Risk and Security LLC

Risk Assessments, Training and More

This content shows Simple View

Facilities Security

Another Look at OSHA & Workplace Violence

I just finished reading a new book called HALT THE VIOLENCE, written and edited by Patricia Biles and her Alliance Against Workplace Violence group.  Here are some of my thoughts on it, if your organization has been evaluating workplace violence issues:

Here’s my review and why I think you should get it (Amazon) and take a look – it’s a short read — less than 150 pages.

I like the insider perspective on how to prevent violence in the workplace. Patricia Biles was a former OSHA (U.S Occupational Safety and Health Administration) employee and their guru on violence issues.  Her work with industry groups and individuals has given her rare insight on the subject of stopping the epidemic of violence, and she gives practical solutions that employers and individuals can use to halt the violence.

The book covers the escalation of violence in the workplace and how OSHA reacted to the problem, which came to the forefront in 1989.  She identifies the groups most affected by violent events at work, including nurses, healthcare workers, taxi drivers, convenience stores, and late night retail establishments in particular.

As well as covering a complete history of the issue, she also weaves together input from other experts who specialize in aspects of the overall workplace violence problem, including the problem of violence in hospitals,  the increased incidents of bullying in the workplace, the importance of early intervention and practical strategies for diffusing angy, aggressive individuals.

The important of risk management procedures, such as performing regular threat assessments is identified as one of the few ways to identify individuals who may pose a threat, although the authors point out that both the Virginia Tech shooter and Jared Loughner, the diagnosed schizophrenic who shot Gabby Giffords, her staff, and innocent bystanders in Tucson, were both examined, and had psychological profiles which stated they were ‘unlikely’ to be a threat to others.

Specific violence-prone workplaces are also identified and specific recommendations given for hospitals, home health and social workers, and educational institutions such as schools, colleges and universities.

In some ways, this is an insider’s book because it gives you the behind-the-headlines details, not only of major workplace violence incidents, but also a look at what it takes to create new laws and encourage congress and federal agencies to recognize the problem and take concrete steps to ‘halt the violence’!

All in all, this is a very insightful and practical look at a problem that affects every workplace and every person who goes to work and counts on returning home in the same condition.  Employers will want to implement the suggestions in the book on how to reduce violence in individual organizations, and it also offers a valuable perspective on how to comply with new OSHA standards and they continue to evolve their approach to this critical issue.

 



Threat Modeling is the Exciting, Sexy Part of Risk Assessment

As a risk assessment professional, when I get into a risk discussion, most security people want to talk about THREAT!  Threat is the most sexy and exciting part of doing a risk assessment.

Threats are exciting all by themselves.  Think about all the threats you can name:

All the natural disasters like Earthquakes, Tornadoes, Storms, Hurricanes, Tsunamis, Lightning, Floods

Crimes like Homicide, Assault, Rape, Burglary, Theft, Kidnapping, Blackmail, Extortion

Terrorism like Sabotage, Explosions, Mail Bombs, Suicide Bombs

All the IT Threats like Malicous Code, Disclosure, Data Breaches, Theft of Data

And about 50 more including Chem/Bio incidents, Magnetic waves, High Energy Bursts, Microbursts, Contamination and Reputation Damage.

Each of these threats could theoretically occur at any time, but we try to establish a pattern of how often they have occurred in the past, in this location, in this county, in this country, in the company, etc.   So NASA, for example, gets thousands of hacker attacks, but another company, like the local Salvation Army, gets 1 every 10 years.

Same model for natural disasters, although you might have to factor in climate change, it’s easy to get the threat incidents for hurricanes in Florida, snow storms in Cleveland, earthquakes in northern California, etc.

We also like to examine industry specific data to see if some threats are higher in a certain industry, like the high incidence of workplace violence incidents in hospitals and high risk retail establishments (like Wawa or 7-11).

Another factor we use in calculating threat likelihood is how the threat could actually affect different types of assets…. for example, would an earthquake damage a car?  Probably not. Would it cause damage to an old historical building – probably (unless it had been retrofitted).  Could it cause loss of life, or injuries (think Haiti).

