Protecting People Property
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Protecting People Property as PDF for free.
More details
- Words: 85,914
- Pages: 292
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities TABLE OF CONTENTS Chapter Number Introduction SECTION 1
Security Risk Management Framework
Security Risk Management Policy and Program Responsibilities Security Risk Management in the Planning Process Health Facility Design Standards Health Service Leasing of Property to or from External Parties Security Arrangements for Patients in Custody Security Education and Training Security Continuous Improvement
SECTION 2
Core Security Risk Controls
Access Control Key Control Alarm Systems Lighting Workplace Camera Surveillance Provision of Security Services
SECTION 3
1 2 3 4 5 6 7 8
9 10 11 12 13 14
Security Risk Controls in Priority Areas
Security in the Clinical Environment Security of Staff Working in the Community Security in Rural and Remote Health Services Security in Pharmacies Security in Car Parks Security of Property Security of Information Security of Medical Gases Security of Radioactive Substances
15 16 17 18 19 20 21 22 23
SECTION 4
Security Risk Controls in Unplanned Events
Fire Bomb Threat Violence Armed Hold-up Use of Weapons by Security Staff Duress Response Arrangements Effective Incident Management
SECTION 5
24 25 26 27 28 29 30
Security Continuous Improvement Program
Guidelines Assessment Tool Improvement Plan
Appendices Summary of Policy Statements EQuIP Standard 5.1.6
Index
(November 2005)
31 32 33
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities
December 2003
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Published by: Department of Health, NSW 73 Miller Street NORTH SYDNEY NSW 2060 Copies available through: Audit Branch Locked Mail Bag 961 NORTH SYDNEY NSW 2059 Phone: Facsimile:
(02) 9391-9402 (02) 9391-9417
ISBN 0 7347 3628 2 State Health Publication No. (HR) 030288
Security Risk Management Policy and Program (December 2003)
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Introduction Purpose and Scope of Document: The purpose of the NSW Health document ‘Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities’ (The Manual) is to: • •
Outline NSW Health policy on key aspects of personal and property security and Assist Health Services to maintain an effective security program that is based on a structured, on-going risk management process, consultation, appropriate documentation and record keeping and regular monitoring and evaluation.
The Manual reinforces the need for management, staff and their representatives to work together to achieve continuous improvement in security management. This Manual has been developed for use by all NSW Health staff. It will be of particular use to managers with security related accountabilities and other staff participating in security risk assessments and developing strategies to address security hazards. It should also be used by assets management personnel during the procurement process.
Definitions: Security: For the purposes of this Manual, security is the protection of a person from violence, threats and/or intentional harm; the protection of information from unauthorised disclosure and the protection of property from intended damage and theft. NSW Health: For the purposes of this Manual, Health Service refers collectively to all Area Health Services, all statutory health corporations and all affiliated health organisations. This Manual does not apply to the Ambulance Service of NSW which has specific service related security standards. Health Service: For the purposes of this Manual, Health Service refers individually to all Area Health Services, all statutory health corporations and all affiliated health organisations.
Introduction (December 2003)
1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
How the Manual is Arranged: This Manual is made up of a series of chapters and divided into four sections: Section 1 Section 2 Section 3 Section 4
Security Risk Management Framework Core Security Risk Controls Security Risk Controls in Priority Areas Security Risk Controls in Unplanned Events
As a Manual, this document is not intended to be read from cover to cover. However, those responsible for security risk management will need to have an active awareness of the issues covered in this document. Each chapter deals with a key aspect of personal or property security and has the following sections: •
Policy
This section outlines NSW Health policy on the relevant issue. Health Services must comply with the policy outlined in each chapter. Policy is always presented at the start of each chapter. •
Legislative Framework
This section appears in some chapters, where an overview of the relevant legislation is necessary to set the context for further action. •
Guidelines
The guidelines are to assist Health Services, by way of advice and information, regarding the policy statement outlined in the chapter.
EQuIP Standards The Australian Council on Healthcare Standards EQuIP (Evaluation and Quality Improvement Program) standards provide a framework, including an external accreditation process, for quality improvement and safe care and service. Appendix 2, at the end of this Manual, outlines the relevant EQuIP standards. Effective implementation of the policy in each chapter will enable Health Services to meet the relevant EQuIP standards.
Related Documents and Legislation: The following NSW Health documents should be closely consulted when using this Manual: • •
Zero Tolerance Policy and Framework Guidelines (Circular 2003/48) Workplace Health and Safety: A Better Practice Guide (Circular 2004/87).
Introduction (December 2003)
2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Other documents to be considered in conjunction with this Manual include: • • • • • • • • • • • • •
Corporate Governance and Accountability in Health – A Better Practice Reference Guide (Department of Health and Health Services Association of NSW – December 2002) Mental Health for Emergency Departments – A Reference Guide (2002) Management of Adults with Severe Behavioural Disturbances – Guidelines for Clinicians in NSW Health (2002) Working Group for Mental Health Care in Emergency Departments – Final Report and Recommendations Effective Incident Response: A Framework for Prevention and Management in the Health Workplace (Circular 2002/19) Design Series: Health Facility Guideline – Security and Safety (Circular 2003/13) Local Area or facility disaster management plans Reportable Incident Briefs to the NSW Department of Health (Circular 2003/88) NSW Health Policy and Procedures for Injury Management and Return to Work (Circular 2003/75) Australian Standard 4485.1-1997 – Security for Health Care Facilities (Part 1: General Requirements)# Australian Standard 4485.2-1997 - Security for Health Care Facilities (Part 2: Procedures Guide)# Australian Standard 4083-1997 – Planning for Emergencies; Healthcare Facilities WorkCover NSW – Violence in the Workplace Guide (2002).
#EQuIP
standards require the management of security risks with reference to any relevant Australian Standards. In line with this, reference should be made to Australian Standard 4485.1-1997 – Security for Health Care Facilities (Part 1: General Requirements) and Australian Standard 4485.2-1997 – Security for Health Care Facilities (Part 2: Procedures Guide). Legislation to be considered in conjunction with this Manual includes: • • • • • • •
Occupational Health and Safety Act 2000 Occupational Health and Safety Regulation 2001 Security Industry Act 1997 (including Master Licence and Security Organisation Code of Practice) Security Industry Regulation 1998 Weapons Prohibition Regulation 1999 Workplace Surveillance Act 1998 WorkCover Code of Practice – Cash in Transit (2002).
Versions: Previous versions of this Manual, referred to as the ‘Safety and Security Manual: Minimum Standards for Health Care Facilities’ were issued in 1996 and 1998.
Introduction (December 2003)
3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
This version of the Manual now titled ‘Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities’ expands on the requirements for risk management and consultation, in line with the recent changes to occupational health and safety legislation. In addition this version of the Manual focuses on security risks, as safety issues are more effectively dealt with in other Departmental documents. This is a living document, and comments or suggestions are welcomed and should be sent to: Manager, Employee Relations Policy Employee Relations Division NSW Department of Health Locked Mail Bag 961 NORTH SYDNEY NSW 2059
**********
Introduction (December 2003)
4
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
1.
Security Risk Management Policy and Program
Policy: Health Services will have in place a security risk management policy, signed by the chief executive officer, and an effective and appropriately maintained security risk management program developed, in consultation with staff, which ensures that: Ø All reasonably foreseeable security related hazards are identified and assessed Ø Risks associated with these hazards are eliminated where reasonably practicable Ø Where the risk cannot be eliminated, appropriate control strategies, consistent with the hierarchy of controls, are implemented so that risks are reduced to the lowest practicable level Ø Each stage of the risk management process is documented and made available to relevant parties Ø Incidents are reported and investigated and Ø Risk control strategies are monitored and regularly evaluated for effectiveness.
Guidelines: Overview of Security Risk Management: For the purposes of this document security risk management refers to the systematic application of management policies, procedures and practices to the tasks of establishing the context and identifying, assessing, controlling, monitoring and communicating risk. Security risk management encompasses the assessment of all aspects of the clinical and non-clinical environment, including consideration of internal and external risks. The NSW Occupational Health and Safety Act 2000 (the OHS Act) and the Occupational Health and Safety Regulation 2001 (The OHS Regulation) require employers to identify the hazards, assess the risks arising from the hazards in their workplaces and develop strategies to eliminate or control these risks.
Security Risk Management Policy and Program (December 2003)
1-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
This process is referred to as risk management. Risk management consists of four steps: Ø Ø Ø Ø
Step 1 Step 2 Step 3 Step 4
- Hazard Identification - Risk Assessment - Risk Control - Monitoring and Review.
The security risk management process should be undertaken, in consultation with staff, by individuals who have expertise in the areas being assessed. Ideally, a multidisciplinary team of clinical, non-clinical and security experts will undertake the appropriate aspects of the process. In undertaking risk management particular consideration should be given to the requirements of the Security Industry Act 1997 which requires security activities to be undertaken by appropriately licensed security officers. The Act defines security activities in the following way: (a) Acting as a body guard, crowd controller or bouncer (b) Patrolling, protecting, watching or guarding any property (including cash in transit) (c) Installing, maintaining, repairing or servicing security equipment (d) Providing advice in relation to security equipment or security methods or principles (e) An activity, or class of activities, that is connected with security or the protection of persons or property that is prescribed by the regulations (f) Providing training or instruction in relation to any activity referred to in paragraphs (a) to (e) (g) Employing or providing persons to carry on any activity referred to in paragraphs (a) to (f). Consultation as an Essential Part of Risk Management: The OHS Act, and OHS Regulation and Consultation Code of Practice outline consultation requirements in relation to occupational health, safety and welfare and should be referred to when establishing consultative arrangements. The purpose of consultation is to enable staff to contribute to decision making that affects their health, safety and welfare at work. In particular the OHS Act requires employers to consult with their staff on local consultation mechanisms for OHS. Consultation is a pivotal activity at all stages of the risk management process. Staff are most likely to know the risks associated with their work and may be in the best position to suggest effective controls. During the security risk management process consultation should also occur with other appropriate stakeholders such as police and security professionals.
Security Risk Management Policy and Program (December 2003)
1-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Staff involvement in the risk management process will help ensure ownership of, and commitment to any changes to work procedures, practices, equipment or environment directed towards improving personal and property security. Effective consultation involves both staff and unions. Consultation can occur though formal or informal processes and may involve direct or representational participation. Important consultative forum are the Occupational Health and Safety Committee and/or OHS representatives.
Step 1 - Security Hazard Identification: In order to eliminate or control factors that can affect the security of people and property, a structured process for identifying security hazards that exist in the workplace needs to be undertaken. Security hazard identification is the process of identifying all situations, procedures, events or factors in the workplace and during the course of work (including the design of premises and during work related travel) where security hazards could cause physical or psychological injury or illness, the unauthorised disclosure of information or loss of or damage to property. The OHS Regulation 2001 makes specific reference to the requirement that employers take reasonable care to identify hazards arising from the potential for workplace violence. To ensure that all aspects of the work system and environment are considered, security hazard identification should include: Ø Observing tasks being performed Ø Reviewing incident, first aid and workers compensation statistics, incident reports, hazard reports and any other available data Ø Reviewing results of recent security incident investigations Ø Reviewing results of recent duress response operational reviews Ø Consulting with staff in the workplace to determine what they think the hazards are (the needs/issues for casual/agency staff, volunteers and students on placement should be considered) Ø Consulting with other stakeholders as appropriate, including external agencies (eg police) Ø Observing the work area being assessed to see and hear what is happening Ø Formal workplace inspections and security audits Ø Developing scenarios about what could happen in the event of a security incident and Ø Analysing violent incidents and security breaches. In line with the requirements of the OHS Regulation 2001 employers are required to ensure that effective procedures are in place, and implemented, to identify security hazards: Ø Immediately prior to using the premises for the first time as a place of work Ø Before changes to work practices and systems of work are introduced
Security Risk Management Policy and Program (December 2003)
1-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Ø While work is being carried out Ø When new or additional information from an authoritative source relevant to the security of the employees of the employer becomes available.
