Category Archives: Hospital Risk-Based Security

Chicago Hospital Ordered to Pay More than $10 Million Dollars to a Female Doctor and 6 Nurses who Filed a Lawsuit for Two Separate Harassment Incidents Including Being Choked by a Doctor, and Another Doctor who installed a Toilet Cam in the Women’s Locker Room

RISKAlert  Report #1073                                      Sept. 19, 2018                                       Chicago, Illinois

The former employees of Advocate Illinois Masonic Medical Center in Chicago won a lawsuit against the
hospital after reporting that hospital doctors harassed them.  The Chicago Tribune reported that the hospital received
reports about violent incidents but did nothing.  The women accused the hospital of failing to act
when violations of the hospital own written policies were reported and then ignored

$7 million of the total amount was awarded to Dr. Caroline Ryan, an anesthesiologist who was choked and
pushed by Dr. Stephen F. Laga, in 2013. The attack was witnessed by several hospital staff members

and also by patients.  Dr. Ryan was asked by hospital administration to drop her report against Laga, who
had a “long and documented” history of violent behavior, says the complaint.   Laga was never disciplined.

The following year, a hidden camera was found on the toilet (Potty Cam?) in the women’s locker room where
women changed clothes and used the restroom.  The camera was planted by Dr. Robert Weiss, an eye surgeon
at Illinois Masonic, who viewed and possibly shared the content.
Weiss was arrested when the camera was
discovered. Although aware of his arrest, the hospital delayed suspending Weiss’ medical privileges
.

The women’s complaint also pointed out that the hospital had ignored previous reports of inappropriate
sexual behavior from Weiss.  The six women were awarded $1.75 million for violations of their privacy and
an additional $2 million for punitive damages. The jury was sending a clear message”, said the women’s
attorney, Jeffrey Kulwin.  He said he believes doctor misconduct has been tolerated because of the money the
doctors bring in to the hospitals.

Today’s verdict against Advocate sends a strong message to Advocate, and employers everywhere,
that violence in the workplace cannot be tolerated, especially at a place as important as a hospital
,”

LESSONS LEARNED:

1.  Having, and Enforcing a strong policy against workplace violence and harassment is a critical
     component of creating a safe workplace, no matter who is being violent against others!

2.  The hospital lost the lawsuit because they blatantly refused to enforce their OWN POLICIES! 

THANKS FOR READING THE RISKAlert Report©

For more information write to:  caroline@riskandsecurityllc.com
We provide the best Facility Risk Assessments, as well as Active Shooter Assessments, Training,
Workplace  Violence Assessments, and  & CMS All Hazards Risk Assessments, Facility Drills &  Training.

www.riskandsecurityllc.com                                                           www.caroline-hamilton.com

#RiskAssessment                                       #CMSImmediateJeopardy                                       #HospitalViolence

FEDERAL JUDGE RULES FOR OCR, FINES MD ANDERSON $ 4.3 MILLION DOLLAR FINE FOR MAJOR HIPAA VIOLATION INVOLVING UNENCRYPTED STOLEN DEVICES AND 33,000 PATIENT RECORDS

In the ruling, the Judge found that The University of Texas MD Anderson Cancer Center (MD Anderson) violated the HIPAA RULE for Privacy and Security Rules and granted summary judgment to the Office for Civil Rights (OCR) on all issues, requiring MD Anderson to pay $4,348,000 in civil money penalties to OCR. The $4.3 million dollar fine is the fourth largest amount ever awarded to OCR.

MD Anderson is an academic institution and a comprehensive cancer treatment and research center located at the Texas Medical Center in Houston.  OCR investigated MD Anderson following three separate data breach reports in 2012 and 2013 involving the theft of an unencrypted laptop from the residence of an MD Anderson employee and the loss of two unencrypted universal serial bus (USB) thumb drives containing the unencrypted electronic protected health information (ePHI) of over 33,500 individuals.

OCR’s investigation found that MD Anderson had written encryption policies going as far back as 2006 and that MD Anderson’s own risk analyses had found that the lack of device-level encryption posed a high risk to the security of ePHI. Despite the encryption policies and high risk findings, MD Anderson did not begin to adopt an enterprise-wide solution to implement encryption of ePHI until 2011, and even then it failed to encrypt its inventory of electronic devices containing ePHI between March 24, 2011 and January 25, 2013.