So I use a multidimensional model that takes the threats list (I have a standard list of 75 threats that I use), and map it to each potential loss, based on the ‘asset’ that might be affected.

The more data you get, the better your model will be, and the more value it will have as a decision support tool!

 



Starting a Hospital Security Risk Assessment

How to make sure your Security Department is Working for the Hospital.

Security Risk Assessment are not just Required by the Joint Commission – they are required in many states as a preventive measure to help prevent and reduce workplace violence.

The Risk Assessment also helps managers and administrators assess their security program, directly measure it’s effectiveness and helps determine
cost effective methods that can give you a great deal of protection for the lowest possible cost — something we call “bang for the buck”. 

The recent increase in violence comes as a surprise to doctors, nurses, managers and administrators, too.  Violence is not a concept that people usually associate with hospitals.  For years, hospitals have been seen as almost a sanctuary of care for the sick and wounded in our society.   However, the perception of hospitals has been changing over the last fifteen years due to a variety of factors.

 1.  Doctors are no longer thought of as “Gods”.  This means they are
      are more easily blamed when a patient’s condition deteriorates.

 2.  Hospitals are now regarded as businesses.  This perception has been
       been aggravated by television in shows like a recent “60 Minutes”, as well as
       by the effects of the recession on jobs and the loss of health insurance.

3.  Lack of respect and resources (funding) for hospital security departments
  
.  Rather than being seen as a crucial protection for the hospital staff and
      patients, many security departments are chronically underfunded and used
      for a variety of non- security functions, such as making bank deposits for
      the hospital gift shop, driving the education van, etc.

The federal government  issued a guidance document for dealing with violence issues in healthcare,  called OSHA 3148.01R, 2004, Guidelines for Preventing Workplace Violence for Health Care & Social Service Workers.  You can download a copy at www.osha.gov/Publications/osha3148.pdf



Playing Footsie with the Haqqani Crime Network

I am a risk analyst and risk assessment expert, certainly not a diplomat.  In fact,  my friends might say I am probably really un-diplomatic most of the time.  I like the direct approach.

But watching the U.S. State Department and the Obama administration playing footsie with the Haqqani network in Afghanistan and Pakistan is worse than enduring waterboarding.  What a waste of American dollars — paying off these criminals to finance construction projects that Americans are doing to build up Afghani infrastructure.  

I have watched for years as the U.S. State Department props up brutal dictators, only to see them toppled overnight.  Of course, Mubarak and Quaddfi come to mind right away.

But to try and win a WAR, while paying off criminals and murderers who are launching attacks on our embassy, letting them run our relationship with Pakistan, is just wrong.

What has this got to do with risk assessment?  PLENTY – because the problem here is large amounts of unaccountable cash.  Cash passed out by the State Department, USAID and the intelligence services, theoretically, to ‘grease’ the skids and get something done, but instead, these wholesale PAYOFFS just finance and empower our enemies, while ruining the U.S. reputation and maddening the citizens who provide this money in the first place.

I would vote for anyone who could put REAL ACCOUNTABILITY back into the U.S. spending abroad.  As the Arab spring proved — this kind of diplomacy never works!



Should Hospital Staff Brings Guns to Work with Them?

Should hospital staff bring guns to work with them?

At a time when many hospital security departments have unarmed security officers, and some departments don’t even allow the use of mace, changes in state laws allow hospital staff in some states to bring their guns to work with them.

This turn-around, where the nurses may have guns – and security officers do not, has created a big, contentious debate in the security community.

In a recent paper printed in the Journal of Healthcare Safety and Security, my co-author, Jim Sawyer and I discuss the different elements of this debate and whether this is a constitutional issue, or a real threat-risk issue.

Here’s an excerpt,

Violence is not a concept that people usually associate with hospitals.  For years, hospitals have been seen as almost a sanctuary of care for the sick and wounded in our society.   However, the perception of hospitals has been changing over the last fifteen years due to a variety of factors.

or you can read the entire article (below). 