Step 2 - Security Risk Assessment: Security risk assessment is the process of determining how likely it is that someone could be harmed or property damaged/stolen and how serious the consequences might be. The OHS Regulation 2001 requires employers to assess the risk of harm to the health or safety of staff and any other people at the employer’s place of work (eg patients and visitors). Factors to consider in assessing security risks are: Ø Ø Ø Ø Ø
Extent of exposure to the hazard (frequency and duration) Severity of potential injury/illness or loss associated with the risk Likelihood of injury/illness/loss/damage occurring Number of people/amount of property at risk and Existing control strategies.
The process of assessment involves: Ø Ø Ø Ø
Consulting with staff and their representatives Examining the experience of the workplace or other similar workplaces including a review of incident data and near misses and other information such as prosecution decisions Reviewing relevant guidance material, industry codes of practice and Australian Standards and Reviewing hazard information such as Material Safety Data Sheets or manufacturer’s information.
Attached to this Chapter (Appendix 1.1) is a sample of a simple security risk assessment tool that can be used by Health Services. Health Service Risk Managers should be consulted to identify the tools currently used within the Health Service. Part of the assessment process is the prioritisation of risks for action. A range of tools is available to assist in prioritising risk. Attached to this Chapter (Appendix 1.2) are some examples of risk prioritisation tools. Health Service Risk Managers can provide advice on tools currently being used in the Health Service. The NSW Health Severity Assessment Code (SAC) is a tool designed to assist in the prioritisation of incidents to determine those incidents that require reporting to the Department via a Reportable Incident Brief. All incidents that require reporting must also undergo a root cause analysis, the results of which must be provided to the Department within a defined period of time. Further advice on the SAC can be obtained from your Area Risk Manager or Patient Safety Manager. For further information refer to Departmental Circular 2003/88 (Reportable Incident Briefs to the NSW Department of Health).
Security Risk Management Policy and Program (December 2003)
1-4
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
It is important that security hazards assessed as having a high risk factor are eliminated/controlled immediately. However, low priority hazards that can be cheaply and easily fixed should also be done without delay. Actions should be planned and prioritised to improve workplace security. It should be noted that the OHS Act and Regulation require all risks to be eliminated or effectively controlled.
Step 3 - Security Risk Control: Security risk control is the process of implementing appropriate measures to eliminate or reduce risks to personal and property security. Eliminating the hazard is the most effective way of controlling risk. Where elimination is not possible the OHS Regulation 2001 requires employers to take the following measures in the order presented to minimise security risks to the lowest level reasonably practicable: 1. Substituting the hazard giving rise to the risk with a hazard that gives rise to a lesser risk 2. Isolating the hazard from the person put at risk 3. Minimising the risk by engineering means 4. Minimising the risk by administrative means 5. Using personal protective equipment. Where a single measure is not sufficient for minimising risk to the lowest reasonably practicable level a combination of the above measures is required. Examples of security risk control strategies may include: •
Engineering controls: Ø Minimising security risks by utilising building design principles (Crime Prevention Through Environmental Design - CPTED) Ø Replacing breakable glass panes and mirrors with shatterproof glazing Ø Installing security glass or metal screens to protect staff Ø Installing video intercoms at night entrances Ø Installing door and perimeter alarms and fixed and/or personal duress alarms Ø Introducing technological tracking systems for community health staff Ø Use of calming or non stimulating colour schemes.
•
Administrative controls: Ø Providing training to assist with identifying the early warning signs of violence and defusing the situation before it escalates Ø Developing policies or changing work practices so that two people answer the door at night, staff do not work alone, or in isolation and escorts to car parks are available after dark Ø Developing access and key control procedures Ø Developing treatment and management protocols for violent patients
Security Risk Management Policy and Program (December 2003)
1-5
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Ø Rearranging tasks, activities or staffing to address identified potential times for increases in violence (eg staggering meal times in mental health units) and Ø Applying procedures on harassment, bullying and grievance management. •
Personal protective equipment: Ø Personal protective equipment can be defined as any equipment worn or held by the staff member to protect him/her against one or more health or safety risks in the workplace. This excludes self-defence or deterrent materials (EEC 1989).
Priority Workplaces: Within the health workforce a number of priority areas exist where the likelihood of security incidents occurring may be increased. These areas may include emergency departments, maternity units, individual patient specialling, mental health services, oral health clinics, community health services, drug and alcohol services, pharmacies and car parks. It is essential that the hazards identified in these areas are dealt with as a priority and the effectiveness of risk control strategies is regularly monitored. Information specific to these areas is provided in Part B of this Manual and in particular reference should be made to Chapter 15 (The Clinical Environment).
Step 4 – Monitoring and Review: To ensure that the outcomes from the security risk management process continue to effectively address security issues, monitoring and evaluation of risk control strategies should be undertaken. Security risk monitoring and review involves: Ø Ø
Regularly examining the workplace for new risk factors and taking appropriate action where they are identified and Reviewing existing risk assessments and any measures adopted to control the risk.
The Occupational Health and Safety Regulation 2001 requires employers to review an existing risk assessment and any measures adopted to control the risk whenever: Ø Ø Ø
There is evidence that the risk assessment is no longer valid Injury or illness results from exposure to a hazard to which the risk assessment relates A significant change is proposed in the place of work or in work practices or procedures to which the risk assessment relates.
Security Risk Management Policy and Program (December 2003)
1-6
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities
It is also advisable to periodically review risk assessments and control strategies, to ensure they remain relevant and effective.
Hazard and Incident Reporting, Management and Investigation: Effective hazard and incident reporting, management and investigation provide information to assist with monitoring, reviewing and evaluating Health Service security programs by highlighting new risks and identifying the effectiveness of current control strategies.
Hazard Reporting: As an essential part of a risk management system, all staff should be encouraged to report problems as soon as they notice them using the appropriate local format.
Incident Reporting: All security related incidents should be reported and recorded using the appropriate local format (eg hospital incident form, incident database). Depending on the nature of the incident, it may need to be reported to the Health Service Chief Executive Officer, the Department of Health or external agencies such as the NSW Police, WorkCover NSW, Department of Community Services or the Treasury Managed Fund. Departmental Circular 2003/88 (Reportable Incident Briefs to the NSW Department of Health )outlines NSW Health policy and guidelines on incidents that must be reported to the Department.
Incident Management: All security related incidents need to be efficiently and effectively managed. NSW Health policy and guidelines on effective incident response are outlined in Departmental circular 2002/19 ‘Effective Incident Response: A Framework for Prevention and Management in the Health Workplace’. Additional information on the management of violent incidents is also contained in Chapters 26 (Violence) and 29 (Duress Response Arrangements) and in the Department’s document titled ‘Zero Tolerance: NSW Health Response to Violence in the Public Health System – Policy and Framework Guidelines’ (Circular 2003/48).
Incident Investigation: The most effective way to prevent a recurrence of a security incident is to determine why it happened (ie identify the contributing risk factors) and take
Security Risk Management Policy and Program (December 2003)
1-7
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities
steps to prevent its recurrence (ie eliminate the risk or develop and implement control strategies). Incident investigations should: Ø Ø Ø Ø Ø Ø Ø
Ø Ø
Be carried out promptly Be conducted in a supportive and non judgemental way Focus on identifying the underlying root cause/s and contributing factors Not apportion blame Focus on system breakdowns and identifying control measures to prevent recurrence Be undertaken by managers in consultation with those involved (with the involvement of specialists where required) Canvas all sources of relevant information (eg witnesses, incident reports, relevant work policies and procedures, the working environment, equipment used, level of supervision at the time, relevant training provided and expert advice) Include an operational review if relevant and Result in clear recommendations to senior management to address the causes and where possible to prevent a recurrence.
It is crucial to the success of the investigation process that it results in clearly articulated recommendations to prevent a recurrence, identifies resource implications (if any), identifies who is responsible for the implementation of the recommendations and outlines appropriate time frames.
Injury Management: The loss or disruption that can result when an incident occurs in the workplace can be multiplied when that incident leads to an injury to staff or a patient/visitor. A comprehensive, effective security program should therefore address what needs to happen if an injury occurs. Two key factors that interact to reduce the effect of a workplace injury for the injured staff and the employer are early intervention and early return to work. *
Departmental Circular 2003/75 titled ‘NSW Health Policy and Procedures for Injury Management and Return to Work’ provides policy and guidelines for the management of workplace injuries. Departmental Circular 2004/22 titled “Provision of First Aid Facilities and Personnel” outlines the requirements for the provision of first aid in the workplace.
1(
)
********** Security Risk Management Policy and Program (December 2003)
1-8
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Appendix 1.1 Sample Risk Assessment Tool Following is an example of a simple risk identification and assessment tool*. This tool may be of assistance in helping to identify and assess security risks.
Facility Area/Unit
Criteria
Yes
No
NA
Comments
Lighting External lighting within the ground is adequate and appropriately placed Internal lighting outside normal hours is adequate, especially in accessible areas All lighting is in working order
Landscaping Trees/shrubs close to buildings and pathways and entrances do not provide hiding places or any other hazard
Access Doors are in working order with no faulty locks, latches or hinges Perimeter doors are checked after hours Traffic control – speed signs in place Appropriate and accurate signage in place Security Risk Management Policy and Program (December 2003)
1-9
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Process for identification of staff, patients and visitors in place Pharmacy door/s locked and discreet signage used Theatres, Radiology and Pathology Departments secured after hours All storage areas secured when staff are not present Kitchen – food storage areas, freezers etc secured after hours Offices locked and secured when not in use Intrusion alarms installed and activated Ward/Unit drug cabinets secured when not in immediate use Afternoon & night staff have safe access to/egress from the facility
Key Control There is a process for access to keys during working hours There is a process for access to keys after hours Key registration procedure is in place Location and storage of duplicate keys is monitored Master keying system is in place and under the control of an appropriate officer Incidents involving security keys are recorded and actioned appropriately Procedure for cutting new keys is in place Security Risk Management Policy and Program (December 2003)
1-10
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Cash Handling Processes are in place regarding cash storage Key control system is in place within cash storage areas Banking procedures are in place Counting of cash is done in secure area Transfer of moneys to cash handling outposts monitored Routes for transporting cash are varied
Security Documentation Security register is in place Security instructions available to staff and easily accessed Emergency plans easily accessed by staff A process is in place for reporting security incidents Key registers are in place Security posters and literature appropriately displayed Security patrols conducted by security staff/services
Stores Security of stores is appropriate Access to stores is limited to authorised personnel Record keeping of stores transaction is appropriate
Security Risk Management Policy and Program (December 2003)
1-11
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Emergency Departments Access to emergency department treatment area is limited to appropriate personnel and authorised visitors Waiting areas and treatment areas are separated Adequate sign posting within emergency departments Adequate staffing of emergency departments Drugs and medications are secure Duress alarms are adequate and operational Entrances and waiting areas are monitored Reception areas are secure Triage and consultation rooms are secure and provide escape routes A safe area is available for patients with behavioural disturbances
Operating rooms Access to operating rooms is limited to appropriate personnel Operating rooms can be secured to protect equipment
Wards/Departments Access to wards is controlled outside visiting hours Drugs, medications and valuable assets are secured Staff do not work alone in isolation Security Risk Management Policy and Program (December 2003)
1-12
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Staff living quarters Access to living quarters controlled and monitored Common areas are secure All windows are secured while still allowing for adequate ventilation Internal and external lighting sufficient and appropriate
Vehicles Arrangements in place for staff and visitor parking Parking areas for vehicles have appropriate lighting and security Access to keys/fuel limited to appropriate personnel Maintenance of vehicles and relevant record keeping is appropriate and monitored Driving licences of relevant personnel are regularly reviewed Afternoon and night staff have adequate access to parking close to the facility
Administration Cash and valuables are secure and accessible only to authorised personnel Process is in place for asset security Archive storage facilities are secured when not in use Computers and records are accessed only by authorised personnel Unattended areas are locked Security Risk Management Policy and Program (December 2003)
1-13
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Medical records Access to records and storage areas are by authorised persons only Confidentiality of information is strictly adhered to Precautions are taken against the loss of medical records Appropriate procedures are in place for the transfer of medical records Access outside normal hours is safe (eg staff needing to access medical records after hours are not put at risk by having to traverse unlit or isolated areas alone)
Emergency procedures Disaster plan is in place and is accessible Bomb threat procedures are in place and accessible Fire safety procedures are in p lace and accessible Floor plans are clearly and correctly displayed and up to date Duress response procedure is in place (in facility and car parks and for field staff)
Has the following security equipment been considered? Security surveillance equipment Intrusion alarm systems
Security Risk Management Policy and Program (December 2003)
1-14
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Automatic door locking on perimeter doors Duress alarms, personal and fixed (including sufficient alarm units for all relevant staff and visiting clinicians) Security screens to protect people in vulnerable areas including • All reception areas • Cashier’s desks • Pharmacy • Methadone clinics Baby/paediatric proximity alarms to protect against unauthorised removal of babies and children Proximity alarms for wandering patients with cognitive impairment Procedure documented for people who work alone (eg community workers) Staff who work alone have access to appropriate communication devices (such as duress alarms, mobile phones) Is security equipment periodically inspected/tested to ensure it is available and working? *based on a tool developed by the Southern Health Service.
