Risk and Security LLC

Risk Assessments, Training and More

This content shows Simple View

Caroline Ramsey-Hamilton

Chicago Hospital Ordered to Pay More than $10 Million Dollars to a Female Doctor and 6 Nurses who Filed a Lawsuit for Two Separate Harassment Incidents Including Being Choked by a Doctor, and Another Doctor who installed a Toilet Cam in the Women’s Locker Room

RISKAlert  Report #1073                                      Sept. 19, 2018                                       Chicago, Illinois

The former employees of Advocate Illinois Masonic Medical Center in Chicago won a lawsuit against the
hospital after reporting that hospital doctors harassed them.  The Chicago Tribune reported that the hospital received
reports about violent incidents but did nothing.  The women accused the hospital of failing to act
when violations of the hospital own written policies were reported and then ignored

$7 million of the total amount was awarded to Dr. Caroline Ryan, an anesthesiologist who was choked and
pushed by Dr. Stephen F. Laga, in 2013. The attack was witnessed by several hospital staff members

and also by patients.  Dr. Ryan was asked by hospital administration to drop her report against Laga, who
had a “long and documented” history of violent behavior, says the complaint.   Laga was never disciplined.

The following year, a hidden camera was found on the toilet (Potty Cam?) in the women’s locker room where
women changed clothes and used the restroom.  The camera was planted by Dr. Robert Weiss, an eye surgeon
at Illinois Masonic, who viewed and possibly shared the content.
Weiss was arrested when the camera was
discovered. Although aware of his arrest, the hospital delayed suspending Weiss’ medical privileges
.

The women’s complaint also pointed out that the hospital had ignored previous reports of inappropriate
sexual behavior from Weiss.  The six women were awarded $1.75 million for violations of their privacy and
an additional $2 million for punitive damages. The jury was sending a clear message”, said the women’s
attorney, Jeffrey Kulwin.  He said he believes doctor misconduct has been tolerated because of the money the
doctors bring in to the hospitals.

Today’s verdict against Advocate sends a strong message to Advocate, and employers everywhere,
that violence in the workplace cannot be tolerated, especially at a place as important as a hospital
,”

LESSONS LEARNED:

1.  Having, and Enforcing a strong policy against workplace violence and harassment is a critical
     component of creating a safe workplace, no matter who is being violent against others!

2.  The hospital lost the lawsuit because they blatantly refused to enforce their OWN POLICIES! 

THANKS FOR READING THE RISKAlert Report©

For more information write to:  caroline@riskandsecurityllc.com
We provide the best Facility Risk Assessments, as well as Active Shooter Assessments, Training,
Workplace  Violence Assessments, and  & CMS All Hazards Risk Assessments, Facility Drills &  Training.

www.riskandsecurityllc.com                                                           www.caroline-hamilton.com

#RiskAssessment                                       #CMSImmediateJeopardy                                       #HospitalViolence



MAN AT SOCIAL SECURITY OFFICE STABS HIS MOTHER AND GRANDMOTHER IN WORKPLACE VIOLENCE INCIDENT BEFORE BEING SHOT TO DEATH BY FEDERAL SECURITY OFFICER

RISKAlert Report Updated:  July 9, 2018                                                                                       McComb,  Mississippi

MAN AT SOCIAL SECURITY OFFICE STABS HIS MOTHER AND GRANDMOTHER IN WORKPLACE
VIOLENCE  INCIDENT BEFORE  BEING SHOT TO DEATH BY FEDERAL SECURITY OFFICER

A 21-year-old Mississippi man, Branen Carter, went into the McComb, MS, Social Security Administration office with his mother and grandmother, and then he stabbed his mother and grandmother in the lobby before he was shot to death by a federal FPS (Federal Protective Service) security officer. 

The incident happened at 11 am, and the facility was put on lockdown after the incident.  Large numbers of law enforcement officers responded to the one-story brick building on the edge of McComb, which is about 100 miles south of Jackson.

Carter’s mother, Lee Anna Turnage, and grandmother, Ann Carter, were in stable condition at Southwest Mississippi Regional Medical Center, after what was reported as a family fight that turned violent.

Mississippi court records show Branen Carter was indicted in Marion County in December 2016, when he was 20, on two felony charges — one count of statutory rape and one count of sexual battery of a child between the ages of 14 and 16.  He pleaded guilty in May 2017 after the two felony charges were reduced to misdemeanors (WHY?), and he was given two six-month suspended sentences, which means he did not have to serve jail time. The attorney who represented him was out of the office Monday and could not immediately be reached for comment.

