Speaking out on Security

Codes + Standards

NFPA develops new guidance document covering facility security issues

By Susan McLaughlin

In an expansion of its more traditional areas of concern, the National Fire Protection Association (NFPA) is currently putting the finishing touches on a new document providing advice on security issues in many types of facilities.

The Technical Committee Review Session at the NFPA's 2005 World Safety Conference and Exposition in June passed the new document, NFPA 730--Guide for Premises Security, which will be issued this fall.

The document is a guidance rather than a standard, and even NFPA standards are not considered to be regulatory until they are adopted by an authority having jurisdiction. However, health facilities professionals will still be very interested in its contents.

Reducing vulnerabilities

The scope of the document is to describe "construction, protection, occupancy features and practices intended to reduce security vulnerabilities to life and property," the document states. "The purpose of this guide is to provide criteria for the selection of a security program to reduce security vulnerabilities," it adds.

Although there is a separate chapter (chapter 12) devoted to health care facilities, NFPA 730 is intended to apply to all industries. The generality of the document itself presents some issues with the content, as the following excerpt from its table of contents illustrates:

Chapter 11: Educational Facilities;
Chapter 12: Health Care Facilities;
Chapter 13: One and Two Family Dwellings;
Chapter 14: Lodging Facilities;
Chapter 15: Apartment Buildings;
Chapter 16: Restaurants;
Chapter 17: Shopping Centers;
Chapter 18: Retail Establishments;
Chapter 19: Office Buildings;
Chapter 20: Industrial Facilities;
Chapter 21: Parking Facilities; and
Chapter 22: Special Events.

NFPA 730 attempts to address security concerns in this wide group of occupancies in a relatively brief document, but one size does not fit all.

Unfortunately, it was also written without input from the health care industry, so the health care chapter fits particularly poorly. However, some major concerns were addressed through the NFPA process, with changes introduced during the Technical Committee Review Session, so it is somewhat improved over the original proposal.

Components of security

Following the first four chapters, which are administrative, there are a series of chapters intended for all occupancies that address components of a security program. They include the following:

Chapter 5: Security Vulnerability Assessment;
Chapter 6: Exterior Security Devices and Systems;
Chapter 7: Physical Security Devices;
Chapter 8: Interior Security Systems;
Chapter 9: Security Personnel; and
Chapter 10: Security Planning.

Chapter 5 is particularly useful to health care. The process described is analogous to the hazard vulnerability assessment performed for emergency management. Section 5.1.1 defines this as "a systematic and methodical process for the following:

(1) Examining ways an adversary might exploit an organization's security vulnerabilities that can result in an undesired outcome.

(2) Developing countermeasures to address adversarial events."

It should assess the status of the "organization's threat exposures, security features, and preparedness." This assessment would fulfill the Joint Commission on Accreditation of Healthcare Organizations (JCAHO) proactive risk assessment process required by EC.2.10.

Chapter 6: Exterior Security Devices and Systems contains detailed information on fencing, entrances, locks, lighting, walls, roofs, openings and barriers. While parts of this chapter will be useful to health facilities, it also includes subjects like top guards of barbed wire on fencing and iron bars on windows.

The chapter on physical security devices addresses key control, locking mechanisms, doors and vaults. Construction standards are given for vault and safe construction. Interior security systems are addressed with respect to controlled and restricted areas. Types of intrusion detection, alarm and access control systems are also described.

Two chapters address security personnel and planning, and are also very general, with Section 9.3.2 stating, "A substantial expense for security services can be required for crowd or traffic control, for safeguarding highly classified or sensitive information, or for protecting material or functions which have high intrinsic, rather than monetary, value." Security planning should be based on the vulnerability assessment, and should address the most likely events. Time and resources should be allocated under the plan. An outline of plan elements is also provided. Two brief sections address terrorism and the Homeland Security Advisory System.

Health facilities

The health facilities chapter states that a security plan should be developed and a security vulnerability assessment should be conducted in accordance with previous chapters. Special considerations related to the health care environment are addressed in annex material. These relate to the populations and the stress of the environment for all concerned, including patients, family, staff members and others. Various settings for health care provisions are also addressed along with politically based stressors such as health care benefits.

