Assessments

An assessment of the effectiveness and compliance of your security program is essential to achieving the results you desire. If done correctly, assessments can reduce your risks, increase your value, and reduce program costs. 

See the questions below to help you with your next assessment decision.

Click here to request an assessment consult

What is a security assessment in healthcare?

Assessments:

  1. Discover and validate security related vulnerabilities present.
  2. Measure compliance with standards, regulations, and policies.
  3. Include current threat level data.
  4. Identify gaps, and if possible, measure effectiveness of security controls.
  5. Identify areas of improvement

A security assessment is a process used to determine if current processes, policies, procedures, and equipment/technology meet specified standards and expectations as they relate to the security programs mission and objectives as well as applicable regulations and accreditation standards.

In the healthcare setting, the term “assessment” is used as a general term and can be referred to as a security, risk, or vulnerability assessment, program review, or a site survey. 

In general, accredited healthcare facilities must meet CMS and accreditation standards and use accrediting agencies to verify compliance. Accredited healthcare facilities are required to review and evaluate certain programs (such as security and workplace violence) as part of the accreditation process, and these reviews are scrutinized by the accrediting agency during the survey process. 

They are used to identify gaps in the program, optimization opportunities, and risk factors that impact the safety and protection of personnel and property.

State and local governments have additional requirements for security and workplace violence procedures, which should be taken into consideration when conducting an assessment.

Some healthcare facilities choose to have formal security assessments conducted to help identify areas where improvement may be needed due to a specific event or before the accrediting agency arrives to conduct an accreditation survey.

The accrediting agency is the unimpeachable evaluation, the “assessment” is the “check before the check”.

During an assessment, the following factors should be considered:

  • Applicable Regulations,  Standards, and Guidelines
  • Best Practices
  • Local Policies
  • Exposure
  • Internal and External Incidentts
  • Workplace Violence
  • Special Populations
  • History
  • Geography
  • Culture
  • Business Continuity

Healthcare security assessments, due to the number of regulatory and accreditation requirements, are complex and detailed. Conducting these assessments requires industry specific knowledge, expertise, experience, and professional certifications.

Our teams are highly qualified, experienced in healthcare, and hold healthcare and other security industry certifications.

What types of assessments do you offer?

We offer four types or levels of assessments.

Transition:

Transition assessments are recommended prior to establishing security services for a new location, area of coverage, or when transitioning service providers.

Annual Compliance Assessment:

This is a review of the security program as it relates to compliance, effectiveness, and improvements/gaps based on the facilities Security Management Plan and specific accreditation standards, CMS Conditions of Participation, and OSHA guidelines.

Focused Assessment:

Focused assessments focus on a specific component of your program, such as training, a specific incident that has occurred, or a specific department such as the Emergency Department. They can also focus on a change in regulatory or accreditation requirements such as Workplace Violenve Prevention. 

Full Book/Comprehensive Assessment:

This level of assessment is highly complex, detailed, and incorporates staff surveys and interviews, threat and vulnerability analysis, operational readiness review, physical security vulnerabilities, and crime/incident trend analysis.

Can I do my own assessment?

Absolutely. If you have the knowledge of regulatory and accreditation requirements and the time, you should be able to assess your program.

However, many people find it worthwhile to have a fresh set of eyes on their program. If you do decide to conduct your own assessment, ensure you are able to dedicate the time needed and use a current checklist.

Should I hire a consultant?

Maybe. There are a couple of factors to consider. Ask yourself these questions:

– Do I have the knowledge and expertise needed?

– Do I have the time needed to complete an assessment of my program?

If the answer to either is no, then look for a consultant.

What should I look for in a consultant?

You should always interview consultants and consider:

  – Do they have certifications in security and healthcare security?

  – Do they have practical experience in the healthcare security environment?

  – Do they match your healthcare facilities’ culture?

  – Do they understand your desired outcome?

  – Can they give you a solid time frame and cost (in writing)?

  – Do they have good references?

Regulations, Standards and Guidelines For Assessments

Below is a list of federal regulations, standards and guidelines you should be aware of when conducting an assessment of your healthcare security program. 

United States Code of Federal Regulations (CFR) Title 42, Part 482 (CMS Conditions of Participation) and Interpretive Guidelines;

Title 42, Parts 413, 482 and 489 (EMTALA);

Title 45, Parts 160, 162, and 164 (HIPAA);

Title 21, Part 1301 (Security of Schedule I and II Narcotics);

OSHA Guideline 3335, Preparing and Protecting Security Personnel in Emergencies;

OSHA Guideline 3148, Guidelines for Preventing Workplace Violence for Healthcare and Social Service Workers;

OSHA Guideline 3827, Preventing Workplace Violence, a Roadmap for Healthcare Facilities;

NIOSH: Occupational Hazards in Hospitals;

CDC – NIOSH Hand Hygiene Standards

Accreditation standards from The Joint Commission (TJC), Det Norske Veritas (DNV), Healthcare Facilities Accreditation Program (HFAP) and Center for Improvement in Healthcare Quality (CIHQ). These include standards related to security, safety, leadership, emergency management, training and competencies, infection prevention and more. 

National Fire Protection Association (NFPA) 99 (2012) Healthcare Facilities Guide;

NFPA 101 (2012)/Life Safety Code;

NFPA 730/Guide for Premises Security;

NFPA 731/Standard for the Electronic Installation of Electronic Premises Security Systems; 

National Center for Missing and Exploited Children (NCMEC) Guidelines on Prevention and Response to Infant Abductions;

National Crime Prevention Council’s CPTED

ASIS International Guideline on Managing Disruptive Behavior and Workplace Violence in Healthcare;

Healthcare Security and Safety (IAHSS) Basic Industry Guidelines;

ANSI/IESNA Recommended Practice: Lighting for Hospitals and Healthcare Facilities; 

DHS Infrastructure Protection Report (Hospitals);

DHS Potential Indicators of Terrorist Activity, (Hospitals);

National Association of Psychiatric Health Systems (NAPHS) Guidelines: Guiding Principles on Restraint and Seclusion. 

Depending upon the size of campus and number of facilities included, the complexity of the security program; and the addition of applicable state and local laws, assessment costs and time frames can vary. 

Click here for an assessment consult