Security Risk Management Policy and Program (December 2003)
1-15
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Appendix 1.2 Tools for Assessing and Prioritising Risk 1.
WorkCover Hazpac Matrix
1 How severely could it hurt someone or how ill could it make someone Kill or cause permanent disability
Long term illness or serious injury
Medical attention and several days off work First aid needed
2. How likely is it to be that bad Very likely/could happen anytime
Likely/could Unlikely/could Very unlikely/could happen happen but sometime very rarely happen, but probably never will
1
1
2
3
1
2
3
4
2
3
4
5
3
4
5
6
Legend:
1 = Top priority – do something immediately 6 = low priority – do something when possible
Security Risk Management Policy and Program (December 2003)
1-16
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
2.
Matrix from Australian Standard 4360 (Risk Management)
Consequenc e Likelihood
Insignificant 1
Minor 2
Moderate 3
Major 4
Catastrophic 5
H
H
E
E
E
M
H
H
E
E
L
M
H
E
E
L
L
M
H
E
L
L
M
H
H
A (almost certain)
B (likely)
C (moderate)
D (unlikely)
E (rare)
Legend: E: H: M: L:
extreme risk, immediate action required high risk, senior management attention needed moderate risk, management responsibility must be specified low risk, manage by routine procedures
Security Risk Management Policy and Program (December 2003)
1-17
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
3
RISK SCORE CALCULATOR TIE LINE PROBABILITY
RISK SCORE EXPOSURE
POSSIBLE CONSEQUENC
ALMOST CERTAIN QUITE POSSIBLE
NUMEROUS FATALITIES VERY RARE RARE
UNUSUAL BUT POSSIBLE
INFREQUENT
REMOTELY POSSIBLE
CONTINUOUS
OCCASIONAL
CONCEIVALBE (BUT VERY UNLIKELY)
MULTIPLE FATALITIES FATALITY SERIOUS INJURY CASUALTY TREATMENT FIRST AID TREATMENT
PRACTICALLY IMPOSSIBLE
500 CATASTROPHE 400 300 DISASTER VERY SERIOUS
200
SERIOUS
100
IMPORTANT NOTICEABLE
150
80 60 40
VERY HIGH RISK HIGH RISK SUBSTANTIAL RISK
MODERATE RISK
30
20 15 10
MINIMAL RISK
The risk score calculator is intended as a guide for indicating the priority of risk control options. It does not provide specific quantification of risks. How to use the risk score calculator. 1. 2. 3. 4. 5.
Plot the probability of the hazard or risk eventuating Plot the exposure or frequency of the hazard or risk. Draw a line through both plotted points through to a point on the tie line. Plot the possible consequences (always realistic, indicate the worst possible consequences) Draw a line from the tie line through your point on the possible consequence line to the risk score line, this gives you the risk score.
Limitations: this is a comparative tool only to assist in prioritising risks. It does not mean that high severity/low probability risks should be ignored (eg. risk of patient being assaulted or killed by another), or low probability/low severity risks be ignored, especially if control measures can be implemented for low or minimal cost.
Based on the National Safety Council of Australia Risk Score Calculator as published in OHS Alert, V2 Issue 3, March 2001, CCH Australia Limited, Sydney.
Security Risk Management Policy and Program (December 2003)
1-18
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Appendix 1.3 Flow Chart - Risk Management Process. Assessing risks to safety and security in the work environment and in work practices
Document processes Identify potential hazards and contributing factors
Determine the frequency of exposure and how many staff exposed
Determine the likelihood and severity of injury
Calculate the risk and prioritise implementation of control measures
Adequate control measures
Yes Monitor and evaluate Yes
No Identify the gaps in control measures
Recommend / implement suitable controls Security Risk Management Policy and Program (December 2003)
1-19
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management of Health Facilities
2. Responsibilities ______________________________________________________________ The following responsibilities apply to security management within Health Services: The Department of Health is responsible for: Setting statewide policy direction for the security of staff and property and Monitoring policy implementation and effectiveness. Health Service Boards and CEO’s of the Department, area health services and Royal Alexandra Hospital for Children are responsible for: Ensuring effective security programs are maintained and the security policy objectives of NSW Health are met and Ensuring processes are in place that enable compliance with all statutory requirements. Under the NSW Occupational Health and Safety Act 2000, primary responsibility for achieving a violence free workplace for staff, patients and the public rests ultimately with the Board of the Health Service. Health Service Chief Executives are responsible for ensuring: The development and implementation of an effective security program within their Health Service, which is based on a structured, on-going risk management process, consultation, appropriate documentation and record keeping and regular monitoring and evaluation The security policy objectives of NSW Health are met Staff are consulted in the development and implementation of security policies and procedures and when determining and purchasing equipment needs Appropriate legislative and Departmental reporting requirements are met and Compliance with relevant legislation. Facility Managers are responsible for: Identifying individuals responsible for security administration within their facility Ensuring the on-going implementation of an effective security program, which is based on a structured, risk management process, consultation, appropriate documentation and record keeping and regular monitoring and evaluation Reporting all crimes and suspicious activity to police and
Responsibilities (December 2003)
2-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
ü Ensuring the Chief Executive Officer is advised of security related incidents as required under local policy. Service Directors, Department Managers and Team Leaders are responsible for: ü Ensuring correct procedures are being followed in their work areas ü Keeping their staff informed of personal and property security policy and procedures ü Identifying and assessing areas where personal and property security can be improved in consultation with staff ü Identifying training needs for their staff and ensuring training is provided ü Controlling identified risks, in consultation with staff, and alerting senior management where the necessary controls are outside of their authority to implement and ü Reporting security related incidents as required under local policies. Security Officers and Health and Security Assistants are responsible for: ü Responding to security related requests and providing appropriate assistance as necessary ü Identifying security risks within the facility ü Responding to security related requests, in the clinical environment, under the direction of clinicians ü Providing reports to management on security matters ü Providing security recommendations, consistent with their licensing level and allocated role, to management on matters of security within their facility ü Implementing the security directives of management and ü Working within the requirements of legislation, Departmental policy and local protocols. All staff are responsible for: ü Being aware of and following policies and procedures for personal and property security ü Using the security equipment provided, as trained (eg: duress alarms) ü Advising management of areas where there is a potential personal or property security problem and reporting suspicious activity ü Participating in consultation and training on personal and property security matters and ü Not knowingly placing themselves or others at unnecessary risk.
**********
Responsibilities (December 2003)
2-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
3. Security Risk Management in the Planning Process Policy: Health Services must ensure that security issues are considered and addressed, using a risk management approach, in all formal and informal planning processes, including the development of: • • • • • • •
Strategic plans Business plans Service development plans Disaster/emergency plans Project Definition Plans (as part of Facility planning) Procurement Processes, including processes for procuring services, premises, equipment, furniture, fixtures and fittings and OHS improvement and management plans.
Guidelines: Planning is a process of making decisions that impact on the future. It requires managers to look ahead, consider the impact of change and make decisions on the direction or conduct of the entity. Good decisions are made if a manager is able to foresee the full impact of decisions; that is how they will affect the organisation as a whole, not just a small component. An organisational culture that is focussed on security can be strengthened by ensuring all decisions are made after an analysis of the impact of the decision on personal and property security. Incorporating security considerations into the formal planning process is an effective method to ensure security issues are included in the decision making process. Planning takes place at all levels of the organisation. Integrating the consideration of security issues into every planning process in a Health Service ensures that there is an active acknowledgment of security risks prior to the commencement of a new direction or project. Decisions made during the planning process will therefore take into account the security risks as well as other success factors. Therefore the consideration of security issues should be included in all levels of planning. This may mean security issues are reviewed in strategic plans, business plans, service development plans and building/refurbishment plans as well as
Security Risk Management in the Planning Process (December 2003)
3-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
forming part of project plans and individual department plans. During the planning process security risks can be addressed and as a result a more secure environment is created when the plan is implemented.
**********
Security Risk Management in the Planning Process (December 2003)
3-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
4.
Health Facility Design Standards
Policy: It is NSW Health policy that the design standards outlined in the Department’s Design Series: Health Facility Guideline - Safety and Security (Circular 2003/13) are incorporated into all new health building designs and redesign/refurbishment of existing facilities to enhance personal and property security.
Guidelines: Crime Prevention through Environmental Design (CPTED): The Department of Health has produced a series of design and technical guidelines to be used in the planning, design and construction of NSW Health facilities. An outcome of the Violence Taskforce was the development of an additional guideline relating to security. Its purpose is to minimise the risk of opportunity for violence and crime through the provision of appropriate facilities, work spaces, building services and systems. The guideline is based on the principles of crime prevention through environmental design (CPTED). CPTED principles fall into four broad categories: territorial reinforcement, surveillance, access control and space management. They apply in particular to the way that buildings and their surroundings are designed. •
Territorial reinforcement draws on the territoriality principle and assumes that people can be encouraged to express feelings of ownership over work areas. For example, if ‘staff only’ areas are provided, staff are more likely to pay more attention to the area and note an intruder. Additionally, if these areas are clearly separated from other areas (eg by signposting or locking) it reduces the likelihood o f others entering the area and does not give intruders an excuse to be there (eg that they were not aware it was a restricted area). This principle also applies to the facility precinct being clearly delineated from the rest of the community by fences, garden borders, signs etc.
•
Physical and symbolic barriers can be used as a form of access control to attract, channel or restrict pedestrian and vehicle movement. They reduce opportunities for crime and increase the effort required to commit crime. By
Health Facility Design Standards (December 2003)
4-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
making it clear where people can and cannot go, it increases the difficulty for criminals to reach potential victims and targets.
•
Surveillance draws on the natural surveillance principle where people feel safe in public areas where they can be seen and interact with others. This principle refers to the way in which working areas of buildings have been designed so that priority areas are overseen and watched by other staff going about their normal business. For example, pathways to car parks can be designed in full view of passers-by and overlooked by offices, wards and walkways.
•
Space management is linked to territorial reinforcement and also draws on the image principle and refers to the impact produced by a building that appears to be well cared for. The belief is that a run down structure with graffiti may attract criminal activity and offenders. For further information on CPTED principles see the NSW Health Zero Tolerance Policy and Framework Guidelines (Circular 2003/48).
**********
Health Facility Design Standards (December 2003)
4-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
5. Health Service Leasing of Property to or from External Parties Policy: Health Services must ensure, in consultation with staff and key stakeholders, that all reasonably foreseeable security risks associated with: • •
Leasing property for use by Health Services or Leasing health facility premises to external organisations
are identified, assessed, eliminated where reasonably practicable or effectively controlled, that the process is appropriately documented and arrangements for security included in leases.
Legislative Framework: The Occupational Health and Safety Act 2000 outlines duties for ‘controllers of work premises’ (section 10) that need to be understood and fulfilled by Health Services when leasing property, either as the leasee or leasor. Specifically section 10(4) of the Act states that ‘… a person who has control of premises, plant or substances includes: (a)
a person who has only limited control of the premises, plant or substances (in which case any duty under this section applies only to the matters over which the person has control) and (b) a person who has, under any contract or lease, an obligation to maintain or repair the premises, plant or substances (in which case any duty under this section applies only to the matters covered by the contract or lease)’.
Guidelines: In some instances, Health Services, as part of providing services to the community, are required to lease premises (eg shopping centres or office blocks for community health teams). Alternatively external organisations may wish to e nter into leasing agreements with health facilities (eg pharmacies, food outlets, banking services in hospital or car parks or hiring out lecture theatres, conference rooms etc).
