances they may be used (written in accordance with IAHSS Guideline 05.02 – Security Role in Patient Management). Also, as part of the security assessment this decision would be based on a calculated need as indicated by past experience and current environment.

e. Terms such as “least amount of force” or “only necessary force” should be avoided. The recommended terms “objectively reasonable”, the “totality of the circumstances” and “reasonably appears necessary” have been court tested and are preferred.

f. The HCF will provide initial and ongoing training of policies and procedures to include the

physical skills training necessary to demonstrate competency in the use of force. This training will be documented and maintained as part of security’s training records (written in accordance with IAHSS Guideline 02.02 – Security Officer Training).

g. All incidents involving the use of force by security will be documented. A special use of force form may be maintained as part of the original report of the incident.

REFERENCES:

- Graham v. Conner 490 U.S. 386 104 L. Ed. 2d 443, 190 S. Ct. 1865 (1989) - International Association of Chiefs of Police National Law Enforcement Policy Center USE OF

FORCE Model Policy, August 2001 - Journal of Healthcare Protection Management, IAHSS 2007 Volume 22, No. 2, Page 15, Use of

Force in Private Security: A Primer. Approved: November 2007 Last Revised: October 2012


05. Security Officer Use Of Physical Force

02. Security Department Operations 02. Security Officer Training 05. Security Officer Use of Physical Force


31

02. Security Department Operations 02. Security Officer Training 05. Security Officer Use of Physical Force

02. Security Department Operations 02. Security Officer Use of Force 06. Defensive Equipment and Use of Force Techniques


STATEMENT: How to use, when to use and who can use force must be addressed by all Healthcare Facilities (HCF’s). The consideration, selection, and implementation of use of force techniques and defensive equipment are the responsibility of the HCF. INTENT:

a. The HCF should develop a use of force policy that identifies the guiding principles as to

when and how the use of force is authorized. The HCF should consider implementing a use of force continuum that complies with applicable laws and regulations and addresses the level in which defensive equipment and techniques are used to protect or meet resistance.

b. A security assessment should be conducted to determine risks to the specific HCF environment. The selection of defensive equipment and use of force should be based on identified risks, aligned with approved de-escalation techniques and be a multidisciplinary leadership team decision. Only HCF approved defensive equipment and use of force should be deployed and utilized.

c. Develop a written procedure for the deployment and use of each type of defensive equipment utilized by the HCF which may include a service baton, shields, incapacitating agents, handcuffs, Taser, or firearm.

d. Develop a plan to authorize and train selected staff members in the use of each type of

approved defensive equipment and use of force technique. Training should address competency before initial deployment. Ongoing training should be provided as needed or in compliance with required applicable laws and regulatory agencies.

e. Develop a procedure for the rendering of medical treatment, if necessary, to any injured

party following the use of defensive equipment or use of force.

f. A defined incident review process should be in place to evaluate the appropriateness of the deployment of defensive equipment and use of force.

SEE ALSO:

- IAHSS Healthcare Security Guideline 02.02.05, Use of Force Approved: July 2012

02. Security Department Operations 02. Security Officer Use of Force

06. Defensive Equipment and Use of Force Techniques


3332

03. Investigations 01. Investigations (General)

STATEMENT:

Healthcare Facilities (HCFs) will develop procedures for investigations addressing alleged crimes, injury, losses, or damage, and for administrative purposes.

INTENT:a. Investigative actions refer (s) to the impartial observation and gathering of facts and information.

b. Facility staff, including security, may engage in investigative activity for a variety of purposes and situations including:1) Determining if there is criminal activity2) Determining the cause of safety related incidents/accidents 3) Auditing of control procedures4) Determining suitability of applicants seeking or continuing employment5) Reducing the likelihood of future incidents6) Assisting law enforcement or other public safety and regulatory agencies7) Assisting other internal departments in non-criminal investigations

c. Facility staff conducting investigations should have a basic understanding of how to conduct and pursue a criminal, civil, or administrative investigation.

d. The investigation of an incident should be undertaken as soon as practicable. Procedures should be in place to preserve an incident scene and other evidence when needed.

e. Security investigations of a criminal nature should be conducted in a manner that does not interfere or jeopardize a law enforcement investigation.

f. The depth and complexity of an investigation will depend on the frequency and severity of an incident or combination of incidents.

g. Investigation of security incidents may include overt, covert, or a combination of these activities.

h. Security incident reports should be completed prior to the end of the officer’s shift.

i. The investigation or control of an incident may be ongoing and, through established procedure, may be continued by other security staff.

j. There should be a defined process for the review of security incident reports. These reports should be reviewed for completeness and to determine the need for further investigation.

k. There should be a policy for sharing investigative findings with internal or external departments and agencies.

Approved: November 2007

Last Revised: June 201404.ions

03. Investigations01. Investigations (General)



33

03. Investigations 03. Covert Investigations


STATEMENT: Healthcare Facilities (HCFs) may require the use of covert investigations to identify persons or gather details about prohibited or illegal acts. Covert investigations may include the use of undercover operatives or electronic equipment. INTENT:

a. Reasons for implementing covert investigations may vary greatly (asset protection, drug diversion, rule violations, or acts that may be harmful to the well-being or image of the HCF). The purpose of these investigations will be to collect information to be used as evidence to identify those involved and terminate prohibited activities posing a risk to the facility.

b. The decision to implement covert investigative techniques should not be made until it is determined more conventional methods would not be available or would not be effective.

c. Use of covert investigative equipment (such as hidden or disguised video surveillance) or other

covert techniques must be conducted in compliance with applicable laws.

d. Consideration must be given as to whether the parties that enter an area under covert observation enjoy a reasonable expectation of privacy. Certain areas in a HCF (restrooms, locker rooms, changing areas, patient treatment areas, etc.) may be considered off limits in regards to covert investigative equipment.

e. Prior to installing any covert investigative equipment, security should determine that:

1) The activity being investigated has a reasonable chance of being depicted

2) There is a safe means of installing and removing such equipment (i.e. firewalls are not

compromised and other fire detection / suppression / life safety equipment is not affected in any way)

3) The investigative equipment is concealed so that all such equipment will likely remain

undiscovered for the duration of the investigation

4) There is a means of retrieving stored information from such equipment without others becoming aware of its presence

5) There is a plan for receiving reports and storing information to maintain confidentiality




3534



f. The HCF should develop a policy for implementation of covert investigations including the following:

1) Designated individuals that can approve such investigations/ installations

2) Requiring participants to agree to not disclose the investigation

3) Evidence obtained during a covert investigation will be considered property of the HCF until such time that it is turned over to a law enforcement agency or other designated recipient. Such evidence will be considered confidential and will not be viewed, disseminated or discussed with any individuals, departments or agencies without proper approval

4) Findings regarding the investigation and recommendations will be documented and forwarded as appropriate

5) A plan for termination of the investigation in the event that it is discovered or becomes dangerous

Approved: April 2008 Last Revised: October 2011 Reviewed: December 2013




35

04. Program Systems 01. Physical Security - General


02. Program Management 01. Security Administrator

STATEMENT: Healthcare Facilities (HCFs) will implement physical security safeguards to establish a reasonable level of protection of people and assets to augment security staffing, policies and procedures. As the effectiveness of physical security safeguards used in the HCF vary, no single formula determines an appropriate physical security deployment plan for a given HCF. INTENT:

a. The use of all electronic and non-electronic security safeguards used in the HCF should have a defined, documented philosophy of use that is reviewed periodically.

b. Physical security measures and enhancements are best deployed after conducting a security risk assessment. After an adverse event, the plan should be reviewed with modifications as needed.

c. The number and type of physical security safeguards used in the HCF may vary. Using crime prevention through environmental design (CPTED) principals for layered protection, consideration should be given to the equipment and devices listed below: 1) Access control to include doors, locking mechanisms, key systems, push-button locks,

electronic access technologies and gates 2) Video surveillance to include cameras, monitoring devices, recording equipment and video

intercoms 3) Alarms to include intrusion and motion detection and duress / panic applications 4) Communication devices to include telephony and radio communications, dispatching

equipment and software, emergency call boxes and mass notification devices 5) Screening equipment to include visitor management and metal detection 6) Asset protection devices to include equipment used to fasten/secure, seal, tools used to mark

property, narcotic, cash, weapon storage, safes and lock boxes 7) Patient and asset tracking to include infant protection, elder and high risk patient monitoring

(wander alert), and RFID tags 8) Use of CPTED principals to include fencing and barriers, bollards, lighting and landscaping 9) Hardening devices for walls, windows, and work-stations to include transaction windows,

protective glazing material, bullet-resistant glass and work-space design 10) Psychological deterrents to include security signage, way-finding guidance, and clearly

marked security patrol vehicles d. Whenever reasonably possible, physical security equipment and devices should be standardized,

planned and implemented in an integrated manner. e. Physical security equipment and devices should complement and support the building Life Safety

plan and regulations within the jurisdiction. f. Policies, procedures and training programs should be established for using, administering and

responding to the various physical security safeguards deployed throughout the HCF. g. The HCF should have a program of preventative maintenance, inspection and testing of all

physical security equipment and devices on a periodic basis. h. A close-the-loop reporting procedure should be used to outline how malfunctioning security

equipment and devices are reported through the completion of corrective actions.

