By Kevin Wilhelm / Special to Healthcare Facilities Today

In our current era, there is an increased concern for the safety and security of patients, visitors and staff at healthcare institutions around the country. The 24-hour/seven-day-a week nature of these facilities creates a security challenge for anyone charged with implementing and managing a security program. Adding to the complexity, some hospital areas, like the ER, have sections that must remain open to the public, while other areas (e.g. triage) need to be locked.

The ability to control access remotely, to confirm identity quickly and easily, and to program varying levels of access for visitors, patients, doctors and staff is an absolute necessity. For these facilities, an integrated approach, combining video surveillance, mass notification, and access control into an overall security plan is needed.

In consideration of developing this approach, the following steps are essential:

1. Conduct a vulnerability risk assessment

Take a hard look at the facility and determine strengths and weaknesses as well as areas with known security data gaps. Start from the outside perimeter and work your way in - evaluating not just the physical structures but the procedures and practices in place. For example, look at the physical structure of the parking garage and whether it prevents unauthorized entry. Then move on to reviewing how security staff is currently patrolling the garage to ensure the safety of the staff and clients who use it.

2. Provide an empirical evaluation with your risk assessment

When reviewing the results of a vulnerability risk assessment, it is not uncommon to face financial hurdles in terms of allocating appropriate budget to resolve identified issues. Prioritize budget allocation by identifying the most significant security risks and the ease with which they can be corrected - not only from a financial perspective but also from an implementation perspective.

3. Utilize layers of security to prevent breaches due to system failure or vulnerability

Layers of security are an absolute necessity when creating a safe hospital environment. Don’t assume that installing the “latest and greatest” cameras will be enough. How these systems will work in adverse environments (e.g., major weather event and data security vulnerability occurrences) need to be considered. The recent issues at Meltdown, Spectre, and Heartbleed prove that technology cannot be the only way to provide critical physical security.

4. The importance of response time cannot be overstated: Make sure that your system is able to communicate vital information in an actionable manner.

There are hundreds of systems that provide basic physical security protection. When evaluating options, it's important to not only look at the feature set, e.g., a camera’s resolution, but also what it does with that information. Security platforms need to be able to distill tremendous amounts of information into actionable items for security personnel and healthcare staff. Beyond simple alarm conditions, the right system will have a feature set that prevents false alarms and provides specific actions based on the identified threat.

5. Have a holistic approach when identifying areas for improvement

With few exceptions, existing security infrastructure can be upgraded cost effectively. Take time to review staff input about certain features of the current system. As an example, if staff at a nurses’ station is complaining that a secured area requires them to scrub in and out adding to the time required for them to enter an OR, it may make sense to consider an upgrade to streamline the operation while continuing to maintain the security required for that space.

6. Consider the security of security when implementing solutions

Imagine you’ve gone through the process of upgrading your overall system, installing, high resolution IP-cameras throughout your campus with new access control and credentials. Believe it or not, your new system can be compromised. Without proper network segmentation either through a dedicated security network, which isn’t always feasible, or with VLANing your entire network can potentially be compromised via the IP-Cameras as they sit on a data network. A camera could be vandalized to reveal the RJ-45 network connection through which a hacker could violate the network.

Access control is only as secure as the credentials and readers installed to enable their function. 125kHz is the most ubiquitous of access control credentials but can be duplicated in a matter or seconds. Left unattended, a credential can be duplicated using a $50 tool, easily purchased online, without anyone knowing that the card was compromised. Now an intruder has the same level of access as the person whose credential was copied. Even higher security 13.56MHz credentials can be compromised. Most card readers send unencrypted data to the access control headend which leaves the information vulnerable.

An experienced integrator can help you determine your security initiatives, risks and priorities. Their experience and knowledge of multiple solutions will ensure that an implementation goes smoothly.

Solutions Architect Kevin Wilhelm is a SIGNET Electronics, Inc. systems integration engineer who specializes in security and life safety system design.