|
To answer the question, "How much security is enough?" one must first define what security is. In the past two years, we have provided testimony as a security expert in about two dozen lawsuits filed against hospitals, wherein plaintiffs claimed there was inadequate security. This assertion often is supported by the claim of an inadequate number of security personnel. These lawsuits often criticize the use of CCTV, alarm systems, security training and lighting. Security policies as well as visitor control policies are often attacked. Plaintiff's counsel will assert that the hospital should have foreseen the criminal activity that resulted in the injury to their client. Then they will offer the theory that the hospital failed to meet a reasonable standard of care.
What is a reasonable standard of care? What is a standard of care predicated on? What resources can one rely on to determine if the hospital's security program meets a reasonable standard of care?
One of the goals of a sound security program is to enhance the overall image of the hospital within the community it serves. In order to achieve this goal, the security program must seek to reduce the probability of security-derived lawsuits and/or minimize the impact if they occur.
Many hospitals spend significant dollars in advertising, marketing their services to their community. An inadequate security program is antithetical to the marketing goals of the hospital. For example, we know that many hospitals center their marketing program on their mother/baby unit. In some hospitals labor and delivery as well as postpartum rooms are appointed like fine hotel suites. What happens to all these efforts if a baby is abducted?
Obviously, all hospital security programs should protect patients, visitors, and staff. Hospitals are losing millions of dollars in stolen assets such as linens, computers, and medical supplies, to name a few. Despite this fact, many hospitals either fail to detect these losses and/or fail to address these losses through the design of a pro-active security program.
The goals of protecting both people and property can both be achieved if the hospital's security program does achieve a reasonable standard of care. The first rule in ensuring that your security program is adequate to your needs is to understand that in reference to hospital security programs, one size does not fit all. Hospital security programs are very situational. Clearly the Joint Commission understands that universal standards do not apply to security programs. This is why all hospitals do not have metal detectors in their emergency departments. The Joint Commission advocates that the security programs reflect the unique needs of each hospital. Hospitals located in urban centers have different needs than those in rural settings. Hospitals with level-one trauma centers have different security needs than a children's hospital. It is important to note that just because your hospital is meeting standards that satisfy the Joint Commission, you can not assume you are bullet-proof if someone sues you for not having sufficient security. If the standard of care becomes an issue in litigation, you will find that defining the standard is often in the eye of the beholder. Security experts on both sides may have divergent opinions as to what defines the standard.
The basis for a standard of care
There are several ways to arrive at an appropriate level when designing your security program. Below you will find six suggestions.
First, ensure that your security program is grounded on defensible principles. The best way to accomplish this objective is to conduct a thorough security analysis of your entire facility. A security study should first gain insights into what potential threats are impacting your hospital. Such factors as the crime environment of the surrounding community should be taken into consideration as well as the incident history for the prior 3 to 5 years.
The security audit process should then review the vulnerabilities that face the hospital. The process of uncovering vulnerabilities should include the vulnerabilities for crime against persons as well as crimes against property. The security audit must be conducted by a security professional well versed in the unique requirements of hospital security. It is very important that this study be conducted in an objective manner. Biased security audits conducted by either by an unqualified observer or by a surveyor with an agenda may do more harm than good. The security study should be both qualitative as well as quantitative.
The study should look at traditional physical security methods such as CCTV, access management systems, security guard coverage, and lock and key systems. It should review all policies and procedures that affect security. Minutes of past Safety Committee meetings should be reviewed. Hiring practices and substance abuse in the work-place issues should be covered by the audit. Policies for violence in the work-place as well policies and training to address such issues such as sexual harassment should be reviewed. The survey must look at exteriors also, including parking facilities, landscaping, and lighting. The very special needs of L&D, Emergency Department, Business Office, and Pharmacy should be surveyed in great detail.
Once the study has been completed, recommendations should be consistent with the hospital's ability to implement them. Recommendations that appear in a report, and are ignored, may actually increase liability.
Second, the basis for defining a standard of care can be partially derived from the study of crime data collected by local law enforcement agencies. Most police jurisdictions maintain a database of criminal activity. They can often produce reports that catalog crime by category, time, date, and location. The security program must be responsive to historical crime data. The presence of criminal activity can provide evidence that may support a plaintiff's assertion that criminal acts were foreseeable and, therefore, should have been addressed.
Third, the security program must reflect adherence to both state and federal regulations. The program should comply with JCAHO and HCFA requirements, as well as OSHA. Hospitals in states such as California and Washington must be sure they adhere to both the spirit as well as the letter of the laws governing the protection of staff and patients. There are a number of sources for this information. The security survey should elicit input from the hospital's legal counsel and/or risk manager. Both of these individuals are conversant with regulatory requirements as well as state and federal laws. There are aspects of HCFA requirements as well as requirements dictated by the Emergency Medical Treatment and Active Labor Act (enforced by HCFA) that impact the provisions of a security program and the services provided by security personnel. Violation of these policies can result in fines, lawsuits and put Medicare payments in jeopardy.