04. Program Management 01. Physical Security - General



3736

04. Systems 01. Physical Security - General


SEE ALSO:

- IAHSS Healthcare Security Guideline 04.02, Electronic Security Systems

- IAHSS Healthcare Security Guideline 04.04, Video Surveillance

- IAHSS Healthcare Security Guideline 04.09, Testing of Physical and Electronic Security Systems

- IAHSS Healthcare Security Design Guidelines – General Guideline

Approved: August 2013

04. Program Management 01. Physical Security - General


37


STATEMENT: Healthcare Facilities (HCFs) will develop an electronic security system plan to provide guidance and direction for existing and future electronic system enhancements. INTENT:

a. A properly designed and installed electronic security system should: 1) Provide guidance for those involved in designing or enhancing the HCF’s protection systems

(e.g. security professionals, design and planning staff, architects, healthcare facilities administrators)

2) Augment and improve the effectiveness of staff resources

3) Deter and detect criminal activity and other undesirable activity

4) Provide a useful after the fact investigative tool

b. Whenever possible, electronic security systems should be planned and implemented in an integrated manner. For example: local door contacts or other alarms should be integrated with video surveillance. Alarm activation should integrate with video surveillance systems.

c. Electronic security systems should be tested with results documented on a scheduled basis and maintenance performed in a timely manner.

d. Electronic security system implementation and enhancements should occur after conducting a

security risk assessment. After an adverse event, the plan should be reviewed with modifications made as needed.

e. Electronic security systems should be installed in compliance with applicable life safety and building codes. Maintenance procedures for reducing the potential for system failures of panic alarms, video surveillance, etc. should be developed including periodic testing procedures.

Approved: January 2006 Last Revised: October 2011

08. Physical Security 01. Electronic Security Systems

04. Systems 02. Electronic Security Systems

04. Systems 02. Electronic Security Systems


3938


STATEMENT: HCFs will maintain an identification system and policy that identifies all general staff, regularly scheduled contract staff, and other vendors who supply services. INTENT:

a. Definitions: 1) General staff is defined as all personnel regularly serving the HCF (e.g. employees,

volunteers, physicians, students, and regularly scheduled contract service personnel) 2) Regular scheduled contract staff is those persons who are employed by an outside company

assigned to the HCF (e.g. food service, environmental services, security, biomedical engineering, etc.)

3) Outside vendor is defined as those outside suppliers providing services to the HCF (e.g. sales persons, repair persons, service persons, contractors)

b. A color photographic likeness, unique identifiers, and an expiration date should be incorporated onto the HCFs identification badge.

c. Information contained on ID badges (i.e. credentialing, job title, department) should be verified at

employment and at the time of reissue.

d. Identification badges should be readily visible at all times while on the property owned or controlled by the HCF, except when presenting as a patient for medical care or when visiting a patient.

e. The HCF should maintain a ‘current personnel policy’ with timely deactivation of identification

badges along with a system for the collection of badges upon separation from the HCF.

f. The HCF should expire and reissue previously issued badges at least every five (5) years from date of issue, unless there is an automated process to ensure currency of badges.

g. In some cases, by formal policy, the HCF may accept identification badges issued by another

organization (e.g. student badges, issued by another university, college, or other HCF). h. Consider utilization of the HCF ID badge as a credential authenticating emergency response

workers.

Approved: January 2006 Last Revised: November 2012

04. Systems 03. Access Control

01. Identification System

04. Systems 03. Access Control 01. Identification Systems


39


STATEMENT: Emergency situations may require a HCF be immediately or progressively, “locked down" to mitigate harm to patients, staff, and visitors as well as protect property. Lock down situations may result from internal or external events such as a hostage incident, active shooter, infant abduction, forensic patient escape, or a man-made or natural disaster. INTENT:

a. Restricting movement of individuals into, throughout, and out of the HCF during an emergency can be critical to the safety of patients and staff, and to the protection of life-saving supplies, equipment and infrastructure.

b. A security risk assessment should be undertaken whenever a lock down policy is developed or

reviewed. Situations identified by the risk assessment should be evaluated based upon identified emergency scenarios within the HCFs locality.

c. Restricted access protocols should consider ‘in place’ physical security measures (electronic

access control, traffic barriers, etc.), on-duty staff members (security and HCF staff) and the availability of supplemental staff from external resources.

d. Restricted access protocols should address the following:

1) How to limit access for the entire facility. This may be accomplished in progressive stages

and may involve the facility incident command structure 2) The persons authorized to implement the restricted access plan 3) Controlling Access to security sensitive areas and high risk departments 4) The process to identify HCF staff and others (fire, law enforcement, public health) that

require access 5) Communication methods for supplemental and on duty personnel 6) Methods for managing internal and external communications 7) Establishing and maintaining perimeters and visitor protocols 8) Obtaining additional security and or law enforcement staff 9) Establishing secure passage routes and shuttle transportation for HCF staff 10) Management of the internal environment during lock down 11) Reversing the lock down and opening areas

e. Controlled access plans should be tested and evaluated as part of disaster drills and exercises with

other HCFs and other community agencies.


03. Facility Restricted Access (Emergency Lock Down)

04. Systems 03. Access Control 03. Facility Restricted Access (Emergency Lock Down)



4140

04. Systems 03. Access Control 03. Facility Restricted Access (Emergency Lock Down)


REFERENCES:

- “Restricted Access Toolkit”, IAHSS, October 2008

- California Department of Public Health, "Standards and guidelines for healthcare surge during emergencies: roles to be played by hospital security, Journal of Healthcare, Protection Management 25. 1 (2009), 72, https://www.iahss.org/Members/Journal-Articles.asp?t=2&i=480 (accessed July 5, 2009).

Approved: October 2009 Last Revised: October 2011


03. Facility Restricted Access (Emergency Lock Down)


41


STATEMENT: Healthcare Facilities (HCFs) will establish policy and procedures that define authorized visitor access to patients in the facility. The policy and procedures should make specific reference to visitor access to patients and contain restrictions on visiting hours and number of visitors, by unit, as applicable. The policy should balance the security needs of the facility with the healing value provided to patients through support from family and friends. INTENT: a. The safety and security needs, visitation rights of patients, and operations of patient units should be

considered when establishing policies related to visitation. Security should work with representatives of clinical and affected departments to determine factors that may impact visitation to a specific unit or department. Processes should identify high-risk patients relative to potential unauthorized visitors as well as processes for assessing the level of threat and initiating preventative measures.

b. A method for staff to readily identify or authenticate visitors should be established. The visitor identification/authentication process may include a recording component as circumstances dictate. The identification should include the following elements: 1) Units(s) or departments authorized to visit 2) Date of authorized visit 3) Time restrictions of visit, if appropriate 4) Persons who should be denied access

c. The processes for approving overnight visitation, including identifying individuals and areas

authorized should be established. d. Education around visitor guidelines and processes should be developed and communicated to relevant

stakeholders. Target audiences to be considered should include: patients, staff, attending physicians, volunteers, family, friends and other potential visitors. The information should be communicated using various methods and may include patient admission packets, signage, hospital web page, overhead announcements or verbally conveyed by staff.

e. Sufficient points of visitor registration, where badges, information and directions are provided,

preferably at the perimeter of the area being controlled, should be established and staffed. f. Staff or volunteers assigned to visitor registration points should have limited access to patient

information or other personal information involving visitor restrictions. g. Consideration should be given to equipping visitor registration points with duress alarms.


04. Visitor Control - Patients

04. Systems 03. Access Control 04. Visitor Control-Patients



4342

04. Systems 03. Access Control 04. Visitor Control-Patients


h. Access points to the facility and individual units and departments should be monitored and controlled based on the assessed vulnerability, including time of day. Access can be monitored either through security technology, staff, or a combination.

i. Signage should direct visitors to the appropriate entry point for after-hours assistance.

REFERENCES:

- Centers for Medicare & Medicaid Services, 42 CFR Parts 482 and 485, Changes to the Hospital and Critical Access Hospital Conditions of Participation to Ensure Visitation Rights for All Patients, Federal Register, Vol. 75, No. 223, November 19, 2010

SEE ALSO:

- IAHSS Healthcare Security Guideline 07.01, Security Sensitive Areas

- IAHSS Healthcare Security Guideline 01.09.01, Targeted Violence

Approved: September 2011

Last Reviewed: November 2012


04. Visitor Control - Patients


43

04. Systems 04. Video Surveillance


STATEMENT: Healthcare Facilities (HCFs) will develop a policy to provide guidance and direction on the application, control, authorization and use of video images. Video surveillance is generally utilized as an after the fact investigative tool and when properly planned and installed may serve as an effective element of crime prevention. INTENT:

a. Each HCF should determine the requirements for video surveillance in facilities and grounds based on security risk assessments.

b. Authorized site personnel should have the ability to observe video images of public areas via live viewing or have the ability to review recorded images for incident investigation.

c. Each HCF should have a policy governing the protection of confidential information and

images obtained from the use of video surveillance.

d. Requests by internal stakeholders, law enforcement, external agencies, or others for an archive record of video images should be directed to the person responsible for the security function, and may be granted if the request conforms to appropriate privacy and HCF policy and standards.

e. The person responsible for the security function should develop adequate measures to

protect the information or images obtained from security video surveillance and establish a process so that information or images are observed, recorded or shared only with persons entitled to receive such information.

f. Video surveillance may be used in the HCF for non-traditional security purposes to

include patient care monitoring or auditing of sensitive processes (e.g. cash handling, hazardous materials, controlled substances, and worker productivity). Such systems may be used for education and training, direct observation, or other similar uses. Images obtained from or information stored within such systems should be limited and shared only with approved staff. When feasible, video systems used should be consistent for purposes of maintenance.

g. The use of covert video surveillance may be authorized in certain circumstances and under strict controls by the person responsible for the security function.

h. The use of dummy (fake) cameras should not be permitted.

04. Systems 04. Use of Video Surveillance



4544

04. Systems 04. Video Surveillance


i. Signage may be posted at the entrance of the facility where visible security cameras are utilized, indicating the presence of video surveillance equipment.

j. When integrated with security systems (e.g. alarm contacts/points, intercom, or other

devices) video surveillance effectiveness may be enhanced.

k. Privacy protection measures are necessary to ensure the collection of personal information by means of video surveillance is lawful, justifiable, and that such information obtained is appropriately processed.

l. The HCFs policy on video surveillance should identify a minimum of 10 days for a

retention period for recorded images or as required by regulatory agencies.

m. Video surveillance is used for clinical, educational or other uses. Equipment should be consistent and compatible to allow for ease of maintenance and cost management.

