Category Archives: Risk Assessment & Compliance

An overview and information source for risk analysis and requirement compliance for IT and online security systems to ensure compliance with regulations such as: FFIEC, NERC, GLBA, BSA, NCUA, ISO 17799, ISO 27001 and many others.

Shooting at University of Cincinnati Medical Center Ends in Suicide

“I thought he was going to kill everyone”, said the witness taking her child to Cincinnati Children’s
Hospital and Medical Center, before a 20-year-old shot and killed himself after shooting a University of
Cinncinnati Health security guard inside the UC psychiatric emergency services facility.

The man the witness saw was Isaiah Currie, 20, who eventually shot himself after shooting a UC Health security
guard inside the psychiatric emergency services facility on Burnet Avenue.

“He was focused. It was, ‘I’m here to do what I need to do and that’s it,'” she said. “I see him do this and
then drop (the gun) down and then I see the concrete come up, where the bullet had hit the concrete.
I thought he was on his way into the facility and I thought, ‘Oh, my god, he is going to kill everybody

At this point, the witness called 911 to report the suspect. Authorities didn’t know where or how Currie
obtained the two handguns he carried into the lobby Wednesday at UC Medical Center’s Emergency Psychiatric
Services. Cincinnati Police Eliot Isaac said at news conference Thursday that one of the guns had been
reported stolen in Kentucky.

Currie, 20, who had a history of mental illness, shot the security officer twice in the torso, before turning the gun on himself. The officer was reported to be seriously injured.


1. Even when the witness saw the shooter advancing on the hospital, and called 911 – IT WAS ALREADY TOO LATE! Police could not get there in time to prevent the shooting. For an Emergency Psychiatric
facility, use of metal detectors is a MUST HAVE.


For more information and more great content:

#ActiveShooter #RISKAlerts #riskandsecurityllc

Patient Killed at Hospital


RISKAlert Report Updated:  Jan. 15, 2018

A 46-year old patient, identified as Andrew Merryman, was in a hospital treatment room with his wife on the 14th floor of the Center for Advanced Medicine at 10 a.m. Friday morning.

According to St. Louis Police Lt. Col. Rochelle D. Jones, Merryman pushed his way out of the om and pulled out two pocket knives, she said. As Merryman came down the hall, Jones called security and two officers responded.    Two officers arrived and ordered Merryman to drop the knives. He refused, so both officers fired their guns, killing him. He died at the scene.

Police commented that Mr. Merryman was suicidal and had been treated for depression. Lt. Col. Jones said the guards were being questioned by police as part of the investigation.

Kara Price Shannon, a spokeswoman for Barnes-Jewish Hospital, said police are handling the investigation and directed all questions to them.  “There is no threat to the public or our patients,” she told the Post-Dispatch shortly after the shooting.



  1.  All incoming patients in emotional distress, should be wanded with a metal detector as
    a condition of treatment.  Weapons can be returned as the patient leaves the hospital.

2.  A recent study by Johns Hopkins, discovered that most hospital shootings take
place in the Emergency Room (29%), and only 19% in a patient room.



For more information and more great content: or

#activeshooterhospital #hospitalsecurity #patientshot



Updated:  Jan. 9, 2018

The Long Beach, Calif. Police Department named John Alexander Mendoza, 58, of Redondo Beach, Calif., as the man who shot his two colleagues, one died at the scene, and other was injured at the scene, on Friday afternoon, January 5, 2018.

Attorneys at the Perona, Langer, Beck, Serbin, Mendoza and Harrison firm   in the Long Beach neighborhood of Bixby Knolls, were attending the firm’s holiday party, when Mendoza entered the offices shooting.

Major A. Langer, the firm’s Managing Partner, 75, was killed and Ronald Beck, 64, was wounded in what police called a workplace violence incident.  After shooting Langer and Beck, Mendoza turned the gun on himself. The shooting occurred during a holiday party at the firm when others were present.

Mendoza had apparently been fired earlier in the day, but returned to the firm’s party.  On a report of an active shooter, Long Beach police officers swarmed to the office building. Believing an active shooter was still at work, police formed a small team and quickly went into the office looking for the gunman and any victims, according to a police source briefed on the incident. As they scoured the building, police reportedly came upon multiple groups of screaming and crying workers still hiding or trying to flee, but eventually confirmed the gunman was dead.

The firm has eleven offices in southern California and represented clients including Motley Crue, Pamela Anderson and  Tommy Lee.

Mendoza had worked at Perona Langer Beck for 10 years, said Michael Waks, a lawyer who also has offices in the same building where Perona Langer Beck is located in Long Beach. Mendoza specialized in workers compensation cases.