The Director of Communications for the Federal Protective Service, Robert Sperling, said that the FPS agency has a long history of using armed security guards at federal agencies it oversees. “It’s a cornerstone. We have officers in social security offices and most federal agencies across the country, such as the IRS,” Sperling said.

LESSONS LEARNED:

      1.  Workplace Violence can happen anywhere, and family disputes often spill over into
public workplaces.  This attack happened in the lobby of the federal agency.

  1. The FPS did an excellent job of countering the threat and probably saved the
    lives of both women.


THANKS FOR READING THE RISKAlert Report©

For more information and a free subscription:  write to:  caroline@riskandsecurityllc.com
We provide the best Active Shooter and Facility Risk Assessments & Training Programs.

Find out more at   www.riskandsecurityllc.com .

#Stabbing     #WorkplaceViolence



Western State Hospital (Tacoma, WA), Could Lose $65 Million in Federal Funds as CMS Finds Serious Risk for Exposed Fire System Devices that could be used by Patients to Commit Suicide by Hanging

 

 

 

 

RISKALERT  #1040 – Report Updated:  May 30, 2018

In a memo sent to top staff earlier in the week, “CMS identified a serious risk of harm to patients due to ligature risks
from the fire system in patient care areas of Building 21
,” said the memo, which was obtained by public radio. Building 21 is where civil, or non-criminal, patients are treated on five different wards. Typically a ward has 30 patients. Western State Hospital is a Psychiatric Residential Treatment Center (PRTC) with over 800 beds.

A CMS finding of serious risk of harm is also known as an “immediate jeopardy.”  The memo also said that if the issue is not resolved, funding could be lost in 23 days.

Since 2015, Western State Hospital has been under scrutiny for serious repeat violations that inspectors said put patients and staff at risk. The litany of troubles included violent assaults on patients and staff, the 2016 escape of two high-risk patients and scores of unauthorized patient “walkaways.”

The safety violations were discovered by a team of 22 federal surveyors who were re-inspecting the hospital last week as part of a turnaround plan that is approaching the two-year mark. The sprawling hospital, which serves civil and forensic patients, must meet standards on 26 federal “Conditions of Participation” in order to continue receiving federal funding.

A “root cause” report in 2016 identified ineffective management, staff reductions and turnover leading to patients who felt “neglected” and a “culture of helplessness” among staff. A review by the Department of Corrections also found numerous security gaps including 25,000 master keys unaccounted for.

LESSONS LEARNED

1.   CMS requires all residential treatment facilities to maintain a safe physical environment, and any
identified risk situations should be addressed immediately to prevent loss of CMS reimbursement funds..

  1.  Management must take the lead even in facilities related issues, instead of leaving the improved
    implementations up to lower level staff members.

    THANKS FOR READING THE RISKAlert Report
    ©For more information and a free subscription:  write to:  caroline@riskandsecurityllc.com

    We provide the best Active Shooter Training, Workplace Violence Assessments, and & CMS Facility All-
    Hazards  Risk   Assessments, Drills &  Training Programs.

www.riskandsecurityllc.com   and   www.caroline-hamilton.com



SEVENTEEN-YEAR-OLD ACTIVE SHOOTER AT SANTA FE, TEXAS HIGH SCHOOL KILLS 10, INJURES 13, AFTER STUDYING MASS SHOOTING TECHNIQUES

       

 SEVENTEEN-YEAR-OLD ACTIVE SHOOTER AT SANTA FE,  TEXAS HIGH SCHOOL KILLS 10,
INJURES 13, 
 AFTER STUDYING  MASS 
SHOOTING TECHNIQUES FROM NEWS REPORTS

RISKAlert Report #1035 Updated:  May 20, 2018                                                      Santa Fe, Texas

At 7:25 am on a Friday morning in Santa Fe, Texas, a 17-year-old student walked into his classroom, wearing a trench coat and armed with his dad’s Remington 970 shotgun and .38 caliber pistol that he used to shoot 23 people inside his school.  Ten were killed and 13 were injured in the planned shooting.  Armed officers responded within four minutes and a gun battle
ensued with the subject.

Although a romantic failure may have triggered the attack, the shooter had long been a fan of active shooters and studied previous shootings, like pulling of the fire alarms in the recent Parkland shooting. He wore a trenchcoast, mirroring the horrific Columbine High School shooting in April, 1999, in which two teenage boys with weapons hidden under trench coats killed 12 students and one teacher

According to a witness, the shooter yelled “WOO HOO”, as he shot up the classroom.  Multiple media accounts say the gunman taunted some of his victims, asking some hiding in a closet if they wanted to answer their ringing cell phones. “You want to get that?” the attacker said, according to The Wall Street Journal.