Fourth, each hospital should be cognizant of industry standards and best practices. There are a number of sources for this information. For example, the CAP Index recently conducted a study of hospitals and the crime environment in which they are located. This study compared the crime risk environments of hospitals compared with other enterprises such as schools, banks, fast food restaurants, and universities. The findings indicate that a high proportion of hospitals tend to be located in higher crime risk areas than the previously mentioned enterprises. These findings could impact the assertion of foreseeability and/or failure to warn.
Another study sponsored by the American Society for Industrial Security's Health care Security Committee gathered benchmarking data pertaining to health care security. Health Resource Network, Inc., an independent research firm, conducted the actual research. This study surveyed the security practices of a number of hospitals across the country. The study looked at security practices such as staffing patterns, the use of technology, policies and procedures, and training. This study further grouped its findings by geographic region and subdivided those categories by rural, suburban, and urban hospitals.
The findings of this study, as well as those to come, add to the body of knowledge against which standards will be defined. This information can be helpful in providing comparative signposts to follow. The down side to this kind of data is that it will eventually find its way to the plaintiff's bar. There are both pluses and minuses as the body of information grows. The key is who has the information and how the information is utilized.
Fifth, it is extremely important to accurately track all incidents. It is best if that tracking is done through the use of security incident tracking software such as that developed by PPM 2000. Some are reluctant to track security incidents because they believe it will lay a foundation for foreseeability. Security incidents in the absence of corrective action may increase liability. However, by taking corrective action in the wake of a security incident, liability is minimized.
It is also very important to track Daily Activity Reports because they document the pro-active actions of security personnel.
Finally, if one of the goals of your security program is to avoid litigation, it would be useful to review relevant case law. Once a lawsuit is filed it is too late to go back and undo past sins. The review of case law will provide insight as to the kind of issues that one needs to be concerned about. It will provide, for example, a more definitive understanding of foreseeability. Insights will be gained as to what documents are exposed through the discovery process. It is useful to look at case law in your state as well as other states. If your in-house legal counsel subscribes to a service such as Lexus Nexus, they will be able to search for cases that are on point, hospital security cases.
In the 200-plus cases we have been involved in, there is one constant. In every single case the issue of training and documentation has been a factor. The training of security personnel as well as the training of staff has figured in some way in each case. Documentation of the incident in question as well as prior incidents will be scrutinized for professionalism, accuracy and even proper grammar. The credibility of the entire security operation may be impugned if the documentation appears unprofessional and is not fully factual. On the other hand, accurate documentation and thorough training can become a powerful tool if you find yourself defending a lawsuit. In fact credible documentation may actually discourage the plaintiff's counsel from pursuing the case to trial.
Develop and be able to defend your hospital Security Program
The key is to design a security program that is integrated and cohesive. The program must be predicated on some kind of logical construct. The most sensible security programs grow out of a complete security evaluation. To do anything less borders on negligence. One must be able to defend the procedures that are in place. Once a lawsuit is filed, the hospital will also have to defend what is not included in the security program.
The security program should also be responsive to concerns that come up in safety committee meetings. There is a high probability that safety committee meeting minutes will be subpoenaed. Security concerns that come up in a safety committee meeting and are subsequently not addressed could be problematic in the event of a lawsuit. Its is important to understand that security incidents can occur without warning. Once the event has occurred, everything your program has done up to that point in time goes into freeze-frame.
Practical reasons for a sound Security Program
We are not trying to imply the single driving force behind every security program is lawsuit avoidance. However, if that motivation permeates your security design in terms of protection of people, the program will provide many practical benefits. For example, when emergency room personnel constantly feel unsafe, there is an adverse effect on their morale and productivity. High stress levels result in somatic complaints. The existence of employee dishonesty manifested by ghost hours, theft, and fraud, can have a very negative impact on the morale of honest employees.
Pro-active security measures will reduce outbursts in waiting rooms. Highly visible Security Officers can become the hospital's goodwill ambassadors. Hospitals that are trying to reduce operating costs are missing significant opportunities for savings by failing to better protect their assets. Some research has indicated that hospitals may be losing as much as $3500 per/bed per/year. Many hospitals have no idea how much is walking out the door.
A properly designed security program will provide for the safety of patients, visitors and staff. Many of the security resources devoted to these objectives could potentially, simultaneously protect property. Many security methodologies are very inexpensive and largely require staff participation and involvement. Every new security problem does not require the addition of security FTEs. The security management plan should demonstrate return on investment. It should be a value-added service. It should not merely provide window dressing designed to satisfy some regulatory agency. A stopgap security program where the primary goal is minimal cost will be more costly, in the long run, than a security program grounded on the specific needs of your hospital.
Hospitals have a long history of out-sourcing expertise. They out-source food service management, environmental service management, linen services, and more. The primary purpose in outsourcing is to take advantage of specialized expertise. If your hospital is looking for hospital security expertise that is objective and thorough, maybe out-sourcing should be considered. If you are considering retaining a security professional, be sure that he or she is not affiliated with a security service provider such as guard services or alarm services, including all electronic protection devices. To do otherwise is to invite preordained solutions and bias favoring their offerings.
If you have any questions please call Bill Nesbitt at 805/492-6475 or email at smsiinc@aol.com.
|