OCR is serious about protecting health information privacy and will pursue litigation, if necessary, to hold entities responsible for HIPAA violations,” said OCR Director Roger Severino. “We are pleased that the judge upheld our imposition of penalties because it underscores the risks entities take if they fail to implement effective safeguards, such as
data encryption, when required to protect sensitive patient information
.”

LESSONS LEARNED

1.  MD Anderson had written encryption politics going back to 2006, and had identified lack of
encryption as a material weakness in their own risk analysis!

2.  If a HIPAA Risk Analysis identifies a weakness in a critical area like encryption, immediately
start encrypting all electronic devices.

THANKS FOR READING THE RISKAlert Report©
For more information and a free subscription:  write to:  caroline@riskandsecurityllc.com

We provide the best CMS Facility All-Hazards Risk Assessments, HIPAA Risk Analysis, as well as Active Shooter Training,
Workplace Violence Assessments, and Mass Casualty Drills & Training Programs.

www.riskandsecurityllc.com   and   www.caroline-hamilton.com

Western State Hospital (Tacoma, WA), Could Lose $65 Million in Federal Funds as CMS Finds Serious Risk for Exposed Fire System Devices that could be used by Patients to Commit Suicide by Hanging

 

 

 

 

RISKALERT  #1040 – Report Updated:  May 30, 2018

In a memo sent to top staff earlier in the week, “CMS identified a serious risk of harm to patients due to ligature risks
from the fire system in patient care areas of Building 21
,” said the memo, which was obtained by public radio. Building 21 is where civil, or non-criminal, patients are treated on five different wards. Typically a ward has 30 patients. Western State Hospital is a Psychiatric Residential Treatment Center (PRTC) with over 800 beds.

A CMS finding of serious risk of harm is also known as an “immediate jeopardy.”  The memo also said that if the issue is not resolved, funding could be lost in 23 days.

Since 2015, Western State Hospital has been under scrutiny for serious repeat violations that inspectors said put patients and staff at risk. The litany of troubles included violent assaults on patients and staff, the 2016 escape of two high-risk patients and scores of unauthorized patient “walkaways.”

The safety violations were discovered by a team of 22 federal surveyors who were re-inspecting the hospital last week as part of a turnaround plan that is approaching the two-year mark. The sprawling hospital, which serves civil and forensic patients, must meet standards on 26 federal “Conditions of Participation” in order to continue receiving federal funding.

A “root cause” report in 2016 identified ineffective management, staff reductions and turnover leading to patients who felt “neglected” and a “culture of helplessness” among staff. A review by the Department of Corrections also found numerous security gaps including 25,000 master keys unaccounted for.

LESSONS LEARNED

1.   CMS requires all residential treatment facilities to maintain a safe physical environment, and any
identified risk situations should be addressed immediately to prevent loss of CMS reimbursement funds..

  1.  Management must take the lead even in facilities related issues, instead of leaving the improved
    implementations up to lower level staff members.

    THANKS FOR READING THE RISKAlert Report
    ©For more information and a free subscription:  write to:  caroline@riskandsecurityllc.com

    We provide the best Active Shooter Training, Workplace Violence Assessments, and & CMS Facility All-
    Hazards  Risk   Assessments, Drills &  Training Programs.

www.riskandsecurityllc.com   and   www.caroline-hamilton.com

19-year old Teen Victim Sues Michigan Hospital After Being Punched in the Face in the Hospital’s Emergency Room

RISKAlert Report Updated:  April 10, 2018

A nineteen-year old woman is suing Beaumont Hospital in Dearborn, Michigan after she was injured by another patient in the hospital’s emergency room. The entire attack was caught on hospital security video.

The video showed the woman, who was wearing a hijab head scarf, had just started talking to the staff at the ER desk, when, with 5 seconds, an older man came up behind her and started to repeatedly punch her in the head. The man who attacked her, 57-year-old John Deliz, had been dropped off at the hospital by police, after leaving a group home.

Police records show he was warned about harassing others in the hospital lobby before the attack occurred, according to The Detroit News.  Deliz admitted in court that that he had been diagnosed with bipolar disorder and schizophrenia  and had not been taking his medications.

The hospital security staff immediately responded and restrained Deliz, who was subsequently arrested.

