RSSAll Entries Tagged With: "security"

Now that the world is going to (legalized) pot…

A number of states have passed (or are in the process of passing) laws legalizing the use of medical marijuana. Now, I don’t really have a dog in this fight as far as it goes, but I do think it may present some challenges for security professionals in hospitals as to how best to manage cannabis as a personal possession. What was once a fairly straightforward “it’s not legal” situation could now become rather a point of contention when someone wants to know what happened to their prescription pot (I’m thinking that this could bring a whole new meaning to medication reconciliation…).

At any rate, to those of you in the studio audience who are in (various) states of legalized marijuana: How are you managing this as a potential customer interaction? How have you managed this type of contraband in the past and how are you going to manage it in the future? Back in the day, confiscated pot could be turned over to the local police; are they even interested anymore?  The DEA still classifies medical marijuana as a Schedule I substance and I suspect that there are any number of hospitals that are licensed only for Schedules II-V, so your pharmacy director may have some insight into a way forward. At any rate, if anybody out there has actually been able to come to grips with this issue, I would love to hear what you’ve got going.

How does your escort service measure up? Hope you’re not letting things get too hot…

I know we’ve (at least sort of) talked about this before (for those of you who might need some thought refreshment in that count or if you’re new to the conversation, see this previous post), but there are still some findings being generated during Joint Commission surveys this year, so I figured it might be worthwhile revisiting one aspect of the whole nuclear medicine security issue.

Let me preface things by noting that I don’t believe that there have been too many instances (a number that approaches zero) in which nuclear medicine deliveries to hospitals have been diverted or otherwise redirected for nefarious purposes. That said, there are certain provisions in the regulations regarding radiation safety and controls programs in healthcare that require couriers delivering nuclear materials to your hot lab (presuming you have one) to be escorted when they are in the hot lab. Unfortunately, if you are interested in finding out what the deal might be for you, the first point to keep in mind is that some states (a handful or so) administer their radiation control programs in accordance with the Nuclear Regulatory Commission (NRC) statutes which do require the escort into the hot lab. But (and isn’t there always a “but”?), there are a great many other states that have an “agreement” with the NRC that allows them to pretty much make their own way (to see where your state figures into the equation, this would be a good place to start) in this regard.

Now the good survey folks from our friends at TJC know about the requirement for escorting the couriers, but they are not necessarily conversant with the requirements for the agreement states—and some of the agreement states do not specifically require the escorting of the couriers into the hot lab. So you need to know (yes, another in the long list of things you need to “know”) what the requirements are in your state, so if it does come up in survey (and it is coming up with increasing frequency), you will know where you stand from a compliance standpoint. As a further thought on this coming up as a survey finding, I suspect that you would need to be prepared to show the surveyor(s) the regulatory evidence that you don’t have to do the escort thing, and, if that is not sufficient evidence in the moment (and we’ll discuss how that might happen in a moment), then you will probably need to make full use of the post-survey clarification process.

Now, the reason I suspect that the state regs might not be enough revolves around the general concept of best practices, etc., which are becoming increasingly similar to actual regulations (or so it seems—it might just be my overactive imagination. I think not, but I’m prepared to admit that there is a possibility). To that end, I suggest (and if you’ve been paying any attention over the years I’ve been scribbling this blog, you probably have a good idea where I’m going now—and I certainly wouldn’t want to disappoint) that you conduct a (ta-da!) risk assessment to demonstrate that the levels of security in place are of sufficient robust-ity (I know that’s not a real word, but shouldn’t it oughta be?) that an unescorted courier results in minimal, if any, risk to your organization.

As I look back at this little screed, I’m glad that I did not promise (or otherwise imply) that I was going to be brief. At any rate, make sure you understand the security requirements in your state and make sure that you are poised and ready to educate any surveyors (real or imagined) that might push on your process.

Keeping things cool in the hot lab

In reviewing “stuff” from the past few months (September and October were pretty busy on the regulatory front), I wanted to mention (in case this hadn’t crossed your path) the Government Accountability Office’s (GAO) report on the security of radioactive materials in hospitals as a function of the Nuclear Regulatory Commission’s (NRC) existing requirements. The GAO found the NRC requirements to be somewhat lacking, based on a sample of 26 hospitals and medical facilities.

