Category Archives: Risk Assessment & Compliance

An overview and information source for risk analysis and requirement compliance for IT and online security systems to ensure compliance with regulations such as: FFIEC, NERC, GLBA, BSA, NCUA, ISO 17799, ISO 27001 and many others.

Deaths in Florida Nursing Home Rise to 10 – Will Climb Higher

A tenth patient from a Florida nursing home that lost power during Hurricane Irma died Wednesday, as state officials suspended the facility’s license.

On Friday, September 22,   the Hollywood Police Department announced the death of another resident,  94-year-old Martha Murray.

The Agency for Health Care Administration (ACHA) said Wednesday it suspended the license of the Rehabilitation Center at Hollywood Hills, after previously banning the facility from admitting new patients and from receiving Medicaid.

“As more information has come to light on this egregious situation, this facility absolutely cannot continue to have access to patients,” Agency Secretary Justin Senior said in a statement. “This facility failed its residents multiple times throughout this horrifying ordeal.”

The Hollywood Hills Rehabilitation facility was covered in yellow crime scene tape, with highly visible police vehicles.

Convicted embezzler, Dr. Jack Michel, was the owner of the facility where ten seniors died after the generator failed to
function.  The facility has a long list of maintenance problems, lack of care of the patients, and worse.

8 Dead in Nursing Home Disaster in Hollywood, Florida

RISK Alert   #924                #HollywoodDeaths        #CMSFinalRule         #nursinghome   

Dateline,   September 14, 2017,  Fort Lauderdale, FL

8 DEAD IN HOLLYWOOD, FL NURSING HOME DISASTER AFTER IRMA.  PATIENTS DIED AFTER
GENERATOR FAILED AND TEMPS REACHED 100 DEGREES.  CRIMINAL CHARGES WILL BE FILED!

The impact of Hurricane Irma on healthcare care organizations in Florida came home yesterday when it was discovered that 8 elderly patients died in a nursing home just north of Miami, in Hollywood, Florida.  Florida Gov. Rick Scott called the situation “unfathomable,” promising to “aggressively demand answers on how this tragic event took place.”

Hollywood police launched a criminal investigation, and agents from the state attorney general’s office and the state Agency for Health Care Administration were on the scene, authorities said. State officials closed the
facil Wednesday night and barred it from admitting new patients.

“This was a terrible incident. The scene was chaotic when I arrived,” said Dr. Randy Katz, medical director for emergency services at Memorial Healthcare System, where about a dozen of the 158 people who were evacuated from the facility were admitted for respiratory distress, dehydration and heat-related issues.

Katz said so many patients needed assistance that his hospital, which is just down the street, called in more than 50 doctors, nurses and other staffers under a mass casualty protocol.

Fire crews were first called to the Hollywood Hills facility at 3 a.m. ET for a report of a cardiac arrest. More fire and emergency response crews were sent when a second call came in at 4 a.m. for a patient having breathing issues, she said. Three people were found dead on the second floor, and by 6:15 a.m., a full-scale evacuation of the facility was underway.

The new CMS Final Rule on Emergency Preparedness stresses the Dr. Donald Miller, an ER doctor, added, “Nursing home patients are generally more frail than the normal population and we need to have controls in place to guard their safety in a crisis situation, like Hurricane Irma.”

Lessons Learned:

1.  Nursing homes need to be on a first name basis with other providers so they can shift patients to safer
facilities during severe weather emergencies like Irma and Harvey.  The new CMS Final Rule on
Emergency Preparedness spells like the procedures for these emergencies.

2.  The November 15, 2017 Deadline for 17 Healthcare Providers to finish their All-Hazards Facility Risk
Assessments is fast approaching.  Emergency Communication Plans need to be finalized, in addition to
staff training and community drills precisely to PREVENT THESE INCIDENTS IN THE FUTURE.


RISKAlerts is a
publication of Risk & Security LLC
  www.riskandsecurityllc.com

Write to info@riskandsecurityllc.com for more information on the new CMS
Emergency Preparedness Program, including All Hazards Facility Risk Assessments

RISKAlert No. 843 March 31, 2016 Patient Dies After 6th Floor Fall from Hospital Room

RISKAlert # 843 -March 31, 2016

Maine patient, hospitalized with a severe brain injury after a motorcycle accident, climbed out of a 6th floor window in the hospital and fell to his death at 5:10 pm on March 29th.

