Layering security controls for healthcare projects

by Katie Daniel | April 29, 2016 11:55 am

by Marilyn A. Collins, EDAC
It is not difficult to imagine the need for security in healthcare environments. Where are the eyes and ears ensuring the safety of a newborn transported from labor and delivery? Can family members visiting a sick relative be confident their valuables are safe at bedside if they leave to grab a snack? What security precautions are taken when a rear exterior door to the hospital is propped open so staff can take a break?

Of course, there are numerous other considerations. For example, an employee might notice certain supplies diminishing on a regular basis—how does the hospital protect clinical, professional, administrative, and environmental staff from suspicion of diverting equipment or even medication? When there is an influx of visitors during the shift change on the behavioral health unit, and an anticipated increase in patients through the Emergency Department due to a rapidly spreading virus, what are the visitor tracking and patient protection procedures to ensure safety for everyone—even in the case of a possible epidemic or weather-related crisis? There is also the matter of satellite functions and procedures performed by a hospital system at remote ambulatory care facilities and medical office buildings tied to the main building via an access control system.

Consideration of these and many more facets of hospital life provoke a host of thoughts about security, convenience, and safety (for patients, visitors, and staff alike), along with energy efficiency and resilience in the face of disasters. These are weighty topics requiring input from virtually every department in the hospital. Together, they form the ‘Environment of Care’ (EOC).

The EOC comprises three basic elements: building and space, equipment, and people. The first step in planning for this complex environment is to identify the stakeholders and decision-makers invested in the outcomes—whether related to compliance, the delivery of care, or the successful protection of people and assets.

While design/construction professionals are obviously not part of all the related choices and factors in a healthcare project’s creation and operations, their decisions and collaboration with the building owners can have important impacts.

Understanding stakeholders in the healthcare environment
Major departments in the hospital are now collectively involved in decisions affecting patient safety, Hospital Consumer Assessment of Healthcare Providers and Systems (HCAPHS) scores, building design, access control, and employee training. No longer are decisions made in the vacuum of one’s own department or even within the confines of a single hospital. (For more info, visit www.cms.gov/Medicare/Quality-Initiatives-Patient-Assessment-instruments/HospitalQualityInits/HospitalHCAHPS.html[1]).

Consolidation and acquisition in healthcare, as well as the requirements for reimbursement from the Centers for Medicare and Medicaid (CMS) have changed the game. Healthcare administrators, operations personnel, and virtually every department have recognized decisions made in one area of the hospital system may affect every other one. This domino effect can affect a hospital’s reputation.

For instance, if a hospital selects a unique or proprietary access control system, and then is acquired by a parent healthcare system, the parent may be constrained in its ability to cascade an efficient open architecture solutions across the entire healthcare system. Myriad results may include having to carry several ‘badges’ or credentials, increasing the complexity in accessing the hospitals in the system.

Every hospital wants its reputation to get the highest marks for welcoming families, caring for patients, retaining staff, and securing supplies, medical equipment, and controlled substances. As hospitals adjust to the various changes that are associated with the Affordable Care Act and cope with other changes in the delivery of care, consensus building and collaboration become the basis for making decisions.

The security department is the heartbeat of the hospital with regard to protecting the systems providing for the facility. However, the built environment itself is a critical element in both security and in healthcare delivery—design/construction professionals can also have a major role, both directly and indirectly.

Additionally, there is often a ‘compliance department’ spanning the many agencies, ensuring compliance with life safety regulations such as National Fire Protection Agency (NFPA) and other authorities having jurisdiction (AHJs). Other critical guidelines and compliance elements include the Americans with Disabilities Act (ADA), Health Insurance Portability and Accountability Act (HIPAA), and Facility Guidelines Institute (FGI).

The U.S. federal government supports the delivery of healthcare for a large percentage of the population through Medicare and Medicaid. CMS authorizes reimbursement for medical services provided to qualified recipients. The administration of such reimbursements includes a process ‘deeming’ each hospital worthy of the payment according to certain standards, which are surveyed or monitored by organizations such as Press Ganey, the Joint Commission, Healthcare Facilities Accreditation Program (HFAP), and DNV (i.e. National Integrated Accreditation for Healthcare Organizations [NIAHO]). Since a large percentage of hospital revenue comes from CMS, compliance with these ‘deeming’ bodies is a high priority.

