Designing security features into a new health care facility or renovated space from the beginning can improve safety and security, maximize utilization of human resources and lower operational costs while improving customer service and employee and patient satisfaction.

It can be easy to miss or glaze over meaningful discussion about security in the early stages of design. Often the design team and unit leaders are so focused on designing their new space that security is not seriously considered until major decisions already have been set in stone. These include stairwell location, traffic patterns and adjacent functions that may lead to conflicting operational needs, such as placing a night food-service operation inside the nighttime perimeter of the facility, which would require additional security checkpoints.

When security flaws are designed into a project, expensive change orders and retrofitting usually are necessary. Sometimes it is impossible to alter a design due to conflicts with life-safety codes or cost-prohibitive retrofitting expenses. Add-on security features also may deter from the aesthetic value of a project, and the final project may end up costing a great deal more.

The worst case occurs when appropriate security features are left out, or are value-engineered out, and an adverse incident occurs. At this point, the security features are added at great expense. Retrofitted security features are almost always more obvious and less effective than security features that are designed in from the early stages.

Design and renovation help

To help build effective security features into each renovation and new construction project, the International Association for Healthcare Security & Safety (IAHSS) appointed a task force to develop design guidelines for use by architects, and security and design staff members.

Called the IAHSS "Security Design Guidelines for Healthcare Facilities," the project was funded by the International Healthcare Security & Safety Foundation and published in April 2012. It comprises a general guideline as well as specific areas of emphasis and various subguidelines, all of which will be modified, expanded and deleted in a continuous review process.

General guideline. This section lays the foundational security and design principles that are carried throughout the remaining guidelines. It establishes the principles of risk assessment and the inclusion of an assigned project security representative as well as the concepts of protecting in layers through the creation of concentric rings of control, and crime prevention through environmental design (CPTED). All succeeding sections complement the security design elements in the general guideline.

Parking and the external campus environment. This guideline complements the general section through expansion of principles relating to CPTED and establishment of the first ring of protection at the property line. Additional concepts that receive elaboration include the use of physical barriers; coordination of vehicle entrances; landscaping and pedestrian walkways; surveillance and lighting systems; access control principles at the perimeter to reduce the potential for unobserved pedestrian access by channeling access, using natural barriers or fencing, transit placement, lighting and wayfinding; and parking facility security considerations.

Buildings and the internal environment. With nine subguidelines, this guideline is the most voluminous and defines zones of protection within the internal environment; management of access systems; and areas requiring such special security consideration as research facilities, shipping and receiving, mail rooms and administrative office facilities.

The typical zones in the health care environment include general areas accessible to the public at all times (i.e., lobbies, emergency departments (EDs) and entrance points); general areas restricted to the public during nonvisiting hours or periods of lesser activity (i.e., restricted waiting rooms and closed departments); screened public areas; staff and accompanied public areas (i.e., operating room recovery areas); general staff-only areas; and areas for designated staff with the appropriate clearance.

The operating procedures for access systems and the type of systems specified should be consistent across the health care facility. Electronic security systems, if available, should be integrated and standardized. A few of the design considerations in this guideline include alarm points, closed-circuit television, door hardware security requirements, wayfinding and signage, and coordination with other building technology systems.

Areas requiring special consideration (excluding designated security-sensitive areas) are identified in this guideline, including materials management; central supply and sterile processing; shipping and receiving; mail rooms; health information management and medical records; human resources; administrative and business offices; meeting rooms and conference areas; call centers, switchboards or other staffed telephone answering centers; research facilities; child care centers; urgent care facilities; and operating rooms, sterile areas and special procedures areas.

Subguidelines within the buildings and the internal environment guidelines largely concentrate on locations whose function or activity presents an environment in which there is a significant potential for injury, abduction or security loss that could severely impact the ability of the organization to render a high quality of patient care. They include the following:

• Inpatient facilities. This guideline complements the earlier guidelines by further elaborating the concepts of protection in layers, including zones, control points, circulation routes and required egress paths. Major points of emphasis for this guideline include placement of elevators and stairwells to avoid conflicts between life safety and security. It also features design considerations for reception areas, information desks and other customer service or screening stations.

• Emergency departments. The ED should be viewed as a secured area providing an added layer of protection between the health care facility, public areas and treatment areas. The project design team should develop a comprehensive security plan that indicates a layered approach, including zones, control points, circulation routes and required egress paths. Detailed elements of this guideline include recommendations concerning adjacent spaces, parking and a distinction between internal and external ambulatory and
nonambulatory access points. Other highlights of this guideline include recommendations relating to waiting rooms, weapon storage, patient valuables, furniture, security and police work stations, high-risk patient observation rooms and prisoner patient rooms.

• Behavioral/mental health areas. Behavioral/mental health (BMH) patients pose unique challenges and risks as a result of their medical condition. The BMH guideline provides guidance for standalone facilities and units within larger medical complexes. It offers detailed recommendations relating to perimeter design, internal space, and safety and security systems.