Critical Issues on Gun Violence in the Hospital Workplace

By James Sawyer and Caroline Ramsey-Hamilton

 Background

 Every reader knows that violence in hospitals is increasing at an increasing rate.  The Joint Commission has issued Sentinel Alerts, the Journal of the American Medical Association, the bastion of the American healthcare system, published an article in October, 2010, written by two doctors about the murder-suicide at Johns Hopkins Hospital in September of 20101.. 

This article started as a guest blog from a security professional at a west coast children’s hospital.  After the blog appeared, we received dozens of notes, letters and angry outbursts, as well as emails arguing for a more reasoned approach.  This article will explore those issues, and includes quotes from the emails themselves.

Why Violence in Hospitals is Increasing

Violence is not a concept that people usually associate with hospitals.  For years, hospitals have been seen as almost a sanctuary of care for the sick and wounded in our society.   However, the perception of hospitals has been changing over the last fifteen years due to a variety of factors.

  1.  Doctors are no longer thought of as “Gods”.  This means they are
          are more easily blamed when a patient’s condition deteriorates.
     
  2. Hospitals are now regarded as businesses.  This perception has been
           been aggravated by television in shows like a recent “60 Minutes”, as well as
           by the effects of the recession on jobs and the loss of health insurance.
  3. Lack of respect and resources (funding) for hospital security departments
       .  Rather than being seen as a crucial protection for the hospital staff and
          patients, many security departments are chronically underfunded and used
          for a variety of non- security functions, such as making bank deposits for
          the hospital gift shop. 

A Dirty Little Secret about Reporting
The U.S. Department of Labor tasks OSHA with workplace violence information, but there is not one sanction against it, it says right on the OSHA web site that this is solely left up to the employer.  It makes it hard for hospitals to justify spending money on workplace violence prevention, if it is not a standard, and a major compliance issue (as it should be).  And here is a dirty little secret for looking at the statistics, OSHA does not count domestic incidents (like homicides) that take place in hospitals as officially “workplace violence incidents”, instead they are counted in another system.  Similarly, many hospitals don’t count staff to patient violence incidents, or patient to patient incidents.  These practices create a false impression of the actual number of violent incidents, by reporting only a fraction of the actual events.

 Gun Violence Represents a Significant Security Challenge

The prevention of gun violence in hospitals and the hospital as workplace may well be the most challenging issue for hospital security professionals in the foreseeable future.  What are some of the reasons for this growing concern?  There are many and they include:

 1.   The sheer numbers and easy availability of guns.  There are over 270 million guns in circulation in theUnited Statesand the numbers continue to grow.  After the 2008 election,  gun ownership surged and in some areas of the country, guns sold at such a pace that retailers literally ran out of ammunition. 

2.  Approximately a 100 people a day die from gunfire in the United States and an individual is shot approximately every twenty-two seconds.

3.  One in four Americans suffer from some form of mental illness, according to the Federal government. 

 4.  The U.S. is living in an era of economic instability, following the 2008 recession and the erosion of the middle class.  The Wall Street-triggered economic meltdown has propelled what was a slow steady decline into economic apocalypse for millions of Americans.  This has resulted in an environment of record home foreclosures, record personal debt, record banktupcy, record unemployment and record numbers of homeless individuals.

5.  The reluctance on the part of many hospitals to install magnetometers and limit entrances to hospitals so that the flow of guns into hospitals can be controlled.

The U.S. gun lobby has been very successful in pushing and supporting state legislation which permits guns in the workplace, and on college campuses.

It is a serious mistake for security professionals to deride,  make light of, or dismiss this surge of pro-gun-at-work-and-school legislation.  These laws are getting passed (see Texas, Indiana, and Tennessee), and the likely result is that we will see an ever greater numbers of guns at work, and if our work is in the hospital, then the guns will be coming to work here, too. 