Multidisciplinary committee decision-making, involving representatives from the above departments, regarding ‘layering’ security is the new normal in healthcare. Such decisions are put through a five-lens filter measuring the impact on patients, families, staff, physicians and cost. The Joint Commission requires all hospitals they survey to develop and implement a performance improvement framework for their processes affecting the safety of patients and everyone else entering the hospital, the security of everyone having access to the hospital, including fire safety and emergency operations.

Each hospital should perform an annual risk assessment to point out the need for a security plan for the entire hospital facility or system. This security plan is a major factor in compliance, as well as improving the ‘patient experience.’

Layering security
All this information forms the basis of the ‘who/what/when/where’ of a security system, which is an exercise in layering security vertically and scaling that security plan horizontally. Once the stakeholders and decision-makers have been identified, the hospital can creatively scale security solutions to match the risk associated with each opening. This allows the hospital to maximize the security plan while staying within a budget. High-security areas may require more sophisticated online solutions, while lower-risk ones could need simpler, offline products. The hospital has far more flexibility in designing a security system in this manner.

The typical steps for security system design are:

1. Define users (e.g. clinical staff, general public/visitors, patients, those with disabilities, other populations within the hospital).

2. Identify estimated budget.

3. Determine the specific areas of greatest concern (e.g. nursery, intensive care units [ICUs], medication stations, pharmacy, supply cabinets, exterior visitor entrances, employee entrances, linen storage, nurse servers, patient rooms, staff lockers, and stairwells).

4. Assign the frequency of use (e.g. high-traffic or low-use areas).

5. Document locations in the building subject to fire/egress codes such as NFPA 101, Life Safety Code, and NFPA 99, Healthcare Facilities Code, or the International Building Code (IBC). In many instances, the hospital has employed PIN-based devices that do not offer an audit trail or specific, individual accountability. Simply providing one code per unit or department for a push-button lock does not identify individuals who may have access to medicines or supplies. In some cases, the ‘confidential’ codes to access these doors are written either on the doorframe or on a sticky note nearby. Such locations would be suitable for re-evaluation.

6. Assign a level of security (e.g. general access, high security, lockdown areas).

7. Add sustainability requirements such as energy efficiency and/or Leadership in Energy and Environmental Design (LEED) goals. Doors contribute to significant energy loss from
the building envelope. Furthermore, many
of these facilities now require environmental product declarations (EPDs) and/or health product declarations (HPDs).

8. Build in infection control by specifying antimicrobial coatings.

Reviewing the door hardware and security device options
Once the committee has identified and agreed on these factors, selection of devices (and the platforms they require) can begin. Frequently, security consultants, door and hardware manufacturers’ representatives, and end user specialists provide valuable details for product selection. This may include performance specification, integration to third-party access control systems, or maintenance plans.

Online access control
Until recently, the only option for online access control was to hardwire every opening. This technique can be desirable (and even necessary) where immediate lockdown or egress might be required—for example, in the case of stairwells. However, the expense of hardwiring, particularly in the case of a retrofit application, can be cost-prohibitive. Adding in the expense of qualified, licensed electricians and other professionals can raise the actual installed costs much higher than expected. There are other ways to accomplish online access control employing two similar platforms as discussed in the following sections.

Wi-Fi
Most hospitals are equipped with a Wi-Fi network that can be employed as the platform for access control. The main advantage of using Wi-Fi is it is an ideal solution for non-critical openings that still require monitoring, audit trail, and secured access. Wireless devices provide a secure encryption for access codes and, in many cases, can use the existing badge or credential currently employed by the hospital.

Another advantage of a Wi-Fi device is access decisions are authorized ‘locally,’ meaning the locking device does not have to ‘check-in’ with the access control panel. Additionally, a record of transactions is maintained in the device at the door.