Paul Cady, 43, from Hollis, Maine, had entered the hospital on March 9th, after a motorcycle accident, and had been in a medically-induced coma for a period of time following the accident.  His family emphatically stated he was not trying to commit suicide, but that he was only trying to get home to his family.

Portland, Maine -- 03/30/16 -- Paul Cady, as seen in an undated photo provided by his daughter, Miranda Cady. Paul Cady died Tuesday evening after falling from his sixth story window at Maine Medical Center in Portland. Courtesy photo

In Maine, like other states, newly constructed hospital facilities must meet the American Institute of Architects 2006 general guidelines for hospitals, which doesn’t require windows in patient rooms to be operable.  However, if windows in patient rooms are able to be opened, “operation of such windows shall be restricted to inhibit possible escape or suicide,” the standards state.

Recently, hospitals have recognized the value of fresh air and ventilation, but as a Life Safety issue, the amount that the window opens has been regulated by CMS, the Centers for Medicare and Medicaid.  Studies that shown that windows provide a positive effect on both healing and on patient satisfaction, whether the windows can be opened or not.

Registered Architect Gene Wells of Marshall Erdman & Associates, a leading national health care design and construction firm, offers the following: “In today’s hospital, huge efforts are being made to create a healing environment for patients and their families. A non-institutional approach lessens the stress level for people who already have too much stress and leads to better outcomes. Patient’s rooms, in particular, are often designed to reflect local culture, connect with nature or create a hotel-like environment. Operable windows can be an integral part of this atmosphere.

Lessons Learned:

1.  Patient falls from hospital windows are extremely rare in the United States.
2.  This type of incident can create a potential liability issue for healthcare organizations.

                                       RISKAlerts®  are published by Risk & Security LLC
                                   To subscribe:  write to: 
caroline@riskandsecurityllc.com

Paris Attacks are opening shot in plan to exterminate Western Civilization

The six simultaneous attacks on Paris last night were the opening salvo in a long-planned event designed
to exterminate Western Civilization as we know it.

This is not the teenage shooter with acne and an AK15, these were trained killers, who, according to witness
statements, were professional, controlled and had no interest or compassion for their victims.  They could have
been shooting at a beer can instead of a young girl.   This is different from other terrorists attacks because it is

ATTENTION EDITORS - VISUAL COVERAGE OF SCENES OF INJURY OR DEATHGeneral view of the scene with rescue service personnel working near covered bodies outside a restaurant following shooting incidents in Paris, France, November 13, 2015.   REUTERS/Philippe Wojazer      TPX IMAGES OF THE DAY

carried out without emotion.  These terrorists are not killing PEOPLE, they are exterminating western culture, along with the people.   We saw this in Palmyra where treasured antiquities were destroyed, and ISIS plans to exterminate every vestige of
our western culture.

Security measures that may have worked for individual shooters, or small splinter group will not defeat ISIS.
We have been directly targeted and need to take drastic measures and take them immediately.  This assault
has no room left for political correctness, for ‘measured response”, or anything else.  We need to exterminate
this threat quickly and completely to maintain our quality of life.

Everything is at stake now, our paintings, our music, our art, our designer jeans, our freedom of expression,
our families and, ultimately, our lives.  As western leaders meet today, I hope they plan to present an overwhelming
attack aimed precisely at ISIS, with a show of force designed to blow them off the face of the earth.

RISK Alert #790 – St. Cloud Hospital Shooting Threatens CMS Funding

St. Cloud Hospital in Aitkin County, Minnesota, has been threatened with losing Medicare funding by CMS, after a shooting incident where a suicidal patient took the security officers gun and shot him to death
in the hospital.

According to a review by the Center for Medicare and Medicaid Services. The patient, Danny
Hammond, age 50,  told staff he was going to kill himself and any man who came into his room, as soon as he had the chance, the CMS report said. 