Guns aren’t just increasing in numbers, but they are getting more lethal and currently 30- shot clips and armor piercing bullets are readily available for the civilian population.  Citizens can now buy weapons that rival what is found in military armories.   These lethal weapons again present a sentinel challenge to security professionals.

 Most security directors remember life when Space Invaders was the only video game around.  Now children are exposed to violent images from a very early age.  Children and teenagers sit entranced watching endless hours of violent programming where gun violence is choreographed in slow motion action scenes where the scripted hero’s miraculously avoid injury even while they are dispatching the prime time  villains while showcasing their amazing gun prowess.  

By the time they show up at your hospital, the average child over 18 years of age will have viewed over 45,000 murders and 200,000 acts of violence just on television! This grim tally does not account for the high octane bloodshed and slaughter that make up the majority of the most popular video games.  

All of these factors suggest that the prevention of gun violence in our hospitals will become our premier challenge.  Many hospitals are already hosting ‘active shooter’ seminars to teach hospital staff how to deal with  “shooters in the workplace”.  This subject promises to become a cottage industry for consultants and violence prevention professionals.

As hospital security professionals, there are some strong, prevention-based practices that we can implement and develop that drastically reduce the chances of gun violence in the workplace.  Some of these best practices include:

 1. Acknowledge the reality and the persuasiveness of the U.S. gun culture.

 2.  Develop a strong, multi-department workplace/domestic violence response team at your facility, and make sure that both Human Resources, and Security are part of this team.

 3.  Develop a written workplace violence plan that is reviewed annually.

 4.  Do an annual  baseline workplace violence assessment that you can build on.

 5.  Have your workplace/domestic violence response team respond and meet within 4 hours of any  reported incident.  Have a response plan/action plan in place within 24 hours.

 6.  Encourage reporting of all workplace/domestic violence incidents to the police – without exception.

 7.  Run background checks of individuals of concern.  Information is light and a background check may provide you with crucial information. Obtain orders of protection – anti-harassment orders against individuals of concern.  Security should take the lead here.

 8.  Flag problem patients – problem families – have a “red alert” or a “red flag” program that alerts – tips off – advises both the care team and security that a potential problem exists.  This is especially important if the patient/family member has a history of violence.

 9.  Build a workplace culture where verbal threats are reported.  Have Security immediately investigate all verbal threats.  Make sure that Human Resources is fully informed of any situation involving threats.

 10.  Post  large, prominent“No-Weapons” signs at your facility – especially in parking lots, perimeter areas and all main entrances.

 11.  Officially prohibit staff from bringing firearms to work.

 12.   Offer annual violence prevention and threat awareness training to all staff.

 13.   Require workplace violence training – either on line or via classroom training for all new staff and annual retraining.

 14.   Have security involved and part of the planning for all “problem” terminations.   Note – Advise Human Resources to never terminate a disgruntled staff without strong pre-planning.

 15.  Screen all hospital patients and visitors.  Develop a major entrance screening program for your institution.  Knowing who is inside your facility is a critical part of any good prevention program.

 These pro-active solutions  will support and enhance a hospital gun violence prevention program.  Let me state again, it is critically important to have a hospital gun violence prevention program in place.

 AND IN RESPONSE

 Here are some of the comments that were received by other hospital security professionals around the country, after the original blog post.

 “Please remove me from your mailing list immediately.  Apparently the letter below blames the firearm and not the person holding it and putting 5-7 lbs of pressure on the trigger with their index finger.  I find it difficult to separate the “Spirit of the Security Community and our commitment to safety and protection” from this attack on my Second Amendment rights.”               

