Joint Commission Requirements

Hospital Safety Center Website, July 5, 2007

[1] Introduction

The Joint Commission requirements for the management of security programs appear in the Comprehensive Accreditation Manual for Hospitals: The Official Handbook under the management of the environment of care (EC) standards. The EC standards generally require that organizations plan for a safe, accessible, effective, and efficient EC, with written management plans addressing each of seven EC components, including security.

The written security plan must address security issues relevant to the organization and must provide for orientation and education of staff as appropriate.

Organizations also are required to develop security program performance standards, evaluate their programs periodically, maintain records on program performance, and make improvements as needed.

[2] The Written Security Management Plan

Joint Commission standard EC.2.10 requires accredited facilities to have a written management plan for security.

The security management plan should describe how the organization will establish and maintain a security program that protects staff, patients, and visitors. According to the Joint Commission, the intent of this requirement is that the written plan provide mechanisms for the following:

  • Designating personnel responsible for developing, implementing, and monitoring the security management plan
  • Addressing security issues concerning patients, visitors, personnel, and property
  • Having procedures in place in the event of an infant or pediatric patient kidnapping
  • Reporting and investigating all security incidents
  • Providing identification, as appropriate, for all patients, visitors, and staff
  • Controlling access to and egress from sensitive areas (as determined by the organization)
  • Providing for vehicular access to urgent-care areas

Orientation and education. HR.2.20 requires that a staff orientation and education program be established in the security management plan. Orientation and education should address the following:

  • Processes for minimizing security risks for personnel in security-sensitive areas
  • Emergency procedures to be followed during security incidents
  • Security incident reporting procedures for patients, visitors, personnel, and property

Performance monitoring. EC.2.10 also requires organizations to establish as part of their plans provisions for ongoing monitoring of program performance regarding actual or potential risks related to one or more of the following:

  • Staff security management knowledge and skill
  • The level of staff participation in security management activities
  • Monitoring and inspection activities
  • Emergency- and incident-reporting procedures that specify when and to whom reports are communicated
  • Inspection, preventive maintenance, and testing of security equipment

According to the Joint Commission, performance standards are an important component of the "feedback loop" of continuous performance improvement that the commission's accreditation standards are designed to foster (see "Program Performance Assessment.")

Emergency security procedures. Under the standard, the security plan must include emergency security procedures that address the following:

  • Actions to be taken in the event of a security incident or failure
  • Handling of civil disturbances and situations involving VIPs or the media
  • Provision of additional staff to control human and vehicle traffic in and around the EC during disasters

Plan review. EC.2.10 requires that the security management plan specify how the objectives, scope, performance, and effectiveness of the plan will be evaluated annually.

Joint Commission surveyors may review the security management plan documents, including performance standards and emergency procedures, and interview staff to determine compliance with this standard.

EC Standards for Security

[3] Program Implementation

Joint Commission standards generally require implementation of each of the seven written EC management plans, including the security plan.

Orientation and education implementation. Joint Commission standard HR.2.20 requires that staff be oriented and educated about the EC and that they possess the knowledge and skill required to perform their responsibilities under the EC management plans. The standard requires that personnel be able to describe or demonstrate knowledge of safety risks in the EC and reporting procedures for security incidents involving patients, visitors, personnel, and property.

In addition, HR.2.20 requires that personnel who work in security-sensitive areas be able to describe or demonstrate the following:

  • Processes for minimizing security risks
  • Emergency procedures for security incidents
  • Reporting procedures for security incidents involving patients, visitors, personnel, and property (for help developing a response plan for infant abductions, see Assaulted and/or Battered Employee Policy)

Joint Commission surveyors may assess compliance with these requirements by reviewing orientation and staff education plans and curricula as well as through interviews with staff and the safety officer.

General implementation. Joint Commission standard EC.2.10 requires implementation of the written management plan and performance standards for security. Compliance with this standard may be evaluated by conducting building tours, observing visitor security procedures, and interviewing staff.

[4] Measuring Outcomes

Joint Commission standard EC.9.10 requires organizations to develop and operate an organizationwide information collection and evaluation system (ICES) to help evaluate and improve conditions in the EC. The ICES is used to aggregate information from each of the seven EC areas, including security, into reports that address program effectiveness and summarize identified problems, needs, and opportunities.

Under EC.9.10, the individual responsible for directing the safety program must review these reports and convey findings to the safety or other committee assigned to address EC issues. Standard EC.9.20 then requires a multidisciplinary group such as the safety committee to analyze the issues, develop recommendations for performance improvement, and submit them to appropriate individuals and management groups. Finally, EC.9.30 requires the individual directing the safety program to work with appropriate staff to implement the recommended actions. For more information on ICES, see Safety Programs-Recordkeeping and Outcomes Measurement.

Program Performance Assessment

[5] Related Joint Commission Requirements

In addition to the EC standards, the following Joint Commission standards also contain requirements relevant to workplace violence and security management issues:

  • Care of Patients-Use of restraints or seclusion should be limited to situations with adequate clinical justification. Staff orientation and education should emphasize prevention and appropriate use of alternatives. Assessment processes should be developed to identify and prevent potential behavioral risk factors (see "Restraint and Seclusion Standards").
  • Management of Information (IM)-Reports on security issues should be forwarded through the IM system network to appropriate leadership.
  • Leadership-Leaders are required to evaluate security reports received through the IM system, prioritize security issues, and develop and implement performance-improvement projects as appropriate.
  • Improving Organization Performance-Projects to improve performance must be developed and implemented.
  • Management of Human Resources-Individuals' performance must be assessed in terms of carrying out the security management program.

Restraint and Seclusion Standards