According to the highlights of the report (you can find the whole megillah at:, the NRC did not agree or disagree with the findings of the report, feeling that existing security requirements are adequate. Some of the security lapses found during the GAO survey were such items as unsecured medical equipment containing radioactive material, unescorted access to radiological sources, even (darn it!) numerical keypad lock combinations inscribed on door frames.

Now I will tell you that this is all stuff I’ve encountered periodically during my consulting life (a boss of mine once told me “you can’t mandate intelligence”; then Ron White distilled that into “you can’t fix stupid”) and I will also tell you that sometimes all you can do is shake your head about this stuff. That said, I have no reason to think that the good folks at The Joint Commission (or indeed anybody else with a horse in the regulatory survey derby) are not abundantly aware of this report and it’s contents. So what follows is purely consultative in nature:

Read the report, look at the recommendations, perform a gap analysis at your facility, identify any improvement opportunities, present the risk assessment to your EOC committee and move forward. You may want to consider identifying the necessity for recurring review (which, natch, you should be doing as a function of your annual evaluation of the security management program), if you think you might lose track of this, but I think this should cover things quite nicely.

For those of you go-getters who’ve already run this race – what kind of stuff did you find? Any suggestions for the rest of the classes? Inquiring minds want to know!

Mirror, mirror on the wall … is that me?

One of the curious things I encounter on an increasingly regular basis is the Dorian Gray-like (but in reverse) effect of the ID badges of folks who’ve worked at an organization for a rather long time. So long, in fact, that they really don’t look like their ID pictures any more. I know you’ve seen it too.

Now, I’ve always considered the hassle of having folks wear ID badges as being an important component of our security management strategies. As a general consideration, we do have an obligation to ensure that we’re not giving any interlopers a chance of breaching our security (and don’t get me started on those folks who are not nearly as careful about their ID badges as they should be. I know it makes me sound petulant, but we really ask so little of folks in this regard).

So, I ask those of you responsible for the ID process, have you established criteria for an update of photo IDs? Weight loss or gain, hair color changes, the aging process (all potentially contentious topics for discussion)? Or, like the motor vehicle registry folks, do you re-take pictures after a certain amount of time, maybe contingent on how much a person has changed in the ensuing period. Any feedback or discussion would be most appreciated.

Can’t get no protection…

I’m not sure if you folks follow my HCPro colleague David LaHoda’s OSHA Healthcare Advisor e-newsletter and blog, but there’s an item this week that I think bears bringing to your attention in case you didn’t see it.

Panic in Detroit – Panic at the Disco – Panic at the Surgery Center…Fire in the Hole!

I’m presuming (and please don’t attempt to disabuse me of this notion) that you are all dutifully conducting security risk assessments on a regular basis. As you conduct them, I’m sure you find risks of some events that are greater than some other areas. So, I to ask: When you’ve completed your security risk assessment, do you identify specific strategies, including the use of technology, for minimizing those risks to the extent possible? If you’re not including that facet in the risk assessment process, you might want to consider doing so.

Recently, I was looking at a survey report in which an ambulatory surgery center was cited during a TJC survey because they had not installed a panic alarm “at the registrar’s desk in order to obtain immediate assistance in an emergent or hostile situation.” Now, as with so many things that have been popping up during surveys, I don’t disagree with the concept of having panic alarms at those customer service/interaction points where unhappy folks (or folks of any ilk) can experience the need to vent their frustrations, etc. But in that disagreement, I think I’d first be looking at what tools have been provided to staff to actively manage, if not de-escalate, these negative encounters. I would much prefer to avoid having to use a panic alarm by appropriately managing the encounter, much like I would just as soon not “need” to have an emergency eyewash station.

I’m a great believer in the proactive management of risk, but I’m also a great believer in implementing risk management and response strategies that make operational sense. So, the question to the studio audience is: Where have you installed panic alarms and where have you not installed panic alarms, and why? There’s always the risk that some surveyor will disagree with your strategy, but if that strategy was derived through thoughtful analysis of the involved risks, does that not meet the intent of all this?