                                                           — Hospital Security Director in the Northwest

“I believe we should focus our attention, and when I say attention I actually mean money, on mental health resources (or the lack there of) and domestic violence issues, which quite often lead to fatal shootings.  Our emergency rooms have become a revolving door for patients with drug abuse, depression and other psychological issues and there appears to be very little our legislators and community/government leaders are doing about it.  To me, that is the real injustice and crime related to the firearm issue!                                              
                                                                   — Hospital Security Director in the Midwest

 “I would agree with the individual that I don’t believe there is a place in hospitals, government buildings and places of worship for guns; however if there had been guns on some of the college campuses, maybe there wouldn’t of been the blood baths they turned into.                                                       
                                                                –  Security Analyst – Washington DC

“As for firearms being banned from the workplace, I agree.  Policies and procedure should dictate along with a severe disciplinary, then handle accordingly.  Just that simple.”
Let’s clean it up, let’s clean up America!  Let’s lessen the need for firearms to be in the hands of thugs as well as those who just want to feel safe.    The FIRST STEP would be to BAN and make it ILLEGAL for businesses to sell paraphernalia, pornographic anything, strip clubs, places that promote alcohol and drug use, etc. 

Let’s Clean That Up!  …something that is tangible and promotes drug and alcohol use as well as many other criminal actions just to run these types of businesses.  Let’s make that illegal.  Let’s get Americans involved in the real issues of illegal firearms and drugs coming into this Country.    All law enforcement know that it takes big money to keep drugs coming into this Country.      Disarming America. RIDICULOUS.    Keeping firearms away from the workplace, understandable.

                                                    — Ex Army, Ex-Police, Hospital Security Officer

 

 Conclusion
While the issue of “gun control” is both a “hot button” and simultaneously,  a topic that is seemingly a forbidden or taboo matter for hospital security professionals.  It should not be this way.  Questioning the wisdom of allowing citizens to buy 30-round clips for semi-automatic handguns and keeping assault rifles at home is not a crazy liberal rant, it is a reasonable, non-political position.

Challenging the wisdom, if not the sanity, of the current flood of legislation that both allows and actually encourages guns in the workplace is neither “liberal” or “radical” – but pragmatic and grounded.   Hospital security professionals are the vanguard for progressive crime prevention education and development in the United States.  This is a mandate and responsibility that we all share.  How we respond and learn to protect our staff, our hospitals and our patients from this senseless violence may prove to be our greatest and most important challenge.

 www.riskwatch.com               www.caroline-hamilton.com



Risk Assessment: How about Giving Guns Back to Former Mental Patients

A recent New York Times article explained that a provision tucked in a bill to make it harder for people diagnosed with mental illness to possess firearms, actually restores the rights of mental health patients to get their firearms back. The legislation was passed after the massacre at Virginia Tech in 2007.

One of the main elements of risk assessment is a quantitative (meaning = real numbers) on what has happened in the past. Looking at 2 or 3 years of incident reports, for example, show how many times there has been an incident involving gun violence in a particular neighborhood, city or organization.

Another element is the history of a particular individual to see whether individuals with a diagnosed history of mental illness are MORE OR LESS likely to trigger (forgive the pun) – a violent incident.

If we run that scenario, we will find that individuals who previously had a violent incident with a firearm are MORE LIKELY than the standard population to have another incident.
And that especially holds true if other threat indicators are present, for example:

Termination from a Job
Romantic Difficulties
Foreclosure
Difficult Economy

There is a ‘risk multiplier’ effect that takes place that makes the risk higher. By combining different sets of threat categories with areas of weakness, we are create general predictions on the likelihood of repeated violent incidents.

Do the math – it doesn’t make sense for people with a history of mental illness to
get their guns back!



Using Risk Assessments as a Business Process

Risk assessments are increasing in utility and popularity – being used for everything from compliance to safety assessments, and used by financial institutions, healthcare organizations, manufacturers, government of the world and think tanks. 

Many regulators require formal risk assessments on everything from gauging political risk in an unstable country, to protecting consumer financial information, to assessing workplace violence potential.  

Here’s a definition of a risk assessment:   A process to determine what controls are necessary to protect sensitive or critical assets both adequately and cost-effectively. Cost effectiveness and Return On Investment (ROI) are required elements of a risk assessment.  