Health Service Leasing of Property to or from External Parties (December 2003)
5-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
In both the abovementioned scenarios any security related risks should be identified, assessed and controlled to ensure the security of staff, patients and clients of the services and the public is maintained.
Security Risk Management: Chapter 1 of this Manual provides guidance material on the risk management process and these principles apply equally to security issues in leasing arrangements. As part of the risk management process the following issues should be considered by Health Services:
Leasing Premises from External Organisations: Where Health Services intend to lease premises from external organisations the following factors should be considered as part of identifying, assessing and controlling security risks, prior to any lease being finalised: • • • • • • • • • • • •
Geographical location (eg is it isolated) Crime risk of the locality (police can advise) Will field communication technology work (eg reception for mobile phones etc) Proximity of local police services and/or a duress response team Number of staff to be working at the premises The service to be provided from the premises and the likely clientele Security already provided (eg within the shopping centre) and the availability of these arrangements as part of the lease The parking/public transport arrangements, including its proximity to the premises Who is responsible for prompt property maintenance and the hours it is available (eg 24hrs glass repair) What are the current access controls for the property (eg: basic lock-up) Security of approaches (eg well lit, potential hiding places) and If there are no current security arrangements that can be accessed, how will adequate personal and property security be maintained.
Health Services should consider asking the police to carry out a crime risk assessment prior to leasing premises. This will take the crimes history of the locality into account.
When Leasing Premises to External Organisations: Where Health Services are leasing premises to external organisations the following factors should be considered as part of identifying, assessing and controlling security risks, prior to any lease being finalised:
Health Service Leasing of Property to or from External Parties (December 2003)
5-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Nature of the Business: •
The type of business wanting to lease the premises and the likely security issues which may arise from the type of service provided (eg banking/armed robbery, food outlets/large volumes of people).
Placement of the Business: •
•
The most appropriate placement of the business within the facility (eg if a financial business it will need to have an external door for cash delivery and pickup, or if property placement has external access so public do not have to access through health facility) CPTED principles.
Security Arrangements: • •
•
The role of health facility security staff and what they will and will not respond to The security arrangements that must be provided by the leasee business (eg if banking they employ their own security officer). The lease needs to clearly define what security arrangements will or will not be provided by Health Service security staff. The Health Service policies that need to be implemented by the business (eg firearms security).
**********
Health Service Leasing of Property to or from External Parties (December 2003)
5-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
6.
Security Arrangements for Patients in Custody
Policy: As part of the facility security risk management process, Health Services must ensure, in consultation with staff and relevant external Departments (ie Department of Corrective Services, Department of Juvenile Justice and NSW Police Service), that: • • •
All reasonably foreseeable security risks associated with patients in custody are identified and assessed Effective security procedures for eliminating or controlling security risks, which are consistent with the operational controls of the relevant external Departments, are developed and implemented The procedures are appropriately documented and communicated to relevant staff.
Guidelines: The security of patients who are in custody is the responsibility of the Department in whose custody they are held.
Security Risk Management: Chapter 1 of this Manual provides guidance material on the risk management process and these principles apply equally to security risks associated with patients in custody who are attending health facilities. Health Services need to be aware that the Departments of Police, Corrective Services and Juvenile Justice have operational protocols, developed in consultation with the Department of Health regarding the transport and supervision of their inmates/detainees during treatment in a public health facility. Health Service procedures should accommodate these operational requirements. As part of the risk management process the following procedures should be followed by Health Services: •
Ensuring police, corrective services and juvenile justice management and custodial staff are aware of any relevant health facility protocols to be followed when inmate/detainee patients are in the facility
Security Arrangement for Patients In Custody (December 2003)
6-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Ensuring health staff and the relevant staff from Corrections Health Service, Police, Corrective Services, Juvenile Justice and inmate/detainee patients upon admission are aware of relevant health facility protocols
•
Ensuring the implementation of a system so that the appropriate health service staff (eg service manager, security staff) are made aware of the patient admission and any potential risks associated with their admission
•
Ensuring all inquiries from the public and the media regarding the release of any official information are channelled through to the relevant Department
•
Ensuring clinical enquiries from Corrections Health Service medical staff in relation to inmate patients of Corrective Services and Juvenile Justice are answered with due regard to the clinical and statutory responsibilities for the patient’s ongoing care.
Corrective Services Inmate Patients (including Forensic Patients): The following procedural arrangements have been agreed with Department of Corrective Services and should be reflected in local Health Service procedures: •
The number of officers required to guard a prisoner is to be consistent with the inmate's category. Following is a list of inmate categories (which includes forensic patients detained in a correctional centre hospital) and the number of custodial officers required: -
Category A inmates should be accompanied by two or three officers, all armed Category B inmates should be accompanied by two officers, armed Category C1 inmates should be accompanied by two officers, armed Category C2 inmates should be accompanied by one officer, unarmed Category C3 inmates can be left unsupervised Category E1 inmates should be accompanied by two or three officers, armed Category E2 inmates must be accompanied by two officers, armed
Note: The Department of Corrective Services may vary the number of officers according to their operational requirements. The Department of Corrective Services, in consultation with the manager of the health care facility, has the authority to leave inmate patients categorised as C2 and C3 unsupervised. •
Inmates admitted to a health facility for medical treatment are to be given the necessary considerations as extended to any other patient. Personal matters pertaining to the inmate patient are to be treated with strict confidentiality by NSW Health staff and custodial officers.
Security Arrangement for Patients In Custody (December 2003)
6-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Security needs are to be appropriately instituted to ensure that inmate patients’ medical needs are not compromised. Where there is a conflict between security requirements and the inmate patients’ medical needs, clinical staff and custodial staff need to negotiate an appropriate solution.
•
All officers supervising patients are to wear full uniform while on duty in the health facility. Note: There are some circumstances where the governor of a correctional facility will allow officers to wear civilian clothing.
•
Relieving officers are to identify themselves to the nurse in charge. Their identity is to be confirmed with the out-going officer. Health care facility staff responsible for the patient’s care should identify themselves to the attending officer.
•
The name and contact telephone number of the custodial officer's supervisor is to be given to the health facility administration in case of an emergency or any infringement of facility protocol
•
Facility staff are to be informed when the number of custodial officers is reduced or increased
•
Custodial officers are to ensure inmates do not engage in offensive or violent behaviour while at the facility
•
Custodial officers are not to rely on nursing staff to supervise an inmate patient at any time
•
Custodial officers will carry firearms as required by the employing Department's instructions
•
Clinical staff are to be advised before handcuffs are removed if the inmate patient has a history of violence or escape. The handcuffing of an inmate is a decision best made by the Governor of the Correctional Centre in which the inmate is normally held.
•
Inmate patient medical care is to be left to the facility's medical and nursing staff
•
Inmates are not to be left unsupervised or unescorted at any time unless the patient is: -
Receiving medical imaging Giving birth in the delivery suite Undergoing an operation in the operating suite Being barrier nursed, or reversed barrier nursed
Security Arrangement for Patients In Custody (December 2003)
6-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Note: In the above circumstances custodial staff will remain immediately outside of the examination/operating room. If an examination room or radiology unit has more than one exit, escorting officers will not leave an exit unsupervised unless the inmate's condition would prevent escape. •
Female officers are to supervise female inmate patients who are outpatient or inpatient for any obstetric and/or gynaecological matter. Male officers can only attend if female officers are unavailable.
•
Custodial officers are to determine their meal arrangements based on risk assessment (eg one at a time when there are two officers on duty). If officers are not required to be with the inmate, and are on a break, they should have access to the same amenities as facility staff.
•
Access to inmate patients is to be controlled at all times - allowing as few entry and exit points as practicable
•
Approval from the correctional centre Governor needs to be given before an inmate patient can receive visitors. Custodial officers will screen visitors and enforce any restrictions.
•
Visits from legal, welfare and religious persons are to be allowed after verifying their identity with the supervising officers
•
Inmate patients will only make telephone calls out of the facility with the permission of the Governor of the correctional centre
•
Inmate patients will have access to television hire, at their own cost, with the approval of the Governor of the correctional centre
•
Gifts intended for the inmate patient will not be accepted from visitors
•
The nurse in charge is to be advised immediately of problems with visitors. Custodial officers have the right to refuse or terminate visits.
•
Complaints by staff concerning a breach of protocol can be made to the nurse in charge who will then refer the complaint to the Governor of the correctional centre. Inmate patients can also complain to the Patient Advocate (if the facility has one) on issues related to their care and treatment by health service staff.
•
The Chief Executive Officer, Director of Clinical Services, Medical Officers or responsible clinical staff of Corrections Health Service can be contacted at any time for matters relevant to: -
Continuity of medical treatment Transfer of clinical information Information about the clinical services available within the correctional centre
Security Arrangement for Patients In Custody (December 2003)
6-4
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
These staff are to be given the same status as referring clinicians. For further information refer to NSW Corrective Services Procedures Manual sections 6.7 and 6.9, available from the Department of Corrective Services, Roden Cutler House, 24 Campbell Street, Sydney, NSW, 2000. Phone: 9289 1333.
Juvenile Justice Detainee Patients: The following procedural arrangements have been agreed with the Department of Juvenile Justice and should be reflected in local Health Service procedures: •
All detainee patients from Juvenile Justice are to be escorted by Youth Officers. The centre manager of a juvenile justice centre can determine the number of Youth Officers required.
•
The detainee patient should, wherever possible, remain in the vehicle until called, if there is a wait on arrival to an appointment
•
No detainee patient is to be left under the supervision of any person other than an officer of the Department of Juvenile Justice
•
A detainee patient is not to make telephone calls without direct approval of the appropriate officer from the patient's juvenile justice centre
•
Detainee patients admitted to a health facility for medical treatment are to be given the necessary considerations as extended to any other patient. Personal matters pertaining to the detainee patient are to be treated with strict confidentiality by NSW Health staff and Youth Officers.
•
Security needs are to be appropriately instituted to ensure detainee patients’ medical needs and the safety of staff are not compromised
•
Relieving Youth Officers are to identify themselves to the nurse in charge. Their identity is to be confirmed with the off-going Youth Officer. Health care facility staff responsible for the detainee patient’s care should identify themselves to the attending officer.
•
The name and contact telephone number of the Youth Officer's supervisor is to be given to the health facility administration in case of an emergency or any infringement of facility protocol
•
Staff are to be informed when the number of Youth Officers is reduced or increased
•
Youth Officers are to ensure that the inmate does not engage in offensive or violent behaviour while at the facility
Security Arrangement for Patients In Custody (December 2003)
6-5
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Youth Officers are not to rely on nursing staff to supervise a detainee patient regardless of reason or length of time.
•
Clinical staff are to be advised before handcuffs are removed if the detainee patient has a history of violence or escape. The handcuffing of a detainee patient is a decision best made by the centre manager of the juvenile justice centre in which the detainee patient is normally held.
•
Detainee patient medical care is to be left to the facility's medical and nursing staff.
•
Detainee patients are not to be left unsupervised or unescorted at any time unless the patient is: -
Receiving medical imaging Giving birth in the delivery suite Undergoing an operation in the operating suite Being barrier nursed, or reversed barrier nursed
Note: In the abovementioned circumstances Youth Officers will remain immediately outside of the examination/operating room. If an exami nation room or radiology unit has more than one exit, Youth Officers will not leave an exit unsupervised unless the detainee’s condition would prevent escape. •
Female Youth Officers are to supervise female detainee patients who are outpatient or in-patient for any obstetric and/or gynaecological matter. Male Youth Officers can only attend if female Youth Officers are unavailable.
•
Youth Officers are to eat their meals in the detainee patient’s room, one at a time when there are two officers on duty. If Youth Officers are not required to be with the detainee, and are on a break, they should have access to the same amenities as facility staff.
•
Access to detainee patients is to be controlled at all times - allowing as few entry and exit points as practicable
•
Approval from the centre manager of the juvenile justice centre needs to be given before a detainee patient can receive visitors. Youth Officers will screen visitors and enforce any restrictions.
•
Visits from legal, welfare and religious persons are to be allowed after verifying their identity with the Youth Officers
•
Detainee patients are to have access to television hire, at their own cost, with the approval of the centre manager of the juvenile justice centre
•
Gifts intended for the detainee patient will not be accepted
Security Arrangement for Patients In Custody (December 2003)
6-6
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
The nurse in charge is to be advised immediately of problems with visitors. Security staff will then be contacted straight away. Youth Officers have the right to refuse or terminate visits.