Wireless
Typically, a wireless device requires a hub or interface that is actually hard-wired back to an access control panel. One advantage with the wireless devices is the card reader (or integrated reader/lock) can be applied directly to the door, making for an aesthetic and cost-effective application. Further, these devices are often ideal for otherwise-difficult applications, such as historical buildings, stone assemblies, or extra thick walls. Since the hub or interface is above the ceiling, the installation of the device on the door is faster and causes far less disruption for the hospital. Additionally, the programming of wireless devices is typically done right at the access control system and access can be provided to anyone at the time of on-boarding.

Power-Over-Ethernet (PoE)
This platform uses the network power provided by the Cat 5 or Cat 6 cable installed throughout the hospital. The main advantage of PoE is the significantly reduced energy cost. Devices on PoE act just like hard-wired devices and provide immediate tracking on the access control system.

Offline devices
Some non-critical areas of the hospital are not necessarily the object of inventory shrink or losses due to ‘diverting’ of supplies. This may include soiled linen rooms or even staff restrooms. Such areas can be secured with PIN-pad-only devices that do not provide audit trail or monitoring.

Electronic cylinders
Often referred to a ‘portable security,’ some electronic cylinders can replace existing mortise cylinders and provide simple access control. These devices use a battery-powered key to program the cylinder locally or it can be web-based. Another advantage is electronic cylinders are available in a number of form factors that allow application to remote or fenced areas of the hospital campus, such as large equipment storage where padlocks might be used. Other areas might include a cash office or the cabinets on trucks or other areas. This type of platform is particularly effective where there are fewer than 50 users.

The objective of this exercise is to ‘scale’ the security solution to fit the unique needs of the hospital or system. Most of the platform solutions can be cascaded across an entire healthcare system—even one with locations in different states.

Facility operations
Other aspects of facility operations can also be addressed simultaneously with security.

Aesthetics
In the drive to improve patient outcomes, many healthcare facilities feature pleasing designs that create a relaxing atmosphere. Decorative doors and hardware deliver security without sacrificing design.

Resiliency
Geography determines whether or not specialized door openings are needed to protect against hurricanes or tornados. Door opening assemblies tested to withstand destructive storms will help a healthcare organization continue normal operations once the danger has passed.

Sustainability
Hardwired locks that draw low power consumption and insulated doorways that block heat transfer and air leakage improve the energy efficiency of a facility and help meet sustainability goals. Any transparency statements tied to these products will verify their contents and ensure they are free of harmful chemicals.

Sound attenuation
Peace and quiet are hallmarks of a restorative environment. Having Sound Transmission Class (STC)-rated doorways on patient rooms blocks out the noises accompanying the hustle and bustle of a hospital hallway.

Loss prevention
Pharmaceutical distribution, storage cabinets, employee lockers, and server cabinets containing sensitive data are prone to theft. These small ‘doorways,’ typically on cabinets, can be protected with a new generation of cabinet locks that connect wirelessly with the building security control system. The locks communicate with a nearby hub that relays signals back and forth with the central system. Therefore, these often-overlooked doorways, even when found on a portable cart, are now incorporated as another layer of security that can be monitored and tracked.

Conclusion
With the wide range of locking technologies now available, it is easier than ever to tailor the access control capabilities of each opening to match its exact security needs. Hospitals can implement varying degrees of access control at each opening whether it is a loading dock on the building perimeter or a cabinet door in a patient room and everything in between. The locking technologies employed at each opening mesh together and operate seamlessly with the building control system to create a fully secure facility.

Successfully layering security in this manner requires input from all stake-holders to identify risks, applicable codes, and regulations that need to be met, alongside sustainability goals, aesthetic preferences, and budgetary concerns. When the needs of each stakeholder are mapped out vertically, security solutions can then be layered horizontally to achieve the desired goals and deliver the best possible outcome.

Marilyn A. Collins, EDAC, is director of business development for healthcare with Assa Abloy Door Security Solutions. She is certified in evidence-based design in life safety, security, and access control for door openings. Collins is versed in the tenets of The Joint Commission and GreenGuard, and is active in a number of industry groups including Healthcare Executives, Buildings VIP, The Center for Health Design, FierceHealthcare, Society for the Advancement of Gerontological Environments (SAGE), and the Door and Hardware Institute (DHI). She can be contacted via e-mail at marylina.collins@assaabloy.com[2].

Source URL: https://www.constructionspecifier.com/layering-security-controls-for-healthcare-projects/

---