For more information and more great content:   or

#LongBeachShooting              #RISKAlertReport

Deaths in Florida Nursing Home Rise to 10 – Will Climb Higher

A tenth patient from a Florida nursing home that lost power during Hurricane Irma died Wednesday, as state officials suspended the facility’s license.

On Friday, September 22,   the Hollywood Police Department announced the death of another resident,  94-year-old Martha Murray.

The Agency for Health Care Administration (ACHA) said Wednesday it suspended the license of the Rehabilitation Center at Hollywood Hills, after previously banning the facility from admitting new patients and from receiving Medicaid.

“As more information has come to light on this egregious situation, this facility absolutely cannot continue to have access to patients,” Agency Secretary Justin Senior said in a statement. “This facility failed its residents multiple times throughout this horrifying ordeal.”

The Hollywood Hills Rehabilitation facility was covered in yellow crime scene tape, with highly visible police vehicles.

Convicted embezzler, Dr. Jack Michel, was the owner of the facility where ten seniors died after the generator failed to
function.  The facility has a long list of maintenance problems, lack of care of the patients, and worse.

8 Dead in Nursing Home Disaster in Hollywood, Florida

RISK Alert   #924                #HollywoodDeaths        #CMSFinalRule         #nursinghome   

Dateline,   September 14, 2017,  Fort Lauderdale, FL


The impact of Hurricane Irma on healthcare care organizations in Florida came home yesterday when it was discovered that 8 elderly patients died in a nursing home just north of Miami, in Hollywood, Florida.  Florida Gov. Rick Scott called the situation “unfathomable,” promising to “aggressively demand answers on how this tragic event took place.”

Hollywood police launched a criminal investigation, and agents from the state attorney general’s office and the state Agency for Health Care Administration were on the scene, authorities said. State officials closed the
facil Wednesday night and barred it from admitting new patients.

“This was a terrible incident. The scene was chaotic when I arrived,” said Dr. Randy Katz, medical director for emergency services at Memorial Healthcare System, where about a dozen of the 158 people who were evacuated from the facility were admitted for respiratory distress, dehydration and heat-related issues.

Katz said so many patients needed assistance that his hospital, which is just down the street, called in more than 50 doctors, nurses and other staffers under a mass casualty protocol.

Fire crews were first called to the Hollywood Hills facility at 3 a.m. ET for a report of a cardiac arrest. More fire and emergency response crews were sent when a second call came in at 4 a.m. for a patient having breathing issues, she said. Three people were found dead on the second floor, and by 6:15 a.m., a full-scale evacuation of the facility was underway.

The new CMS Final Rule on Emergency Preparedness stresses the Dr. Donald Miller, an ER doctor, added, “Nursing home patients are generally more frail than the normal population and we need to have controls in place to guard their safety in a crisis situation, like Hurricane Irma.”

Lessons Learned:

1.  Nursing homes need to be on a first name basis with other providers so they can shift patients to safer
facilities during severe weather emergencies like Irma and Harvey.  The new CMS Final Rule on
Emergency Preparedness spells like the procedures for these emergencies.

2.  The November 15, 2017 Deadline for 17 Healthcare Providers to finish their All-Hazards Facility Risk
Assessments is fast approaching.  Emergency Communication Plans need to be finalized, in addition to
staff training and community drills precisely to PREVENT THESE INCIDENTS IN THE FUTURE.

RISKAlerts is a
publication of Risk & Security LLC

Write to for more information on the new CMS
Emergency Preparedness Program, including All Hazards Facility Risk Assessments

RISKAlert No. 843 March 31, 2016 Patient Dies After 6th Floor Fall from Hospital Room

RISKAlert # 843 -March 31, 2016

Maine patient, hospitalized with a severe brain injury after a motorcycle accident, climbed out of a 6th floor window in the hospital and fell to his death at 5:10 pm on March 29th.

Paul Cady, 43, from Hollis, Maine, had entered the hospital on March 9th, after a motorcycle accident, and had been in a medically-induced coma for a period of time following the accident.  His family emphatically stated he was not trying to commit suicide, but that he was only trying to get home to his family.

Portland, Maine -- 03/30/16 -- Paul Cady, as seen in an undated photo provided by his daughter, Miranda Cady. Paul Cady died Tuesday evening after falling from his sixth story window at Maine Medical Center in Portland. Courtesy photo

In Maine, like other states, newly constructed hospital facilities must meet the American Institute of Architects 2006 general guidelines for hospitals, which doesn’t require windows in patient rooms to be operable.  However, if windows in patient rooms are able to be opened, “operation of such windows shall be restricted to inhibit possible escape or suicide,” the standards state.