SEE ALSO:

- IAHSS Healthcare Security Guideline 03.03, Covert Investigations Approved: February 2009 Last Revised: October 2013

04. Systems 04. Use of Video Surveillance


45


02. Program Management 05. Security Officer Physic

STATEMENT: Physical security equipment is integral to the overall protection program. Healthcare Facilities (HCFs) will develop a program of preventative maintenance and testing of physical security equipment that identifies and corrects deficiencies. INTENT:

a. The HCF should develop an inventory of physical security equipment. Ideally this would include drawings that show each device and location within the HCF. The inventory should include:

1) Manufacturer 2) Date of purchase 3) Date of installation 4) Limits of warranty 5) Source of power and presence of back-up power, if any 6) Period of expected life

b. The HCF should identify security systems and sub-systems to be covered in the preventative

maintenance (PM) and testing program. This should include: 1) Access control and identification badging 2) Limited access and egress systems 3) Video surveillance 4) Intrusion devices 5) Communications devices 6) Duress alarm systems and devices 7) Infant protection systems 8) Elder and high risk patient monitoring systems and devices 9) Uninterrupted Power Supply (UPS) systems specific to the above

c. The HCF should coordinate PM with any related information technology infrastructure to ensure

appropriate technology upgrades apply to security systems.

d. The HCF should include, as appropriate, the testing of security systems into other related testing procedures such as generator testing to ensure that security systems operate as designed during power failures.

e. The HCF should establish a frequency for PM and testing. PM should be consistent with manufacturer guidelines or other recognized industry best practices. Testing should be performed monthly for systems and devices used for summoning immediate assistance.

04. Systems 09. Testing of Physical and Electronic Security Equipment




4746



f. Mechanical physical security devices, such as locks, doors, window hardware and other security

barrier devices should be identified and routinely inspected by security patrol or HCF staff as appropriate.

g. PM and testing corrective actions should include defining a prioritization of all repairs needed.

The prioritization should be risk based and establish repair time expectations.

h. Protocols should identify those responsible for each function of inspection and repair. Training or certification for corrective action should be consistent with manufacturer recommendations. Training and competency should be documented.

i. The HCF should document PM and testing. Records of all inspections and repairs should be maintained. Documentation should describe:

1) System and sub system 2) Specific piece of equipment 3) Nature of problem 4) Specific repair made (including parts, time to accomplish) 5) Personnel involved 6) Approvals obtained for repairs that exceed established budget

j. Components of the PM and testing program should include cleaning, viewing, adjusting, running

available diagnostics and the application of firmware or software updates as necessary.

k. Records related to the PM and testing of systems, including those performed by vendors, should be maintained to identify recurring or systematic issues. Such records should be developed to prepare annual budgets related to PM and testing and to support budget requests associated with upgrades or system replacement.

SEE ALSO:

- IAHSS Healthcare Security Guideline 04.02, Electronic Security Systems - IAHSS Healthcare Security Guideline 04.04, Video Surveillance

Approved: July 2012



47

04. Systems 10. Security Signage


STATEMENT: Basic security signage is a necessary element of all Healthcare Facilities (HCF’s) security programs. Security signage will be developed for the specific elements of the HCF Security program, organizational signage guidelines, and applicable regulatory or legal requirements.

INTENT:

a. The Security Administrator, in collaboration with organization leadership, should develop and maintain security signage compatible with the overall facility signage and way finding system.

b. The primary purposes of Security Signage may be informational, convey behavioral expectations, suggest safety advice or prohibit specified behaviors or activities. A single security sign may combine each of these primary security purposes. Examples of primary purpose security signage include: 1) Informational

a) Entrance Locked 6 PM – 6 AM b) Night Entry at Emergency Department

2) Behavioral Expectations a) Visitors Must Register b) Maintain Confidentiality

3) Safety Guidance a) Check Your Valuables b) Lock Your Vehicle

4) Prohibited Acts a) Emergency Exit Only b) This Facility is a Weapons Free Zone

c. Compliance with security signage is generally a facility-wide responsibility of all HCF

employees and not the exclusive responsibility of the security staff. There may also be signage where the compliance may be the responsibility of a department, unit, or the function of specific assigned position.

d. Organizational signage may not always have a specific security message but can contribute to the objective of providing a safe and secure environment. Security signage may be mounted, painted, installed in flooring, or be a part of an electronic type presentation. An example is way-finding signage. This type of signage contributes to facility access control by expediting visitor/patient traffic directly to their intended destination to eliminate wandering, becoming lost, or taking pathways which may increase security risks.

e. Security signage may be permanently affixed, or posted for temporary or situational needs. Examples of temporary/situational signage are those directing after hours exiting, short term instructions due to construction projects, maintenance activities or interim life safety measures.




4948



f. Anticipated situations, including emergency management signage, which may be needed for

rapid implementation (i.e. lockdown stages), should be prepared and conveniently stored in advance. Signage should be printed to reflect a professional, authoritative, and readily understood message.

g. Way-finding signage should be used to orient and guide patients and visitors to their desired

location. To be effective, signage should: 1) Provide clear and consistent messaging 2) Use color coding or memory aids 3) Be used to enhance security awareness in parking areas while serving as psychological

deterrence to criminal and other negative behavior 4) Not obstruct natural sight lines

SEE ALSO:

− IAHSS Healthcare Security Guideline 04.04, Video Surveillance

− IAHSS Healthcare Security Guideline 07.05, Parking-General

− IAHSS Design Guideline 11.01, Parking and the External Campus Environment

− IAHSS Design Guideline 11.02, Buildings and the Internal Environment

Approved: March 2012



49

05. Services - Patient 02. Security Role in Patient Management


02. Program Management 04. Security Role Patient Management

STATEMENT: Healthcare Facilities (HCFs) will develop policies and procedures that identify the responsibilities and scope of activities of security in performing patient intervention activities. Patient intervention activities include performing patient watches, holds, restraints and seclusions relative to the medical evaluation or treatment of patients. INTENT:

a. Management of patient care from the time of presentment for care, to the time of discharge, is the responsibility of clinical care staff.

b. When security is involved in patient intervention activities, such intervention will be under the

direction and supervision of clinical care staff. Security may take independent action when presented with circumstances involving a clear and present danger of bodily harm or danger to property.

c. The long-term use of security as sitters or in patient watch situations should be avoided unless

dedicated security-staffing resources have been allocated for this specific purpose. If other security resources are used, significant efforts should be made to maintain the overall posture of safety on the campus. Placing patients in restraint or seclusion should also include appropriate clinical staff monitoring. If security is used to support this monitoring, the appropriate training should be provided. In general, security should be used to supplement and not replace clinical staff members. The primary role of security should be to assist in patient acting out situations where help is needed to gain control of the patient.

d. When security assists in the hands on restraint or seclusion of a patient within the facility, where

physical force and/or restraint devices are required, the following will apply: 1) There will be continuous presence, direction, monitoring, and supervision of security actions

by qualified facility clinical care staff.

2) Restraint devices will be those devices commonly utilized in the medical care environment that have been approved by the HCF. Handcuffs and similar law enforcement restraint devices will not be utilized unless such medical restraint devices are not immediately available and there is an immediate and clear danger that the patient may harm himself or others. It is recognized that law enforcement restraint devices may not be used in any case in specific jurisdictions. The use of weapons by security is considered as law enforcement use and not a healthcare intervention. The use of a weapon by security to protect people, or hospital property from harm would be handled as a criminal activity.

3) Prisoner patients presented by prisoner staff should be restrained by the prisoner staff

supplied devices, which may include handcuffs, shackles, manacles or like devices (written in accordance with IAHSS Healthcare Security Guideline 05.10, Prisoner Patient Security).

05. Program Administration 02. Security Role In Patient Management



5150

05. Services - Patient 02. Security Role in Patient Management


e. Security will receive training as to their role with established protocols relative to patient watches, holds, and restraining patients. Collaborative training with clinical staff should include de-escalation and proper patient restraint techniques, mental health holds, Against Medical Advice (AMA) discharges as well as accreditation and regulatory agencies.

f. Security’s patient intervention activities should be documented to include requesting care giver,

time of request, instructions given, patient name, time, nature, and duration of service rendered and the identity of all security involved in providing the support service.

REFERENCES:

- Stefan, Susan. Emergency Department Treatment of the Psychiatric Patient Policy Issues and Legal Requirements. American Psychology – Law Society Series. Ronald Roasch. Oxford, New York: Oxford University Press, 2006.

- State Operations Manual, Appendix A – Survey Protocol, Regulations and Interpretive Guidelines for Hospitals, Rev. 47, 06/05/2009. Centers for Medicare and Medicaid Services.

SEE ALSO:

- IAHSS Healthcare Security Guideline 05.06, Security in the Emergency Care Setting

- IAHSS Healthcare Security Guideline 05.07, Behavioral / Mental Health - General

Approved: November 2007 Last Revised: October 2010 Last Reviewed: October 2011

05. Program Administration 02. Security Role In Patient Management


51

05. Services - Patient 04. Searching Patients and Patient Areas for Contraband

STATEMENT:

Healthcare Facilities (HCFs) should establish procedures to reduce the likelihood of contraband entering the healthcare setting. Searches of patients, patient belongings, and patient areas should be conducted as needed.

INTENT:

a. These searches are undertaken to reduce the likelihood of potentially dangerous, illegal, or other items which may be contrary to the patient’s treatment plan from being brought into the healthcare facility.

b. Contraband includes, without limitation, any type of weapon, illegal or unauthorized drugs, intoxicants, flammable items, and sharp edged objects. Other items may be prohibited, based on patient needs as determined by medical staff.

c. A room search and a personal search protocol which respects the dignity of the patient should be established. The protocol should include:

1) When a search is justified2) Who may initiate a search (usually medical or nursing staff)3) Who conducts the search (usually security along with a unit care-giver) 4) How a search should be conducted, both of a person and an area 5) How search results are to be documented 6) How seized items are to be handled, safeguarded, and ultimately disposed of,

allowing for, as appropriate: a) destroying and discardingb) turning over to law enforcementc) returning the item(s) to the owner or a responsible family member.

d. These searches and inspections are administrative in nature, and are not law enforcement searches. It is not the intent of this guideline to provide law enforcement with evidence to criminally prosecute or otherwise act on the basis of items seized during such inspections. Nor, is it the intent of this guideline to prohibit the turning over of such contraband to the appropriate law enforcement jurisdiction. The HCFs search protocol should address who may, and under what circumstances a determination will be made to involve a law enforcement agency.