• Pharmacies. The design of pharmacies should address the unique risks presented by the storage and distribution of narcotics and other controlled substances. The design should create a secure physical separation between pharmacy operations and the public while integrating security systems for access and audit functions. Specific intents within this guideline provide recommendations concerning physical security, protection of people and audit capabilities.

• Cashiers and cash collection areas. The collection, storage and handling of cash present unique security risks to health care facilities. Security design considerations for primary and secondary cash collection areas should integrate the physical location and layout with security controls and technology. The risks posed by cash collection primarily involve robbery and internal theft. This guideline provides specific measures covering safes, physical security, video surveillance measures and audits.

• Infant and pediatric facilities. Infants and pediatric patients are vulner­able patient populations requiring added security measures and special attention when designing space. Design team members should consider the patient and family experience, the physical location and layout, and integration of security controls and technology. Intents within this guideline provide recommendations for reception and waiting areas, access control zones, circulation routes, physical security and technology. Other special areas of consideration include security elements for the new-mother rooms, infant monitoring and pediatric play areas.

• Areas with protected health information. Guarding protected health information is an important element of any health facility renovation or new construction project. Designs should address the multiple ways in which privileged information could be compromised and should protect that information by utilizing integrated physical and electronic security systems. This guideline relates to signage, registration areas, furnishings, equipment locations, video surveillance and waste.

• Utility, mechanical and infrastructure areas. The design of facility utility, mechanical and infrastructure-related space should include the recognition that such space and the mechanical, electrical, plumbing and information technology systems within it are critical assets for the facility. The systems typically housed in these spaces are essential for uninterrupted patient care, basic building comfort and emergency response capabilities. This guideline is intended to provide recommended security design elements for utility systems, mechanical and infrastructure spaces, and built-in redundancy and expansion capabilities pertaining to technology and mechanical systems.

• Biological, chemical and radiation areas. Health care facilities must address the unique security risks presented by highly hazardous materials including, but not limited to, biological, chemical and radioactive materials. These materials frequently are regulated and areas must be designed accordingly. This guideline provides recommended design elements covering spaces to be addressed, waste streams, emergency response and audit features.

Emergency management. The final major area of emphasis is emergency management, which recommends that health facility designs consider practices that allow for flexibility and resilience required to manage emergency events.

An all-hazards approach to design should be applied to help the facility prepare for, respond to and recover from man-made events and natural disasters alike. This guideline provides recommendations relating to designs that support sheltering in place and repurposing space during emergency operations to accommodate intake and care of a surge of patients.

Designs should facilitate alternative points of access, space reassignment, emergency access to technology infrastructure, a lockdown of spaces and designation of space to provide services to support large numbers of individuals in areas separate from patient care and emergency management.

A role in planning

These guidelines are meant to encourage leaders in planning, design, security, safety and emergency management of building and renovation projects to ensure that reasonable security measures are incorporated at the earliest stages.

The guidelines should give everyone involved the knowledge and confidence to effectively contribute to preconstruction and design meetings. Moreover, these guidelines easily could be adapted to internal facility guidelines and used as a template for creating a minimum design standard for projects.

The bottom line is that these design features, when properly applied, will result in reduced cost, improved employee and patient satisfaction, and increased safety.

Thomas A. Smith, CHPA, CPP, is the director of hospital police and transportation at University of North Carolina Hospitals in Chapel Hill, and chairman of the IAHSS Healthcare Security Design Guidelines Task Force. He can be reached

Sidebar - How to access a copy of the IAHSS guidelines

The International Association for Healthcare Security & Safety's "Security Design Guidelines for Healthcare Facilities" was developed to help security leaders, design professionals and planning staff build security into each new construction and renovation project.

By addressing security risks during design, organizations can address the safety of new or renovated space cost-effectively. The outlined steps can help reduce the potential for security features not being designed into new space, added on as an afterthought or becoming "value-engineered" out.

The intent of integrating these guidelines early in the design process is to emphasize their importance, incorporate the work into other aspects of the project and to avoid expensive change orders, retrofits or other liabilities.

Readers can access the guidelines for free by signing up on the IAHSS website at before Sept. 30.


Sidebar - Useful references on additional design guidelines

Following is a partial list of additional design guidelines and resources for hospital and health care security:

Physical Security Design Manual for VA Facilities -- Mission Critical Facilities:

International Crime Prevention Through Environmental Design (CPTED) Association (ICA):

National Institute of Justice, Crime Prevention Through Environmental Design in Parking Facilities, April 1996:

Whole Building Design Guide summary of design standards for mail rooms:

OSHA Guidelines for the Prevention of Workplace Violence in the Healthcare and Social Work Settings:

OSHA Enforcement Procedures for Investigating or Inspecting Incidents of Workplace Violence CPL 02-01-052:

The Joint Commission Sentinel Event Alert #4 -- Suicide Prevention:

"Design Guide for the Built Environment of Mental Health Facilities," published by the National Association of Mental Health Facilities:

The Joint Commission Sentinel Event Alert #46 -- Suicide Prevention:

Department of Health and Human Services. Centers for Medicare Medicaid Services. HIPAA Security Series -- 2005:

National Fire Protection Association, NFPA 730 -- Guide for Premises Security: