Risk and Security LLC

Risk Assessments, Training and More

This content shows Simple View

Workplace Violence

Put your Hospital Security Department on a Low Fat Diet

Hospitals are reeling from potential losses in funding related to state budget cut-backs
and potential cuts in Medicare programs.  Every area of the hospital budget are being scrutinized, looking for areas to cut and reduce costs.

Instead of waiting for a memo about cuts that affect YOUR department, be a
pro-active manager and right-size your security department and show management
the changes you want to make.

It is possible to have an efficient, accountable security department without having costs run out of control.  It has to be based on real dollars, on real risks and it has to have the ability to show management WHY you need each element in your program.

The already-required risk assessment is the first start in this process.  When regulators come in to a hospital, they want to see the risk assessment first, and then they look to see if you followed the remediation plan identified in the risk assessment, which means they want to see you made the right improvements, based on the plan.

By including program elements in the risk assessment, and mapping it back to your actual budget, you can easily say that the Return On Investment is for each part of your program.



Is $7000 Enough of a Fine for a Young Girl’s Murder?

OSHA workplace safety officials have fined the organization that runs a Revere group home, where a Peabody mental health worker was stabbed in January, for not having adequate safety measures in place despite high probability of an incident occurring.

The Revere mental health clinic where Peabody caseworker Stephanie Moulton was stabbed in January as fined $7000.00 by OSHA for not having adequate safeguards against violence in place for employees at the clinic. OSHA cited the facility for “a serious violation of [OSHA’s] ‘general duty clause’ for failing to provide a workplace free from recognized hazards likely to cause serious injury or death.” 

Moulton, 24, died from her stab wound inflicted by a patient, 27-year-old Deshawn Chappell, after he fled the group home, taking her with him and then dumping her body behind a church in Lynn. Chappell, who had a history of violent behavior, attacked Moulton during a counseling session.

The fine is a piddling amount, but the damage done by the fine is much worse. Because the organization was directly fines by OSHA, that gives the victim’s family solid grounds for a lawsuit for negligence, and they can quote OSHA, that they “failed to provide a workplace free from recognized hazards likely to cause injury or death”.

It will be interesting to see if a lawsuit develops, and if the organization puts stricter controls in place to protect staff members.

OSHA and the Joint Commission have reported for several years that violence against healthcare workers has steadily increased, and the Joint Commission even issued a Sentinel Event about the increase in violence.



Risk Assessment: How about Giving Guns Back to Former Mental Patients

A recent New York Times article explained that a provision tucked in a bill to make it harder for people diagnosed with mental illness to possess firearms, actually restores the rights of mental health patients to get their firearms back. The legislation was passed after the massacre at Virginia Tech in 2007.

One of the main elements of risk assessment is a quantitative (meaning = real numbers) on what has happened in the past. Looking at 2 or 3 years of incident reports, for example, show how many times there has been an incident involving gun violence in a particular neighborhood, city or organization.

Another element is the history of a particular individual to see whether individuals with a diagnosed history of mental illness are MORE OR LESS likely to trigger (forgive the pun) – a violent incident.

If we run that scenario, we will find that individuals who previously had a violent incident with a firearm are MORE LIKELY than the standard population to have another incident.
And that especially holds true if other threat indicators are present, for example:

Termination from a Job
Romantic Difficulties
Foreclosure
Difficult Economy

There is a ‘risk multiplier’ effect that takes place that makes the risk higher. By combining different sets of threat categories with areas of weakness, we are create general predictions on the likelihood of repeated violent incidents.

Do the math – it doesn’t make sense for people with a history of mental illness to
get their guns back!



Unsnarling political differences based on Type preferences

A key component of decision making is laying out all the options to make an informed decision.

Watching the angst of the political parties trying to solve the debt problem shows that they are both charging around saying their favorite rallying cries, which does not promote dialogue, but just inflames the other party.

Think of these two parties, Dems and Repubs, as made up of two TYPES of individuals.  The MBTI (Myers Briggs Type Indicator) personality test is made up of 16 distinct types of people and you can summarize and put them into two main groups – the Traditionalists and the Innovators.

