|
Does that question sound familiar? If you are evaluating your overall security program, this question should be the last question you ask, not the first. On the SMSI Website (www.smsiinc.com) the opening Òpop-upÓ depicts the SMSI Security Solution Hierarchy which will explain why the number of security FTEs should be the final determination when building an effective security program.
Stanford University Medical Center, a hospital that has received National recognition for their bioterroism planning, began to reassess their security posture in a post-9/11 environment. They went about this process in a methodical way and essentially followed the Security Solution Hierarchy. First they commissioned a top to bottom security assessment (prior to 9/11). They then began to enhance a good security program to make it better. First, they began by more fully involving the staff by initiated a Security Awareness Program in both hospitals (Stanford Hospital & Lucile Packard ChildrenÕs Hospital). The essence of this program was to instill in the staff the notion that ÒSecurity is everyone's responsibility.Ó Next, they began to reevaluate the use of security technology such as their card access system and their CCTV system. In order to maximize limited resources, it became important to generate maximum leverage from these, and other, electronic system. They revamped their infant protection program, for example. The folks at Stanford realized that in order to maximize the effectiveness of their security staff, the use of technology would require updating and enhancements. They also realized that prior to assessing the adequacy of the security staff in term of coverage, they would need to optimize the first two levels of the Security Solution Hierarchy. The use of security personnel is always the most costly, especially over the long run, of any security and loss prevention remedy. As one moves up through the Hierarchy, remedies become more costly, especially over the long run.
The Hospital was now ready to determine how many security FTEs would be required to provide reasonable security to their facilities. In addition to doing an empirical needs analysis, the Stanford security team began to look for some indication of industry standards in order to validate their internal calculations.
A few years ago, the ASIS Council for Healthcare Security commissioned the first benchmarking study to be undertaken for the expressed purpose of gaining some insight into the security practices of hospitals on a National basis. This, which was conducted by an independent research firm, surveyed hospitals from coast to coast. The findings produced by the study were categorized in a number of ways. For example, hospitals were categorized as rural, suburban, and urban. They were categorized by regions of the country. They were also categorized by various measure of size (total FTE count, bed count). The cataloged a number of security methodologies being practiced by a number of hospitals. One of the most important findings of this study, in the opinion of SMSI, is that further studies are surely needed. However, the study does have value in its present form because it begins to establish some of the parameters of a reasonable standard of care. At the very least, the study tends to define the lower limits of a reasonable standard of care. It must be said at this point, that security programs should never be held to a fixed standard. For example, even to day, we find some hospitals trying justify the size of their security staff by establishing a ratio between the number of security FTEs and total square footage, a misguided notion in our opinion.
Let us now return to the Stanford story. The security assessment provided a foundational basis from which to move forward. With involved employees in hand, through their participation in the security awareness program and planned technology upgrades on the drawing board, the Hospital was now in a position to contemplate their security manpower needs. Obviously, the first determining factor in ascertaining how many security personnel will be required, is need. It is important to remember, that since 9/11, there is a very strong possibility that there will be some security crisis that may require the hospital to stand on its own. If there is an act of terrorism in the community, there is a very real possibility that the Hospital may not be able to count on Police services. Every hospital must figure this possibility into their security equation.
We all know that even after the security has been diligent in calculating the number of required FTEs, sometimes management require additional support for the additional cost. In this case, the Stanford Hospital security team decided to review the Benchmarking Study commissioned by the ASIS Healthcare Security Counsel. The team was particularly interested in the security FTE ratio as compared to total beds and to total hospital FTEs. The ratios identified in the Benchmarking Study supported the general findings, arrived at empirically, by the security team. The security staff is responsible for Stanford Hospital and Clinics, Lucile Packard ChildrenÕs Hospital, and the Stanford University School of Medicine which represents about 10, 000 FTEs. The study was helpful in identifying a reasonable standard of care for security FTEs.
This case clearly supports the notion that further Benchmarking Studies are justified. Future studies must build on the findings of the last study. However, some cautions for security practitioners are in order. There is a tendency, on the part of some security managers, to look for quick solutions. Many are looking for the magic cookbook. It is very important to remember that the level of required security is very situational. Security programs do not lend themselves to universal standards, nor should they. There is a tendency to apply the structure safety programs to security programs. Safety programs do lend themselves to more universal standards. A slippery floor in Los Angeles is just as dangerous as a slippery floor in New York or Boston. However, the needs of a hospital security program in Milwaukee are different from the needs of a security program in Boise.
Hopefully, future benchmarking studies will ferret out some of these differences dictated by geography and environment. Future studies should identify differences predicated on the size and mission of the hospital. For example, what are the security needs of a Level One Trauma Center as compared to a Level Three? How do the needs differ when your hospital maintains psychiatric and/or drug rehabilitation units?
We at SMSI would appreciate any comments or feedback you may have on these topics. Let us know if you would allow us to post selected comments in future Newsletters and/or on our website.
|
