One of the most difficult environments to secure is medical centers and hospital facilities. That being said, we all understand the rigors of securing a DOD manufacturing plant, a nuclear power plant, and/or a biotech research center. However, with the three previous examples security is, in part, predicated on a go and no-go basis. Those that have accredited credentials are allowed entry, those that do not, are denied access. Exceptions are generally not allowed and access is not predicated on the judgment of the security officer.
Parenthetically, every day of the week hospitals allow access to individuals who, if they had their druthers, they would rather deny. Most hospital administrators want to portray a welcoming sense of openness to all who come to their hospital. Therefore, to use a football analogy, hospitals must endeavor to provide a bend, but don’t break defense. In other words, it’s a given that folks are going to enter the hospital that shouldn’t be there. How does a hospital maintain a sense off welcoming openness and still remain secure? This means that the hospital as a secondary line of defense must try to control where these people go and they must limit what they can do to a reasonable acceptable level. This also means hospital security officers are required to make numerous judgment calls on a daily basis.
Consider these realities against the background of recent hospital shootings, assaults, including sexual assaults, robberies and infant abductions. Whenever an event such as those mentioned here occurs, you can rest assured it will be on the six o’clock news across the country. These events and many more are also almost certain to induce lawsuits. Once a major incident occurs, you cannot un-ring the bell. When an incident, such as a sexual assault on a patient happens, the clock stops and everything that was done and sometimes more importantly, not done will be scrutinized by the plaintiff’s attorney. The antidote, scrutinize your security program now! If hospital security programs are not periodically fully reviewed, and subsequently something goes wrong, there is a high likelihood that the plaintiff’s security expert will do the review of the hospital security program after the horse has left the gate.
Among those enterprises that cater to the public such as shopping malls, hotels and entertainment venues, hospitals are always held to the highest standard of care when things go wrong. For example, the damages that are likely to be awarded to the victim of a sexual assault while a patient in a hospital, will be several times higher than those awarded to the same victim had the assault occurred in the parking structure of a major shopping mall. This is especially true when victims are patients. Because patients are generally deemed helpless and fully dependant on the hospital for their care and well being, hospitals therefore have a higher duty to maintain adequate security.
Lawsuits that assert negligence are generally filed for two broad based reasons. Hospitals can be sued to what they didn’t do and they can be sued for what they did do (intentional torts). Most security driven lawsuits, including security lawsuits against hospitals, assert a claim of inadequate security under the theory of premises liability. This is a, should have, would have, could have lawsuit. Typically, plaintiff attorneys, through the prism of 20/20 hindsight will try to reverse engineer the security program looking for inherent weaknesses they can sell to a jury.
Examples of this category of claims often assert there were insufficient numbers of security officers, inadequate visitor control, inadequate lighting and inadequate locking control. Intentional torts are most commonly represented claims of false arrest and use of excessive force. Another of disturbing trends over the last 10 years is an increase of sexual assaults and simple assaults committed by clinical personnel against patients, sometimes coupled with elder abuse. Most complaints filed by the plaintiff’s bar almost always include claims lodged against the defendant of inadequate training, inadequate screening of employees (including temporary employees) and inadequate supervision. The point we are trying to make is, once an incident occurs, the clock stops and the various parties to the litigation look backwards as they evaluate the adequacy and efficacy of the security program in question. It is for this reason and others that security managers must always look forward and anticipate. Security is and must remain an anticipatory discipline.
In order to prove negligence in a personal injury case, the plaintiff must usually show that the incident in question was reasonably foreseeable. The practical definition of foreseeability, largely predicated on case law, varies somewhat from one state to another. An example of foreseeability could be, if a visitor is assaulted in your parking structure, should the owner/manager of that parking structure reasonably have foreseen that an assault was more likely than not, to have occurred and did they try to mitigate the breech? From a practical standpoint, one could reason that concept of foreseeability means you get one bite at the apple. This means that those incidents that cause patients or visitors to become victims of criminal acts must be reasonably mitigated through the implementation of corrective action. As a matter of best practices, security incidents should always produce corrective actions. Incidents that are ignored will often come back and bite you.
Healthcare security requires a broad definition.
Many hospital organizations perceive the security program a compilation of security guards, video, surveillance, access control systems and infant protection systems. Contrary to this perception, experience has taught us that a significant number of security driven lawsuits against hospitals involve circumstances that are largely controlled by clinical personnel. For example, the decisions to place a patent on a 72 hour behavioral health hold, or not, is not a security department decision. Yet when things go wrong, the complaint (a legal filing) implies inadequate security. When sexual assaults are committed against patients by staff persons or by registry personnel, the complaint implies the security organization was lax and should have prevented the assault. We have found through the use of employee attitude surveys, in a number of hospitals over the past 7 years, that many, if not most employees, believe security is the job of security personnel. This “we” versus “them” perception often results in rank and file employees turning a blind eye to serious threats.
We have all heard the athletic expression, there is no “I” in team. Security must be a team effort. Security must be the job of every employee including clinical personnel, facilities employees, housekeepers and even volunteers. The more sets of eyes and ears we can involve in keeping the hospital safer, the better.
Hospital security programs do not always fit the usual cost/benefit paradigm. For example, hospitals devote significant resources to protection infants even though the risk of an infant abduction is fraction of 1%. When addressing concerns for a terrorist attack and the need to protect the country, President Bush once stated, “The terrorist only needs to be right once. We need to right every time. “ The impact of a patient being victimized by is significantly amplified is a hospital setting as opposed to that same person being victimized in a hotel room. It is very difficult to assign the notion of contributory negligence to a helpless patient.
Hospital security programs must therefore be synergistic as well as dynamic and nimble enough to adjust to the ever changing environment. Hospital security directors are well served by forming a number of strategic alliances. As hospital security programs evolve, the security director would be well served in teaming up with the hospital’s risk management team as they develop security policies and protocols. Obviously the development of symbiotic relations between the security operation and local law enforcement can produce significant benefit, Contingency planning with local police agencies will help clarify the respective roles of all involved parties.
Security managers and the programs they manage will reap benefits from developing open lines of communication with department managers, especially with the emergency department, behavioral health and facilities. Security managers should also keep open lines of communication with human resources, especially in matters of pre-employment screening, workplace violence prevention employee discipline. The human resources department can also be helpful in keeping the security department tuned in to issues that may crop up related to various bargaining units within some hospitals.
It is also important to train security personnel, before the fact, about the perils of security litigation. When security officers understand how and why errors can either cause security litigation or potentially exacerbate the impact of security litigation, they are more likely to buy in with the goal of preventing, or at the least, minimizing the impact of security lawsuits. For example, when security officers realize that the incident report they write today, may be entered into evidence in a courtroom tomorrow of subpoenaed by plaintiff’s counsel, they tend to be more careful and thorough.
Last, but certainly not least, no security program will ever come close to reaching its potential without employee engagement. An effective Security Awareness Program (SAP) will multiple the impact of all other security procedures and systems. SAPs must be formally structured programs. They require continual reinforcement and adjustment to ever changing needs. Most hospitals do a terrific job extolling the value the safety is job one for all employees. The same vigor must be applied to security programs.