A risk assessment is not a democratic process where the most popular answer wins.  It is not consensus driven.  Instead, it is a business process that manages a security function.   Security is very process centered.  Because security often consists of many different elements which are critically important, such as managing network access,   it makes sense to manage it as a process.

According to the statistics, risk assessments are way up in popularity in 2011.  Maybe
it’s economics – maybe it’s result of the previous economic downturn, but the requirements for risk assessments have never been broader, and there have never been more of them than there are now.  Here’s a partial list:  

The Joint Commission
HIPAA, HITECH, NIST 800-66
FFIEC, BSA-AML,
ISO 27001 and 27000 series; NIST 800-53
Red Flags Identity Theft
NCUA Part 748
FEMA 426, FEMA 428

The exercise of doing a risk assessment affords a level of protection which is related to how many other people actually contribute to the risk assessment results.   Using an online compliance survey as a participatory measure takes the onus of absolute responsibility away from the manager/analyst and distributes it throughout the organization where it belongs.

Obviously people are a critical component of information security.  In a risk assessment, people are also important to include because they are able to report what’s going on in their workplace every day.  How can one analyst know enough to do the entire risk assessment by themselves?  They would have to be everywhere at once – in the morning, late at night, on the weekends, and also be able to channel the work of everyone from the newest tech support person to the director of the data center.   And the inclusion of a variety of individuals adds weight and power to the risk assessment.

The true value of the risk assessment is in the cost benefit analysis, which details what controls need to be implemented, how much they cost and how much they would protect the organization by either prevent threats from occurring or by mitigating the impact of the incident if it occurs. 

While the analysts may be accountable for the reporting or analysis of potential risk, the responsibility for any action that needs to be taken is up at the C level, or with the Board of Directors.  In fact, in the FFIEC IT (Federal Financial Institutions Examination Council Information Technology ) Handbook, they spell out, “The Board is responsible for holding senior management accountable”.  Often we have found that the actual President of a bank or credit union doesn’t always KNOW that he is going to be held responsible – this information is down another level in the organization.

I recommend getting management to sign off on the basic assumptions,  in writing,  in the course of completing the risk assessment – and of course, on the final reports. Areas where senior management can review and approve include: 

  • Calculation of asset values, including the value of the organization in total
  • The potential costs of implementing different controls, singly or in combination.
  • Validating which controls are currently in place and how well they are working.
  • The conclusions from the draft report, and the final report.

The analyst is just the messenger, doing the work of assembling the risk elements and calculating their potential results.  But senior management makes the final decisions on each element.   There’s nothing like a signature on a piece of paper to foster a climate of accountability. 

Risk Assessments have the potential to save corporations and governments millions of dollars by making decision-making based on real analytics, instead of just guesses – plus they are an essential element of compliance.  These are good reasons to evaluate whether it’s time for you to do a Risk Assessment!



What do they want? #egypt

#EGYPT –

Watching events play out on CNN, a saw a commentator ask, “What Do They Want?”, meaning what do these protestors want?   

I know what they want. I know because I have been working with people all over the world for years – both in person and online, by blog, by email, by phone.

Everyone wants the same thing – personal dignity and the chance for a better life for themselves and for their children. The desire for upward mobility is built into our DNA. It is built into the idea of evolution. It is why animals compete for the best perch, the best cave, the best tree, the best nest, the best plumage, the best mate……

You can apply all the slogans you want and make a list of the emotions people everywhere want to feel:

Dignity
Pride
Relevance
Happiness
Secure
Stable
SAFE

And what that means, as I see it, is that they want:
Choices
A better life for their children
To be able to Laugh
To fall in love and have a family
Better education
Stable food supply
Basic healthcare
Affordable basics – like food and housing and energy
 Jobs
Freedom to be themselves.

The internet is sort of like God, without all the judgement. In many ways – the internet is THE GREAT EQUALIZER. That’s why the 60-year old man can hide and pretend to be 27 again on a dating site – or even pretend to be a woman!   When you communicate on the internet, all the external things that people use to stereotype, pigeonhole and judge people are eliminated because of the way the message is communicated. (Remember – the MEDIUM IS THE MESSAGE….)