Approved: April 2009

Last Revised: October 2010

Last Reviewed: May 2014

05. Services - Patient04. Searching Patients and Patient Areas for Contraband



5352

05. Services - Patient 05. Patient Elopement Prevention and Response


STATEMENT: Healthcare Facilities (HCFs) providing inpatient services will develop a multidisciplinary procedure for preventing and responding to patient elopements. The procedure should distinguish between elopements; wandering; and leaving “against medical advice” (AMA). INTENT:

a. Definitions: 1) Elopement (referred to in some locations as absconding) is generally defined as a patient

incapable of adequately protecting him or herself, and who departs the HCF without the knowledge and agreement of the clinical staff

2) Wandering refers to a patient who ‘strays’ beyond the view or control of clinical staff, causing concern, but without the intent of leaving

3) Leaving against medical advice (AMA) is determined by the patient’s decision to leave the

facility after being informed of and understanding the risks of leaving without completing treatment

b. Elopement Prevention procedures, are generally a clinical responsibility, and should include:

1) Assessing each patient’s elopement risk during the admission process and reassessing such

risk, as indicated, during the patient’s stay

2) For patients at a high risk of elopement, steps should be taken to minimize the likelihood of a successful elopement such as:

a) Assigning such patients to rooms nearer and more visible to clinical staff b) Requiring such patients to wear a patient gown that maybe of a distinct type or

color c) Additional measures may include assignment of a sitter or use of Radio

Frequency Identification (RFID) to track patient location

3) A means of identifying patients who are authorized to leave the unit

c. Elopement Response Plans should address the following:

1) Clinical staff on duty at the time of a wandering or elopement event will conduct a search of the floor and adjacent areas as indicated and notify security if the patient is not found

2) Search of the facility’s buildings and grounds. Consideration should be given to assignment

of staff working near facility exits. Some HCFs enlist help via an overhead page using a unique code – combined with an email or other mass notification alert




53



3) If the patient is located on the grounds, security should notify clinical staff, and attempt to return the patient to their unit

4) If the patient is not located within a reasonable time, law enforcement should be notified to

obtain assistance in initiating a wider search

5) An HCF employee should be identified to coordinate information sharing and other follow up with law enforcement

6) An HCF employee should be identified to coordinate notification of and coordination with

the patient’s family

7) If the patient returns to the HCF, security should meet with clinical staff to evaluate the status of the patient, and possibly develop a plan to prevent the patient from engaging in another elopement

8) In the event of a reported patient wandering or elopement, an Incident Report should be

completed. SEE ALSO:

- Gerardi, Debra. “Elopement” December 2007, http://www.webmm.ahrq.gov/case.aspx?caseID=164#ref5

- TJC Sentinel Event Alert, Issue 46, November 17, 2010

- IAHSS Healthcare Security Guidelines 01.05.01, Security Incident Reporting

- IAHSS Healthcare Security Design Guideline 02. Buildings and the Internal Environment Approved: April 2008 Last Revised: October 2013



5554

05. Services - Patient 06. Security in the Emergency Care Setting


STATEMENT: Healthcare Facilities (HCFs) that provide emergency care have special security needs and should have a security plan specific for that department. INTENT:

a. The plan should be based on identified risks for the emergency department including volume, types of patients treated and incident activity, and community demographics.

b. The security administrator should be involved in the planning and building phases of emergency

department construction and renovation as a resource relative to security design issues.

1) The emergency department waiting area should be separated from the emergency department treatment area and be self-contained to include independent access to restrooms, telephones and vending machines.

2) Access controls should be in place to control and limit access of emergency department visitors into the Emergency Department (ED) treatment area and into the main hospital.

3) A room or area within the emergency department, separate from other patients should be

available for the treatment of behavioral/mental health or other high risk patients. Consideration for this room should include visibility by staff and the removal or securing of items that could be used by the patient to injure themselves or others (written in accordance with IAHSS Healthcare Security Guideline 05.07, Behavioral/Mental Health General).

4) The ambulance entrance should be separate from the walk in entrance and waiting room.

c. Security staff provides support services in the care and control of ED. These services are to be

provided at the request and under the direction and supervision of clinical staff unless circumstances require immediate action to prevent injury or destruction of property (written in accordance with IAHSS Healthcare Security Guideline 05.02, Security Role in Patient Management).

d. Security equipment and systems to protect staff and patients should be in place. These may

include electronic access control, video surveillance, and duress alarms. The emergency department should be capable of being rapidly locked down in event of an emergency. Drills should be conducted to exercise the lockdown process.

e. Physical measures and/or procedures should be in place to deter the elopement or removal of

patients at risk of harming themselves, others or of being harmed.

f. Emergency department staff (including security) should receive on-going training in workplace violence, aggressive/violent patient management to recognize, avoid, diffuse and respond to potentially violent situations.




55



g. Periodic meetings, at a minimum annually, with multidisciplinary staff should be conducted to review security protocols and resolve security issues within the emergency care setting.

h. Policies, procedures, and training programs should be established for security’s role in managing

high risk patients including patient watches, holds, searches, and application of patient restraints. REFERENCES:

- Emergency Nurses Association, Position Statement, Violence in the Emergency Care Setting, Developed 1991, revised and approved by the ENA Board of Directors, September 2008, ENA Web Site: http://www.ena.org/about/position/PDFs/64CA1B0B9EFD44C4A51CCBF0F30D7DD3.pdf

- 2011 ENA Workplace Violence Toolkit “Assessing Your Emergency Department”

- TJC Sentinel Event Alert, Issue 45, June 3, 2010

Approved: December 2006 Last Revised: October 2011



5756

05. Services - Patient 07. Behavioral/Mental Health (General)


STATEMENT: Behavioral / Mental Health (BMH) patients can pose many challenges and risks to Healthcare Facilities (HCFs) providing care. These risks can be magnified for patients with medical conditions requiring care in settings not primarily constructed for BMH care. These patients can pose risks relating to self-harm and violence toward others and consume considerable security resources. Legal action, regulatory review and loss of public confidence in HCFs can result from behavioral mental health incidents.

INTENT:

a. HCFs should implement protective measures that minimize the risks and vulnerabilities posed by this patient population.

b. Design of BMH facilities is an important factor in minimizing risks and vulnerabilities. Recommendations include: 1) Implementing access control devices and procedures for entering and exiting the facility to

help reduce the potential for patient elopement and other safety concerns 2) Deploying video surveillance systems to support patient observation and care plan 3) Integrating security equipment (e.g. motion sensors, door contacts, duress alarms, cameras,

RFID) that notifies staff of potential security vulnerabilities and incidents that may require further visual assessment or follow-up

4) Involving security leadership involvement in safety planning for the area including security design and policy and procedure development

c. Periodic assessments should be conducted of internal and external vulnerabilities. Assessments should include risk to patient harm and possible aids to patient harm; e.g. door handles, shower rods, sprinkler heads, phone cords.

d. Establish procedures that address response to patient elopement, patient restraint, response to combative behavior, seclusion room management and other security risk situations. These procedures should be incorporated into the training program and reviewed during periodic assessments.

e. Training of clinical and support staff (including security officers) should be conducted jointly. Training reports, drills and exercises, and after action assessments and debriefings of actual incidents should document the results and identify areas for improvement.

05. Services - Patient 07. Behavioral / Mental Health (General)



57

05. Services - Patient 07. Behavioral/Mental Health (General)


f. Establish processes for intake of patients to include assessing patient history to determine previous dangerous behavior, security of patient belongings, patient searches, patient identification and visitor.

g. Some BMH patient populations require added precautions and visitor control. Visitors to these patients may require additional screening.

REFERENCES:

- Design Guide for the Built Environment of Mental Health Facilities published by the National Association of Mental Health Facilities http://www.naphs.org/Teleconference/documents/DesignGuide4.FINAL.5.24.10_002.pdf

- Sentinel Event Alert, The Joint Commission, Issue 7 - November 6, 1998. Accessed August 1, 2010. http://www.jointcommission.org/SentinelEvents/SentinelEventAlert/sea_7.htm

SEE ALSO:

- IAHSS Healthcare Security Guideline 05.02, Security Role In Patient Management

- IAHSS Healthcare Security Guideline 05.05, Patient Elopement

- IAHSS Security Design Guidelines for Healthcare Facilities: 02.03 Building and the Internal Environment – Behavioral/Mental Health Areas

Approved: November 2010 Last Revised: November 2012

05. Services - Patient 07. Behavioral / Mental Health (General)


5958

05. Services - Patient 08. Pediatric Security


STATEMENT:

Pediatric patients present unique security challenges for Healthcare Facilities (HCFs). Given their wide range of ages and maturity levels, pediatric patients can present abduction risks, parental custody issues, physical assaults, wandering, elopement and other issues. The older pediatric patient may even introduce issues involving contraband, gang related activity, and other problematic behaviors.

