Support for security provision

The current economic climate should prompt all sectors to focus on identifying existing and emerging security threats and re-evaluate their strategies to respond to these risks. Healthcare establishments – e.g. hospitals, doctors’ surgeries, and pharmacies – are no exception. In a time of budget cuts, it can be difficult to justify spend on seemingly non-essential work. However, as this article argues, investing time and money in assessing security and developing an effective security strategy is not only imperative but can also save money in the longer term.

Readers will be well aware of the array of risks healthcare professionals face. Suffice to say that traditional security threats to healthcare establishments typically encompass a range of crime types from violence to prescription fraud. It is clear that some traditional crime prevention techniques would not be appropriate in a healthcare environment – for example, access control measures in accident and emergency departments. Therefore, counter measures need to be able to tackle offences without compromising other priorities such as patient care and staff safety.

Accurate recording of information on incidents is key to understanding the scale and nature of existing security problems, providing the first step in the problem solving process. This information can be used to inform risk assessments, and then to help form ideas about how to counter future security risks.


Risk assessment is central to the development of an effective security strategy. Healthcare providers face a range of threats and it is imperative that organisations consider how budget cuts could impact on the risk of crime occurring, as well as their ability to effectively deal with the problem. Once threats have been identified, the likelihood of each threat occurring has to be weighed against the scale of the impact.

Our role as security professionals, or stakeholders in the healthcare system, is to (a) reduce the likelihood of the risk occurring, and/or (b) reduce the impact if the risk does occur. For example, if the likelihood of a burglary of a pharmacy is ‘likely’ and the impact is ‘moderate’, the risk of the incident is scored as 12. If the pharmacy is secured with new locks and reinforced doors then burglary may become ‘unlikely.’ Although in this case the impact does not change, the likelihood has fallen – halving the risk score to 6.

It is important to remember that changes in circumstances can impact on risk assessment affecting likelihood and impact. For example, if funding for security officers is cut but the likelihood of violence remains stable, the potential impact will increase, as it is possible that more injuries will be incurred before the incident is stopped. Thus although likelihood is unchanged, the impact is much greater, increasing the risk score. The implications for accident and emergency (A&E) departments on weekend evenings are clear here.

The security strategy is a key step in the process by which management’s expectations for security are translated into specific, measurable, and verifiable goals. In the absence of a security strategy specifying and communicating these expectations, staff will implement their own methods.


The risk management process is cyclical, as illustrated in Figure 1.
The risk assessment feeds in at the evaluate risk stage, with the development and implementation of a security strategy feeding into the subsequent two steps. As with all strategies, these need to be reviewed to monitor whether the assets (i.e. what you want to protect) have changed, and whether there are any emerging threats or vulnerabilities. Risk can then be re-evaluated and the security strategy amended accordingly.

Changing times signal an appropriate time to review the risks faced, to ensure that emerging risks are identified and suitable counter measures put in place. For example, the risk of property crime increases during a recession, and if budget cuts means that this is combined with reduced spending on physical security measures, it is easy to see how healthcare establishments could face increasing burglary problems. It would therefore be important to consider setting money aside to improve the physical security of vulnerable buildings.


Security risk assessment can be a complex process, and there is a wide range of support and training on offer which can help healthcare professionals to implement risk assessments and develop security strategies. Key topics that can be useful include:

•    Identification of existing and emerging threats
•    How to measure and record incidents
•    How to weigh up likelihood and risk
•    What security measures are available and how and when to use them
•    Developing innovative methods to improve security
•    How to plan and implement a security strategy
•    Targeting spend on security in the most effective way
•    Communicating the strategy to staff, patients, and visitors

Investing in good quality security and risk training provides staff with the key skills needed to identify and respond to risks. This will ensure risks are minimised reducing the likelihood, and potentially the impact, of crime.

About Perpetuity

Perpetuity Training is leading training company specialising in security, crime, and risk management. We offer a range of short courses including BTEC Level 4 Professional Awards in Managing Security Surveys, and Security Management, and a high quality course on Managing Hospital Security.

For more information:

Tel: 0116 222 5550