Recently, hospitals have recognized the value of fresh air and ventilation, but as a Life Safety issue, the amount that the window opens has been regulated by CMS, the Centers for Medicare and Medicaid.  Studies that shown that windows provide a positive effect on both healing and on patient satisfaction, whether the windows can be opened or not.

Registered Architect Gene Wells of Marshall Erdman & Associates, a leading national health care design and construction firm, offers the following: “In today’s hospital, huge efforts are being made to create a healing environment for patients and their families. A non-institutional approach lessens the stress level for people who already have too much stress and leads to better outcomes. Patient’s rooms, in particular, are often designed to reflect local culture, connect with nature or create a hotel-like environment. Operable windows can be an integral part of this atmosphere.

Lessons Learned:

1.  Patient falls from hospital windows are extremely rare in the United States.
2.  This type of incident can create a potential liability issue for healthcare organizations.

                                       RISKAlerts®  are published by Risk & Security LLC
                                   To subscribe:  write to:

Paris Attacks are opening shot in plan to exterminate Western Civilization

The six simultaneous attacks on Paris last night were the opening salvo in a long-planned event designed
to exterminate Western Civilization as we know it.

This is not the teenage shooter with acne and an AK15, these were trained killers, who, according to witness
statements, were professional, controlled and had no interest or compassion for their victims.  They could have
been shooting at a beer can instead of a young girl.   This is different from other terrorists attacks because it is

ATTENTION EDITORS - VISUAL COVERAGE OF SCENES OF INJURY OR DEATHGeneral view of the scene with rescue service personnel working near covered bodies outside a restaurant following shooting incidents in Paris, France, November 13, 2015.   REUTERS/Philippe Wojazer      TPX IMAGES OF THE DAY

carried out without emotion.  These terrorists are not killing PEOPLE, they are exterminating western culture, along with the people.   We saw this in Palmyra where treasured antiquities were destroyed, and ISIS plans to exterminate every vestige of
our western culture.

Security measures that may have worked for individual shooters, or small splinter group will not defeat ISIS.
We have been directly targeted and need to take drastic measures and take them immediately.  This assault
has no room left for political correctness, for ‘measured response”, or anything else.  We need to exterminate
this threat quickly and completely to maintain our quality of life.

Everything is at stake now, our paintings, our music, our art, our designer jeans, our freedom of expression,
our families and, ultimately, our lives.  As western leaders meet today, I hope they plan to present an overwhelming
attack aimed precisely at ISIS, with a show of force designed to blow them off the face of the earth.

RISK Alert #790 – St. Cloud Hospital Shooting Threatens CMS Funding

St. Cloud Hospital in Aitkin County, Minnesota, has been threatened with losing Medicare funding by CMS, after a shooting incident where a suicidal patient took the security officers gun and shot him to death
in the hospital.

According to a review by the Center for Medicare and Medicaid Services. The patient, Danny
Hammond, age 50,  told staff he was going to kill himself and any man who came into his room, as soon as he had the chance, the CMS report said. 

Hammond  had been airlifted to the hospital the morning of Oct. 12 after attempting suicide by an intentional overdose, according to the report. He had several warrants out for his arrest after being charged with kidnapping and assaulting his wife, and the hospital obtained the services of Aitkin County officers to monitor Hammond in his hospital room.



At 5:10 a.m. that morning, Hammond charged at Aitkin County deputy Steven Sandberg, took his gun, and fatally shot him. Hammond was subdued with a stun gun and later died.

The CMS Report cites the hospital, “The hospital’s failure to provide direct psychiatric care to the patient … resulted in the patient’s ability to obtain and engage the firearm of a peace officer,” the report said.

In response to the report, the hospital submitted a plan of correction updating its policies and training. According to the document, the hospital already has started mandatory training for staff reinforcing requirements that 72-hour holds can be ordered only by physicians, and that psychiatric consultations and treatment must continue until the hold is lifted. The attending physician and psychiatric provider must agree that services or treatment are no longer necessary.

Lessons  Learned :

Make sure the entire staff has current updated policies and procedures, mandated training which is continually checked and updated.

CMS is becoming more active in tracking shootings and violent incidents in
hospitals, using Medicare and Medicaid funding as a hammer to ensure compliance.

                    Stay Alert and make sure to subscribe to RISKAlerts

A Publication of Risk & Security LLC

NJ Hospital Battles OSHA on Assault Report

Dateline: Paramus , New Jersey,  September 15, 2015

RISK Alert   Case Study   #780

Bergen Regional Medical Center to Hires Law Firm to Fight OSHA on Proposed Fine
for High Number of Workplace Violence Incidents against the Hospital Staff.

