Continuing a series of reviews of the year, Mark Rowe looks at healthcare security management.
Tonight’s episode of the Channel 5 documentary series Broadmoor is about violence inside the psychiatric hospital. It’s further testimony to the public’s unending appetite for crime, and the ‘criminally insane‘, especially if it’s to do with someone they’ve heard of (albeit reminded of when and why someone was in the news). While violence is among the perennial issues for hospital security managers, Broadmoor is anything but representative, just as the inmates are not representative of humanity. Hospital staff, other patients, and anyone else in a hospital (such as visitors) may witness or face a violent incident not because the person being physically or verbally violent is a bad person; the violent person may not even know what they are doing, due to medication (too much or too little) or dementia.
A medical condition?
This poses a question for some in hospital security management. If the person being violent or aggressive has a medical condition that’s causing the incident, let alone repeat incidents, is that something for the security officers on duty to respond to? Given that the appearance of uniformed people may add to the violent person’s distress. Even if medical staff call in Security, it hardly looks good in a caring institution if security officers are holding or restraining someone.
That implies that hospital security officers ought to have healthcare-specific training. But written and delivered by whom? A contract security firm can hardly be expected to share any course material it creates; that’s its intellectual property it can win contracts with and stay in business thanks to. It implies that training has to come from in-house; which shows that with every passing year the demise of the security management half of the NHS’s central function, CFSMS (Counter Fraud and Security Management Service) in 2017 has hamstrung the delivery of security to the NHS. Gone also is any counting and measuring of violent incidents – yet without any metrics, how is the NHS to know where, at what times or for what reasons violence occurs on the wards?
Terrorism
The November 2023 conference of the National Association for Healthcare Security (NAHS) did hear encouraging signs that centrally the NHS was rebuilding a central security management department that could be a source of best practice, so that NHS trusts do not have to re-invent wheels. The November 2024 conference is due to hear an update. Except that, in the apparent maze of the NHS organisationally, change takes time. If the NHS wants security officers trained (to whose standard?) in safe handling of patients, or other hospital specifics, it’s going to have to work it out by itself, because the Security Industry Authority (SIA) has not shown any appetite for leading on sector-specific qualifications, and is even less likely to, once the Terrorism (Protection of Premises) Bill, popularly known as Martyn’s Law, makes it the regulator and inspector of hundreds of thousands of premises, that will have to document steps to counter the threat of terrorism. Hospitals will fall under this law. A central directing NHS security function would save each trust plenty of work, when premises have to comply with the law once passed, probably in 2027. Hospitals remain at risk from terror attack the same as anywhere else, as past attacks show that terrorists have no taboos – the impact assessment from the Home Office for Martyn’s Law recalls the November 2021 detonating of an improvised explosive device outside Liverpool Women’s Hospital, ‘killing the attacker and injuring the driver’, unwittingly in a taxi. All the UK’s 1921 hospitals according to the assessment document will come under the ‘enhanced’ tier of larger premises that will have to carry out and show more precautions than smaller, ‘standard’ tier premises.
In case it’s not enough for NHS security managers to keep up with evolving security threats, to stay relevant inside their workplaces they have to stay up to date with the workings of the NHS. As featured in the October edition of Professional Security Magazine courtesy of Mike Lees CSyP at Barnsley, that includes modern practices such as ‘health on the high street’ (pictured), providing services short of beds inside shopping centres, easier for people to park near or reach generally. Another trend is for the ‘seven day NHS’, appointments even on a Sunday, or at 8am; meaning that security rosters may have to adapt as much as any healthcare workers with a nine-to-five mindset.
Cyber attacks
Another feature of 2024 has been the continuing cyber attacks on the NHS. In 2017 the health service got hit by the Wannacry malware; in June, some London hospitals had to cancel operations because of a cyber attack on the lab firm Synnovis, which processes blood tests for the NHS. In a word, convergence of cyber and physical threats. Who owns the cyber risk – physical security managers, or IT guys? Not necessarily either, a recent NHS Digital blog suggests; cyber is about patient safety, as a cyber attack has real-world consequences. In the NHS, the central function NHS Digital handles cyber, whether because NHS security managers have quite enough on their plate, or lack cyber knowledge, or an understanding of the health service’s IT is beyond most.
While it makes sense for security or indeed any managers to stick to what they know, if security managers do so, they may run the risk of finding themselves in charge of nothing more than car park attendants, glorified porters, and the guy who sits in a room not much more than a cupboard and views the video surveillance cameras. Should the head of security take an interest in unwanted, inappropriate or harmful sexual behaviour in the workplace, and training in how to recognise and respond to disclosures of sexual misconduct safely and appropriately; or is that best left to the HR department? As on university campuses, the issuing of access control cards and maintaining of access rights to thousands of staff is a never-ending job as staff change job and role and hospital sites appear permanent building sites (especially if they’re suffering from ageing, crumbling concrete); should the security manager seek a connected security system that has video cameras linked to access control, and mobile phones as access credentials. Or is that something better left to the tech guys?
Any workplace has other or as deserving departments and projects besides security. In healthcare, support departments such as security have a particularly difficult, and even emotive task, to justify themselves and any out of the ordinary spending, if it may mean fewer nurses, or longer waiting times for operations. The background is that NHS staff are anticipating ‘another incredibly busy winter’. An upshot may be that patients having to wait longer, or their anxious relatives, may get angry and assault staff. Politically, the incoming Labour politicians have deemed that the NHS is ‘broken but not beaten’; whether, any more than criminal justice or the police, the NHS gets as much or extra money to provide a better service in better surroundings remains to be seen.