He spared others saying he wanted his story told. Police also found five homemade pipe bombs that did not detonate.

The shooter had pursued a romantic interest, Shana Fisher, for the past four month, according to her mother, but she refused to date him.  Shana was shot and killed in the incident.  Her mother said that the previous week, her daughter, Shana, has said in media accounts that her 16-year-old daughter had rejected four months of aggressive advances from Pagourtzis.
Fisher finally stood up to him in front of the entire class, and proclaimed she would never go out with him, embarrassing him in class, her mother told the Los Angeles Times.

Many of the aspects of the attack mirrored one of the worst school shootings in American history: the massacre at Columbine High School in April, 1999, in which two teenage boys with weapons hidden under trenchcoats killed 12 students and one teacher.

LESSONS LEARNED

       1.  Even with a relatively quick 4-minute response time, there were still 10 killed and 13 injured, demonstrating that
            even a well-armed police officer cannot quickly stop the killing, once  shooting starts!!

  1. Texas State officials blamed the attack on video games, on abortions, and on too many entrances and exits
    to the high school buildings, even though the school lacked any access control, no metal detection and
    no screening of any kind.
  2. Underage students should not have ready access to firearms. The shooter’s parents apparently missed the fact that
    he assembled pipe bombs in his bedroom, had access to guns, and avidly recounted mass shootings.

  3. Why are parents fined if their child is late in returning a library book, but not if their child shoots
    and kills people with daddy’s guns?

    The massacre claimed Shana Fisher’s life, and also claimed the lives of students Sabika Sheikh, a Pakistani exchange student; Chris Stone; Jared Black, Angelique Ramirez; Christian Riley Garcia; Aaron Kyle McLeod; and Kimberly Vaughan. Teachers Glenda Ann Perkins and Cynthia Tisdale were also killed.

The people hospitalized included retired Houston police Officer John Barnes, who served as a resource officer at the school and confronted the gunman.

Pagourtzis did not attempt suicide, like the Columbine shooters, but Texas’ governor, Greg Abbott, a Republican, told reporters that the youth wanted to kill himself, citing the suspect’s journals, but lacked the courage to do so.

Dimitrios Pagourtzis,  is being held without bail and is accused of capital murder of multiple people and aggravated assault on a public servant.  he suspect won’t face the death penalty if he is convicted. Under Texas law, offenders who are under age 18 and charged with a capital offense face a maximum punishment of life in prison with the possibility of parole after 40 years.

THANKS FOR READING THE RISKAlert Report©

For more information and a free subscription:  write to:  info@riskandsecurityllc.com

We provide the best Active Shooter Training, Workplace Violence Assessments, and
 & CMS Facility Risk Assessments, Drills &  Training Programs.  
  www.riskandsecurityllc.com   and www.caroline-hamilton.com

 

 

 

 



HIPAA COUNTDOWN – 26 DAYS LEFT TO COMPLY WITH HIPAA OMNIBUS RULE!

The HIPAA Countdown continues, with the HIPAA Omnibus Rule compliance date of September 23rd looming in the distance.

Now that everyone is coming back to work, relaxed from the long weekend (we hope), it’s time to get back to work.

As a HIPAA Risk Analysis expert, I have gotten more than 300 calls and emails in the last 5 days (yes, even on Sunday) about
what NEEDS to be done right now.   Here’s a sample of the questions,

“Should I do a penetration test before Sept 23rd?”
“Should we update our policies before Sept. 23rd?”
“Should I hurry and get the laptops encrypted by Sept 23rd?” 
“We re-wrote our business agreements – what else do I need to do before Sept. 23rd?

To quote Leon Rodriguez, the Director of the Department of Health and Human Services, Office of Civil Rights, which is
the lead federal agency for HIPAA Enforcement, “The Number One Thing you need to do before September 23rd
is to update, or start a new 
HIPAA Risk Analysis.”  

According to the OCR Guideline on Risk Analysis,  “Conducting a risk analysis is the first step in identifying and
implementing safeguards that comply with and carry out the standards and implementation specifications in the Security
Rule. Therefore, a risk analysis is foundational, and must be understood in detail before OCR can issue meaningful
guidance that specifically addresses safeguards and technologies that will best protect electronic health information.”

This is why the First Area that OCR will address when they visit is:  “Where is your HIPAA Risk Analysis?”

Where is yours?  And has it been updated lately?

And did you know that Leon Rodriguez is on Twitter!  His twitter handle is @OCRLeon.