Hammond  had been airlifted to the hospital the morning of Oct. 12 after attempting suicide by an intentional overdose, according to the report. He had several warrants out for his arrest after being charged with kidnapping and assaulting his wife, and the hospital obtained the services of Aitkin County officers to monitor Hammond in his hospital room.

StCloudHospital

 

At 5:10 a.m. that morning, Hammond charged at Aitkin County deputy Steven Sandberg, took his gun, and fatally shot him. Hammond was subdued with a stun gun and later died.

The CMS Report cites the hospital, “The hospital’s failure to provide direct psychiatric care to the patient … resulted in the patient’s ability to obtain and engage the firearm of a peace officer,” the report said.

In response to the report, the hospital submitted a plan of correction updating its policies and training. According to the document, the hospital already has started mandatory training for staff reinforcing requirements that 72-hour holds can be ordered only by physicians, and that psychiatric consultations and treatment must continue until the hold is lifted. The attending physician and psychiatric provider must agree that services or treatment are no longer necessary.

Lessons  Learned :

Make sure the entire staff has current updated policies and procedures, mandated training which is continually checked and updated.

CMS is becoming more active in tracking shootings and violent incidents in
hospitals, using Medicare and Medicaid funding as a hammer to ensure compliance.

                    Stay Alert and make sure to subscribe to RISKAlerts

A Publication of Risk & Security LLC
info@riskandsecurityllc.com

NJ Hospital Battles OSHA on Assault Report

Dateline: Paramus , New Jersey,  September 15, 2015

RISK Alert   Case Study   #780

Bergen Regional Medical Center to Hires Law Firm to Fight OSHA on Proposed Fine
for High Number of Workplace Violence Incidents against the Hospital Staff.

Bergen Hospital has been investigated by OSHA (Occupational Safety and Health Administration)
in the past.  In 2014, OSHA found that management “had not developed or implemented adequate
measures to protect workers from assaults
.”

nurse-bruiseOSHA noted that there were 45 incidents of workplace violence in 2013 and 10 in the first quarter of 2014.  OSHA announced the citation this month and a proposed fine of $13,600.

Incidents cited in the OSHA report included:

       A lab tech trying to draw blood was punched.

A security guard was kicked and bitten.

A nurse was pushed to the floor after she intervened when a
patient on patient attack

A mental health assistant was trapped in a room with a patient,
who barricaded himself in his room after he charged and threatened employees.

The OSHA investigation and proposed fine at Bergen Regional mirrors the experience of staff members in hospitals, clinics, and behavioral health organizations around the country, who are all affected by the new OSHA 3148 regulations, which were introduced in 2015 to fight the rising violent incidents occurring in hospitals around the U.S.

The recent update of OSHA 3148 requires Annual Workplace Risk Assessments.
Read the entire text of OSHA 3148, Guidelines for Preventing Workplace Violence at https://www.osha.gov/Publications/osha3148.pdf

Lessons Learned:

1.  Any organization that accepts money from any Federal agency has to attest
     that they are up to date with all Federal requirements, including OSHA 3148.

2.  Bergen Regional Medical Center may end up spending more on lawyers
    than the cost of the fine ($13,000).

3.  JOIN OUR NEW (No-Cost) ACTIVE SHOOTER & WORKPLACE VIOLENCE
     WEBINARS at www.riskandsecurityllc.com

RISKAlert® is a publication of Risk & Security LLC

To subscribe to #RISKAlerts® and never miss a #RISKAlert–
write to:  info@riskandsecurityllc.com

 

SISCO Teams Up with RISK & SECURITY LLC with Security Solutions

For Immediate Release

July 6, 2015 

SISCO and RISK & SECURITY LLC TEAM UP TO OFFER NEW SECURITY SOLUTIONS
IN FOR SECURITY STANDARDS AND VISITOR MANAGEMENT PROGRAMS

THE SISCO FAST- PASS© SOLUTION TRACKS VISITORS, VENDORS, AND CONTRACTORS ENTERING AND EXITING HOSPITAL FACILITIES RAPIDLY AND SEAMLESSLY REDUCING RISK
TO PATIENTS AND STAFF.