See if this sounds familiar – Traditionalists like for things to stay the same, they always support the status quo.  They dislike change for change’s sake, so they don’t want to raise taxes.  They like to keep a strong sense of order so they
are often military, law enforcement, corporate titans, etc.
  They are often presidents of associations and organizations and they are great at keeping things running efficiently.

Innovators want to explore and try new things – in life AND in politics. They want to get out of Afghanistan and put in a new tax structure, and reinvent old institutions, instead of cherishing them, as the Traditionals do.

Both these groups have great contributions that they make to society – Traditionals keep things organized and running and Innovators find new, better ways of doing things.

Innovators are always searching for the next new thing so it’s so coincidence that
California has more than it’s statistical share of Innovators – they keep kept going west, and kept looking until stopped by the Pacific ocean.

Type preferences are set before you are 5 years old and indicate preferences for your entire life.  I am already seeing types emerge from watching toddlers under the age of 2.

When you understand the values of the other party, according to type preferences, you can have a more civil dialogue because you can now understand where the other side is coming from, so to speak. 

You can find out which type you are,  or just find out more about the MBTI at www.myersbriggs.org.



5 Tips to Prevent Workplace Violence

After studying the twenty-seven state guidelines and also new guidance from
OSHA on how to prevent workplace violence incidents,

Here are 5 tips of what areas to work on in your organization:

1.  Redo Policies – Make sure you have a clear ‘no weapons’ policy and make
     employees sign a pledge when they join the organization.

2.  Dynamic Awareness Training   – Make sure that EVERY employee attends
     a training program about workplace violence issues,  whether it’s 1 hour or
     4 hours  annually.  But boring computer training is not enough.

3.  Do a Baseline Violence Assessment   – See where your organization
     rates compared to other companies and see how closely you match to
     new standards and guidelines on Workplace Violence issues.

4.  Require Employees to Report Every Incident – Communicate to employees
     that they are required to report EVERY incident, whether it is domestic
     violence at work,  Patient violence, or anything else.  Be tough!

5.  Use Incident Tracking  – Work with both Security and HR to make sure
     every incident is tracked for analysis, and all employees know where and how
     to report incidents



Using Risk Assessments as a Business Process

Risk assessments are increasing in utility and popularity – being used for everything from compliance to safety assessments, and used by financial institutions, healthcare organizations, manufacturers, government of the world and think tanks. 

Many regulators require formal risk assessments on everything from gauging political risk in an unstable country, to protecting consumer financial information, to assessing workplace violence potential.  

Here’s a definition of a risk assessment:   A process to determine what controls are necessary to protect sensitive or critical assets both adequately and cost-effectively. Cost effectiveness and Return On Investment (ROI) are required elements of a risk assessment.  

A risk assessment is not a democratic process where the most popular answer wins.  It is not consensus driven.  Instead, it is a business process that manages a security function.   Security is very process centered.  Because security often consists of many different elements which are critically important, such as managing network access,   it makes sense to manage it as a process.

According to the statistics, risk assessments are way up in popularity in 2011.  Maybe
it’s economics – maybe it’s result of the previous economic downturn, but the requirements for risk assessments have never been broader, and there have never been more of them than there are now.  Here’s a partial list:  

The Joint Commission
HIPAA, HITECH, NIST 800-66
FFIEC, BSA-AML,
ISO 27001 and 27000 series; NIST 800-53
Red Flags Identity Theft
NCUA Part 748
FEMA 426, FEMA 428

The exercise of doing a risk assessment affords a level of protection which is related to how many other people actually contribute to the risk assessment results.   Using an online compliance survey as a participatory measure takes the onus of absolute responsibility away from the manager/analyst and distributes it throughout the organization where it belongs.

Obviously people are a critical component of information security.  In a risk assessment, people are also important to include because they are able to report what’s going on in their workplace every day.  How can one analyst know enough to do the entire risk assessment by themselves?  They would have to be everywhere at once – in the morning, late at night, on the weekends, and also be able to channel the work of everyone from the newest tech support person to the director of the data center.   And the inclusion of a variety of individuals adds weight and power to the risk assessment.