•
Complaints by staff concerning a breach of protocol can be made to the nurse in charge. Detainee patients can also complain to the Patient Advocate (if the facility has one) on issues related to their care and treatment by health service staff.
•
The Chief Executive Officer, Director of Clinical Services, Medical Officers or responsible clinical staff of Corrections Health Service can be contacted at any time for matters relevant to: -
Continuity of medical treatment Transfer of clinical information Information about the clinical services available within the detention centre
These staff are to be given the same status as referring clinicians. For further information contact the Department of Juvenile Justice, 477 Pitt Street, Sydney NSW 2000. Phone: 9219 9400. Patients in the Custody of Police: Introduction: Where a person has been arrested, detained or taken into police custody, and requires hospitalisation, treatment or mandatory testing, the police role is to provide personnel to guard the person at a security level that is appropriate to the prisoner and the circumstances. The prisoner is entitled to treatment as a patient of the admitting hospital. Each Local Area Command (LAC) has Standing Operating Procedures (SOPs) for the hospitals in their area and these will guide the police response. Some LACs provide police on rotating shifts so that not all police undertaking guard duty for the duration of the admission will be from the same LAC, nor necessarily from the LAC responsible for the arrest. The following general principles should be contained in local SOPs. Arresting Police: It is the responsibility of the LAC to which the arresting police are attached to provide the initial guards and possibly the subsequent shift. Arresting police will complete a prisoner information sheet or similar document possibly including the relevant COPS entry. This information will be passed to the senior officer performing guard duty at each oncoming shift. Information that is relevant will include:
Security Arrangement for Patients In Custody (December 2003)
6-7
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
• The nature of the offence • The circumstances of the arrest • The potential of the patient to be violent, aggressive (including to police) or to attempt escape • The possibility of outside interference with the prisoner • Particulars of the prisoner, including relevant criminal history • Other relevant material. This information is confidential and for police use only. However, health staff should be advised of any potential risks relating to the admission or hospital stay. Once the initial shift has been completed, the ongoing guards will be provided on a rotating roster by selected LACs as agreed in the local SOPs or protocol. If the prisoner is transferred to another hospital the current shift will complete the guard for that shift and ensure a transfer to the new LAC. Bedside Courts: As soon as practicable after Police refuse bail for a person admitted to hospital, arrangements will be made by a senior officer at the arresting LAC to attend the hospital with a local court magistrate or clerk of the court, to convene a ‘bedside court’ to determine bail. Once bail has been granted or an agreement entered into, it will no longer be necessary for police to be in attendance at the hospital. Persons Refused Bail: If the prisoner is bail refused or cannot meet the bail conditions, the Police guard will remain until the prisoner is transferred to a prison hospital. Police Guard: The police will: • • • • • • • • •
Have two police officers performing guard duty at all times (this may be varied in exceptional circumstances eg if the patient is ventilated) Not leave a probationary constable alone as a guard Allow only immediate family and/or a legal representative as visitors Allow no more than two visitors at a time (this may be revised at the request of the treating doctor with the approval of the officer in charge of the matter) Not allow visitors physical contact with the prisoner Keep the prisoner in full view at all times Inspect and restrict gifts if necessary Not accept gifts on behalf of the patient Be in full uniform (unless in permanent plain clothes) with full appointments.
Any questions relating to visitors or the manner of the guard should be directed to the officer in charge of the matter or the LAC custody manager. Questioning of the
Security Arrangement for Patients In Custody (December 2003)
6-8
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
prisoner should only occur with the consent of the medical superintendent or designate. Police questions relating to medical treatment will be directed to the senior nursing or medical staff. Police will not perform nursing duties of any kind. Police on guard do not have the discretion to release or leave the prisoner or change the g uard arrangements without prior approval from the officer in charge except in exceptional circumstances. Medical procedures that take the prisoner from the ward such as surgery or birth must be first approved by the officer in charge of the matter and police will remain on guard at exits to the procedure room. Spontaneous requests from hospital staff to remove the prisoner from view of the guard will be refused until the circumstances are outlined and approval is obtained. Normal considerations for consent to treatment apply to guarded prisoners with some exceptions including for example: • • • •
Blood sampling in cases related to the provision of the Traffic Act Medical examinations and blood sampling for evidence under the Crimes Act Medical examinations under the Children and Young Persons (Care and Protection) Act Court orders made under the Crimes (Forensic Procedures) Act.
In cases where a prisoner is treated at the hospital and not admitted, they will be returned to the Police Station in police custody. Restraints: Prisoners who are requiring restraints such as handcuffs should be so detained in a manner that does not interfere with the provision of medical treatment. Removal of restraints to allow for additional treatment is at the guarding officer’s discretion and will only occur when two officers are present. Supervision: Supervisors (Duty Officers, Mobile Supervisors etc) may visit the hospital while the prisoner is being guarded. Relevant daily documentation, such as a daily guard record sheet, should be completed by all police. Any changes to the guarding arrangements should be documented, approved by a supervisor and communicated to the medical superintendent or designate. Police requirements will be directed to the supervisor. In cases involving current prisoners of the Department of Corrective Services, or Court cells etc, local Protocols and SOPs will apply. Mental Health Patients in the Custody of Police: The Memorandum of Understanding between NSW Police and NSW Health, and the associated flowcharts, outline relevant security considerations in relation to people who may have a mental illness and who are in the custody of the police.
Security Arrangement for Patients In Custody (December 2003)
6-9
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Firearms Security: Departmental Circular 2002/5 (Firearms Security) outlines NSW Health policy for the security of firearms in health facilities and should be read in conjunction with the Memorandum of Understanding between NSW Police and NSW Health (circular 98/119). In summary the decision to remove a firearm is to be made by the individual police officer at the time, taking into account all the facts presented by the particular circumstances. The Commissioner of Police has given authority for police officers to remove and place a firearm in a hospital or health facility safe only in the following circumstances: • •
The police officer believes that this is the safest course of action and The safe conforms with the type that has been approved by the Commissioner. For this purpose the minimum standard has been approved as a single locking unit of a type that is used in non-24 hour police premises. It is to be a locked steel safe that cannot be easily penetrated and be bolted to the structure of the premises.
Forensic Patients Arriving from a Mental Health Facility: In some circumstances forensic patients, not being held in correctional centres, are admitted to hospital or require medical attention in a health care facility removed from their mental health facility. In these instances a risk assessment of the patient will be undertaken by the staff at the mental health facility prior to transporting the patient to a health care facility. The risk assessment will involve consideration of the likelihood of the patient engaging in challenging behaviour while at the health care facility. Information on the risk assessment and any particular security requirements will be provided to the health care facility by the centre they are coming from. Where it is determined that there is a risk that the patient may engage in challenging behaviour, a mental health care worker, or other appropriate persons, should accompany the individual during the course of their treatment.
**********
Security Arrangement for Patients In Custody (December 2003)
6-10
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
7.
Security Education and Training
Policy: Health Services must ensure that: •
• •
All staff are provided with appropriate security related education and training, including violence prevention and management training, consistent with legislative requirements as part of the Health Service security risk management program Education and training are appropriate to the role of the staff member and targeted to the level and type of security risk that may be encountered in the course of their work and Details of security related education and training conducted within the Health Service are documented and maintained.
Legislative Framework: Under the Occupational Health and Safety Act 2000 and the OHS Regulation 2001, employers are required to provide information, instruction, training and supervision necessary to ensure the health and safety of staff. The Occupational Health and Safety Regulation 2001 requires employers to: •
Ensure that each new staff member receives induction training that covers the following: -
-
-
•
Arrangements at the place of work for the management of occupational health and safety, including arrangements for reporting hazards to management Health and safety procedures at the place of work relevant to the staff member, including the use and maintenance of risk control measures How staff members can access any health and safety information that the employer is required by the OHS Regulation to make available to staff members Any other matter that the OHS Regulation specifies should be the subject of induction training that is relevant to the place of work concerned having regard to the competence, experience and age of the new staff member.
Ensure that any person who may be exposed to a risk to health and safety at the employer’s place of work:
Security Education and Training (December 2003)
7-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Is informed of the risk Is provided with any information, instruction and training necessary to ensure the person’s health and safety.
Provide persons who have responsibilities with respect to the following under the OHS Regulation with all available information necessary to enable them to fulfil those responsibilities: -
Identifying hazards Assessing risks arising from those hazards Eliminating or controlling those risks Monitoring or reviewing risk control measures Providing information.
These legislative requirements apply in relation to risks associated with workplace security issues.
Guidelines: The provision of appropriate, well designed education and training in association with other risk management strategies can assist with effectively controlling security risks. Identifying Security Related Education and Training Needs for All Staff: Conducting training needs analysis, as part of an on-going security program, provides a starting point for ensuring that education and training strategies address the actual security related learning/skill needs of the individual and meet the goals of the organisation. When identifying and assessing security related training needs the following elements should be considered: • • • • • • • • •
Position held (eg manager, staff, contractor) Type of work done Security risks associated with that work Work location Access to and availability of other staff Experience in the position Previous training Nature, frequency, severity and duration of exposure to security risks Linkages with related local policies and procedures (eg duress response, reporting requirements).
The training needs of groups such as casual/agency staff, volunteers and students on placement also need to be considered. Effective education and training can be provided on the job or off-site or through the use of information technology. In providing education and training the most effective
Security Education and Training (December 2003)
7-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
method of delivery should be considered based on the needs of the target audience. Education and training activities should be undertaken during work hours, as far as practicable, and at the Health Service’s expense. Security related education and training acti vities should be delivered by people with the appropriate qualifications. The identified education and training needs may include topics such as: • • • • • • • • • • • • • • •
General security awareness Product/equipment safe use Identifying and reporting hazards Policies for the minimisation of bullying and harassment Use and maintenance of duress alarms Duress/emergency response procedures Theories of violent behaviour Principles of crisis communication and verbal de-escalation Negotiation skills Grievance handling Management of challenging behaviours in patients Evasion techniques, use of restraints and associated legal implications Types of restraint and associated legal implications Investigative techniques and Post incident staff support, counselling and rehabilitation services provided by the facility.
When Should Security Related Education and Training be Provided? Relevant security education and training should be provided: • • • • • •
At induction On arrival at a new work area (eg ward induction) During the course of employment (on-going refresher training) When there are changes to work practices or procedures When new activities are introduced to the work area and When incident investigations identify new hazards and new controls are introduced.
Competency-based Training and Recognition of Prior Learning (RPL): As outlined in the Department’s document ‘Workforce Learning and Development Strategy for NSW Health’ (circular 97/120), education and training activities that are designed on the basis of competencies are more relevant to the workplace and therefore their impact on performance is more readily assessed.
Security Education and Training (December 2003)
7-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Health Service Resources: Facility managers should consult with Health Service learning and development personnel prior to commencing a training needs analysis and when developing security related education and training strategies. ‘A Safer Place to Work: Preventing and Managing Violent Behaviour in the Health Workplace’ – NSW Health Training Program: Departmental Circular 2003/50 (A Safer Place to Work: Preventing and Managing Violent Behaviour in the Health Workplace) constitutes the minimum standard for workplace violence prevention education in NSW Health. Evasive Self-Defence Training: Health Services may determine, via the risk assessment process, that evasive selfdefence training is necessary for particular group/s of staff. Evasive self-defence training should complement other risk control strategies and should only be considered after all other practical violence prevention strategies have been implemented. Such a decision should only be made after the following considerations: • •
Have all other possible risk control strategies aimed at preventing violence occurring, and protecting the target group been implemented? Does the level of risk faced by the target group warrant provision of evasive self-defence training (eg do the risks faced by the group outweigh the risks associated with providing evasive self-defence training?).
Evasive self-defence training should be developed and delivered by experts, and be targeted to the needs of the group being trained. Where the decision is made to provide evasive self-defence training, the training should: • • • • • • •
Emphasise retreat, escape and self-protection Cover legal issues associated with evasive self-defence including the concept of reasonable force Be developed and delivered by appropriately experienced and accredited experts Provide techniques that are relevant to the tasks of the target group, the risks faced by the group and the environment in which it operates Include the need for, and provision of regular practice Consider the physical characteristics of the target group, and those of the perpetrators of violence where possible Include the dangers and precautions when using evasive self-defence.