A new software solution that tracks visitors in any hospital, health care facility, office or manufacturing plant, that blends safety and risk management together meeting all the new compliance guidelines, will be co-marketed by SISCO, (West Palm Beach), and RISK & SECURITY LLC, (Boca Raton)  together
in a new Risk & Security Team partnership.

The Joint Commission has said it expects hospitals to be able to automatically identify every person
in their hospital, at any time.  Besides obviously helping in the FEMA Hospital emergency scenarios,
It also complies with the new CMS Standards for Hospital Security, Safety and Emergency Preparedness
and the new OSHA 3148 standards for controlling and minimizing workplace violence in high-risk
facilities including hospitals and healthcare organizations.

The Fast-Pass© solution is a complete and easy to use security and safety computer application that allows any organization to credential visitors in less than 15 seconds, authorize passage and issue a pass for facility access. The process is seamless and in compliance with Joint Commission guidelines

According to Caroline Ramsey-Hamilton, CEO of Risk & Security LLC, “The new Fast-Pass©
solution is an incredible value for hospitals, healthcare organizations, and other organizations that want
to improve security and prevent unauthorized access.  We are worked with Anthony Zagami for 15 years, and are happy to formalize our partnership with SISCO, which will include a series of sponsored webinars, podcasts and videos to assist security experts dealing with critical security issues.

Hamilton’s industry-leading RISK-Pro software app includes over 75 recommended controls for hospitals, and SISCO is the first vendor identified as meeting the stringent RISK-Pro® standards
for security controls.

Nationwide, Security in hospitals and other high-risk facilities has become a top national concern, as the 55+ plus baby boomers age, and require more healthcare services.  The number of violent and active shooter incidents in hospitals has also increased dramatically over the last 10 years, prompting an array of new security and emergency guidelines and standards designed to reduce violence and protect hospital staff, patients, and visitors.

About Sisco

SISCO is the leading provider of Identity Management Solutions for the Healthcare industry, Maritime, Education, Corporations, Government and Law Enforcement Agencies.  SISCO provides the most superior solution available today as well as expert installation, comprehensive training and unsurpassed customer service which in turn, provides its customers with front line protection for safer working environments.  Please visit www.siscocorp.com or contact at jchaplin@siscocorp.com.

About Risk & Security LLC

Risk & Security LLC is a security risk assessment and risk analysis company with over 75 years
of combined expertise in security risk assessment, hospital security and emergency preparedness systems.  It developed the top-rated RISK-Pro software app to  help
organizations assess their security risk, active shooter risk, and automatically recommend
cost-effective solutions by Return On Investment.  www.riskandsecurityllc.com

Risk & Security partners with security companies around the world to provide state-of-the-art security solutions to analyze risk, pro-actively manage emergency preparedness, and recommend
cost-effective security controls justified by return on investment metrics.

Contact Information:

Caroline Ramsey Hamilton   caroline@riskandsecurityllc.com

Phone: 301-346-9055

http://www.LinkedIn.com/in/carolinehamilton

Doctor Shot and Killed in Grudge Shooting Over “Mom”

RISKAlert- Active Shooter   No. 625,   January 21, 2015, Boston, Mass.

Middle-Aged Shooter kills Cardiologist at Brigham and Women’s Hospital, and then Kills
Himself, in an apparent Grudge Shooting Because the Doctor had Operated on his Mother.

On Tuesday morning on Jan. 21, at 11 am, Stephen Pasceri, 55, walked into the Shapiro Center
at Brigham and Women’s Hospital, and asked to see cardiologist, Dr. Michael J. Davidson.  When
he saw Dr. Davidson, outside of an exam, he shot him twice, critically injuring him.

Dr. Davidson later died from his injuries. Pasceri then went to the 2nd floor and killed himself with a gunshot
to the head.  Later, it was discovered that Dr. Davidson had operated on Pasceri’s mother, Marguerite, and
she had died on November 15, 2014. Pasceri’s sister was quoted as saying, “He loved his mom, and he
loved her very much. He appeared 
to be handling her death well,” the sister said of her brother.

“Everything seemed to be going really well. I have no idea why he snapped like this.
He was a great guy. He took care of his family, he had a beautiful house and he has four
beautiful children. 
He was an upstanding citizen.”