So it doesn’t matter what you look like on the internet – it doesn’t matter about your religion, race, sex, formal education, job – nothing. The only things that matters are your words – what you choose to tell the world about yourself.

That creates GREAT freedom and the way the internet lets you search and research and look around – so that a person in Cambodia living on one dollar a day can get online and see that amazon has 50 million different things to buy.   And look at those things – and see how much a bag of crackers cost in the US.

So these events in the middle East are earth-shaking for a lot of reasons, but mostly because this yearning for equal opportunity and the yearning to make your own life better is the irresistible siren call. It cannot be stopped. It cannot be silenced and just because it is starting in Egypt, doesn’t mean it is going to take over the world. Because I think it is.



Workplace Terror in Manchester, Connecticut

Yesterday a tragic story unfolded in Manchester,  Connecticut.   You probably already know that nine people were killed when an employee who was being fired, came back in with his hand gun,  started shooting and, after calling his mother, killed himself. 

This incident is part of a bigger and growing trend to more workplace violence incidents – not only in companies in general, but in hospitals to an even greater degree.  The Manchester incident also illustrates again some of the basic tenets of preventing workplace violence incidents. 

Patrick Fiel, Public Safety Advisor for ADT Security, commented, “The industry standard is to not  terminate employees in open areas where other individuals may be working.   Firings are always touchy situations and should be conducted in an isolated areas, even off-site, away from the work areas.”  

“Many companies have crisis plans in place, and also conduct security risk assessments annually  to prevent this kind of incident.   A comprehensive security assessment  might have saved nine lives by setting up procedures for the termination; and additionally, by making sure employees knew what to do when he did draw his gun.” 

I have been reviewing workplace violence incidents in healthcare and find that they have skyrocketed since the recession started.   Violence against supervisors, managers and also nurses and other healthcare workers has spiked significantly.

 It is surprising to read the following statement on the osha.gov web site:

There are currently no specific standards for workplace violence. However, this page highlights Federal Registers (rules, proposed rules, and notices) and standard interpretations (official letters of interpretation of the standards) related to workplace violence.

Section 5(a)(1) of the OSHA Act, often referred to as the General Duty Clause, requires employers to “furnish to each of his employees employment and a place of employment which are free from recognized hazards that are causing or are likely to cause death or serious physical harm to his employees”. Section 5(a)(2) requires employers to “comply with occupational safety and health standards promulgated under this Act”.”

It might be time for OSHA to develop some workplace violence prevention standards.  Many of the ones we use in our risk assessments are related to standard security safeguards – such as having a written termination policy; making sure that if  worker at one location is fired, that all other locations are notified so he can’t just go to another office and cause an incident. 

Much of the statistical data we found on the OSHA website were at least six years out of date, which makes it harder to track current trends in workplace incidents, unless you catalog the media-reported events and run an analysis on them.  The U.S. Bureau of Labor Statistics reported  “Mass shootings receive a great deal of coverage in the media, as we saw with the Orlando, Fla. office shootings in November 2009 and in the shootings at the manufacturing plant in Albuquerque, N.M. in July 2010.  Out of 421 workplace shootings recorded in 2008 (8 percent of total fatal injuries),  99 (24 percent) occurred in retail trade.  Workplace shootings in manufacturing were less common, with 17 shootings reported in 2008.  Workplace shooting events account for only a small portion of nonfatal workplace injuries.” from http://www.bls.gov/iif/.

It makes me wonder if the workplace violence statistics from 2008 until now may be such a large increase, that has been either underreported or even held from publication!

According to a report by the National Institute for Occupational Safety and Health — “State of the Sector/Healthcare and Social Assistance” — published in 2009, health care workers are more than three times as likely as workers in other industries to be injured by acts of violence.