 

 

 



Why HIPAA Compliance is Related to Federal Contracts

Most healthcare organizations take Federal money – whether it’s reimbursement for Medicare services, or if it’s a federal grant for
providing special care or even addiction treatments, or whether they are part of an NIH trial, or receiving grant money for research.

If your organization is part of state government, county government or even city government, your organization probably takes federal money too.

When the hospital, clinic or treatment center gets that Federal check, they have to first sign a contract saying they verify that they are in compliance WITH ALL FEDERAL LAWS, RULES AND GUIDELINES.  In the old days, this may have meant that you didn’t discriminate in your hiring policies, or that you complied with the Americans with Disabilities Act (ADA), or that you complied with federal reporting requirements, like for a GSA Contract, or for billing protocols.

But HIPAA is also a law, and a Federal Rule, and so when you signed that contract, you attested, or ‘represented’ that your organization was in compliance with all the HIPAA laws and rules, too.

I recently talked to a CEO of a large hospital that, as a Level 1 trauma center, received millions of dollars each year from the Federal government – and he wasn’t aware of their HIPAA status!  He didn’t know if a HIPAA risk analysis had been done (it hadn’t), or whether they had amended all their business associate agreements (hadn’t even started), and also had no idea that some of these HIPAA Rules had elements that needed to be formally approved by the Board.

If you’re the HIPAA Compliance Officer, the Privacy Officer, the Information Security Officer, or any functional title that means, the HIPAA Buck stop with you — you need to explain this to your manager or director.  This will get any administrator’s attention, because they don’t want to have to give any of that money back, and they also don’t want to get into a lawsuit over a compliance issue.

So keep talking about that HIPAA Compliance deadline of September 23, 2013, and you’ll get the support you need, and maybe the budget you need to keep all your HIPAA activities in full swing!

 



My Pool got Hit by Lightning – Are You Next?

My swimming pool got hit by an adjacent lightning strike!   The lightning strike hit a tree about 6 houses down from my home in Maryland.  I heard the lightning strike at the time (midnight), and I still remember that it was so loud the beagles dived under the bed.

But the next morning, when I woke up, I looked out from my 2nd floor window and saw something that looked like two fried eggs floating in the pool.  It took me about 2 minutes to realize that they were the pool lights, floating in the pool, still tethered by the electrical lines.

The lightning strike was so sharp and close that it broke the lights out of their plaster enclosures and now there they were, fully electrified, floating right in the water.  It took me eight calls to find someone who would come and fix the lights, turn off the electricity and get the lights out of the pool.

If a lightning strike could do that from 6 houses away, what could it do to a person? Because it’s Lightning Safety Week, I looked up some interesting stats from the National Weather Service – check out these stats:

Your chance is being struck by lightning in your lifetime is 1 in 3000!

From 2006 – 2012, about 2300 people were struck by lightning and 238 people were struck and killed by lightning in the US.

2/3rds of the deaths were to people enjoying outdoor leisure activities.

82% of all fatalities were to men.

70% of the lightning deaths occurred in the months of June, July, and August.

Only 10% percent of people struck by lightning actually die, but 70% of those that survive

a lightning strike have serious long-term effects from the strike, including fear, depression and debilitating physical injuries.

STAY SAFER THIS SUMMER, and teach these tips to your kids, too.

  • Get out of pools, away from beaches, lakes or ponds.

  • Never stand by a tall tree during a lightning storm

  • Drop or get away from metal objects like golf clubs, umbrellas, etc.

  • Get indoors or into your car if you can’t get inside.

  • Stay indoors for 30 minutes after the last flash you see.

 

And have a wonderful, active summer?



Snowden’s Shameful World Tour

Being a security person, and believing that extrodinary measures are required to keep us safe from
the increasing terrorist threat…   I maintain that Edward Snowden is a total coward, now that he has launched his travel from the US to China to Russia, and presumably, Cuba, Venezuela and Equador.

His judgement on many things is in question, especially in taking advice from another coward, Julian Assange, who’s been living in a small Embassy in the UK for a year.

Perhaps he could make a case that he thought US taxpayers had a right to more details about their tax dollars at work – the NSA’s surveillance programs, but he certainly DOES NOT have the right to disclose any classified program information to other nations, like China and Russia – just to name 2.

He DOES NOT have the right to stir up suspicions between nations, sort of a misguided meddler, basically selling out US secrets to a hostile world, and who knows who’s paying for all the international travel?  Is he handling out secrets for free, or is he selling out our country for financial gain?