Security Education and Training (December 2003)
7-4
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Specialist Training: Security Staff: The Security Industry Act 1997 requires that staff engaged in security duties must be licensed. The completion of a number of predetermined competencies (equivalent to a Certificate II in Security Guarding) is a requirement for licensing. In addition to the training undertaken by a person as part of the requirements for licensing, Health Services, to assist staff in fulfilling their roles effectively, should ensure that effective skills in managing conflict, de-escalating potentially violent situations and the appropriate application of restraint techniques is provided. Health Services should consider the on-going training needs of security staff as part of the security risk management process. OHS Practitioners/Risk Managers: In addition to the education and training activities provided to staff, OHS practitioners and risk managers should be provided with specific education and training activities. In particular OHS practitioners should be provided with education and training in the process for identifying, assessing and controlling security hazards and risks. Staff with specific OHS functions such as First Aid Officers, Fire Wardens, Return to Work Co-ordinators, OHS committee members etc should be provided with education and training as required by legislation. Duress Response: Staff who form part of a predetermined duress response will require specific training to enable them to undertake this role effectively. This training may include: • • • • •
The process for duress response Assessing a scene Verbal de-escalation Negotiation skills Evasive self-defence, physical restraint techniques, use of mechanical and other restraints where appropriate and associated legal implications.
Evaluation of Security Related Education and Training Activities: To ensure the effectiveness of education and training activities, both as a control measure and in meeting organisational goals, evaluation should be undertaken.
Security Education and Training (December 2003)
7-5
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Health Services should consider evaluating specific activities and the effectiveness of the education and training program against pre-determined performance indicators. The performance indicators developed by Health Services may cover areas such as: • • •
Awareness of staff about Health Service security related policies and practices Changes to number of incidents occurring and Changes to the number of hazards being reported.
**********
Security Education and Training (December 2003)
7-6
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
8. Security Continuous Improvement ______________________________________________________________
Policy: As part of the continuous improvement process, Health Services must evaluate all aspects of their security management program and ensure that evaluation outcomes are used in the on-going development of this program. For the purposes of this policy a security survey is defined as a process that evaluates the implementation of a security management program and effectiveness of that program against a pre-determined set of criteria. As a minimum, health care facilities are required to: 1. Undertake an annual internal security survey using the NSW Health Security Improvement Assessment Tool, provided in Chapters 31, 32 and 33, ensuring that at least one member of the survey team holds a security licence 2. Ensure that, as a minimum, all Elements identified as mandatory are included in the annual survey 3. Ensure that the results of the annual survey, as contained in the Health Facility Report (coversheet, summary sheet and score sheet), are readily available for forwarding electronically to the Department, should the results be required 4. Undergo an external security survey every five years **** 5. Ensure that results of the annual and external security surveys are forwarded to Health Service Internal Audit Units, which must review the results and where warranted, include an audit of the services or facilities in their audit plans.
Guidelines: **** It is desirable that Health Services continue to use external security experts to conduct the mandatory five yearly external security survey. Health Services may wish to consider making the Tool available for use by external security services when they are engaged to conduct the survey. Where there are significant difficulties in using external security experts to conduct the mandatory external five yearly security survey, the external survey may also be conducted by appropriately qualified staff from another Health Service.
Security Continuous Improvement (February 2005)
8-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Measuring and Evaluating Performance as Part of Continuous Improvement: Implementing a security management program does not in itself guarantee success. To ensure continuous improvement, Health Services need to measure existing performance against a set of pre-determined indicators, evaluate progress and feed the outcomes of this process back into the planning and development of the security management program. Conducting an annual security survey using the Security Improvement Assessment Tool will assist with this process. However, ongoing measurement, evaluation and monitoring of the security program is also necessary, to ensure that problems can be identified and addressed as they occur. In particular, whenever there is a security incident, part of the investigation process should ensure that relevant findings are fed back into the security program to prevent a recurrence and ensure continuous improvement. Developing Performance Indicators: Developing performance indicators can be an effective way to monitor the overall program or particular components of the security program. The indicators themselves may change over time with the on-going development and improvement of the program. A number of sources of information can be used to develop performance indicators and these may include: • • • • • •
Hazard and incident reports Duress response records OHS committee meeting minutes Results of security audits, surveys and inspections Workers compensation data Workplace grievance records and staff turnover in priority areas.
When using existing information sources to develop performance indicators, consideration should be given to the reliability and accuracy of the information being used, whether base line data is available and any other factors that may impact on the information to be collected. Some examples of security related performance indicators include: • • • • • •
Increase in awareness of security responsibilities among staff Increased/improved staff perception of their personal safety Number of reported thefts, assaults and property damage Number of times police assistance is required Number of security incident reports Reduction in certain type of injury (eg assaults, psychological injury where violence was the precipitator)
Security Continuous Improvement (February 2005)
8-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
• •
Percentage of staff trained in violence prevention and management Percentage of managers trained in the security risk management process.
This information can be used to look at the effectiveness of security risk control measures at the ward, division, facility and/or Area level.
************
Security Continuous Improvement (February 2005)
8-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
9.
Access Control
Policy: As part of the facility security risk management process, Health Services must ensure, in consultation with staff and key stakeholders, that all reasonably foreseeable security risks associated with access to workplaces are identified, assessed, eliminated where reasonably practicable or effectively controlled. Health Services must ensure that this process is appropriately documented and effective access control procedures, including the implementation of staff identification systems, are developed and implemented.
Guidelines: In general effective access control involves: • Appropriate securing of perimeters, including doors and windows • Appropriately controlling access to the land on which the facility is situated (eg fences, roads, traffic and pedestrian access and flow) • Providing safe access and egress, especially after hours and during emergencies • Controlling access to vulnerable areas • Clear signage and • Instituting staff identification systems that allow members of the organisation to be identified. Access control systems are: • Secure enough to resist attempts to breach the system • Able to effectively differentiate between those who have authorised access and those who have not • Reliable (ie there are no weak links in the system), regularly maintained and tested • Inclusive of a back up system or process for providing access in the event of failure.
Security Risk Management: The type and level of access controls required for Health Service campuses, buildings and units within those buildings will depend on the risk of unauthorised entry, including break and enter, and the risks to people and property such unauthorised entry may pose. Access Control (November 2005)
9-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Factors that may impact on the risk of unauthorised entry include the nature of items stored on the premises eg sensitive or highly confidential information, drugs, cash, electronic equipment etc and work carried out/services provided by the premises eg methadone dispensing, cash handling, drug and alcohol, emergency and mental health services etc. Therefore, a risk management approach, as outlined in Chapter 1 of this Manual, needs to be implemented when determining the nature and level of access controls to be put in place. For more detailed information on security risk controls in specified high risk areas, see Section 2 of the Security Manual, ‘Security Risk Controls in Priority Areas’. In relation to access, the following risk control strategies should be considered by Health Services. Design Issues: •
Applying the principles of Crime Prevention Through Environmental Design - CPTED (as outlined in Chapter 4 of this Manual) where appropriate, to manage risks associated with access control.
Doors: •
•
Ensuring perimeter doors are locked and access restricted to one or the minimum necessary points in the building (especially at night) depending on the risk present. Perimeter doors should meet the following building design standards: - Be fitted with a quality single cylinder lockset that complies with fire regulations (refer to Australian Standard AS 4145.21993/Amat 1-1996 Locksets – Mechanical locksets for doors in buildings) - Have a metal frame or have a strip of metal securely mounted to the frame from the top to the bottom of the lock-side, with allowance for the lock tongue to be inserted - Have protected hinge pins in order to resist removal. This can be done by either replacing the existing hinges with fixed pin, security butt hinges or having dog bolts installed to prevent pins being removed. - Have entry alarms or warning buzzers fitted to doors that need to remain unlocked or open or to indicate that someone has entered the area - Have alarms fitted to doors that are normally externally locked to signal when the doors are chocked open or fail to close properly Ensuring fire isolated exit doors meet the requirements of the Building Code of Australia
Access Control (November 2005)
9-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
•
Ensuring after hours public entry points are appropriately access controlled and fitted with video/CCTV intercoms to allow screening of members of the public presenting at the door Ensuring glazing in doors and panels beside doors is resistant to breakage and does not shatter on impact.
Windows: Perimeter windows: • Minimising entry through perimeter windows through the use of appropriate options such as: - Reinforcing windows to resist unauthorised entry - Using heavy gauge glass bricks or laminated glass panels (in areas which require natural light but no ventilation) that are securely mounted in the frame - Permanently closing unused windows by fixing bolts or screws - Fitting key operated locks to all other windows - Applying film to glass to resist breakage or fit safety glass as per design guidelines. Signs: •
Signs are the first line of defence against intruders because they define those areas where persons are allowed to enter. Signs need to conform with the requirements in Sign Posting in Health Care Facilities, available from the Better Health Centre.
Video Intercom Systems: To allow staff to identify and communicate with persons at the entry doors to the premises, Health Services should consider installing a video/CCTV intercom system where it is seen to improve the security of staff. The features of the system should be advised by the risk assessment process and may include: • Camera and intercom points located outside the entrance • One or more monitoring and intercom points located in the building to enable staff to see and speak to persons at the entrance • Entry doors fitted with locks that can be opened electronically from the monitoring point within the building. Staff should be cautious in allowing entry in to the building particularly after hours. The need to escort the person seeking entry to their destination needs to be considered. Personnel and Contractor ID Systems: Identity cards may contain any or all of the following features, bearing in mind integration of existing systems and the outcomes of the risk assessment process:
Access Control (November 2005)
9-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
•
• • • • • • • •
A personal identification device (access card) similar to a credit card, which provides information needed to justify entry. Such cards operate with a range of technologies (barcode, magnetic strip, proximity and smart card). Access is achieved by swiping the card through or touching an access reader. This can be combined with a PIN (personal identification number) for high security areas. Name, position, title and photograph of the holder ***. Expiry date (may be displayed on the card or be electronically embedded) Serial or unique number (this could be the employee number) Identification of the issuing healthcare facility or area health service Numerical or colour coding (for allowing access to specific areas or distinguishing between categories of staff) Counter measures against forgery A return address and Emergency, OHS or infection control information.
*** The level of detail visible on an access/identification card may be influenced by a number of factors including: • The right of a client to be able to identify a staff member • The benefit of clients being able to relate to a person rather than a role • The type of health care being delivered and potential risks for those delivering the care. For example, in some higher risk areas it may be appropriate that only first names are visible on the identification card eg surnames could be neatly covered with opaque tape. However, care must be taken to ensure that patients and others are always able to identify individual staff members. In a work area where only first names are used, if more than one person has the same first name, there needs to be some distinguishing feature eg a last name initial, and/or variations on the first name eg ‘Sue’ and ‘Susan’ so that staff members can be individually identified within the work environment. Administration of an Identification/Electronic Access Control System: The following should be considered in the administration of an identification/electronic access control system: • A security department, human resource department or others as best determined by the Health Service, should issue identification cards. The issuing department should hold the records and arrange updating and reissue or replacements as necessary. • All documentation and equipment for identification systems should be securely stored by means that prevents unauthorised access • Clearance procedures on termination need to include the return of the staff identification card. It may be necessary to recover the permanent identification card and issue a temporary card valid until the final day of employment only, when it should be returned.
Access Control (November 2005)
9-4
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
• •
•
•
•
Access rights to the electronic access control system may be assigned separately to the production of the identification card (ie human resources may produce the card and the security department may enter the card in the access system) The access rights assigned to an identification card should be programmed for a predetermined period Identification cards should be examined on expiry of the access rights to determine if reissue is necessary or further access time should be added. Examination of the card should consider whether the photograph is still a good likeness and if any details have changed since the issue of the card. Any lost or stolen identification card should be immediately reported to the issuing authority. The issuing authority should take steps to remove the card from the access system either temporarily or permanently. Management and employee associations should encourage staff to wear identification. When it is not practical to wear the identification in areas such as operating theatre suites, the identification card should be carried on the person. Where practicable, temporary passes should be issued to newly appointed staff (until a permanent card can be issued), authorised visitors and contractors.