INTENT:

a. HCFs should implement protective measures that identify and minimize the risks and vulnerabilities of its pediatric patient population. Proactive steps and HCF resources should be available in a format that pediatric staff can readily access when they have questions on pediatric security practices.

b. HCFs should establish security related procedures for the care of pediatric patients to include: 1) Assessing patient history for problematic behaviors and victimization 2) Considering the need for visitor control 3) Probing for current and past restraining orders 4) Identifying issues related to possible child abuse, custodial disputes, gang involvement,

elopement concerns, and contraband possession 5) Establishing relationships with agencies authorized to change custodial status of the pediatric

patient 6) Communicating and documenting guidance to custodial parents and guardians regarding their

vital role in providing safety and security for their pediatric patient

c. Admissions and Triage staff should be trained in probing for issues relative to pediatric safety and security. Inpatient clinical staff, working with pediatric patients, should receive similar training as well as instruction in the indicators of when a family, visitor, staff member or another may be involved in abuse or neglect of the patient. Procedures in legally required reporting suspicions of same should be developed and included in this training.

d. Pediatric patient visitation privileges should be set out in a policy and procedure that provides for a controlled and welcoming environment. 1) Authorized visitors should be readily identifiable 2) Consideration should be given to identifying persons who are authorized for ‘after-hour’ or

‘over-night’ visitations




59



e. Timely campus-wide communication procedures should be established that include the use of

distinct emergency codes and procedures to respond to pediatric abductions and elopements.

f. Inpatient areas providing pediatric care, including the Pediatric Care Unit (PEDS), Neonatal Intensive Care Unit (NICU), Pediatric Intensive Care Unit (PICU), Adolescent Psychiatric Unit (APU), and any adult unit which may be used from time to time for pediatric care, should be evaluated against the special risks associated with the pediatric patient.

GENERAL INFORMATION:

- National Center for Missing & Exploited Children (NCMEC) publication “For Healthcare Professionals: Guidelines on Prevention of and Response to Infant Abductions”, Ninth Edition – 2009. NCMEC, 699 Prince Street, Alexandria VA 22314-3175.

SEE ALSO:

- IAHSS Healthcare Security Guideline 05.08.01, Infant/Pediatric Abduction Prevention and Response

- IAHSS Healthcare Security Guideline 05.05, Patient Elopement

- IAHSS Healthcare Security Design Guideline 02.06 Buildings and the Internal Environment –Infant and Pediatric Facilities

Approved: May 2011




6160

05. Services - Patient 08. Pediatric Security .01 Infant/Pediatric Abduction Response and Prevention


STATEMENT: Healthcare Facilities (HCFs) providing medical services for infants and children will develop a program to deter the abduction of an infant or child as well as procedures to respond to an abduction incident. INTENT:

a. The program will be based on identified risks at the HCF as well as current professional literature on infant/child abduction.

b. The program will include policies, procedures and protocols to deter infant/child abduction and to

respond to suspected or actual abduction for both non-family and family related abduction incidents.

c. The program will include training of multidisciplinary healthcare staff in both deterring and

responding to abductions.

d. The program will include applicable education of parents/guardians in their role of safeguarding their infant/child. Parental education should be conducted initially upon admission and include periodic refreshers throughout the duration of the infants/child’s stay in the HCF or in home visits.

e. The program will include the use of physical and electronic security measures, based on the HCFs

on-going risk assessment.

f. The use of a standard code to institute a response to an infant/child abduction, or suspected abduction, is encouraged. (Note: In the United States, the use of the words “Code Pink” is commonly used to institute a response to an infant/child abduction or suspected abduction. Internationally another code may be in use.)

g. Abduction drills should be conducted to exercise the HCF abduction response plan.

Consideration should be given to conducting the exercise in all areas housing infants or pediatric patients.

REFERENCES:

- National Center for Missing & Exploited Children (NCMEC) publication “For Healthcare Professionals: Guidelines on Prevention of and Response to Infant Abductions”, Ninth Edition – 2009. NCMEC, 699 Prince Street, Alexandria VA 22314-3175.

- TJC Sentinel Event Alert, Issue 9, April 9, 1999

- The Joint Commission Current Standards, Rationale, and Elements of Performance

Approved: January 2006 Last Revised: October 2011

05. Services - Patient 08. Pediatrics Security

01. Infant/Pediatric Abduction Response and Prevention


61

05. Services - Patient 08. Pediatric Security .01 Infant/Pediatric Abduction Response and Prevention

05. Services - Patient 10. Prisoner Patient Security


02. Program Development 03. Forensic Patient Security

STATEMENT: The secure treatment of prisoner patients must be addressed by all Healthcare Facilities (HCF’s) providing medical care for this high risk patient population. INTENT:

a. The HCF should develop a prisoner patient policy using a multidisciplinary leadership team. b. Prisoner patient security measures should include the following:

1) Orientation of security and clinical staff to the prisoner patient policy 2) The appointment of an HCF representative to coordinate the organizational security

protocols with the responsible law enforcement or corrections (custodial agency) 3) Orientation and education protocols for custodial agency staff that include:

a) Emergency and evacuation procedures related to the safety of the patient b) Monitoring, seclusion, restraint and control techniques including the use of

defensive equipment and use of force techniques c) Procedures for storage and handling of weapons d) Roles and responsibilities e) Communication with security or other HCF resources f) Collaboration on location of guarding officers

4) Consideration of designated treatment rooms or holding areas 5) Protocol for providing relief for officers guarding patients 6) Designating prisoner patient entry points into the facility 7) Protocols to verify patient treatment rooms and all areas frequented by the prisoner

patient are free of hazardous items (objects that may be used to harm self or others). This should include emphasis on bathrooms, stairwells and elevators

8) Guidance on the restraints used by the custodial agency i.e., handcuffs, leg irons, or other devices that includes:

a) The type and number of devices to be used should be risk based and established and communicated prior to admission1

b) Unless clinically contraindicated restraints should be used at all times, for all guarded patients

c) When treatment needs require removal or reducing of custodial agency restraint, the custodial agency should have input into this decision. Alternative but equivalent levels of protection should be provided

1 Research conducted on behalf of the International Healthcare Security and Safety Foundation in 2011 has indicated nearly one-third of prisoner escape incidents from HCFs occurred when the prisoner was in the restroom. Nearly sixty-nine percent of all escape incidents from HCFs occurred when the forensic restraints were removed. Click here to review the complete Journal of Healthcare Protection article.




6362



d) Methods to minimize the need to remove custodial agency restraints should be considered such as portable commode chair at bedside or plastic restraints in place of metal restraints when necessary for medical procedures such as MRI or inside operating rooms

9) Procedures for notifying affected departments upon the arrival of prisoner patients at the HCF. Security staff should conduct an initial walk through the planned travel route for the escort party and facilitate the specific communication between clinical and custodial agency staff. Suspicious individuals or circumstances should be reported immediately.

10) Protocols for food service to include disposable plates and utensils 11) Restrictions on use of telephone or other communication devices including mail room

facilities 12) A process for enhancing security measures based on higher risk patients

c. The HCF should document, track, trend and evaluate all prisoners. d. Regularly evaluate the physical security in locations where prisoner patients are present. This

should include: 1) Emergency care, inpatient, clinic spaces and external areas where prisoners are removed

from the transport vehicle 2) Designated entry points for prisoner patients 3) Designated rooms and holding areas for prisoner patients 4) Visitors to a prisoner patient should be permitted at the discretion of the custodial agency

in accordance with it’s and the HCF policies e. Establish communication protocols requiring the custodial agency to notify the HCF designated

representative of any change in security measures. f. When a prisoner is a visitor all the above should be taken into consideration.




63

06. Services – Staff (All) 01. Staff Related Services 01. General Staff Security Orientation and Education


STATEMENT: Healthcare Facilities (HCFs) will identify the security orientation and education needs of general staff. “General staff” is defined as all personnel regularly serving the HCF. Based on the orientation and education needs identified, the HCF will implement a program to provide this information. INTENT:

a. Expectations of staff responsibilities contributing to a safe and secure environment should be explained, including: 1) How staff contact Security 2) What information staff should report to Security 3) The importance of displaying and checking identification 4) Procedures for preventing and responding to infant/child abductions 5) Preventing, intervening, reporting and resolving workplace violence issues 6) Staff role in crime prevention 7) Reporting environmental safety issues 8) Personal safety awareness 9) Confidential information and patient privacy issues

b. Security orientation and education should be presented to all HCF staff within thirty (30) days of

employment with periodic reviews and updates of information at least annually.

c. Security sensitive areas have special staff orientation and education needs. If assigned to a security sensitive area, such special training should occur prior to the first unsupervised assignment.

d. The HCF should determine and continuously evaluate the method of presentation which best

accommodates staff needs. Presentation may include classroom, video, newsletter, role playing, drills and electronic self-learning education modules.


06. Services – Staff (All) 01. Staff Related Services

01. General Staff Security Orientation and Education


6564

06. Services – Staff (All) 02. Home Health Provider (Community Provider Services)


STATEMENT:

Healthcare Facilities (HCFs) providing home health services will develop a security plan to protect staff traveling into the community in the performance of their job duties.

INTENT:

a. HCFs should have a risk assessment process in place which would allow home health staff to determine appropriate safeguards associated with a community visit. The risk assessment process may include a community crime assessment, previous history of the client and use of a location based threat assessment.

b. Home health staff should be provided with education and training regarding risk identification and preventive safeguards. Training should include information and guidelines on security awareness, crime prevention and defensive measures. Training records should be maintained.

c. HCFs should develop a communication process to protect home health staff. This should include

proactive check in and checkout procedures which would allow staff to make contact during the shift to help ensure their safety. Cell phones, automated check-in procedures or GPS devices may be considered as appropriate, to facilitate this process.

d. Security or appropriate escorts should be available to home health staff providing services in areas or situations deemed high risk or as individual situations warrant.

e. Procedures should be in place for home health care staff to follow in the event of a security incident or a situation in which they have a concern for their safety or well being.

f. HCFs should have a process in place for responding to incidents or missed check-ins.