The true value of the risk assessment is in the cost benefit analysis, which details what controls need to be implemented, how much they cost and how much they would protect the organization by either prevent threats from occurring or by mitigating the impact of the incident if it occurs. 

While the analysts may be accountable for the reporting or analysis of potential risk, the responsibility for any action that needs to be taken is up at the C level, or with the Board of Directors.  In fact, in the FFIEC IT (Federal Financial Institutions Examination Council Information Technology ) Handbook, they spell out, “The Board is responsible for holding senior management accountable”.  Often we have found that the actual President of a bank or credit union doesn’t always KNOW that he is going to be held responsible – this information is down another level in the organization.

I recommend getting management to sign off on the basic assumptions,  in writing,  in the course of completing the risk assessment – and of course, on the final reports. Areas where senior management can review and approve include: 

  • Calculation of asset values, including the value of the organization in total
  • The potential costs of implementing different controls, singly or in combination.
  • Validating which controls are currently in place and how well they are working.
  • The conclusions from the draft report, and the final report.

The analyst is just the messenger, doing the work of assembling the risk elements and calculating their potential results.  But senior management makes the final decisions on each element.   There’s nothing like a signature on a piece of paper to foster a climate of accountability. 

Risk Assessments have the potential to save corporations and governments millions of dollars by making decision-making based on real analytics, instead of just guesses – plus they are an essential element of compliance.  These are good reasons to evaluate whether it’s time for you to do a Risk Assessment!



The 5 Missing Elements of Most Workplace Violence Prevention Programs

The 5 Missing Elements of Most Workplace Violence Prevention Programs

After working with a variety of organizations on a baseline Workplace Violence assessment, there are several areas that seem to be common problems for most organizations.  These elements are not expensive, and not timing-consuming, so they are natural candidates for improvement.

A baseline workplace violence assessment is a survey of employees in different roles, combined with a threat analysis and an analysis of existing controls and a historical incidents that can be reviewed and aggregated.

Here are the top 5 most common missing elements, with potential solutions.

1.  Missing workplace violence awareness/training programs.  Many organizations report that they have set these up, that they have sent out emails to all employees, but we consistently find that the employees didn’t read the emails, didn’t know the training was available, or that it wasn’t included in their initial company orientation.

2.  Mis-categorization of workplace violence incidents.   There is a mistaken (in my opinion) idea that domestic violence incidents that happen at work should not be categorized or reported as a Workplace Violence incident.  This is a mistake, and leads to bad information about the true nature of the problem.  If someone comes and shoots her significant other at work (IN THE WORKPLACE) – it is a workplace violence incident.

3.  Staff feels subtle pressure from management not to report every incident.
In my research, management wants every incident reported, every time, but
staff members report that their own direct supervisors may discourage them by not taking time to discuss these pre-incidents, and also by chalking up comments as merely office gossip.

4.  Not linking Human Resources with Security on the issue of Workplace Violence Prevention.  This is a management issue, but organizations that create bridges between HR and security are way ahead because this is one issue where cooperation makes a big difference in results.  HR can’t do a security assessment and security can’t write termination policies and set up employment screening. They are both absolutely necessary.

5.   Not doing an Annual Workplace Violence Assessment.  Since late 2008, when the economy suffered major job losses,  the number of workplace violence assessments have increased dramatically, especially in the healthcare field.  Annual assessments are best way to stay on top of the ‘potential’ for violence in your organization.

Check out one of our regularly scheduled webinars to learn more about this important issue.

 

REMEMBER – Workplace Violence is the one threat that is PREVENTABLE!

 

                                        — Caroline Hamilton

                                                                 Caroline.r.hamilton@gmail.com

                                                                 chamilton@riskwatch.com

 


                                  www.riskwatch.com



Workplace Violence Against Hospital Staff Discussed

Just got back from a regional meeting of hospital security officers in Myrtle Beach. Aside from the T’storms every night – and the college kids shooting off bottle rockets, it was a great conference.