************
Access Control (November 2005)
9-5
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
10. Key Control Policy: As part of the facility security risk management process, Health Services must ensure, in consultation with staff and key stakeholders, that all reasonably foreseeable security risks associated with key control are identified, assessed, eliminated where reasonable practicable or effectively controlled. Health Services must ensure that the process is appropriately documented and effective key control procedures are developed and implemented.
Guidelines: Health Services should develop procedures, in consultation with staff and other stakeholders, to effectively manage key control. The aim of these procedures is to protect people and assets and minimise the likelihood of incidents related to theft and assault. Types of Keys: Keys can be divided into two categories: •
Security keys which give access to: -
Pharmacies, drug safes and cabinets Safes and other security containers Containers that hold security keys Specialist areas where for clinical/legal reasons patient movement around the facility/area is restricted - Major important or sensitive assets •
General administration keys, which give access to support services and domestic assets.
Security Risk Management: Chapter 1 of this Manual provides guidance material on the risk management process and these principles apply equally to key control. As part of this process, the following risk control strategies should be considered by Health Services:
Key Control (December 2003)
10-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Managing Administrative and Security Keys: •
Considering who in the facility will have the delegated authority to hold custody of and control the issue of keys. Delegated authority should be in writing.
•
Controlling the movement of keys using: - Key Authority Cards. Where all personnel authorised to draw and return keys should have their name printed and their specimen signature recorded. Note: a key authority card may be produced for each lock or produced for each staff member as they sign for keys. - Key and Security Premises Books. Where all keys issued are recorded in a Key and Security of Premises Book. All entries in the book should be in ink with alterations initialled and pages numbered. Completed books should be retained for a period of not less than twelve months from the date of the last entry and should identify keys issued on a daily or temporary basis. Management should consider the introduction of electronic systems to manage and track key issue.
•
Ensuring that anyone taking a key is entitled to do so, by referring to the relevant Key Authority Card. The number of keys issued for any one lock should be kept to a practicable minimum.
•
Ensuring that the custodian, on a regular basis, should: - Physically check the keys on hand against the Key and Security of Premises Book to ensure all keys are accounted for - Report any outstanding keys to the appropriate supervisor
•
Ensuring that staff are advised that keys should not be worn around the neck (as this is a possible strangulation risk or could be used by a violent person to draw the staff member closer). If keys must be worn around the neck a breakaway lanyard should be used.
•
Ensuring staff are advised not to leave keys lying around in view
•
Ensuring that: - Where practicable spot checks are conducted at intervals not exceeding six months - A stocktake is conducted at least annually and results recorded
Key Control (December 2003)
10-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Ensuring that authority to draw keys is kept up to date by deleting from key authority cards the names of personnel who: - Have ceased employment. Note: return of keys must be included in the termination clearance process - No longer require access to the area to which the key gives access
•
Ensuring keys not on issue are stored in a locked container which should be: - Located when possible out of sight of unauthorised persons - Bolted or recessed into an internal wall or floor
•
Ensuring, at the time of installation of locks, that the keys are given to the custodian who will ensure: - The correct numbers of keys have been received - A key authority card is raised for each lock (where this system is used) - That the keys received work in the locks fitted and - That one original key is retained and stored appropriately
•
Ensuring all keys for the same lock are individually numbered to indicate the lock they fit and the actual key number for that lock
•
Ensuring the loss, or suspected loss or compromise of a general administrative key is reported to the issuing officer
•
Taking immediate action to replace compromised locks
•
Cutting of additional or replacement keys should only be: - Authorised by the nominated officer - Cut by an authorised locksmith who is contracted by the facility. Note: cutting of security keys must only be done by a person licensed under the Security Industry Act 1997
•
Destroying keys that are no longer required. Details of the destruction should be entered on the appropriate key control card
•
Ensuring key cutting codes and key blanks used by facilities which have their own key cutting/duplication capability are protected at all times.
**********
Key Control (December 2003)
10-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
11. Alarm Systems Policy: As part of the facility security risk management process, Health Services must establish their requirements for alarm systems (eg duress and intruder alarms) to ensure that staff members, patients, and Health Service assets are secure. A regular review of all alarm systems must occur as part of the risk management process.
Guidelines: Security Risk Management: Chapter 1 of this Manual provides guidance material on the risk management process and these principles can be applied when determining the types of alarm systems to be installed. In assessing the requirement for alarms, Health Services should consider the following issues: • • • • • • • • • • • •
Potential for violence against staff The type of work being carried out by staff Working in isolation Cash handling Goods and equipment stored in the area Level of external security risks Level of internal security risks Exits that may be left open by staff or patients The security needs of ‘at risk’ patients such as wandering elderly patients in wards, or children at risk of unauthorised removal from the facility Potential for use of emergency exits (eg fire escapes) by thieves to remove assets Potential for break in via doors and/or windows to remove assets and Potential for break into and theft of vehicles.
In assessing the requirement for alarms Health Services should consult with staff working in relevant areas such as: -
Mental health services Emergency departments Pharmacy and other drug storage areas Women’s health and maternity units Youth health units
Alarm Systems (December 2003)
11-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
-
Sexual assault units Cash handling and storage areas Isolated facilities/units Car parks and grounds Vehicles (eg ambulances) Alcohol and other drugs services Aged care wards/dementia units/brain injury units/rehabilitation units Community services.
The purpose of consultation with staff is to: - Assist with identifying, assessing and controlling risks associated with violence - Assist with identifying, assessing and controlling risks associated with patient security (eg wandering patients, infant kidnap etc) and building/perimeter security - Determine the alarm type, location and features - Develop protocols for use of alarms and response procedures - Identify training and education requirements. In identifying appropriate alarm systems Health Services should ensure that, where appropriate: •
The alarm system complements any other protective measures taken by the facility
•
The alarm system features and configuration are appropriate to the identified needs a nd possible risk
When tendering for alarm systems, Health Services should ensure that: • • • • •
All relevant requirements in Departmental guidelines and guidelines issued by the NSW State Contracts Control Board are met Expert advice is sought when preparing the necessary specifications and system design Benchmark criteria is included to ensure the system operates correctly under a range of conditions with minimal false activation Staff training in the operation of the system is included and all operating manuals are supplied and Ongoing maintenance of the system and the use of maintenance contracts is considered.
Note: Security companies and security consultants must be licensed under the Security Industry Act 1997.
Duress Alarms: A duress alarm is a signal for assistance sent by a person(s) who is under attack or threatened by the situation they face.
Alarm Systems (December 2003)
11-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Modern duress alarm systems use a combination of electromechanical, electronic, radio frequency and digital devices to send and receive the signals. The advantage of these types of duress alarm systems is that they may be designed to identify the person and the exact location of the person requiring assistance. The expertise of independent technicians or consultants is required to prepare the necessary specifications and system design when implementing duress alarm systems. The type and level of sophistication of duress alarms should be advised by the risk assessment process. Installing a Duress Alarm: When installing a duress alarm identify the characteristics required of the duress alarm by considering the following: • • •
Fixed alarms, with duress buttons strategically located throughout the health care facility Mobile duress alarms worn by staff members within the health care facility Mobile duress alarms worn b y staff members who regularly work outside the health care facility.
Fixed alarms may be used in well defined areas where there is no or little opportunity for an aggressor to get between a staff member and the alarm button, and the person works from a static position (eg where staff are behind a screen such as a pharmacy distribution window or behind a counter). Fixed alarms may not be appropriate for areas accessible to patients and the public (eg corridors, as mischievous tampering with alarms may occur). Mobile duress alarms may be used where the staff member is mobile in the course of their work in areas such as wards or emergency departments where there is a risk of being confronted by aggressive behaviour. Mobile duress alarms should be worn attached to the clothing (eg clipped to a pocket). They should not be worn around the neck. Mobile duress alarms for use within a facility and the immediate area should comply with all relevant Australian and regulatory requirements including Austel approvals, AS2201 and AS3000 as an absolute minimum especially in relation to installation, servicing and wiring of all equipment and systems. The risk assessment of the area to be serviced by the mobile duress alarm informs the sorts of features necessary for that particular system. The most effective mobile duress alarms have the following features: •
Be dual activated (ie have two activation mechanisms, those being activation by pushing a single button using one finger and activation by the staff member falling down/not moving - but allowing reasonable movement)
Alarm Systems (December 2003)
11-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
When activated, automatically alert the duress response team regardless of where their members may be located (for more information on duress response arrangements refer to Chapter 29 of this Manual)
•
Alert other staff in the work area/facility that a colleague requires assistance, to ensure that assistance is activated and to ensure that another staff member does not accidentally walk in on a duress situation thus putting themselves at risk The alert should be by: - Notifying a central processing unit, where a visual display identifies the location of the staff member who has activated the duress (it should display the layout of the facility and identify the room or area of the duress activation) and - Providing the alert (including location) on an alphanumeric pager carried by the response staff, and - Providing a visual or audible alert eg. strobe light or passive siren located so as to alert the response team and not the aggressor
•
Have suitable battery functions, such as: -
A low power indicator (easily distinguishable) Minimum 24 hour battery life without replacement or recharge Water resistant Able to operate between temperature ranges of 0 to 45 centigrade
•
Be able to interface with other local communication systems (eg paging systems)
•
Be able to cover all working and amenity areas for the specific location including meal rooms, toilet facilities, stairwells, storerooms and external staff amenities (eg car parking)
•
Provide integrity of communication a nd a system which is not prone to interference or false alarm
•
Include the installation of a fixed back up system
•
Provide accurate information on the location of a staff member to within 5 metres inside health care facilities and to within 10 metres outside of health care facilities
•
Allow a minimum of 10 users to be identified. The system should have enough capacity to identify the maximum number of employees present at one time (including visitors or casual staff) and, in mental health facilities, visitors who may be in the ward or unit (including visiting magistrates, health care professionals, maintenance contractors etc) plus spare units in case of malfunction.
Alarm Systems (December 2003)
11-4
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Include off the shelf quality tested equipment rather than customised equipment or software
•
Be of current technology and part of a system that can be easily added to or subtracted from if needs change (eg staff leave or join, without needing to install a new range or design of equipment)
•
Be of self-testing capacity, with each self-test carried out at intervals of one hour or less
•
Be small, light, water and vandal resistant, of robust build and able to withstand every day operational rigours including dropping the device or splashing the device etc
•
Include a “warning indication” if the user is out of range, communications or battery failure
•
Be capable of transmitting a duress signal to other staff members within five (5) seconds of activation with a reliability factor of no less than 98% for indoor situations and within 30 seconds for an outdoor alarm
•
Be guaranteed by the supplier of the duress system (ie all equipment and systems will be supported for a period of no less than five (5) years from the date of service and the supplier needs to provide “urgent and routine” servicing and replacement of all parts during that period)
•
Be user friendly and simple to use.
Where the risk assessment process identifies gaps in the existing duress alarm system and the cost of replacement is significant, other risk control strategies should be implemented to complement the existing system. Duress Alarms should not: •
Activate a loud noise in the immediate area of the point of danger (the audible alarm may cause secondary reaction by assailant or create undesirable reactions among other patients or visitors)
•
Rely on a form of transmission or communications or any other device that could interfere with the functioning of critical medical equipment
•
Be susceptible to tampering or activation by patients or visitors.
Training: Suppliers of any alarm system should, as part of any contract, provide training for staff in the use of the equipment.
Alarm Systems (December 2003)
11-5
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
A duress alarm is only the means of signalling that someone needs assistance. The response to that signal is the important part of the duress process (Refer to Chapter 29 of this Manual).