The hospital locked down and rushed Dr. Davidson into surgery, but he died during the night from his injuries.
Brigham and Women’s Hospital’s COO said the hospital was one of the first to institute an active shooter
training program. The hospital does not use metal detectors.

Lessons Learned :    “A is for Access Control”

1.  Metal Detectors can be are a reliable tool to Prevent In-Hospital Shootings.

2.  Active Shooter Drills are NOT ENOUGH as these incidents unfold in just a few minutes.

3.  Installing ‘NO WEAPONS’ Signage at Entrances can be a deterrent to these first time shooters.

Despite having a good job, family, and a beautiful home, when confronted with a mid-life crisis, his mother’s
death, another middle-aged  shooter goes to a hospital and shoots the doctor, in a scenario that resembles
the 
Johns Hopkins shooting in 2010.   To protect staff and patients, hospitals will have to increase their
security protective measures, including use of metal detectors, no weapons signage and
situational awareness of the staff.

RISKAlerts is a publication of Risk & Security LLC.
To subscribe, write to: info@riskandsecurityllc.com

How Risk-Based Security Can Reduce Violence in Healthcare

reprinted with permission from www.securityinfowatch.com

Using Risk-Based Security to Stem the Tide of Violence
in Hospitals and Healthcare


Created by:   Caroline Ramsey Hamilton

Date: May 22, 2014

Hospital and healthcare security is experiencing a major increase in violence,
instigated by patients, patient families and even healthcare staff.  Just last year,
there was an active shooter incident in Reno, Nev., in which two physicians were
shot, and in Houma, La., 
a hospital administrator was shot to death by a terminated
nurse. As recently as Easter Sunday in California, two nurses were stabbed at the
hospitals, where they worked.  One was stabbed in both the upper and lower torso
and is in critical condition. These two incidents add to the more than 100 
violent
incidents in 2013 and the first half of 2014.

Since 2010, violence in healthcare has skyrocketed. As a result, the Joint Commission has
issued a “Sentinel Event Alert” on the issue and contributed to numerous articles on shootings
in U.S. hospitals. The Department of Homeland Security and a consortium of state and local
hospitals recently released 
a standard for active shooters in healthcare. These all point to the
conclusion that the current law enforcement-based hospital security model is not working.

Changes in Healthcare
The changes in healthcare, including the increase in insured Medicaid patients and increased
traffic to emergency departments, highlights the fact that very well-intentioned people are
working with an outdated security model that hasn’t evolved to address a changing healthcare
environment. The change in billing and reimbursements for healthcare organizations, such as
tracking of readmission rates, has squeezed hospital profits causing reductions in funding in many
security departments at a time when violent events are steadily increasing.

A new risk-based model for hospital security is emerging that is less linear and more cyclical.
It uses technology to a greater extent, employs forecasting and statistical models to predict the
likelihood of future incidents, and is proactive instead of reactive, focusing money and energy on
preventing events instead of simply responding to them. This model also uses risk assessment
formulas to quickly assess the current security profile of a hospital, clinic, hospice, or behavioral
health facility, factoring in heightened threat-risk environment, not only for the facility in question,
but also adding in the wealth of healthcare data that’s now available.

Risk –Based Security Focuses on Continual Assessment
A major focus of this model is the continual assessment and evaluation of preventive security
controls, which are reviewed quarterly, semi-annually, or annually to discover gaps in controls,
and to fix gaps as soon as they are identified. This dovetails nicely into the assessment models
already required by the Joint Commission, OSHA and new CMS standards.

Looking at recent high-profile security events that took in place in hospitals shows that incidents
happen because of exploited gaps in the existing security of the healthcare facility. In the past,
security officers successfully worked hard to reduce response time so that often officers could
arrive in under two minutes, but it’s still too long.  In the Reno shooting, response time was under
two minutes, but that was long enough to kill two doctors.

Focusing on prevention makes sense for healthcare, much in the way the Joint Commission
focuses on patient safety, by continually assessing controls, reducing discovered gaps in controls,
and mitigating gaps by reassessing and tightening security, which creates a cycle of continual
improvement in the healthcare security environment.