His cowardice is illustrated by his total fall into the “What’s Good for Me” logic, which totally ignores issues of national security, destruction of trust between nations, and these actions compromise every statement he’s made so far.

He made himself into a 7-day media star.  He got his 15-plus minutes of fame, and now, he obviously has done a little more thinking about his choices, so he’s totally intent on protecting himself from any penalities, any recriminations, any dialogue with the US over the far-reaching implications of his bad choices.

For these reasons, and quite a few more, and mostly because I believe that he threatens our hope for a more peaceful world, I hope that other nations will grab him, return him to the US – to face the music he chose.

More distrust, more self-absorbed leakers, more lack of respect for the laws that govern civilized countries, is just not something we need right now.



Oklahoma Tornado, Boston Bombing, Young Soldier Killed – It’s time to do a Security Risk Assessment!

More Tornado victims will be buried this week.   Including many children who died at their schools because the school district didn’t spend the extra $3000 to have a storm cellar/safe room available.

One month ago, we watched as victims of the Boston Marathon Bombings were buried.

Yesterday, we watched an Islamic Jihadist savagely kill a  young British soldier with knives.

What other events do we have to witness before we start taking security assessments seriously?   How many more grieving parents do we have to watch crying on TV and, in my opinion, the casualities did not need to be so high and the aftermath so catastrophic.

If you group all these disasters together, you can that at the root of each one, is the feeling that, “IT CAN’T HAPPEN HERE”…..    Britain, for example, has tolerated mosques preaching hate, thinking that nothing like the knife attack could happen in civilized London.

In Moore, Oklahoma, people thought, “we already had a major tornado, so IT CAN’T HAPPEN AGAIN”!  Well, surprise – it happened again.  While forecasters cannot dictate the exact path of a tornado, they can get close, and with just fifteen minutes advance warning, there is  time to get everyone into storm cellars, safe rooms and underground shelters.  BUT IF THERE IS NO SHELTER AT A SCHOOL…….

Many obvious solutions-controls-safeguards were missed in these recent tragedies because proper, formal security risk assessments weren’t done effectively.  If they had been done, perhaps the London police could have picked up someone who touted murder and hate.

If a risk assessment had been done in Moore, OK, maybe the high risk of a tornado would have allowed the schools to all add the safe rooms they needed, and in Boston, the older brother Boston bomber, should have been in jail already for his participation in a previous murder – or at least actively monitored based on his facebook postings.

The clues are all there, and, looking backwards, you can see the pieces that SHOULD HAVE BEEN ENOUGH TO PROMOTE some kind of action to either:

        1. Eliminate the threat  or, 

              2. Reduce the severity of a potential threat in case it occurred.

Security risk assessments gather the numbers and the information organizations need to make better choices about how to protect people’s lives, facilities, and organizations.  I hope these events will prompt more Security Directors to take an objective and unbiased look at their own organizations, and the controls they have in place, before you end up on CNN!

 



Tragedy at the Boston Marathon – What Went Wrong?

Looking at the CNN footage of the Boston Marathon finish line yesterday, I was struck by the shock of the bystanders and the chaos that followed the blasts.

Having just giving two seminars on security controls, I pulled out my list to see what could possibly have been done differently to prevent this devastating outcome, and there was the first word on the list ACCESS CONTROL.

After thirty years as a security expert and risk-threat analyst, I am about 85% sure that this was a lone wolf attacker who made his crude bombs to address some personal perceived problem, whether it was fear of gun legislation, spillover from the Israeli-Palestinian conflict, the Neo Con torture initiative, or something else.

Putting the attacker aside for a moment, the tragedy happened because SOMEONE WAS ABLE TO WALK RIGHT UP TO THE FINISH LINE AND PUT AT LEAST 3 BOMBS right near the finish line!   THiS IS NOT RIGHT.

There has to be SCREENING and ACCESS CONTROL PROCEDURES IN PLACE!  You can’t have security if you have open access to a major event like the Boston Marathon.  For year, security experts have cautioned that large crowds make a great target, and so events have paid lip service to this concept, without staying on the task, and making sure that SECURITY CONTROL NUMBER ONE –  ACCESS CONTROL  is ALWAYS in place.

But people don’t like access control, it’s too much trouble, they say.  They don’t like metal detectors, too expensive, too much trouble, too intrusive.  Well, it’s not as intrusive as having a major injury.   There are ways to secure these high profile sites, but the security community has to lead on this.

Yes, it is very sad and depressing that the world has come to this — but it has.  And it will happen again.  As long as security is perceived as too much trouble, too expensive, too tough to do, and too intrusive, there will be more tragic events like this one.

 

 




top