As safe as houses?

By the 1990s, there was recognition through most of the NHS that security was an issue that needed to be addressed. Comments made in 1993 by Sir David Nicholls, the then chief executive of the NHS Confederation, that “hospitals are supermarkets without tills”, epitomised the poor state of healthcare security – crime, activities risking the reputations of Trusts, poor asset protection and the unauthorised release of information.
Security can be simply defined as the protection of people, property, equipment and resources from loss, damage and interference. While always difficult to predict, probable future threats include the consequences of a pandemic and the necessity to store vaccines and medicines under secure conditions against civil disturbance; isolation of patients (pandemics, military casualties); and the growth of industrial espionage – particularly relevant to healthcare research.

A screen for terrorism
We have very recently seen that the culture of the NHS is probably being used by militant fundamentalists as a screen for their terrorist activities. This event may well prove a turning point in an evolution in the management of protective healthcare security and the NHS contributes to global and national security. Although Sir David was referring to crime, low quality security officers, cheap security systems and a failure to invest, he highlighted the widespread belief that hospitals were immune from breaches of security.
In 1997 the Counter Fraud Service (CFS) showed just how extensive fraud was throughout public and private healthcare, and it remains a significant cost to the public purse. The campaign to address violence and aggression led, in January 2003, to the expansion of the CFS into the Counter Fraud and Security Management Service (CFSMS) with a mission “to provide the best protection for its patients, staff, professionals and property” and develop “policy and operational responsibility…for the management of security in the NHS”. This strategy is described in A Professional Approach to Managing Security in the NHS, which is available on the CFSMS website.
Two powerful Secretary of State of Health Directions led, in November 2003, to initiatives to tackle violence and aggression against NHS staff and then in March 2004 that every health body must nominate a board level representative to take responsibility for security management issues – the security management director – and appoint a local security management specialist (LSMS) – NHS speak for ‘security manager’.
With financial constraints and no additional budgets to tackle this statutory requirement, there was no great rush to appoint. However, it has been interesting to witness healthcare bodies realising that protective security is a business discipline that can help, given the opportunity, the health of the organisation
by contributing to matters traditionally considered to be clinical-only issues, such as tackling infection control with access control, quite apart from contri- buting to a healthy budget.

Wider remit
With the centre of power moving to the PCTs, cultural perceptions threatens the development of the expertise, not the least of which is the belief that anyone can be appointed as security managers. This is as questionable as appointing finance directors without accountancy qualifications and equally debatable of the practice of lumping security with another irrelevant discipline, traditionally car parking, and the splitting of security issues, such as risk management, information security and fraud, between several departments. Security has developed into a complex discipline and although all LSMS undergo foundation security management training, the fact is modern healthcare security practitioners now have a much wider remit in a rapidly changing technological business environment.
There is no doubt of the value of the SMS as a strategic organisation developing such activities as nationwide communications to pass security alerts and negotiating Memorandums of Understanding with the Healthcare Commission, Health and Safety Executive, Crown Prosecution Service, National Offender Management Service and Association of Chief Police Officers. PCTs are beginning to see the benefits of such association.
A valuable but numerically limited resource are area security management specialists (ASMS) directly employed by the SMS to support LSMS. Quality inspection teams are also being assembled. A weakness of the SMS has been a reliance of appointing CFS into security slots.
In the early days of the development of healthcare security, security managers in forward-thinking Trusts, mainly acute, banded to form the National Association for Healthcare Security (NAHS) and worked with NHS Estates to develop the direction of healthcare security. The NAHS aims to work closely with the SMS in offering its expertise and policies and procedures developed by experienced security managers over the years that can be adopted to be fit for purpose from its library.
In conclusion, for decades the healthcare ignored the managing the security threats and relied upon the police. It is now paying the penalty with ‘catch up’ security in the international arena. Remaining unprepared to recognise and meet the national and global threats is no longer acceptable, particularly as society develops and there are demands for a minimum security standard. This is not to say that for some health bodies, struggling with finances and with a culture that does not assimilate security, the journey will be painless.
While the SMS is beneficial, the fact is that front line security practitioners in health bodies need the support. While finance directors will always claim that security is difficult to justify, this is a short term solution and regularly proven to be flawed. Failure to allocate security management a realistic fair share of the budget risks the credibility of the organisation to contribute to the public purse. Security is not as expensive as insecurity.
In the end, healthcare security means “providing for the protection and safety of all persons interacting in the delivery of medical care and safeguarding public and private assets against theft, fraud, damage and disruption which could be detrimental to the continuation of patient care” (Home Office). Hospitals must no longer be supermarkets without tills. Patients, staff and visitors, who see security more than police officers every day, demand protection.

For more information

Supplier Profiles

Rubrik UK Limited

Rubrik is a cybersecurity company, and our mission is to secure the world’s data.


Are you ever frustrated by people losing their keys for lockers, desk pedestals, filing cabinets,