The lawsuit claims that “the hospital was aware of his condition as he was brought because he needed mental treatment. Instead of treating him, they discharged him into the ER waiting room,” her lawyer, Mr. Moughni told CBS. “Instead of giving him mental treatment, they put him back in the patient pool, thereby giving way to his attack.”
LESSONS LEARNED:

1.   Using the Emergency Room as a temporary holding area for behavioral health individuals
exposes the hospital to potential lawsuits and liability for any damage they might do.

2.   Behavioral health patients need to be isolated in a holding room and/or continuously supervised, and
not allowed to freely  circulate within the Emergency Room.

THANKS FOR READING THE RISKAlert Report©

For more information and more great content:  write to:  caroline@riskandsecurityllc.com
We provide the best Active Shooter and CMS Facility Risk Assessments, Drills & Training Programs
www.riskandsecurityllc.com   or   www.caroline-hamilton.com

Nurse Shot and Killed in Hospital, after telling off Supply Worker, who also Shoots another employee before Killing himself.

RISKAlert Report Updated:  March 16, 2018

The shooting took place after long-time nursing supervisor, Nancy Swift, 63, told off Trevis Coleman, a hospital Sterile Supply worker, described as “disgruntled” by police.  After fatally shooting Swift, he shot instrument worker, Tim Isley, who is in critical condition.  Coleman then turned the gun on himself, with a fatal shot to the head.

The incident took place at University of Alabama at Birmingham, Highlands’s hospital in Birmingham, Alabama.  UAB Hospital Vice President Anthony Patterson said, ‘We have extensive security measures in place that include police officers on site 24-7 as well as others that we do not publicly disclose in the interest of safety.

“This is a sad day for Birmingham UAB. We lost a colleague and a friend last night,” UAB Hospital Vice President Anthony Patterson said. “First I want to offer my sincerest condolences to the victims who have suffered and to their family and colleagues who are grieving this senseless loss of life and injury, our highest priority is the health and safety of our patients and employees.”
The surviving victim of the shooting, 28-year-old Timothy Isley, is recovering at UAB Hospital. He was the on-duty instrument management supervisor at the time of the shooting. Isley’s father is a Mayor of Springville, Alabama,

UAB Highlands hospital had metal detectors in use at the time of the workplace violence incident.


LESSONS LEARNED:

  1. ‘Disgruntled’ employees need to have a formal case file opened on them, and their
    behavior monitored, if they have the potential to be a threat.
  2.  Keeping all back entrances locked, and using door alarms, can keep staff, and intruders
    from bringing guns and knives into hospitals.


THANKS FOR READING THE RISKAlert Report
©

For more information and more great content:  write to:  caroline@riskandsecurityllc.com

We provide the best Active Shooter and CMS Facility Risk Assessments & Training Programs
 www.riskandsecurityllc.com   or   www.caroline-hamilton.com

Angry Florida Man Steals Hospital’s Ambulance and Drives Home After Waiting Two hours in the Hospital’s Emergency Department

RISKAlert Report Updated:  March 14, 2018

   Ambulance thief, Danny Lee Konieczny, 60,  was drunk and suicidal when First Responders picked him
up after a neighbor called 911.    He was transported to The Villages Regional Hospital, where
he waited two hours in the Emergency Department without seeing a doctor.

Frustrated and angry, he decided to steal the ambulance to drive the 5.7 miles to his home,
according to the arrest affidavit!  He walked outside and stole a Sumter EMS Ambulance, which was
owned by Rural/Metro and equipped with a GPS tracking device.  Rural/Metro personnel were able
to see the theft of the ambulance on a live feed and so deputies followed the GPS to Konieczny’s home.

The suspect had parked the ambulance in the neighbor’s     
driveway, and then hid in the trunk of his car,  where
officers found him and arrested him.   Konieczny is now
facing a felony charge of grand theft of a motor vehicle
following the arrest by Lake County Sheriff’s deputies.

   “He was upset because he was just put in the hallway
to wait and was not being seen at the hospital
,”
the
deputy wrote in the arrest report.  The ambulance was
recovered intact and returned to Rural/Metro.


LESSONS LEARNED:

  1. Ambulance theft is relatively common but easy to prevent. Experts recommend
    making sure to turn off the engine and lock all ambulance doors.
  2. There are keypad systems that can be installed to prevent someone from driving away in
    an ambulance, when the engine has been left running.