Bergen Hospital has been investigated by OSHA (Occupational Safety and Health Administration)
in the past.  In 2014, OSHA found that management “had not developed or implemented adequate
measures to protect workers from assaults

nurse-bruiseOSHA noted that there were 45 incidents of workplace violence in 2013 and 10 in the first quarter of 2014.  OSHA announced the citation this month and a proposed fine of $13,600.

Incidents cited in the OSHA report included:

       A lab tech trying to draw blood was punched.

A security guard was kicked and bitten.

A nurse was pushed to the floor after she intervened when a
patient on patient attack

A mental health assistant was trapped in a room with a patient,
who barricaded himself in his room after he charged and threatened employees.

The OSHA investigation and proposed fine at Bergen Regional mirrors the experience of staff members in hospitals, clinics, and behavioral health organizations around the country, who are all affected by the new OSHA 3148 regulations, which were introduced in 2015 to fight the rising violent incidents occurring in hospitals around the U.S.

The recent update of OSHA 3148 requires Annual Workplace Risk Assessments.
Read the entire text of OSHA 3148, Guidelines for Preventing Workplace Violence at

Lessons Learned:

1.  Any organization that accepts money from any Federal agency has to attest
     that they are up to date with all Federal requirements, including OSHA 3148.

2.  Bergen Regional Medical Center may end up spending more on lawyers
    than the cost of the fine ($13,000).

     WEBINARS at

RISKAlert® is a publication of Risk & Security LLC

To subscribe to #RISKAlerts® and never miss a #RISKAlert–
write to:


SISCO Teams Up with RISK & SECURITY LLC with Security Solutions

For Immediate Release

July 6, 2015 



A new software solution that tracks visitors in any hospital, health care facility, office or manufacturing plant, that blends safety and risk management together meeting all the new compliance guidelines, will be co-marketed by SISCO, (West Palm Beach), and RISK & SECURITY LLC, (Boca Raton)  together
in a new Risk & Security Team partnership.

The Joint Commission has said it expects hospitals to be able to automatically identify every person
in their hospital, at any time.  Besides obviously helping in the FEMA Hospital emergency scenarios,
It also complies with the new CMS Standards for Hospital Security, Safety and Emergency Preparedness
and the new OSHA 3148 standards for controlling and minimizing workplace violence in high-risk
facilities including hospitals and healthcare organizations.

The Fast-Pass© solution is a complete and easy to use security and safety computer application that allows any organization to credential visitors in less than 15 seconds, authorize passage and issue a pass for facility access. The process is seamless and in compliance with Joint Commission guidelines

According to Caroline Ramsey-Hamilton, CEO of Risk & Security LLC, “The new Fast-Pass©
solution is an incredible value for hospitals, healthcare organizations, and other organizations that want
to improve security and prevent unauthorized access.  We are worked with Anthony Zagami for 15 years, and are happy to formalize our partnership with SISCO, which will include a series of sponsored webinars, podcasts and videos to assist security experts dealing with critical security issues.

Hamilton’s industry-leading RISK-Pro software app includes over 75 recommended controls for hospitals, and SISCO is the first vendor identified as meeting the stringent RISK-Pro® standards
for security controls.

Nationwide, Security in hospitals and other high-risk facilities has become a top national concern, as the 55+ plus baby boomers age, and require more healthcare services.  The number of violent and active shooter incidents in hospitals has also increased dramatically over the last 10 years, prompting an array of new security and emergency guidelines and standards designed to reduce violence and protect hospital staff, patients, and visitors.

About Sisco

SISCO is the leading provider of Identity Management Solutions for the Healthcare industry, Maritime, Education, Corporations, Government and Law Enforcement Agencies.  SISCO provides the most superior solution available today as well as expert installation, comprehensive training and unsurpassed customer service which in turn, provides its customers with front line protection for safer working environments.  Please visit or contact at

About Risk & Security LLC

Risk & Security LLC is a security risk assessment and risk analysis company with over 75 years
of combined expertise in security risk assessment, hospital security and emergency preparedness systems.  It developed the top-rated RISK-Pro software app to  help
organizations assess their security risk, active shooter risk, and automatically recommend
cost-effective solutions by Return On Investment.

Risk & Security partners with security companies around the world to provide state-of-the-art security solutions to analyze risk, pro-actively manage emergency preparedness, and recommend
cost-effective security controls justified by return on investment metrics.

Contact Information:

Caroline Ramsey Hamilton

Phone: 301-346-9055