I like the concept of best practice as much as anyone, but I also recognize that there is a tremendous amount of variability in the safety landscape. Just because something works in one place does not necessarily mean that it will work in all cases—that’s the mystical, magical, and ultimately mythical power of the panacea. One size doesn’t fit all—never has, never will. But if we’re going to be held to that type of an expectation, how does that help anyone? Ok, jumping down from soapbox for now, but rest assured, you’ll see me back up here before too long.

I can’t drive – 5?

I recently fielded a question regarding vehicle speed limits on a hospital campus.

I think we can agree that we don’t want folks tearing around our grounds, running into or over people and things, but are there specifics involved? (I think I’m smelling a risk assessment here…)

The situation presented to me revolved around a current practice of posting 5 miles per hour as the campus speed limit, which, as I’m sure you can imagine, can be tough to enforce, regardless of whether you live in NASCAR country. So, the question became: Can the campus speed limit be raised to 10, or even 15, miles per hour?

To my fairly certain knowledge, there is no definitive nationwide regulatory source that would come into play; but, as you can well imagine, there are a number of Authorities Having Jurisdiction who might be willing to offer some assistance in this regard. My immediate thought (and probably the most useful) would be to check with municipal law enforcement to see what they might recommend/require in this regard, and move forward accordingly. I’m thinking that there would be only minor, if any, objection to a raise of the limit to 10 miles per hour, and maybe even 15 miles per hour. But checking with the law enforcement folks is a very fine place to start.

So, how fast can you go?

California hospitals will be required to tighten security if new bill passes

Preliminary approval was given by a California legislative committee for a bill to move forward that will increase security in hospitals and require workers to report acts of violence to the state.

Assemblywoman Mary Hayashi (D) and the California Nurses Association sponsored the bill and brought it to the Assembly Committee on Health, arguing that nurses are increasingly exposed to violence in the workplace, reports the Los Angeles Times. The bill comes after the death of a nurse who was bludgeoned in the medical facility she worked at in Northern California.

The California Hospital Association (CHA) opposes the proposed bill, saying it would put an increased burden on hospitals. The CHA says hospitals already have to report incidents of violence to the police, state Department of Public Health, and the Division of Occupational Safety and Health (OSHA).

The bill is waiting to go to the Assembly appropriations committee before going to the full Assembly.

Do you think this bill should pass? What does your facility require in terms of reporting violence? Let us know in our comment section.

Do you feel safe in your healthcare facility?

The September shooting at Johns Hopkins Hospital in Baltimore left some healthcare workers pondering the same question: Are healthcare facilities a safe place to work?

Recently, the Wall Street Journal (WSJ) ran a blog post about which healthcare workers are most likely to be assaulted. The Journal of the American Medical Association published a study and after looking at government statistics, found that the rate of assaults in healthcare facilities is fairly high. Nursing home staff, ICUs, emergency departments, and psych units are amongst the higher risk of assault, the WSJ reported.

Why is the assault rate so high? The study found a few different factors. Physicians are not respected as much, the healthcare industry is more seen as a business, and patients are not always happy with the healthcare system, reported the WSJ.

Is this a trend you are noticing and planning for, or do you think the study focuses too much on big cities? Do you feel safe in your facility? We’d love to hear your thoughts on this.

Efforts underway to improve security in California hospitals

The death of two healthcare workers has prompted hospitals to increase safety and security in California hospitals.

An East Bay, CA, assembly-woman, Mary Hayashi, D-Hayward introduced a bill last week, saying it would improve the safety in hospitals, mental health institutions, and correctional medical facilities, reported The Napa Valley Register.

In addition, Napa State Hospital unions have requested safety improvements such as increased police officers and staff having just their first names on ID badges.

The bill, titled Assembly Bill 30, would require hospitals to do the following:

  • adopt a violence prevention plan
  • report attacks on personnel to law enforcement within 24 hours instead of the current 72 hours
  • detail to the state legislature information on acts of violence at the facilities
  • require annual safety training sessions for all hospital employees assigned to a psychiatric unit

The bill is expected to come in front of a committee early next year.

On October 23, a psychiatric technician at Napa State Hospital was found dead by a patient. A nurse was attacked on October 25at The Martinez Facility in Contra Costa County, CA, by an inmate who hit her with a lamp. She died three days later Both incidents led to staff and unions coming forward to improve security.

How do you think the proposed security procedures would improve the safety of the staff? Let us know in our comment section.