THANKS FOR READING THE RISKAlert Report©

For more information and more great content:  write to:  caroline@riskandsecurityllc.com

We provide the best Active Shooter and CMS Facility Risk Assessments,
Active Shooter and Security- Safety and Compliance  training.

 www.riskandsecurityllc.com   or   www.caroline-hamilton.com

RISKAlert Case Study #841 – Physician Shot & Killed in Metairie

Dateline:  March 25, 2016 – New Orleans, Louisiana

A local Doctor was shot and killed by a patient while he treated others in his office near East Jefferson General Hospital in New Orleans yesterday.

The 73-year old shooter walked into the doctor’s office, and killed the doctor with a single shot to the head.  He then ran out of the office and into a Wendy’s restaurant.  Jefferson Parish Sheriff’s Office deputies were nearby and they responded and chased the shooter into a nearby Wendy’s restaurant, where the shooter killed himself by putting the gun in his mouth and pulling the trigger.

The doctor, 75-year old Dr. Elbert Goodier, a urologist,  was treating patients at the time of the shooting.  Colleagues said that Dr. Goodier was a very kind and popular physician.  The shooter’s family said that the shooter had been treated by Dr. Goodier in the past.  While the shooter did not have a criminal background, his family said that he had suffered from mental illness in the past.

Dr. Goodier had practiced for 50 years in the New Orleans area, according to East Jefferson General Hospital.

According to Wendy’s employees, a woman was placing her order when
the shooter pulled the triggeWendysShooter-NOLAr as the deputies advanced on him.   The man’s body remained inside of Wendy’s more than an hour after the shootings. Yellow police tape cordoned off the parking lot and the hospital’s exit lanes. Some workers and patrons were also still in the building as of 4 p.m., speaking with
investigators. Outside, other workers, concerned relatives and onlookers watched.

This type of shooting, the Baby Boomer Shooter, is the second attack on a urologist, and one in an increasing number of seniors who attack their physicians.  Another shooter killed his urologist in Reno, Nevada and injured two others before taking his own life. The shooter said had struggled for 3 years with ailments resulting from a botched vasectomy, according to messages he posted on an online support group and a law enforcement investigation.


Lesson Learned
:

While doctors have not been a target in the past, they have been shot and killed recently by patients unhappy with medical results.  All hospitals and medical offices should review their access controls systems, based on the increasing, and alarming rate of attacks on healthcare workers.

                    Stay Alert and make sure to subscribe to RISKAlerts
Sign Up at: caroline@riskandsecurityllc.com

Doctor Shot and Killed in Grudge Shooting Over “Mom”

RISKAlert- Active Shooter   No. 625,   January 21, 2015, Boston, Mass.

Middle-Aged Shooter kills Cardiologist at Brigham and Women’s Hospital, and then Kills
Himself, in an apparent Grudge Shooting Because the Doctor had Operated on his Mother.

On Tuesday morning on Jan. 21, at 11 am, Stephen Pasceri, 55, walked into the Shapiro Center
at Brigham and Women’s Hospital, and asked to see cardiologist, Dr. Michael J. Davidson.  When
he saw Dr. Davidson, outside of an exam, he shot him twice, critically injuring him.

Dr. Davidson later died from his injuries. Pasceri then went to the 2nd floor and killed himself with a gunshot
to the head.  Later, it was discovered that Dr. Davidson had operated on Pasceri’s mother, Marguerite, and
she had died on November 15, 2014. Pasceri’s sister was quoted as saying, “He loved his mom, and he
loved her very much. He appeared 
to be handling her death well,” the sister said of her brother.

“Everything seemed to be going really well. I have no idea why he snapped like this.
He was a great guy. He took care of his family, he had a beautiful house and he has four
beautiful children. 
He was an upstanding citizen.”

The hospital locked down and rushed Dr. Davidson into surgery, but he died during the night from his injuries.
Brigham and Women’s Hospital’s COO said the hospital was one of the first to institute an active shooter
training program. The hospital does not use metal detectors.

Lessons Learned :    “A is for Access Control”

1.  Metal Detectors can be are a reliable tool to Prevent In-Hospital Shootings.

2.  Active Shooter Drills are NOT ENOUGH as these incidents unfold in just a few minutes.

3.  Installing ‘NO WEAPONS’ Signage at Entrances can be a deterrent to these first time shooters.

Despite having a good job, family, and a beautiful home, when confronted with a mid-life crisis, his mother’s
death, another middle-aged  shooter goes to a hospital and shoots the doctor, in a scenario that resembles
the 
Johns Hopkins shooting in 2010.   To protect staff and patients, hospitals will have to increase their
security protective measures, including use of metal detectors, no weapons signage and
situational awareness of the staff.