Taking Advantage of Technology
The healthcare risk-based security model takes advantage of technology. Instead of waiting
for manual recording of security incidents every day, software programs allow hospital security
officers to enter data at the end of each shift, and that means security directors can map what’s
happening in the hospital or facility on a daily, weekly, monthly and yearly basis.  This can go a long
way to identifying trends early and help facilities make appropriate changes in controls so that
negative trends can be reversed 
quickly and both patient and staff security is increased.

In addition to automating incident collection and analysis, the healthcare security risk assessments
must be automated too.  Risk assessments are too time-consuming and labor intensive to be done
annually.   
By the time the risk assessment is over, the environment has changed again.  By
automating the risk assessments, including environment of care and hazard vulnerability,
it produces data that can be used instantly to analyze and recommend the most cost-effective
controls, and rank them by their return-on-investment (ROI).

The role of security in hospital and healthcare organizations is changing too. Security organizations
should no longer be isolated without intensive interaction with others in the organization, including
the human resources department, the facilities managers, safety managers, and the emergency
management staff.

New DHS Guidelines for Active Shooters in Healthcare
With DHS issuing new guidelines for active shooters in healthcare, hospital emergency managers
are now required to prepare for active shooter incidents, as well as storms, hurricanes, tornadoes,
power interruptions and other events related to natural or man-made disasters.  This creates a
natural partnership between the emergency management staff and the security program,
because the skills of both functions are needed to properly prepare an organization for any disaster.

Instead of existing in a vacuum, healthcare security directors and managers should cheer at
this development because it expands the importance of security inside the hospital or healthcare
facility, and underscores its value in protecting the organizational assets –  the physical facility,
patients, visitors and staff –  to proprietary information, including the HIPAA mandated PHI
(Protected Health Information), vehicles, security systems, high-value healthcare equipment
and the healthcare provider’s reputation.

Security budgets have always suffered because security costs are seen as operating
expenses, not an income source, but by tying the security expenses more closely to loss
prevention and protection of the organization, it creates a cost justification for hospital and
healthcare security.

Risk-Based Security Links to Hospital Compliance Standards
A risk-based security model also links security to myriad compliance standards that affect healthcare
and this also supports and justifies the costs related to security. For example, hospitals are required
to have a variety of security controls in place related to tagging of newborns, posting of no-weapons
signs, and environment of care issues. Any healthcare organization accepting funds from Medicare
or Medicaid must comply with the new mandate for annual security risk assessments. 

OSHA 3148 also requires hospitals and healthcare organizations to do annual workplace violence
assessments, and more than 33 states also require enhanced protection of hospital and healthcare staff.

As security incidents continue to increase and violence in healthcare escalates, making the
switch to a risk-based security program will provide better protection for hospitals and healthcare
organizations, making more effective use of existing security personnel, as well as justifying and
expanding healthcare security budgets.

 

For more information:  contactCaroline Ramsey-Hamilton at caroline@riskandsecurityllc.com

 

Why We Need to Switch to a Risk-Based Security Model – School Stabbing at Franklin Regional, Active Shooter Incidents at Fort Hood (twice), LAX, and The Washington Navy Yard.

When I turned on the news today, I was in the middle of writing an article on the 2nd Shooting
at Ft. Hood from last week, and then saw that there had been a violent knife attack at a
Pennsylvania high school, with 20 casualties and at least eight injured critically, the next day,
there was a hate crime shooting at the Jewish community center in Overland Park, Kansas.

Once again, we see violence on a mass scale, the FBI has been brought in, and next will come
information on the victims.   With two major events, in two weeks, what can we deduce about the
security in place at both Franklin Regional High School, Pennsylvania, and Fort Hood, Texas.

        NEWS FLASH:   THE CURRENT SECURITY MODEL IS NOT WORKING!

CURRENT SECURITY MODELS

Disaster preparedness is improving,  Emergency Management is working, but security is
still not where it needs to be.  It is a systemic problem based on the fact that security around
the U.S. is still locked in a REACTIVE mode, not a PROACTIVE mode.

The main reason for this reactive mode in security organizations, is because most security
officers come from a law enforcement background, with a model which is based on crimes
and arrests, and it is totally REACTIVE.  A crime happens and police officers go into action
and arrest the perpetrator(s).

