How to build an enterprise-wide security program

Sunday, June 27, 2010

NASHVILLE, Tenn.—One of the largest private hospital chains in the United States, with more than 500 facilities nationwide, recently began a major effort to consolidate and streamline its security department on an enterprise level. “The corporation has worked diligently on security, including infant abduction systems and controlled access, but it’s never been under one roof,” said Tim Portale, chief of safety and security for Hospital Corporation of America.

Portale said the driving force behind building a more robust enterprise security program came from an engagement survey of its more than 100,000 employees. “The score results indicated employees were concerned with their safety while working,” he said. In order to address these concerns, Portale said the corporation needed to get a better picture of what resources and programs individual facilities had in place. “We started the process by developing a corporate committee with senior management all the way down to individual departments who were working on security-related issues,” he said. HCA flew in 70 of its primary stakeholders, ranging from CEOs to directors of security, to brainstorm what areas the corporation needed to concentrate on first.

As a result from that session, the corporation determined there were five areas that needed attention. The first was setting up a governance and leadership body to focus solely on security. “There was no corporate leadership. There were lot of go-to people, but nobody heading up the effort on the enterprise basis,” he said. Thus, on June 7, the corporation hired Bill Hapner as the director of security for HCA.

Hapner, who has been in the security industry for more than 25 years, largely on the integration side, said the corporation will rely a great deal on metrics to develop its enterprise security department. “One thing we’ll do is start tracking trends and, based on those trends, we’ll determine what kind of technology we need,” Hapner said. Having more information about the trends occurring in its facilities will help determine what security components need to be installed, which, in the long run, can save the hospital money.

“Rather than go and put in 200 cameras in our hospitals, we can have 150 strategically placed because of the trends we’ve picked up on,” Hapner said. One of his larger endeavors will be to conduct an enterprise-wise inventory of equipment to determine what security components are in place and, therefore, what equipment needs to be added.

The corporation will continue to develop systems for identifying developing trends. For example, “we don’t have an enterprise-wide incident reporting system for near misses involving violence,” said Portale. While the corporation has a reporting system for official claims or injuries, it does not have a way to track incidents that do not result in claims or injuries. The corporation will continue to rely on metrics to develop its enterprise security department. “We’re keeping track of 20 to 25 metrics and on a quarterly basis we have calls with division management at hospitals having issues with one of those 25 metrics,” Portale said.

In addition to these goals, Hapner will be also focusing on improving training procedures for employees and security officers. “We’ll be training for de-escalation and will come up with a strategy on how to deploy training and who will receive that training,” he said. The corporation will also evaluate whether it needs armed security officers in some of its facilities, and if so, what training requirements will be necessary.

And, one of the final initiatives of the enterprise security department will be to further the corporation’s involvement in legislative policies. “We’ll be working towards developing statutes and laws that would help keep healthcare workers safer,” Portale said.



Yeah, their first move was to lay off a few much needed security officers.