Designing security into your facility
Designing security into your facility
Security in hospitals is no mistake when well planned
Editor's note: Thomas A. Smith, CHPA, CPP, is president of Healthcare Security Consultants, Chapel Hill. North Carolina, and former director of hospital police and transportation at University of North Carolina Hospitals in Chapel Hill. In this guest column, he discusses how designing security elements into new facilities can help keep hospitals safe.
The new hospital in your system that is about to open has an award-winning lobby and concourse connected to existing hospitals and ambulatory facilities. No expense was spared as this lobby and accompanying aesthetic features were designed into this showcase facility. The soon-to-open hospital has five floors of ambulatory care and support service areas and two floors of inpatient critical care units.
As grand opening plans were developed, it was discovered that the stairwell and elevator configuration required persons in the elevator lobby to walk through the clinics and ICUs to gain access to the emergency exits. Instead of praising the wonderful patient care spaces, the clinic staff now wonder how they will keep their equipment secure. The ICU staff are worried about patient and staff safety (all of your existing and neighboring ICUs have controlled visitor access to enhance security). You are now scrambling to address this gaping fatal security flaw, and as you design a retrofit and implement operational workarounds, you come to the realization that this security oversight will end up costing your healthcare system hundreds of thousands of dollars over the lifetime of the building.
Good design is no mistake
Designing security features into a new healthcare facility or renovated space from the beginning can improve safety and security, maximize utilization of human resources, and lower operational costs. Patient and employee satisfaction is also enhanced by good security designs. If patients, visitors, and staff feel safe walking from the parking or transit facilities, their confidence in the organization is bolstered and they are more able to focus on their reason for coming to your facility.
It can be easy to miss or glaze over meaningful discussion about security in the early stages of design. Often the design team and unit leaders are so focused on designing their new space that security is not seriously considered until major decisions have already been set in stone. These include stairwell location, traffic patterns, and adjacent functions that may lead to conflicting operational needs, such as placing a night foodservice operation inside the nighttime perimeter of the facility, which requires additional security control points. When security flaws are designed into a project, expensive change orders and retrofitting usually are necessary. Sometimes it is impossible to alter a design due to conflicts with life safety codes or cost-prohibitive retrofitting expenses. Add-on security features also may deter from the aesthetic value of a project, and the final project may end up costing a great deal more.
The worst case scenario occurs when appropriate security features are left out, or are "value-engineered" out, and an adverse incident occurs. At this point, the security features are added at great expense. Retrofitted security features are almost always more obvious and less effective than security features that are designed in from the early stages.
To ensure security is appropriately embedded in the design process, security professionals must first and foremost get leadership support. A design team will do what the organization wants, so having leadership committed to addressing security will help underscore the need to keep these considerations in mind.
Second, security professionals must develop and cultivate relationships with the users of the space. These individuals often have the best, most practical ideas about how to preserve safety, since they use and interact with the environment every day. In short, everyone needs to be included. By sitting down with the various people involved in a project and identifying common interests, a security professional can explain the potential security risks in the environment and collaborate with the group about how security can be addressed while still preserving functionality and aesthetics. Security and aesthetics are not mutually exclusive, and it is up to the security director to communicate that fact to all parties involved. Once people realize that the goal is not to create a jail or prison but to create a functioning, aesthetically pleasing, and reasonably secure space, they are much more willing to consider security features.
A critical step: conducting a risk assessment
Conducting a comprehensive risk assessment of a facility under construction is crucial to identify potential security risks and determine mitigation strategies to include in the design phase. Such an assessment should consider the location and functions in the new space and adjacent areas. It should also identify and prioritize all the risks present and consider strategies to address those risks.
To help with the risk assessment, organizations can look at data from the current space?if applicable?and identify what is working well and what needs to be addressed. In some cases, you can pick up great ideas from the current space. You can also identify what you don't want to do. Other areas of the organization can also provide valuable ideas, so it is helpful to review what works and what doesn't in these areas as well. Reviewing the security maintenance activities of other organizations is beneficial, too. A few phone calls and you can get a pretty good idea of whether you are keeping up with the local standard of care. When performed effectively, a risk assessment can help an organization prioritize where to focus its security design efforts. It will also provide points of discussion and collaboration with the design team and users of the space. Without such an assessment, an organization may not focus its energies on critical issues that will affect the safety and security of the facility's occupants.
Design and renovation help
With the tremendous amount of healthcare construction underway at this time, we have a major opportunity to build security features into new facilities resulting in reduced risk and operational cost savings. By addressing potential security risks up front in the planning and design phases, organizations can have a big impact on the safety and security of their new spaces. It gets much more complicated, expensive, and resource draining to start thinking about security after the basic planning designs are in place. When an organization does not proactively consider security, it may be forced to react to security concerns and incidents as opposed to proactively mitigating them. This may require retrofitting, which, as noted above, can be at best expensive and at worst cost prohibitive. And if the organization cannot address a particular issue, it may leave itself exposed to an adverse event involving security.
Unfortunately, security is often not seriously considered in the planning and design phases. This usually happens for a couple of reasons. Architects and users of the space are often focused on other aspects of the area, including functionality and aesthetics. If security is left only to the architects and building occupants, it almost always becomes an afterthought and is easily value-engineered out. Also, security professionals may be hesitant to involve themselves in the design process because they are not familiar with the concepts and language associated with design and construction and may feel uncomfortable or out of place insisting on including security in early planning and design.