Approved: June 2008 Last Revised: October 2010 Last Reviewed: April 2013

06. Program Management 02. Home Health Provider (Community Provider Services)


65

07. Specific Areas 01. Security Sensitive Areas


STATEMENT: Healthcare Facilities (HCFs) will identify security sensitive areas during risk assessments and develop reasonable measures to minimize vulnerabilities and mitigate risk. INTENT:

a. Security sensitive areas should be identified during the risk assessment and may include: 1) Areas housing at-risk populations, controlled and dangerous materials, or sensitive equipment

and information 2) Operations with significant potential for injury, abduction or loss.

b. The senior manager of identified security sensitive areas should be involved in mitigation efforts

and planning should include security, clinicians and ancillary staff.

c. The HCF should develop a plan for each security sensitive area. Where appropriate, the security plan should include the following:

1) Identification of risks unique to the area

2) Access control plan of entry to and exit from the area for visitors, patients, staff and others

3) Security technology; this may include video surveillance, alarm monitoring, keying systems

or other security safeguards

4) Preventive maintenance procedures for reducing the potential for security system failure should be developed including regular and ongoing testing procedures

5) Security training for staff members and, as appropriate, patients and their families

6) A defined response plan delineating roles and responsibilities for security, clinicians and

ancillary staff

7) A review and corrective action process of security activity and events

Approved: December 2006 Last Revised: December 2013

07. Specific Areas 01. Security Sensitive Areas


6766

07. Specific Areas 02. Pharmacy Security


STATEMENT:

Healthcare Facilities (HCFs) will develop physical security policies and procedures and protection practices that address the unique security risks presented by clinical (inpatient, outpatient and satellite locations) and retail pharmacies located within the HCF; on and off campus.

INTENT:a. The HCF should conduct a regular and periodic security risk assessment to evaluate and determine the elements of physical security necessary to protect the pharmacy. The assessment process should be coordinated with the pharmacy management and include:

1) Identification and compliance with regulatory and institutional requirements and expectations

2) Internal compliance with access approval and termination policy3) Review of past security breaches and incident reports directly affecting department

operations4) Physical inspection of satellite locations, retail pharmacy operations, medication

dispensing points located outside of the pharmacy, and department functions located outside of the pharmacy such as warehouse storage and off-site clinics

5) Review of the purpose of all security equipment and systems installed to protect the staff and environment and testing of the same

6) Physical space including built environment and fixed equipment7) Evaluation of pharmacy signage and the need for department identification

b. The HCF should control physical access to all pharmacy entrances, exits and transaction windows to prevent unauthorized access.

c. The HCF should limit and restrict access to the pharmacy to only those personnel assigned to the department or have been specifically authorized access by the director of the pharmacy or their designee. An additional layer of restricted access should be established to the narcotics vault or other areas where controlled substances are stored.

d. The director of pharmacy or their designee should have final approval on all aspects of department access and controlled substance storage to include:

1) Approve all access privileges granted into the pharmacy2) Approve security policies for space leased, managed, or staffed by third parties3) Terminating access privileges granted into the pharmacy upon employee departure or other

identified need


67



e. Pharmacy staff should receive initial and on-going security education and training from a qualified resource as determined by Pharmacy and Security management in the following areas:

1) Control of entry to and exit from the pharmacy 2) Response protocols to:

- persons seeking to obtain inappropriate access - armed robbery - disruptive patient - drug-seekers - suspected diversion attempts - other suspicious activities

3) Use of security equipment and systems installed to protect staff and the department

4) Expected response of security officers to an alarm activation (if installed)

f. Periodic drills should be conducted to exercise pharmacy staff and both internal and external responders.

g. Periodic meetings with multidisciplinary internal and external staff should be conducted to review security protocols, implement corrective action plans, and resolve security issues within the pharmacy and associated operations.

h. Policies, procedures and training programs should be established for security’s role in responding to emergent calls to the various pharmacy locations.

i. All incidents involving access to the pharmacy by personnel other than approved staff will be documented in an incident report and forwarded to the director of pharmacy, security and other designated individuals in accordance with HCF policy.

REFERENCES:

− US Department of Justice, Drug Enforcement Administration, C ont rolled Subs tances Secu rity Manual, http://www.deadiversion.usdoj.gov/pubs/manuals/sec/addtl_sec.htm

SEE ALSO:

− IAHSS Healthcare Security Guideline 01.04, Security Risk Assessments − IAHSS Healthcare Security Guideline 07.02.01, Drug Diversion − IAHSS Healthcare Security Guideline 07.01, Security Sensitive Areas − IAHSS Healthcare Security Design Guideline 02.04 Buildings and the Internal

Environment – Pharmacies Approved: June 2013



6968

07. Specific Areas 02. Pharmacy Security 01. Drug Diversion


STATEMENT: Drug diversion is a concern for all Healthcare Facilities (HCFs). Implementation of proper safeguards and administration of drug control methodologies, and subsequent investigation of controlled substance diversion or theft, is a responsibility of all HCFs.

INTENT:

a. Drug diversion or tampering can take many forms such as: 1) Simple theft – controlled substance taken from a cabinet, dispensing mechanism or other area

where controlled substances are stored 2) Theft by substitution – controlled substance is removed from its container and replaced with

another substance 3) Theft by documentation – the medical chart, records, or logs manipulated to show controlled

substance was administered and dosage given; however a smaller amount, or no medication, was actually given

4) Under medicating the patient – a specific amount of controlled substance is ordered and only partially administered

b. HCFs should designate, in writing, the person, by title, responsible for the security of controlled

substances. Security should work in collaboration with these individuals and others delegated with the responsibility for the protection of controlled substances.

c. Staff and physicians working with controlled substance distribution, administration, and disposal should be active in the safeguarding of controlled substances and educated on this responsibility.

d. All physicians and staff, including contract staff, should be required to report suspicious behavior or activity involving controlled substance handling, or a suspected fitness for duty/substance abuse problem.

e. HCFs should have a system in place to monitor and audit controlled substances. This includes examining practices for storage, handling, administering, and disposal of controlled substances. HCFs should conduct random reviews of all controlled substance transactions. Auditing software may be used and can provide evidence should the audit reveal a drug diversion.

f. HCFs should develop and periodically review controlled substance policies and procedures; e.g. handling and dispensing, wasting practices, discrepancy investigation, violation reporting. The HCFs should have a written policy stating no prescription drug, non-prescription drug, or controlled substance may be sold, transferred or otherwise distributed unless authorized in writing by the appropriate individual charged with such responsibility.




69



g. Procedures for immediate follow-up and reporting of a suspected violation of drug diversion or other incidents associated with the mishandling or misuse of controlled substances should be developed. Actions should include:

1) Initiate a timely and confidential inquiry 2) Maintain patient and staff safety 3) Conduct a drug audit for purposes of determining if a discrepancy exists 4) Maintain the integrity of investigation 5) Respond to potential impairment

h. Security should engage in or support investigative activity as part of the follow-up of a suspected

violation.

i. A program of drug testing of staff and physicians, who handle controlled substances, should be considered as a proactive element of drug control and may provide information that suggests the need for further investigative action.

j. Notifications of suspected drug diversion received from external reporting sources, such as local law enforcement personnel, or a regulatory board, should be referred to the HCFs Pharmacy authority or other designated responsible official.

k. HCFs should establish clear responsibilities for reporting drug diversion to internal and external authorities.

REFERENCES:

- National Association of Drug Diversion Investigators (NADDI); www.naddi.org SEE ALSO:

- IAHSS Security Design Guidelines for Healthcare Facilities: 02.04 Buildings and the Internal Environment- Pharmacies

Approved: November 2010

Last Revised: November 2013



7170

07. Specific Areas 03. Cash and Other Monetary Processing Systems


STATEMENT: Healthcare Facilities (HCF’s) will establish cash, check/cheque and card processing systems designed to reduce the likelihood of loss or fraud; identity theft; and to enhance the safety of staff involved in accepting monetary transactions. Management of receipts should be based upon a cost benefit and risk analysis. INTENT:

a. The design, audit and maintenance of the collection and accounting system should be the responsibility of the HCF’s Internal Auditor in consultation with the HCF’s designated security representative.

b. One primary collection point [i.e. a ‘Main Cashier’s Office’] should be established to receive, account for and process all funds received by secondary collection points.

c. Secondary collection points [for patient co-pays; garage receipts; pharmacy payments; gift shop monies; food area receipts, employee replacement ID payments, etc.] should be as limited in number as practicable.

d. The amount of cash kept anywhere on an HCF’s premises should be kept to a minimum. e. All collection points should be indoors, in high visibility areas and built in accordance

with the corresponding IAHSS design guideline for cash collection areas. f. Collection points should be equipped with duress alarms and recorded video surveillance. g. The HCF should establish written collection and reconciliation procedures and a records

retention policy for cash collection that is followed by all collection points. h. Receipt of all funds should be recorded immediately via:

1) On-line electronic processing; 2) On-line cash register which displays the amount charged; or 3) Contemporaneously maintained HCF designed ‘Cash and Check Log’

i. A ‘For-Deposit-Only’ stamp should be used to immediately endorse each check. All checks should be made in the name of the HCF.

j. To discourage fraud, a separation of duties is encouraged amongst the collecting; depositing; reconciling; and reporting functions within each collection area.

k. HCF procedures should prohibit departments from receiving external funds directly and depositing funds into any bank account except the HCF’s.

l. Each time a different person assumes control over a cash/ check draw, a count and reconciliation should be completed.




71


m. Secondary collection points should be scheduled to deposit their receipts and processing

forms into central collection office, according to the risks associated with the amount of monies involved. If a deposit is not immediately reconciled by the central collection office, a locked bag system should be used and a receipt obtained.

n. If daily deposits are not required, then fund and related reconciliation documents should be secured separately.

o. A secure ‘drop-safe’, requiring dual person access, should be considered for deposits made when the central collection office is closed. Locked bags should be used. ‘Drop-safes’ should be in an area monitored by recorded video surveillance with consideration for entry recording and audit capability.

p. Staff receiving funds should receive training in the HCF’s collection handling systems. Training should include:

1) Documentation and reconciliation requirements 2) Counterfeit identification 3) Protection of personal information 4) Reporting of suspected fraudulent activity 5) Response to an attempted robbery

q. Reconciliation of all receipts should be completed at least daily at all collection points. Discrepancies should be immediately reported. A system for determining the need for further investigative follow-up should be established that is based on discrepancy amounts and patterns.

r. All collection points should retain a copy of their own collection and reconciliation documents.

s. The physical transfer or transportation of cash or receipts should be conducted using risk appropriate protection measures and include consideration for bonded and insured armored car service.