RISKAlerts is a publication of Risk & Security LLC.
To subscribe, write to: info@riskandsecurityllc.com

RISKAlert November, 2014 Updated Incident Planning for Healthcare Facilities

Incorporating Active Shooter Incident Planning into Health Care Facility Emergency Operations Plans

National preparedness efforts, including planning, are based on U.S. Presidential Policy Directive (PPD) 8: Preparedness, which was signed by the President in March 2011.  This updated  directive represents an “evolution” in understanding of national preparedness based on lessons learned from rom natural disasters like Hurricane Sandy, terrorist acts like the Boston Bombing and active shooter and other violent incidents.

Preparedness is centered in five areas: Prevention, Protection, Mitigation, Response, and Recovery. These concepts are applied to Health Care Facility (HCFs) Planning for active shooters and other violent incidents.

Emergency Operations Plans for Health Care Facilities (EOPs) should be living documents that are routinely reviewed and consider all types of hazards, including the possibility of an active shooter or terrorist incident. As law enforcement continues to draw lessons learned from actual emergencies, HCFs should incorporate those lessons learned into existing emergency plans or in newly created EOPs.

It advises a whole community approach that includes staff, patients, and visitors as well as individuals with access and functional needs. Examples of these populations include children, older adults, pregnant women, individuals with disabilities, etc.

The key concepts include not only familiar concepts like “Run-Hide-Fight” but also concepts on addressing a wider range of risks (threats), how to do drills, improvement of situational awareness activities, expanding the definitions of risks, how to do Psychological First Aid (PFA), and how to integrate these with HIPAA guidelines and Rules and the importance and role of Security in Emergency Operations Planning (EOPs).

Lesson  Learned :    Don’t Wait to Respond!

A 2005 investigation by the National Institute of Standards and Technology into the collapse of the World Trade Center towers on September 11, 2001, found that people close to the floors impacted waited longer to start evacuating than those on unaffected floors.   Similarly, during the Virginia Tech shooting, individuals on campus responded to the shooting with varying degrees of urgency. (ref:  Federal Building and Fire Safety Investigation of the World Trade Center Disaster: Occupant Behavior, Egress, and Emergency Communications.)

            Frequent Security Situational Awareness Training, and Active Shooter –
Disaster Drills can prevent this “frozen” phenomena and save lives in
a violent incident , a terrorist attack, or a disaster scenario.


RISKAlerts are
publications of Risk & Security LLC

How to Build a New, Risk-Based Police Model that Really Works

Law Enforcement Can Transform Itself by Turning to a Risk-Based Policing Model

Watching the protests across the country over the last few months,  the two groups, the Citizens and the Police, as polarized as the US Congress, I think, we can do BETTER than this. We can make police officers RISK OFFICERS for their communities.

The current stereotypes of police with military-style weapons and protective gear, is counterproductive, just like the stereotype of poor, uneducated, violent, drug-using citizens is also counterproductive to progress.

Most departments are still working with the historical model of law enforcement that is still followed religiously around the country, even though it is over 100 years old.  This model is totally ” Enforcement ” oriented.  Something bad happens, police go find the perpetrator and arrest them.

At the same time, cities and counties are having a hard time enlisting new officers, in fact, in Police Chief Magazine in the December 2014 issue, they point out that 80% of departments are having major recruitment problems. Young men don’t want to become ‘traditional’ police officers. The role needs to change.

The model of law enforcement is at a point when it needs to change, and to evolve into a risk-basedcrime-preventive model, instead of a total arrest and subdue model. 

The benefit would be a different kind of police force, one that is more educated, more  tech-savvy, and problem solving, and focused heavy on prevention.

Instead of educating police officers on some goofy model of how to talk to people, they need to get educated on threat-risk techniques.  They need to be able to go to a neighborhood, pro-actively and come up with a risk assessment for that neighborhood,  followed by a plan to improve the lives of the people who live
there.  Just like we use interviews and surveys for our high-tech risk assessments, these officers could do the same thing.

Police officers today perform only a narrow range of activities.  This great group of ethical professional officers COULD DO SO MUCH MORE.  

 

In the next article, we’ll include suggestions on how to make the change.