“Health care workers are at risk for verbal, psychological and physical violence,” the report says. “Violent acts occur during interactions with patients, family, visitors, coworkers and supervisors. “Working with volatile people or people under heightened stress, long wait times for service, understaffing, patients or visitors under the influence of drugs or alcohol, access to weapons, inadequate security, and poor environmen­tal design, are among the risk factors for violence,” the report continues.

In the current economic environment, the physical security (facility) risk assessment can be used as an important tool in making sure that basic industry standards for preventing workplace violence incidents; or limiting the damage they can do – especially for making sure the staff are protected from violent incidents by their co-workers.

The security assessment can be followed by the creation of specific, detailed crisis plans that make sure people know what to do when the unthinkable happens at work.  One of the reasons that workplace violence incidents are so upsetting to all of us is because the person KNEW the people he was killing.  He probably knew their spouses and met their children at a company picnic.  It makes the violence more personal and scary, a whole different thing than falling off a ladder.   And it reminds us all that it COULD happen here!



Searching for Hard Data about Security Cameras…

I was really surprised when someone asked me about how many cameras should be put in a small hospital to deter violence against healthcare workers. They were asking for a universally recognized guideline or standard that would give them ammunition to take to management to prove why they needed the extra cameras installed in the Emergency Department.

If you’re already in either the security or healthcare field,  I’m sure you’re aware of the dramatic increase in violence against healthcare workers and why this is obviously a concern of all healthcare facilities.   Cameras are often the first stop in a security improvement program because they provide a lot of visibility/protection at a reasonable cost.  

My next step was to start looking through different standards to see if there was a standard for how many cameras should be in an Emergency Department, or a birthing center, or a hospital lobby.  I could not find a simple standard anywhere.  I first started looking at FEMA requirements for preventing terrorism (FEMA 428) (www.fema.gov) and while they covered lighting, they stopped short of recommending a basic configuration, or an “acceptable minimum” for cameras.  Next I looked at the International Association for Healthcare Security and Safety (www.iahss.org) and they also mentioned lighting and cameras but again, without specific guidelines for the various parts of a hospital.

More research followed.  I called about a dozen hospital security directors, and then started on a literature search.  I started with the classic Russell Colling book, “Hospital and Healthcare Security” and again found a great deal of common sense advice and recommendations on how cameras should be placed to view certain areas and the panning area, and what kind of cameras to use where, but again, no exact direction on how many cameras should be put in a hospital emergency department.

Back to the phone to get more information, I talked to more security professionals who explained that each facility is different — each hospital is different — each hospital has a different budget — different configurations.   I totally understand that companies that sell cameras and lighting to hospitals (and all sorts of other facilities) want to do an in-depth assessment before each installation to make sure the cameras fit the total security picture. 

But I think that the security organizations should start creating minimum standards with actual guidelines of WHAT KIND, HOW MANY and WHERE To INSTALL, as a sort of default value, or minimum to achieve some level of improved security.  For example, ‘basic’ or ‘minimum’ recommendation for an ED might be — one camera at each entrance and exit and a camera at the admissions area.  Having some basic configurations spelled out would be a great thing for security directors and probably for the camera companies.

Those who have read my blogs before know I am a big proponent of standardization — for lots of reasons.  It is good for the buyers because they don’t have to agonize over whether they are getting a certain (if minimal) level of protection; and it helps them secure the budget to install the new camera systems.  It’s good for the camera integrators because it increases sales because (see previous sentence), security departments can more easily get budgets approved and thus, sell more camera systems.

One of the security groups I talked to told me that the reason they don’t have a minimum is because it reduces pressure on smaller organizations that may not be able to afford a particular system, but I think that with the increasing use of cameras, having a minimum standard makes sense and would be a win-win proposition for everyone.

For example, did you know that rail gauge on railroad tracks used to be different for every state?  So early trains could chug around a state, but couldn’t cross the border into another state because the rail gauge was different.  After the rail gauge was ‘standardized’ so that the whole country used the same gauge of track — trains were going coast to coast and everywhere in between.  It allowed rail travel and shipping by rail to really take off.   Maybe we can do the same with cameras.




top