• E-mail
• Print
• RSS

What would you do if an imposter entered your facility?

Emergency Management Alert, March 13, 2007

On Monday, March 5, a  woman who had been a patient at St. Joseph's Hospital in Tampa, Florida walked in to that facility's emergency room, told everyone she was a temp, and worked for 10 hours as a patient care technician. She had a meal with coworkers, escorted patients and visitors around the hospital, and by all appearances, seemed to fit right in, with her scrubs, use of medical lingo, and her evident knowledge of the facility and of staff. When it became clear she could not take temperatures or patient's blood pressure readings, workers did step in and prevent her from attempting those tasks, but no one questioned her about her badge. She went home, her ruse undetected. Staff knew only because she returned to the hospital to confess.

Clearly staff were alert, but why the breach? And where? How could this have been avoided?  It turned out that the weakness was a "serious" breakdown in the badge identification process, according to a hospital officer.

"This is a good reminder of why ID badges need a photo," says Tom Huser, hospital security expert and former Chicago police officer, who noted other mistakes: "Staff did the right thing by questioning her; however, they fell short by not pursuing their suspicions. Lesson here: If you are suspicious, follow-up on your suspicions. The liability and PR embarrassment the facility is now going to be exposed to could be substantial.  Especially if the woman did anything beyond the taking of temps and blood pressure."
 
In  Environment of Care: Guide to the JCAHO's Management Plans,  3rd Edition (HCPro, 2006), Huser, safety coordinator at Clarian Health in Indiana, establishes guidelines for ID management and other aspects of security to help medical facilities anticipate and handle such problems. Interestingly, says Huser, The Joint Commission, normally a thorn in the sides of safety officers, can help you shape your plan.

His suggestions:

Check first to see what The Joint Commission requires of you
Environment of care standard EC.2.10 says that the hospital must identify and mandate security risks, with  EP 5 saying that the facility establishes a system of identifying visitor, patients, and staff. The only thing is, according to Huser, employees are often too overwhelmed to think of risks relating to badges, with some staff not recognizing the risk at all. Which leads to the second step:

Know the strengths and weaknesses of your staff
Create a realistic assessment of the weaknesses of your facility, human and otherwise. You know best the risks within your facility. This may be a formal assessment of a construction-related risk, such as a door that's compromised because an entrance is being widened. It could be also be an informal assessment of staff incompetencies (the guard who does crosswords when he should be patrolling the entrance; the nurse who always lets her kid enter secure areas). It could be an assessment of a risk that does not present itself as severe but may be exploited, such as the activity on the loading dock.

Test your weaknesses
Have someone pretend to be a delivery person. Have him say that he's helping out a friend on the loading dock and doesn't need an ID. Note employees' reactions.

Give staff tools and tips to use
Give staff security updates and information training. Specialize: Create a pediatric security design if your facility needs one. Have forms and tools in place to drive the orientation home. In his sample security policy, Huser writes a security department Statement of Purpose that includes the following provision for unscheduled rounds:

In addition to scheduled rounds, security officers will also conduct unscheduled rounds of the hospital to ensure security coverage is not limited to an obvious pattersn. Security officers may challenge any individual without proper identification (e.g., a hospital identification badge) and for without apparents reason to be in the area. Such individuals may be detained, quesioned, and/or escorted from the hospital at the discretion of the security officer/security team leader.

Huser also has drafted a security incident report form for use in incidents like these.

• E-mail to a Colleague
• Print
• RSS
• Archive