CRIME HAPPENS    =    PERP IS IDENTIFIED    =   PERP IS ARRESTED

Unfortunately, this reactive model does not work for preventing security incidents and mass violence
because it is INCIDENT DRIVEN, not Risk-Driven.  It focuses on individuals, not on a more holistic,
generalized view of Threats, and it totally leaves Solutions (Controls) out of the equation.

After studying pages of after action reviews, post-incident analyses and media sources, the one
recommendation that makes sense is that organizations need to switch to a RISK-BASED,
PROACTIVE mode for security to work
.

This was highlighted in a remark made by a Pentagon official, commenting on the 2nd Fort Hood
Shooting on April 2, and the fact that new DOD recommendations for security, had just been released.

“After the Navy Yard shooting in September 2013, another round of recommendations were made
to improve security at all DOD installations, however, a  Pentagon official said that the new
recommendations had not yet been put into effect at Fort Hood.
 At Fort Hood, very little 
had
changed from 2009
regarding security procedures for soldiers at the entrance gates.”

The question for the Department of Defense is “how could this happen again at the same military
base?  
I took extra time to study the 89-page document called An Independent Review “Protecting
the Force
”, one of 3 reports created after the initial Fort Hood Shooting, whene 13 were killed, and
43 injured.

If you look at the recommendations, they are very bureaucratic and procedural.  They could have
been written by an efficiency expert, not by anyone with a background in security, and covered things
like policy changes, and having screening for clergy and psychologists, and improved mental health
programs.   These are all important, but they do not provide a secure environment.

The LAX after action analysis’ Number One recommendation was to change
the security focus to a Risk-Based approach
.

 


RISK-BASED SECURITY

The problem with a reactive approach is that you can’t screen and lock down everyone. At Fort
Hood, for example, there are 80,000 individuals living on the base, and probably hundreds of
visitors who go in and out every day.  It’s impossible to assess the mental health, and the
‘intentions’ of all of them.

FortHoodAmbulances-Medium

That’s why a Risk-Based Approach works – because it focuses on the potential threats and then evaluates the existing controls to see whether they offer the required amount of protection based on the likelihood of the threat occurring.

You stop violent events by controlling access and by controlling weapons.  No matter how unpopular they are, you use metal detectors at certain points, you use security officers at key entrances, you control entrances and exits.

Once the event starts, you can improve security by having faster notification (panic alarms), ability
to block, or disable weapons and attackers, adequate transport, better emergency response, but to
avoid the violence, you need to have strong access control.

The Risk-Based approach makes use of annual risk assessments that are holistic in nature. They
are not done in stovepipes, they include the entire organizations, they include input from staff
members, visitors, students, vendors, soldiers, patients on how they see security from their point
of view, which is always dramatically different from management or administration.

A risk-based approach requires an organization to:

  • Define potential security risks.
  • Develop standardized risk assessment processes, for gathering and
    analyzing information, and use of analytical technology
  • Risk-Based Security focuses on PREVENTION OF NEW INCIDENTS
    whether they are active shooter, general violence, etc.
  • Enhances security’s ability to rapidly respond  to changes in the threat environment.

MORE BANG FOR THE BUCK

According the LAX (LAWA) after action report, “Simply adding more security does not
necessarily provide better security.
  Determining priorities and where to achieve great
value for the dollars invested requires regular, systematic assessment of the likelihood
and consequences (risks) associated with a range of threat scenarios that morph and
change more quickly now than ever before. 

Collaborative engagement in a security risk assessment process across the community builds
the buy-in needed to develop and sustain a holistic security program over time. Leaders must
be open to challenging established practices and demonstrate a willingness to change direction”
.

Making the switch to a Risk-Based security program is the best recommendation for those who
want to protect their staff, students, patients, vendors, clients, soldiers, and visitors from a mass
casualty event, or for all the organizations who don’t want to have a terrible incident happen in
the first place!

 Caroline Hamilton, friend of Patty Garitty (Soup Kitchen voluteer)

Caroline Ramsey-Hamilton

President, Risk and Security LLC

Caroline@riskandsecurityllc.com

 

www.securityinfowatch.com/blogs

www.riskandsecurityllc.com