Some key concerns to think about are:
Ø Staff working at night.
Ø Type of equipment or medication you have on premises.
Ø Possibility of:
v Violent/abusive patients (i.e. distraught family members, gang members, or patients with certain medical conditions and medication side effects).
v Workplace violence
v Your computer system being hacked into
v Theft
v Unauthorized entry
v Vandalism
Some possible measures to consider include:
Ø Require that no one is at the location alone and that certain doors are locked at a certain hour.
Ø Lock doors to client waiting rooms from the inside and all outside doors from the outside (in accordance with fire codes) to prevent unauthorized entry.
Ø Lock all doors and windows after all staff has left the office.
Ø Provide proper and adequate lighting for the exterior of the building, including front and rear entrances and parking lots, especially if the office is open during evening hours. Lights should be difficult to reach and protected from damage.
Ø Maintain your property, including fences, bushes, trees, etc., to eliminate places for people to hide. Secure any objects that may be used for breaking and entering.
Ø Store expensive and/or sensitive equipment away from windows to prevent them from being visible from the street or parking lot.
Ø Install alarm systems and/or panic buttons. Consider both entry and motion detectors. Have a direct link to the local police department or security monitoring company. Post a sign alerting people to the fact that you have an alarm system installed.
Ø Install a low-cost camera system for high traffic areas and locations that contain sensitive or expensive equipment.
Ø Establish a preventative maintenance program to ensure all security systems (i.e. alarms, cameras, etc.) are maintained, tested, and inspected per manufacturer’s recommendations.
Ø Make prompt repairs as needed (i.e. replace burned out lights and repair broken windows, locks, etc.)
Ø Secure medical records, especially during off hours.
Ø Conduct criminal background checks and check references on all of your employees. Though it is important to trust your employees, it is also important to know who you are really working with.
Ø Avoid isolation of a staff person in an exam room or other area of the office, in case they need assistance, while still ensuring patient privacy.
Ø Maintain access to the emergency exits and seat patients so they do not block an employee’s ability to exit the room. Two exits should be accessible whenever possible, especially in the reception area.
Ø Engineer waiting rooms to be comfortable to avoid agitation (i.e. posting of information regarding services; appropriate room temperature; availability of current magazines, television, fresh water, restrooms, pay telephones; arrangement of furniture and other objects to prevent them from being used as weapons).
Ø Limit the maximum wait time to see the physician to about 15 minutes, and do not double-book.
Ø Protect reception areas with safety glass and deep service counters.
Ø Have all your patients, vendors, pharmacy representatives, etc. sign-in at the reception area. Verify identification.
Ø Establish a procedure for tracking office keys provided to staff and their return once the staff person is no longer employed.
Ø Install firewalls, antivirus, anti-spam, and anti-spyware on all computer systems.
Ø Provide staff with individual usernames and passwords to access computers and specific software programs.
Ø Back-up your computer system and files in case of a power failure.
Ø Document any threats, assaults, or aggressive behavior in a patient’s medical record to establish a pattern and to warn other staff.
Once you have conducted your assessment and determined what measures you would like to take, establish policies and procedures and enforce them. If you do not enforce your security policies, you may be opening yourself up to security incidents. Since there is no guarantee that a good, or even great security program will prevent incidents from occurring, the policies and procedures should include steps to be taken if a security incident occurs (refer to the article in the May issue of Risk Review entitled “Guide to Investigating Events in the Physician Practice”).
If a security incident does occur, it may be necessary to provide treatment for employees in a timely manner (i.e. medical evaluation/treatment, counseling, and/or critical incident debriefing). Train your staff on all aspects of the policies and procedures. This will ensure your staff members are aware of exactly what is expected of them, what their responsibilities are, and that there will be disciplinary action if the policies and procedures are not followed. You may even want to consider having them sign a disclaimer stating that they have read the policies and procedures and are aware of their contents.
A good security program is definitely worth the time and money to ensure not only that your assets are protected, but that your patients feel safe. Thus, it is important to conduct an initial security assessment and to continuously monitor any changes in your practice or in your surrounding community that may require you to make changes to your security program, policies and procedures. If you are mindful of your security risks now and address them accordingly, you can save yourself a lot of time, money, and aggravation in the future.
References:
Groom, Ryan. (2007). “Top Ten Ways to Protect Your Business”. About, Inc. Retrieved May 17, 2007, from http://bizsecurity.about.com/od/securitypolices/a/ProtectBiz.htm?p=1.
Nicastro, David. (2004, May). “When Was the Last Time Your Organization Had a Security Checkup?” IRMI. Retrieved May 17, 2007, from http://www.irmi.com/Expert/Articles/2004/Nicastro05.aspx.
Homeland Security – Tools for Small Business. Retrieved May 17, 2007 from www.pasbdc.org/downloads/pdf/sba_homeland_security.pdf.