Issue link: https://securitytechnologyexecutive.epubxp.com/i/282968
32 SECURITY TECHNOLOGY EXECUTIVE • February/March 2014 www.SecurityInfoWatch.com HEALTHCARE SECURITY: ROUNDTABLE-IN-PRINT is essentially open to all? Bellino: "Fortunately I have -- in addition to our security force -- a fully sworn police depart- ment that has already received Rapid Response Team training to respond to active shooter events. I have a distinct advantage in the fact that my law enforcement officers know the facility and its inherent dangers, i.e. medical gases, non-ambu- latory patients, etc. We also deploy metal detec- tion at our ER which also provides an additional measure of protection. Now, the task at hand is to refine existing policies and procedures, train staff, implement and exercise the plan." Scott: "For sensitive areas such as the Emergency Department, we utilize compartmen- talization and back of house (monitored or cre- dentialed access) areas to control patient and vis- itor flow. We also conduct frequent security risk assessments. Several years ago, as part of our normal security risk assessment, we increased the workplace violence section of our survey to specifically address the work place violence issue. We analyze environmental controls, patient access control, and patient and visitor flow. We have also developed specific training for aggres- sive management behavior. We have increased employee and staff train- ing to recognize and manage possible aggres- sive behavior before it happens. Specifically, we give staff training focused on several core beliefs which are the bedrock of the program. Utilizing a combination of classroom lecture, video presen- tations and hands on active practice of defensive maneuvers, our course facilitators teach the stu- dents how to enhance their safety and the safety of those they serve." Romagnoli: "As I stated in the first question, we do have to look at this in several ways. We have the active shooter scenario that is directed at the hospital or is related to a patient issue. We believe a hospital will see one of three types of active shooter scenarios: A shooter enters to vent his anger at hospital staff because of what he/she perceives to have been poor treatment of a loved one that resulted in a poor outcome. A mercy killing of a close relative, who is ter- minally ill, resulting likely in a murder/suicide within the hospital. Minimal threat to staff. The disgruntled employee, who returns to vents his/her anger at management staff. We then have the crime/shooting that spills into or continues in the hospital from the street, although not directed at the hospital in most cases; all of these scenarios need some level of threat avoidance and protection. Minimizing means of egress, locked entrances and focused or directed pedestrian traffic to controlled entranc- es and exits is an excellent way to minimize unauthorized persons from entering the facility. Historically in the New York area, most hospitals have limited arming of public safety or security staff. At our facilities we have a small number of personnel who are armed and have the ability to interrupt a shooting incident. Also having local law enforcement have a good understanding of a hospital layout, which can be very confusing, is vital to a rapid law enforcement response." STE: How closely aligned are you with your organization's IT and network administra- tors? Foreman: "My position is within the IT organiza- tion and therefore information security is closely aligned with the information technology roadmap. One specific area where we support each other is regarding the need to apply patches to critical sys- tems. My team plays a role in helping to raise the issue within IT management in order to provide needed downtime to address vulnerabilities." Bellino: "Here we have project managers assigned from both IT and Construction Services and we are very closely aligned. We have estab- lished electronic security standards and nothing is built without building in appropriate electronic security. Our IT staff is right there with us as our partner to ensure we are all on the same page providing what our internal customers need and expect. Do we have a roadmap? Yes, and we fol- low it daily to the right destination." Romagnoli: "We are extremely closely aligned. We work with the Office of the Chief Information Officer's (OCIO) Security Team virtually daily. We have algorithms in place for a variety of incidents identifying who may be the lead in a particular investigation, and the duties and responsibilities of our respective divisions in a particular investi- gation. In addition our voice over IP radio system, our selection of cameras and many physical securi- ty products is all done with guidance and in some cases project management from our CIO's office." Scott: "Our IT department assesses the physi- cal security and security technologies needs on an enterprise level, and defines the infrastructure technologies to address those needs. Our depart- ment partners with our information services (IS) organization to implement solutions. This part- nership helps to ensure alignment of our depart- ment goals and objectives with enterprise IS tech- nology standards through project governance, technology infrastructure, planning and imple- mentation, and on-going IS technology support of our security technologies applications. Note: Look for the extended version of this healthcare security roundtable-in-print at our website, www.securityinfowatch.com. ❚ "Our IT department assesses the physical security and security technologies needs on an enterprise level, and defines the infrastructure technologies to address those needs." STE_30-33_0314 Lasky Roundtable.indd 32 3/14/14 11:14 AM