©Risknavigator™ 2018 lennart@risknavigator.

net
www.triplezmanagement.guru

Healthcare Security by Risknavigator™

My model for Healthcare security is built on the true understanding of the important prerequisites
needed to build an integrated healthcare security solution where security and risk management are
treated and managed as any other basic process within the organization.

• Management systems and process orientation

• Security Convergence
• Safety culture
• Systematic safety and security operations as integral part of the Management system
• Functional safety and technical infrastructure
• Incident report systems as integral part of the Management system
• Security and safety at healthcare facilities are important for both good quality healthcare and
public safety. Hospitals are a safe haven for those in physical and/or emotional need, and
increasingly seen as a place of refuge in the event of a large-scale emergency such as a
natural disaster or terrorist attack.
• The systemic work regarding healthcare safety today is multidisciplinary and holistic. The
security threats that confront us are no longer respecting the traditional categorization that
we would want to use in order to describe the risks and vulnerabilities arising from such
operations. Information security and physical security, for example, can no longer be
handled independently without taking into account the convergence taking place between
these areas that rapidly draws entirely new maps of what previously formed the basis of
safety work.

Improving safety in healthcare is not just about technology but also about safety in terms of
responsibilities, attitudes, values and the understanding management and employees have to
security issues in order to carry out a systematic and constructive safety work.

Hospital security departments are challenged to provide safe environments for employees, patients
and visitors. Hospitals and clinics are by their nature designed to be open and accessible to the
public, which means street crime and other dangers can easily enter through hospital doors if not
properly protected.

A survey conducted by the American Society for Industrial Security (ASIS) determined that effective
security has become a part of the everyday operations of many healthcare organizations, regardless
of size, location, or type of hospital. Security issues and concerns are identified and addressed daily
by management. Some top-rated security concerns and issues were identified and ranked as shown
below;
©Risknavigator™ 2018 lennart@risknavigator.net
www.triplezmanagement.guru
Security and Safety Priorities

1. Patients
2. Employees
3. Visitors
4. Vendors

Areas ranked for greatest risk of crime

1. Infant Units
2. Pediatric Units
3. Pharmacy
4. Psychiatric Units

Patients have really high expectations for quality healthcare today. State-of-the- art facilities, safety
and security are a big concern. In order to meet the higher expectations within this really cost-
sensitive market, hospitals must invest sensibly in their facilities as a true strategic asset to serve
patients, attract well-qualified doctors and nurses, and also serve the greater general public. New
building management solutions are able to increase security at healthcare facilities while also
maximizing energy efficiency and performance.

Technology must work effectively as a tool for well-trained security staff. Evaluating perimeter and
intrusion detection, access control, and CCTV, require that the vendors show how integration of
these security functions can increase security and minimize the training and burden to security
personnel.

Security as a business process

Security should naturally be seen as a business process that manages a security function, a process
that is very closely connected with the principles of quality assurance and quality control.

Management of the risk inherent in an organization used to be seen upon as a function embedded
within individual roles of the Management level. Traditionally the approach was to treat risks
separately and assign responsibility to individuals or small teams. To manage a singular type of risk
became a distinct job and to be successful in the job you had to focus on only one particular area.
The big problem with this “stove piped” approach was that it ignored the interdependence of many
risks and that it sub- optimized the financing of total risk for an organization. Breaking stovepipes and
seeing risk management and security programs more like processes means that we need to bring
different stakeholders in the problem together and set them to solve the problem – together.
©Risknavigator™ 2018 lennart@risknavigator.net
www.triplezmanagement.guru
Security Convergence

A major trend in the security arena today is security convergence.

ASIS International define security convergence as;

“The identification of security risks and interdependencies between business functions and processes
within the enterprise and the development of managed business process solutions to address those
risks and interdependencies.”

Imperatives driving convergence are;

• Rapid expansion of the Enterprise Ecosystem

• Value migration from physical to information-based and intangible assets
• New protective technologies blurring functional boundaries
• New compliance and regulatory regimes
• Continuing pressure to reduce cost

The convergence of IT and Physical Security is now a fact and as IT has become a very important part
of organizations, new international standards for physical security now also include IT considerations
for electronic documents.

Security convergence forces organizations to see beyond security as a function and instead
something that consists of people, processes and strategies, being part of the overall business life-
cycle as a system.

Furthermore, organizations now start to appreciate the cost and competitive advantages that can be
leveraged when viewing security not as a cost center but one of a value add - lowering costs and
providing cost efficiencies.

I have over the years gained vast experience from major healthcare security projects in Sweden.
Based on a unique methodology and understanding of the prerequisites that build a holistic based
healthcare security model I have e.g. led a major project in “Region Västra Götaland” (Gothenburg)
with the goal to improve the overall security and safety situation in all regional hospitals and clinics.
Areas that were covered involved;

• Inventory of physical and IT- based security equipment

• Extensive Physical and Information security risk assessments
• Developing a model for security classification of hospital premises
• How to build a new holistic based security organization
• How to implement a new security management platform