To help build effective security features into each renovation and new construction project, the International Association for Healthcare Security & Safety (IAHSS) appointed a task force to develop design guidelines for use by architects, security, and design staff members. Called the IAHSS Security Design Guidelines for Healthcare Facilities, the project was funded by the International Healthcare Security & Safety Foundation and published in April 2012. It comprises a general guideline as well as specific areas of emphasis and various sub-guidelines, all of which are modified, expanded, and deleted in a continuous review process. An update to this document is due out from IAHSS in 2016. Below is an overview of the major segments of these guidelines:
General guidelines. This section lays the foundational security and design principles that are carried throughout the remaining guidelines. It establishes the principles of risk assessment and the inclusion of an assigned project security representative as well as the concepts of protecting in layers through the creation of concentric rings of control, and crime prevention through environmental design (CPTED). All succeeding sections complement the security design elements in the general guideline.
Parking and the external campus environment. This guideline complements the general section through expansion of principles relating to CPTED and establishment of the first ring of protection at the property line. Additional concepts that receive elaboration include the use of physical barriers; coordination of vehicle entrances; landscaping and pedestrian walkways; surveillance and lighting systems; access control principles at the perimeter to reduce the potential for unobserved pedestrian access by channeling access, using natural barriers or fencing, transit placement, lighting and wayfinding; and parking facility security considerations.
Buildings and the internal environment. With nine sub-guidelines, this guideline is the most voluminous and defines zones of protection within the internal environment; management of access systems; and areas requiring such special security consideration as research facilities, shipping and receiving, mailrooms, and administrative office facilities.
Sub-guidelines within the buildings and the internal environment guidelines largely concentrate on locations whose function or activity presents an environment in which there is a significant potential for injury, abduction, or security loss that could severely impact the ability of the organization to render a high quality of patient care. They include the following:
- Inpatient facilities. This guideline complements the earlier guidelines by further elaborating the concepts of protection in layers, including zones, control points, circulation routes, and required egress paths. Major points of emphasis for this guideline include placement of elevators and stairwells to avoid conflicts between life safety and security. It also features design considerations for reception areas, information desks, and other customer service or screening stations.
- Emergency departments. The ED should be viewed as a secured area providing an added layer of protection between the healthcare facility, public areas, and treatment areas. The project design team should develop a comprehensive security plan that indicates a layered approach, including zones, control points, circulation routes, and required egress paths. Detailed elements of this guideline include recommendations concerning adjacent spaces, parking, and a distinction between internal and external ambulatory and non-ambulatory access points. Other highlights of this guideline include recommendations relating to waiting rooms, weapon storage, patient valuables, furniture, security and police workstations, high-risk patient observation rooms, and prisoner patient rooms.
- Behavioral/mental health areas. Behavioral/mental health (BMH) patients pose unique challenges and risks as a result of their medical condition. The BMH guideline provides guidance for stand-alone facilities and units within larger medical complexes. It offers detailed recommendations relating to perimeter design, internal space, and safety and security systems.
- Pharmacies. The design of pharmacies should address the unique risks presented by the storage and distribution of narcotics and other controlled substances. The design should create a secure physical separation between pharmacy operations and the public while integrating security systems for access and audit functions. Specific intents within this guideline provide recommendations concerning physical security, protection of people, and audit capabilities.
- Cashiers and cash collection areas. The collection, storage, and handling of cash present unique security risks to healthcare facilities. Security design considerations for primary and secondary cash collection areas should integrate the physical location and layout with security controls and technology. The risks posed by cash collection primarily involve robbery and internal theft. This guideline provides specific measures covering safes, physical security, video surveillance measures, and audits.
- Infant and pediatric facilities. Infants and pediatric patients are vulnerable patient populations requiring added security measures and special attention when designing space. Design team members should consider the patient and family experience, the physical location and layout, and integration of security controls and technology. This guideline provides recommendations for reception and waiting areas, access control zones, circulation routes, physical security, and technology. Other special areas of consideration include security elements for the new-mother rooms, infant monitoring, and pediatric play areas.
- Areas with protected health information. Guarding protected health information is an important element of any health facility renovation or new construction project. Designs should address the multiple ways in which privileged information could be compromised and should protect that information by utilizing integrated physical and electronic security systems. This guideline relates to signage, registration areas, furnishings, equipment locations, video surveillance, and waste.
- Utility, mechanical, and infrastructure areas. The design of facility utility, mechanical, and infrastructure-related space should include the recognition that such space and the mechanical, electrical, plumbing, and information technology systems within it are critical assets for the facility. The systems typically housed in these spaces are essential for uninterrupted patient care, basic building comfort, and emergency response capabilities. This guideline is intended to provide recommended security design elements for utility systems, mechanical, and infrastructure spaces, and built-in redundancy and expansion capabilities pertaining to technology and mechanical systems.
- Biological, chemical, and radiation areas. Healthcare facilities must address the unique security risks presented by highly hazardous materials including, but not limited to, biological, chemical, and radioactive materials. These materials frequently are regulated and areas must be designed accordingly. This guideline provides recommended design elements covering spaces to be addressed, waste streams, emergency response, and audit features.
Emergency management. The final major area of emphasis is emergency management, which recommends that health facility designs consider practices that allow for flexibility and resilience required to manage emergency events.
An all-hazards approach to design should be applied to help the facility prepare for, respond to, and recover from man-made events and natural disasters alike. This guideline provides recommendations relating to designs that support sheltering in place and repurposing space during emergency operations to accommodate intake and care of a surge of patients.
Designs should facilitate alternative points of access, space reassignment, emergency access to technology infrastructure, a lockdown of spaces, and designation of space to provide services to support large numbers of individuals in areas separate from patient care and emergency management.