SEE ALSO:

− IAHSS Security Design Guidelines for Healthcare: Cash Collection Areas − PCI [Payment Card Industry] Guidelines; https://www.pcisecuritystandards.org/ − FTC [Federal Trade Commission] Red Flags;

http://www.ftc.gov/bcp/edu/microsites/redflagsrule/index.shtml Approved: January 2012




7372

07. Specific Areas 05. Parking - General


STATEMENT: Healthcare Facilities (HCFs) will incorporate general protection principles in their parking areas to maintain a positive perception of personal safety by employees, visitors and patients and provide a reasonable level of security for all constituents of the HCF. INTENT: a. Employee parking, including after hours staff, should be separate from visitor parking. Employee

vehicles should be readily identifiable utilizing a defined parking management plan. Additional parking considerations should be provided for those working during non-traditional hours.

b. Convenient parking should be designated for Emergency Department patients and visitors.

c. Lighting provides a means on continuing, during hours of darkness, a degree of protection approaching that maintained during daylight hours. To be effective, protective lighting should act as a deterrent and render effective recognition of persons and activities possible.

d. Physical protective barriers can help restrict or channel access. Physical protective barriers should be placed throughout the site to minimize the likelihood of damage by vehicles to pedestrians, sensitive equipment and structures and not obstruct the view or hinder vehicle operation. Physical barriers can be augmented with motion sensors and video surveillance. The manipulation of landforms, integration of water features, raised planters, vegetation, changes in elevation of paved areas, fences, a wide range of street furniture, site elements and amenities (bollards, benches, flagpoles, kiosks, etc) should be implemented. Open site lines should be maintained to minimize potential places of concealment.

e. Traffic patterns, road network capabilities, and vehicle capacity should be analyzed periodically. Traffic obstacles should be positioned near entry points to slow traffic and offset vehicle entrances from the direction of a vehicle's approach to force a reduction in speed. The number of access roads and entrances to a site should be minimized (some entrances can be closed and secured during non-peak periods). Designated entry for service and delivery vehicles should be designed away from high risk buildings. Emergency vehicles should be provided unimpeded access to the facility.

f. Pedestrian access to public entrances should not be impeded by vehicular access or disrupted along sidewalks or other defined walking corridors from parking areas.




73



g. The location and use of video surveillance in parking areas should be based on a security risk assessment (written in accordance with IAHSS Guideline 04.04, Video Surveillance). Consideration should be given to the following:

1) Entry points to the parking lots 2) Vehicle checkpoints 3) Emergency communication devices located in parking areas

Care should be used to select the appropriate video surveillance equipment and lenses that will provide the desired image results. Consideration should be given to lighting, both natural and artificial, so as not to interfere with the camera coverage or view.

h. Emergency communication (“HELP”) devices can add to the safety and security of parking areas. Consideration should be given to strategic placement of emergency communication devices that are highly visible along pedestrian walkways and parking areas.

i. Signage should be used to provide security awareness in parking areas while also serving as psychological deterrence to crime and other negative behavior. Way-finding signage should be used to guide patients and visitors to their campus destination and back to their parked vehicle.

j. Employees and staff should be educated on their personal safety awareness in parking areas (written

in accordance with IAHSS Healthcare Security Guideline 06.01.01, General Staff Security Orientation and Education). Hospital staff working in parking areas, e.g., parking attendants, valet, cashiers, and maintenance personnel should be active in contributing to the safety and security of the area.

k. Scheduled and unscheduled security patrols should be provided by the HCF to provide escorts and serve as a visible deterrence to crime and other negative behaviors.

REFERENCES:

- Illuminating Engineering Society of North America, Security Lighting Committee Guideline for Security Lighting for People, Property, and Public Spaces, 2003

- Crime Prevention Through Environmental Design, Timothy D. Crowe, 1991, Butterworth- Heinemann, Stoneham, MA

- IAHSS Security Design Guidelines 01. Parking and the External Environment Approved: June 2010 Last Revised: November 2012



7574

Copyright ©2014 by International Association for Healthcare Security and Safety (IAHSS)


07. Specific Areas 06. Security of Biological, Chemical, Pharmaceutical, Radioactive Materials

STATEMENT: Intentional or unintended exposure to biological, chemical, pharmaceutical and radioactive or nuclear materials may result in harm to patients, visitors, staff and the surrounding community. Healthcare Facilities (HCFs) should develop security plans for the transport, use, control, storage and disposal of such materials. INTENT:

a. Biological, chemical and radioactive or nuclear materials may include: 1. Regulated biological material such as select agents in research laboratories 2. Irradiators found in clinical and research areas. 3. Biological, chemical, pharmaceutical or radioactive waste in waste storage areas. 4. Regulated radioactive material in research laboratory and patient care settings. 5. Dangerous chemicals in laboratory areas.

b. HCFs should address the security of such materials based on initial and periodic risk assessment

and in accordance applicable security requirements or regulations governing transportation, use, control and storage through the responsible department and the agency having jurisdiction.

c. HCF Security plans should mitigate risk of exposure and theft of such materials through physical

security systems and operational programs including: 1. Monitoring, access control and audit systems 2. Hazard specific training programs 3. Security and emergency response plans addressing response, notification and escalation procedures

d. The HCF should maintain inventory of such materials and HCF Security should be aware of the

following and be able to make it readily available to emergency responders: 1. Emergency contact information for responsible manager(s) 2. Inventory location(s) 3. Access privileges including delivery services 4. Nature of material and associated risk(s) 5. Appropriate Personal Protective Equipment

Approved: December 2014 See Also: IAHSS Security Design Guideline 02.09 Biological, Chemical and Radiation Areas

07. Specific Areas 06. Security of Biological, Chemical, Pharmaceutical, Radioactive Materials


75

STATEMENT:

It is important for Health Care Facilities (HCFs) to manage critical materials, including supplies and equipment, needed for the safe and efficient operation of the Health Care Facility (HCF). The security department should be engaged in the process of protecting critical materials.

INTENT:

a. A process should be established to identify and prioritize materials determined to be critical to the mission of the HCF.

b. Security processes should be identified and implemented that secure mission critical materials.

c. A process should be established to identify those who need access to critical materials and how access to these materials are granted.

d. Processes should be identified and implemented for receiving critical materials and mitigating the likelihood of intentional damage, loss or theft.

e. Processes should be established to maintain inventory control for all materials with tighter controls for mission critical materials to include possession, release and transfer.

f. Critical material storage areas may require special environmental controls and continuous monitoring to maintain product quality and integrity. Specific notification and response procedures should be established for these areas.

g. Inventory results should be reported to leadership. h. Deviations should prompt a review of processes related to the receipt, storage and distribution of

such materials. Corrective actions should be documented. Audits and related processes should be documented for mission critical materials.


07. Specific Areas

07.07 Protection of Critical Materials

07. Specific Areas 07.07 Protection of Critical Materials


7776

07. Specific Areas

07.10 Long Term Care Facilities

STATEMENT:

Long Term Care Facilities (LTCF) should develop a Security Management Plan (SMP). The plan should include preventative, protective, and response measures designed to provide a safe environment.

INTENT:

a. The LTCF Security Management Plan should be based on the unique environment, population and risks of the LTCF and should address: 1) Violence including aggression initiated or suffered by residents, staff and family or

visitors. The security administrator should work closely with clinical leadership in implementing appropriate response strategies for this population.

2) Control of environment focused on wandering and elopement of residents and management of visitors.

3) Quality of care including abuse and neglect of resident population 4) Protection of residents assets involving theft, identity protection, fraud, coercion,

drug diversion b. LTCF should develop specific security plans, processes and safeguards to mitigate risks. Examples may include:

1) Training LTCF staff on their role in securing the facility, protecting residents, responding to security incidents, recognition of the symptoms of abuse as it relates to the population

2) Flagging residents who present a risk to staff, other residents or themselves 3) Identifying residents at risk for elopement or wandering and associated mitigation

strategies and response 4) Developing a missing resident policy outlining responsibilities for search procedures

and timely reporting. 5) Establishing visitor control and access policies and mechanisms recognizing the

frequency of access of family and other visitors providing support 6) Reporting and investigating allegations of theft, fraud, coercion, or other criminal

activity

07. Specific Areas 07.010 Long Term Care Facilities


77

08. Emergency Management 01. General


STATEMENT: Healthcare Facilities (HCFs) will develop and maintain an emergency management program to identify and address threats/hazards/emergencies that may impact the facility and its operations. INTENT:

a. A multidisciplinary team should be appointed to develop, maintain and approve the emergency management program. The team should have express support of the facility’s CEO along with authority for the program.

b. Security should have a clearly defined role in the HCFs emergency management program.

c. The emergency management program should be based on the four phases of mitigation,

preparedness, response and recovery.

d. The facility should conduct a comprehensive hazard/risk vulnerability analysis (HVA) to identify and prioritize threats/hazards/emergencies that may impact facility operations. HVA’s should be reviewed annually and whenever a new threat/hazard/emergency emerges or preparedness activities change.

e. Multidisciplinary emergency response plans should be developed to address the potential threats

identified by the HCF.

f. Emergency response plans should have an all-hazards incident command system (ICS). Emergency response plans should address not only immediate and short term response by the HCF but the possibility of emergency operations lasting for days, weeks or even longer.

g. HCF staff should receive education and training in emergency management consistent with their

most likely role in responding to the event.

h. Emergency response plans should be exercised both for training purposes – so staff understands their roles and responsibilities and feel comfortable in those roles – and to identify and document the plans’ strengths, weaknesses and areas for improvement.

i. Emergency plans should include community involvement – other HCFs, emergency responders

and government agencies.

j. Emergency plans should include provision for the care and well-being of HCF staff and their families.