A suggested security program for health care facilities should include employee involvement, training, employment practices and security measures. To be effective, management support of the security program is essential and the employee involvement would range from participation in program development to program analysis and training. Obviously, this also includes involvement in the ongoing implementation of the program, such as reporting incidents and identifying potential problems.

NFPA 730 recommends initial security training with periodic updates. Suggested training topics include location and use of alarm systems and other protection devices, de-escalation techniques, policies and procedures, and employee and patient rights. Supervisors are given the responsibility to ensure that workers' assignments do not compromise safety and security. An additional level of training is recommended for the management and supervisory group to include hazard recognition.

A section on employment practices emphasizes the value of pre-employment screening, including background checks as appropriate to the candidate's prospective position. The organization's policy should be consistently applied.

Measures to take

The "Security Measures" section of the health care chapter addresses exterior areas, parking facilities, building access control, interior areas, security equipment, security personnel, and security training for home health care workers.

A significant portion of the material in the original proposal addressing exterior areas has been moved to the annex of the document. This relates to the value of lighting and the problems related to landscaping. What remains in the body is a statement that fencing the perimeter of the facility may discourage unauthorized access and some criminal activity, lighting of exterior areas should be adequate and shrubbery should be kept trimmed. After-hour access points should also be limited.

For parking facilities, one point of vehicle entry and exit is suggested, but it is acknowledged that this may not be practical. Enclosing the first and second levels of the structure with screening that still provides visibility is advised. Exterior doors should be locked in accordance with code requirements. Lighting is addressed, along with parking provisions for night shift workers.

The access control section has been significantly revised since the proposal stage. The document now recommends consideration be given to the establishment of an access control program. Identification badges are suggested for physicians, volunteers, students and contract staff based on the risk assessment process, which is in accordance with the JCAHO requirements. Visitor identification badges are now worded as a consideration rather than a requirement. Protection of patient information refers to the Health Insurance Portability and Accountability Act. Access to uniforms should be controlled, and policies should be established for receiving flowers and other deliveries.

The rationale for protection of some key interior areas has been moved to the document's annex. What remains are controls for access to maternity, labor and delivery, and pediatrics; consideration for security measures in the ED; safe storage and distribution for controlled substances; and restricted access to storage areas.

The section on equipment was originally prescriptive, but modifications have been made to alleviate that concern. Coverage areas for security cameras are addressed, but the word "all" has been removed in the broadest statement, thus giving the organization discretion. Locations of duress alarms are now "as needed" with suggestions given for potential placement. Maintenance of security systems is as appropriate by the organization's risk assessment process.

Security personnel should be thoroughly screened before hire and thoroughly trained after. If patrols are used, they should be frequent and on an irregular basis, with documentation. Use of weapons requires specific training.

Home health care service workers are in a unique environment with limited control, and thus should have specialized training. Local police departments or other agencies are suggested as providers of such training, which should include awareness and avoidance. Communications devices and alarms are suggested for issuance to these providers.

Advisory, not authoritative

NFPA 730 provides some information that is useful to organizations, but it should not be viewed as a complete and authoritative resource.

Susan McLaughlin is president of SBM Consulting, Barrington, Ill., and a consultant to ASHE. She can be reached at sbmconsult@ameritech.net.

To respond to this article, please click here.

Click here for a FREE subscription to Health Facilities Management.

Hospitals & Health Networks | Health Care's Most Wired | Trustee | Health Facilities Management
Materials Management in Health Care | Buyer's Guide for the Healthcare Market

Copyright ©2009 Health Forum. All rights reserved.
Please report problems to webmaster@healthforum.com
Health Facilities Management is published by Health Forum, Inc. an American Hospital Association information company.

This website contains links to sites which are not owned or maintained by the American Hospital Association(AHA). The AHA is not responsible for the content of non-AHA linked sites, and the views expressed on non-AHA sites do not necessarily reflect the views of the American Hospital Association.