It reinforced my feeling that violence against hospital staff is one of the biggest challenges facing healthcare professionals. Vermont passed a law this week making violence against a healthcare worker a FELONY instead of just a misdemeanor. That’s progress, similar laws are being passed in other states, too. The governor of Vermont signed the bill on May 12, 2011. Congratulations to Vermont — they were first on this important issue.



Arming the Office – What Happens When We Let Employees Bring Guns to Work

One of my colleagues wrote to me so passionately about the terrible gun violence he witnesses every day, that I wanted to share it with all of you.  You can call it a ‘Guest Blog’ from the Field — a Hospital Security Director in a Major U.S. City.

The gun lobby had several recent legal “wins” for the gun rights advocates in Texas, Indiana, and Tennessee.   Apparently lawmakers and gun rights advocates find it a sane and reasonable  policy to open up the workplace to armed employees.

It t is also clear that our lawmakers are not satisfied with our current national gun carnage. Currently, we shoot to death about a 100 people a day in the United States, including 25 children killed every three days.  And this tally accounts for only those killed by guns.

This doesn’t include all those I see on a daily basis who are shot, crippled, maimed and ruined by the daily shooting gallery in the USA.   In order to continue to make money and sell more guns, the gun rights advocates, and  the legislators they have paid off, corrupted and stripped of reason,  are intent on even greater carnage and human tragedy.

Every day I witness the extreme becoming mainstream, and even commonplace.  
Guns are now finding their way into the workplace, brought into churches, brought into our colleges and universities. They are brought to hospitals, and shot off over highway bridges.

The logic is totally missing.  We are already a nation awash in fear and loathing.  We hate people  we don’t know and don’t understand.  The answer to this problem is NOT to arm EVEN MORE people and have guns readily available to everyone.

Obviously, the recent horrors of Arizona and the slaughter of innocent people in a Safeway parking lot,  has already been forgotten by security professionals and criminologists.  There is no condemnation or follow up  about a terminally troubled young man and the ease in which he purchased a semi-automatic pistol and 30 shot clips.

There has been no rallying cry to address the ease in which tormented and troubled and dangerous individuals on the margins of our society can easily obtain weapons of human mass destruction.   These realities are not relevant and cannot be discussed. And in today’s political climate to even MENTION this makes one a pariah, or a “liberal”, or a “communist”.

 I have been in the Security and Prevention profession for over 35 years, so I can easily dismiss the attacks from gun rights advocates and zealots.  And in fairness,  I have found many gun rights people to be in fact reasoned and decent and willing to engage in reasoned discourse.

What troubles me, and why I wanted to write directly to YOU,  is that the vast majority of professionals in the Security profession totally bypass, ignore and in fact, minimize the reality and tragedy that is our national gun slaughter.   As a profession,  we have done nothing to challenge these trends,  or address them, or at the very least,  debate the current flood of laws designed to turn American work places into armed camps.  

And this in my view is nothing less than a tragedy.



Is Hospital Management Listening to Security Directors?

Just finished a webinar yesterday to over 60 hospital security directors and managers and they later wrote in to say that their management listened politely to their suggestions, their budget needs, their warnings about the new violence levels — and then they said, “Thank you very much”, and went back to their paperwork.

We all know how tough it is to run a hospital, but when will the administration realize that violence in hospitals, whether it’s a distraught son, shooting his mother’s doctor in Baltimore, or a grief-stricken Chinese man running through a Shanghai hospital killing innocent bystanders with a knife — that we have a BIG PROBLEM with the increasing violence in hospitals.

The nurses know about the violence.  In a recent survey of 1000 nurses who worked in emergency departments, nurses reported that 97% experienced verbal abuse, 94% had physical threats, and 66% HAD BEEN ASSAULTED.  The saddest part of this was that 25% of the nurses said they expected abuse and violent attacks.

We need to devote some resources to this problem and not wait until 100% of nurses report assaults.  It starts with awareness that there is a problem. Tomorrow we’ll discuss the next steps.




top