7978



REFERENCES: - Hospital Incident Command System Guidebook, August 2006 - 2010 Environment of Care: Essentials for Healthcare, The Joint Commission, Oakbrook Terrace IL. - National Incident Management System (NIMS) http://www.dhs.gov/interweb/assetlibrary/NIMS-90-web.pdf

Approved: November 2008 Last Revised: October 2011



79

08. Emergency Operations Center (ICS) 02. Security Role in the Emergency Operations (ICS)


STATEMENT: During the activation of a Emergency Operations Center in a Healthcare Facility (HCF), Security personnel may be assigned to fulfill the security function(s) in the EOC. Security functions include monitoring and having authority over the general security of the facility and its people, managing scene/facility protection and traffic control. INTENT:

a. As part of the HCF EOC activation process, security may be assigned responsibility for initiating and providing access control measures. These can include :

1) Implementing Emergency Facility Lock Down/Restricted Access Procedures 2) Supporting compliance with the Facility Photo Identification Policy 3) Securing the EOC, triage, patient care, morgue and other sensitive or strategic areas from

unauthorized access 4) Establishing a designated Staff Entrance 5) Identifying and removing unauthorized persons from restricted areas 6) Securing evacuated areas to limit unauthorized access

b. Where warranted by the emergency event, Security may be assigned responsibility for the

implementation of traffic control measures including: 1) Establishing ambulance entry and exit routes in cooperation with the Transportation Unit 2) Establishing emergency access and egress for emergency traffic 3) Provision of vehicular and pedestrian traffic control 4) Clearing the emergency parking lot as required

c. Security can be assigned a lead role for identifying and reporting hazardous and unsafe conditions.

These functions will include: 1) Communication with appropriate EOC personnel to secure and post non-entry signs around

unsafe areas 2) Communicating with Safety and Security Staff the need for ongoing vigilance to identify and

report all hazards and unsafe conditions 3) Advising the Incident Commander and Section Chiefs immediately of any unsafe, hazardous or

security related conditions

08. Emergency Management 02. Security Role in an Emergency Operation



8180

08. Emergency Management 02. Security Role in the Operations Center (ICS)


d. Depending on the specific nature of the emergency event, Security may be responsible for providing and implementing general security measures including:

1) Establishing a Security Command Post 2) Initiating contact with Fire and Law Enforcement agencies through the Liaison Officer when

necessary 3) Assisting with credentialing and the screening process of potential volunteers 4) Conferring with the Public Information Officer to establish areas for media personnel 5) Establishing routine briefings 6) Securing resources such as food, water, medical and blood 7) Reminding security staff to document all actions and observations 8) Coordination of search activities 9) Maintaining continuity of evidence as required

REFERENCES:

− Hospital Incident Command System (HICS), www.emsa.ca.gov/HICS/; www.hicscenter.org Approved: May 2010 Last Reviewed: December 2013

10. Emergency Management 02. Security Role in an Emergency Operation


81

08. Emergency Management 09. Active Shooter


STATEMENT:

Workplace violence is a serious threat for all healthcare facilities (HCFs) and requires proactive steps to be taken to prevent and mitigate risks associated with violence. A situation involving a person who has or is threatening to use a firearm, and may be moving from one location to another on campus, requires a specific response protocol by all HCFs.

INTENT:

a. A multidisciplinary team should be appointed by the HCF to designate, in writing, its plan for responding to an active shooter on campus in coordination with local law enforcement.

b. Communication procedures should be established that includes the creation of a specific announcement (emergency code or plain language) and procedure to institute a response to an active shooter situation.

c. The HCF should have a timely campus-wide notification system to alert staff to the threat of an active shooter. The mechanisms should include multiple modes of notification intended to reach all persons inside the facility and on its grounds. These may include overhead pages, text (SMS) messaging, digital displays, e-mails, intercoms, call boxes, popup messages, or other notification methods.

d. Employees and staff should be educated on awareness, their reporting of and response to an active shooter. S pecific procedures should be established for the initial response of staff or anyone in the immediate vicinity of an active shooter. Actions may include:

1) Seeking cover and protection 2) Leaving the area if possible; safely evacuating as many patients, visitors and staff as practical

from the area 3) Call emergency phone number (911 or other) and silence all personal communication devices 4) If unable to leave the area hide self and others from view of shooter (under desks, behind

closed doors, etc.) 5) Barricade shooter from entry; lock doors, place furniture in front and take actions that will

slow shooter 6) Use any means possible to take offensive against shooter if serious injury or death would

otherwise be imminent

e. Activation of the active shooter response plan should include immediate notification to law enforcement. Ongoing communication should be maintained and may include:

1) All information on the incident including description and background of the suspect(s)

2) A description of weapons used

3) Information on any victims or hostages




8382



4) Location(s) impacted by the event and current location involved. R esponding law enforcement officials should be provided facility maps, access codes, keys or other requirements

f. Activation of the active shooter response plan may include these actions:

1) Establishing an incident command post and Emergency Operations Center as circumstances warrant

2) Restricting access to the facility

3) Re-routing or diverting incoming patients

4) Disabling utilities, news and public Wi-Fi systems when appropriate and in consultation with law enforcement guidance

g. Upon conclusion of an active shooter event, the HCF should announce an “all clear” only after law enforcement has indicated the environment is safe. Additional measures may include:

1) Accounting for all patients listed in the census and all staff members (physicians and contract)

2) Responding to the medical needs of victims

3) Assessing damage to the building, equipment, sterile environments

4) Arranging for employee assistance programs for staff members

5) Providing additional security or law enforcement presence

6) Debriefing, evaluating, and reviewing the incident and the effectiveness of the emergency plan and response. Change or update the response plan as needed

h. Active shooter drills should be conducted periodically to exercise the plan and the response of law enforcement.

REFERENCES:

- “Active Shooter Handbook - How to Respond”, U.S. Department of Homeland Security, et al, October 2008, http://www.dhs.gov/xlibrary/assets/active_shooter_booklet.pdf

SEE ALSO:

- IAHSS Healthcare Security Guideline 04.03.03, Facility Restricted Access (Emergency Lockdown)

Approved: May 2011


02. Program Management 10. Active Shooter


83

08. Emergency Management 11. Communicable Disease Response


STATEMENT:

Communicable disease outbreaks that impact a Healthcare Facility (HCF) will require Security to activate, adapt and supplement processes and mechanisms in order to continue the provision of a safe care environment. Planning for outbreaks should include identification of essential security services and measures to address shifting demand for security resources.

INTENT:

a. As part of the communicable disease management response, security may be assigned the responsibility for initiating and providing access and egress control measures to augment infection control practices. These can include: 1) Implementing restricted access procedures, including personal property 2) Establishing designated staff, visitor and patient entrances 3) Providing vehicular and pedestrian traffic control 4) Securing isolation and segregation areas 5) Identifying and removing unauthorized persons from restricted areas 6) Visitor screening and enforcement of infection control protocols such as hand sanitizing

and wearing and disposal of personal protective equipment (PPE) 7) Partnering with medical staff if clinical screening required 8) Securing staff sleeping areas

b. Security may be assigned the responsibility for protecting critical resources including areas,

supplies, and pharmaceuticals.

c. Relevant training and equipment must be provided to Security as their safety is paramount. Such training can include: 1) Educating on the risks and protective measures associated with the specific

communicable disease 2) Distributing and using PPE which addresses routes of exposure 3) Managing patient surge issues including the ‘worried well’ 4) Reporting mechanism and public information protocols for unsafe or hazardous

conditions 5) Importance of current standardized communication, including verbal, written and

electronic, to provide to visitors




8584



d. Alternate care areas or even separate sites may be activated to support patient surge. This may require additional security activities including:

1) Providing internal security communications 2) Ensuring appropriate levels of visual monitoring through technology or security

personnel or a combination of both 3) Defining role of security staff in support of patient care 4) Communicating with law enforcement regarding alternate care locations 5) Developing traffic flow plans including integration into existing facility plans

REFERENCES:

- “Preparing and Protecting Security Personnel in Emergencies” – OSHA 3335 – 10N 2007

SEE ALSO:

- IAHSS Healthcare Security Guideline 08.01, Emergency Management – General - IAHSS Healthcare Security Guideline 08.02, Security Role in the Emergency Operations Center - IAHSS Healthcare Security Guideline 05.02, Security Role in Patient Management - IAHSS Healthcare Security Guideline 04.03.03, Facility Restricted Access (Emergency

Lockdown) - IAHSS Security Design Guidelines for Healthcare Facilities: 03. Emergency

Management





85

ChairpersonKevin Tuohey, CHPAExecutive Director Research ComplianceBoston University & Medical CenterBoston, MA

Vice ChairpersonMichael Cummings, CPPVice President, Security and Loss Prevention Aurora Health CareMilwaukee, WI

MembersJohn T. Connelly, Esq., CPPPresidentLongwood Security ServicesBoston, MA

Donald S. MacAlister, CHPAVice PresidentPaladin SecurityBurnaby, BC, Canada

Darren Morgan, CHPACorporate Director Safety and SecurityCitrus Valley Health PartnersGlendora, CA

Tim PortaleChief Safety & Security OfficerHCANashville, TN

Thomas A. Smith CHPA, CPPPresidentHealthcare Security Consultants Inc.Chapel Hill, NC

Tony York, CHPA, CPPCEOHSSDenver, CO

Council on Guidelines Members

dmorgan

Rectangle

87

87

P. O. Box 5038Glendale Heights, IL 60139-5038888.353.0990 toll-free630.529.3913630.529.4139 faxwww.iahss.org

Documents

Healthcare Security Industry Guidelines · 2020. 1. 3. · Raymond V. Johnson Russel F. Jones Robert Koverman Chris Leibfried Thomas L. Kramer * Martin Lawlor Keith MacKellar Richard