Intruder Alarms: Health Services should ensure that the relevant requirements from the Australian Cabling Regulations and the following Australian Standards and International Electro-Technical Commission standards are incorporated into all aspects of commissioning, installing, activating and maintaining intruder alarms: • • • • • • • • • • •
Intruder alarm systems – Systems installed in client’s premises (AS 2201.1 – 1998) Intruder alarm systems – Monitoring centres (AS 2201.2 – 2001) Intruder alarm systems – Detection devices for internal use (AS2201.3 – 1991) Intruder alarms systems – Wire-free systems installed in client’s premises (AS 2201.4 – 1990) Intruder alarm systems – Alarm transmission systems (AS 2201.5 – 1992) Alarms systems. Part 2: Requirements for intruder alarm systems. Section Two: Requirements for detectors – General (IEC 60839-2-2 Ed. 1.0b) Alarm systems. Part 2: Requirements for intruder alarm systems. Section Two: Requirements for infra-red beam interruption detectors in buildings (IEC 608392-3 Ed 1.0b) Alarm systems. Part 2: Requirements for intruder alarm systems. Section Four: Ultrasonic Doppler detectors for use in buildings (IEC 60839-2-4 Ed 1.0b) Alarm systems. Part 2: Requirements for intruder alarm systems. Section Five: Microwave Doppler detectors for use in buildings (IEC 60839-2-5 Ed 1.0b) Alarm systems. Part 2: Requirements for intruder alarm systems. Section Six: Passive infra-red detectors for use in buildings (IEC 60839-2-6 Ed 1.0b) Alarm systems. Part 2: Requirements for intruder alarm systems. Section Seven: Passive glass-break detectors for use in buildings (IEC 60839-2-7 Ed 1.0b).
***********
Alarm Systems (December 2003)
11-6
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
12. Lighting Policy: As part of the facility security risk management process, Health Services must ensure, in consultation with staff and key stakeholders, that internal and external lighting is sufficient to eliminate, where reasonably practicable, or control security related risks and meet the relevant Australian Standards.
Guidelines: Security lighting is internal and external lighting that is used to improve security in the vicinity of the light. The external lighting system recommended for health facilities uses luminaries of the High-Pressure Sodium (HPS) type.
Security Risk Management: Chapter 1 of this Manual provides guidance material on the risk management process and these principles apply equally to lighting related security risks. As part of this process, Health Services should consider the following: •
Ensuring external security lighting is in vandal resistant containers and mounted to restrict tampering (eg too high up to be readily broken)
•
Ensuring posts for security lights are designed in such a way that they do not provide a ‘ladder’ or foothold to allow access to the light fitting
•
Ensuring security and other staff are provided with a system for reporting malfunctioning lights
•
Ensuring malfunctioning lights are replaced immediately
•
Ensuring security lights can be automatically activated and deactivated at pre-set times (times need to be seasonally adjusted)
•
Ensuring security lights are connected to an electrical circuit separate to that of the main facility
•
Ensuring some internal lighting remains on during the night
•
Locating and styling lights so as to gain the maximum benefit and coverage
Lighting (December 2003)
12-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Providing lights bright enough to ensure a safe entry to and safe exit from the workplace (including footpaths/accessways), and providing acceptable levels of light in car parks. Lighting should avoid creation of dark spots and be sufficiently bright to deter crime and to provide sufficient illumination to prevent slips, trips and falls and allow facial recognition. Where the facility does not have dedicated on-site parking, consultation on street lighting should occur with local councils.
•
Ensuring lighting used meets Australian standards AS1680 series, AS1158 series (including 1158.3.1), AS4485.1 and AS2890 where applicable
•
Determining the needs of areas requiring special lighting treatment (eg entrance foyers, emergency departments, staff entry and exit points, pharmacies and car parks)
•
Ensuring a back up generator is available, where practicable, to ensure continuity of electrical supply for security lighting
•
Consulting with neighbours who may be affected by security lighting.
***********
Lighting (December 2003)
12-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
13.
Workplace Camera Surveillance
_______________________________________________________________
Policy: Health Services must ensure, in consultation with staff and key stakeholders, that where workplace camera surveillance is used as part of the facility security risk management program, effective procedures are developed and implemented that are consistent with relevant legislation. When implementing this policy, Health Services should review the Workplace Surveillance Act and Regulation in detail, to ensure that all relevant requirements are met. Note: Where a Health Service is considering the use of covert camera surveillance, the Health Service Chief Executive (or delegate) must seek the approval of the Director-General prior to applying for a ‘covert surveillance authority’.
Definitions: Camera Surveillance, which may be overt or covert, relates to surveillance activities undertaken using video or camera equipment. Overt camera surveillance involves the use of unconcealed surveillance equipment, signposted to draw attention to the fact that an individual is under observation. Covert camera surveillance involves the use of hidden or concealed surveillance equipment to record an individual’s activities, without their knowledge or agreement.
Legislative Framework: Workplace Surveillance Act 2005 The Workplace Surveillance Act 2005 replaces the Workplace Video Surveillance Act 1998, and commenced on 7 October 2005. The 2005 Act has much broader coverage, in that it applies to camera surveillance, computer surveillance and tracking surveillance of staff. The Act regulates the use of both overt and covert surveillance and the use and disclosure of the records obtained from surveillance.
Workplace Camera Surveillance (November 2005)
13-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Workplace Surveillance Regulation 2005 The Workplace Surveillance Regulation 2005 also commenced on 7 October 2005 and prescribes actions in relation to ‘covert surveillance authorities’. Listening Devices Act 1984 When conducting workplace camera surveillance, if the camera is used to record private conversations, the camera surveillance will also be regulated by the Listening Devices Act 1984. Privacy legislation Personal information collected by surveillance will be protected by either the Privacy and Personal Information Protection Act 1998 or, where information relating to a person’s health or the health services provided to them is collected, the Health Records and Information Privacy Act 2002. These laws set out principles that govern the collection, storage, use and disclosure of personal information. The NSW Health Privacy Manual (PD2005_593) directs Health Services on all aspects of information privacy management and confidentiality issues.
Guidelines: Within Health Services there are potentially three types of camera surveillance that may occur: • Overt camera surveillance to observe staff • Overt camera surveillance in relation to personal or property security • Covert camera surveillance of suspected unlawful activity.
Overt camera surveillance: Risk Assessment As identified in previous chapters of this Manual, Health Services should undertake a risk assessment to identify security risks, and determine and implement appropriate controls to eliminate or minimise the risks. As camera surveillance is considered to be a risk control strategy that is toward the lower end of the hierarchy of risk controls eg an administrative control, Health Services must ensure that, as far as practicable, all other appropriate risk control strategies higher up the hierarchy are put in place to control security risks. For further information on security and violence risk management see Chapters 1 and 26 of this Manual, and NSW Health policy directives PD2005_315 Zero Tolerance Response to Violence and PD2005_409 Workplace Health and Safety: Policy and Better Practice Guide.
Workplace Camera Surveillance (November 2005)
13-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Notification Requirements Section 10 of the Workplace Surveillance Act 2005 provides clear direction on the requirements for notifying employees where an employer wishes to undertake overt workplace camera surveillance. The use of cameras to undertake workplace surveillance will be lawful under the Workplace Surveillance Act 2005 only if all of the following conditions are met: • Employees have been notified, in writing, at least 14 days before the cameras are used. New starters must be advised prior to commencing work (Section 10) • The cameras are clearly visible to people in the area that is under surveillance (Section 11) • Signs notifying people that they may be under camera surveillance are clearly visible at each entrance to the area under surveillance (Section 11). Section 14 of the Workplace Surveillance Act 2005 allows for an exemption from the employee notification requirements where the surveillance: • Is conducted with the agreement of the employee or a body representing a substantial number of employees at the particular workplace eg a union or representative body, for a purpose other than surveillance of staff (eg security purposes) and • Is carried out in accordance with that agreement. Failure to meet all the requirements for overt surveillance will constitute covert surveillance, which is in breach of the Act in the absence of a covert surveillance authority (see Covert camera surveillance page 13-7).
General Issues for Overt Camera Surveillance: Security related workplace camera surveillance Objectives of camera surveillance In the security context, camera surveillance is generally used to achieve the following objectives: • To deter security incidents eg theft, vandalism, violence etc • To gather information that may be used in evidence if a crime is committed within view of the camera (assuming the camera is recording) • To allow a security incident to be viewed as it is occurring, and an appropriate response to be raised. Regardless of the reasons for the installation, having a clearly displayed camera in a particular area can create an expectation from staff and others that a duress response will be automatically triggered if a violent incident occurs within view of the camera. As a result, this may affect the response of the individual to the situation eg not retreat as they are expecting assistance.
Workplace Camera Surveillance (November 2005)
13-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Because of this potential, the following questions should be given serious consideration when determining if, and where, to use overt camera surveillance: • What is the primary purpose of the camera surveillance ie does the area have a history of vandalism because it is isolated after hours or the premises is largely unused; is it an area of opportunistic theft such as a retail outlet on Health Service property; is there a history of violence in the area? • What expectations might the presence of the camera reasonably create in those using the area? • What level of monitoring is necessary, and what is the availability of appropriately licensed and trained staff to undertake the monitoring? • What information should be contained in the notification signage? If a camera is placed in an area with a history of violent incidents, or it is reasonably foreseeable that there may be future violent incidents in the area, it should not be assumed that the presence of the camera and signage will deter violence in all instances. Such instances may include where the perpetrator: • Is under the influence of alcohol or other drugs • Is suffering from a medical condition that may predispose the sufferer to violence • Has a significant history of violence • Is suffering from a particular mental illness. Monitoring of camera surveillance In the situations listed above, the camera will only achieve its objectives if it is being constantly monitored, and an appropriate response activated in the event of a violent incident. Therefore, where camera surveillance is being used in areas identified as being at increased risk of violence, continuously monitoring the camera via an appropriately staffed control centre will be necessary. An appropriate duress response plan must also be in place that can be promptly activated if it appears that a significant violent incident is imminent (see Chapter 29 of this Manual). Staffing issues Health Services should ensure that employees involved in relevant surveillance activities are appropriately licensed and trained, as required by security industry legislation (see Chapter 14 of this Manual). Because continuous monitoring is labour intensive, and, as advised earlier, camera surveillance is considered to be an administrative risk control strategy, as far as possible all other appropriate risk control strategies higher up the hierarchy eg engineering controls should be put in place to control violence risks.
Workplace Camera Surveillance (November 2005)
13-4
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Placement of cameras Where a security risk assessment results in the decision to use overt camera surveillance in a particular location, effective placement of the camera within this location is critical to the success of a surveillance strategy aimed at controlling security risks. An assessment that considers the following should be undertaken to determine the best placement: • Lighting levels, including shadowing, minimum lux levels, type and height including varying lighting levels in open areas as opposed to under awnings etc and obstructions to fields of view • Landscaping, including type and growth rate of trees and vegetation • Pedestrian and vehicular thoroughfares, including analysis of the amount of pedestrian and vehicular access throughout each day • The recommended height of equipment above ground to deter potential vandalism and damage caused by vehicular traffic (while noting that position height of cameras needs to allow adequate identification of persons) • The view from the recommended camera height, taking into account building structures and awnings • Direction of the sun, including sunrise and sunset ‘blooming’ and the possible effect on the cameras • Whether cameras need to be attached to private or public property, and if in the case of a private property, whether such approval is likely to be granted by owners • Whether private premises would come within the view of the cameras • The accessibility of equipment for maintenance purposes including any safety issues for staff undertaking the maintenance • Possibility of accompanying lighting intruding upon the surrounding area • Access to power supply • Cabling routes and distances • Availability of existing cables and conduits and • Trenching and reinstatement costs. Related procedures Health Services should also develop effective procedures for: • Ensuring camera surveillance equipment remains appropriately placed, and continues to be pointed in the necessary direction • Maintenance and testing of the equipment - a maintenance log is recommended • Undertaking regular risk assessments to ensure that the introduction of camera surveillance has not created new or different security risks eg moved potential illegal activity from the area now under surveillance to other surrounding areas, or created expectations in relation to a duress response that may be unrealistic or unable to be met.
Workplace Camera Surveillance (November 2005)
13-5
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Use and disclosure of surveillance records The Workplace Surveillance Act 2005 (Section 18) requires that any record made as a result of surveillance not be used or disclosed unless the disclosure is: • For a legitimate purpose related to the employment of staff or the legitimate business activities of the Health Service; or • To a member or officer of a law enforcement agency (eg Police) for use in connection with the detection, investigation or prosecution of an offence or • For a purpose that is directly or indirectly related to the taking of civil or criminal proceedings; or • Reasonably believed to be necessary to avert an imminent threat of serious violence or of substantial damage to property. While Health Services are not obliged by law to provide surveillance records without a warrant, Section 316 of the Crimes Act 1900 does require Health Services to consider whether information they have will be of ‘material assistance’ to securing the apprehension or conviction of an offender who has committed a serious offence ie one which carries a term of imprisonment of five years or more. Where the Health Service may knowingly have such information, failure to provide this information to police could lead to a conviction unless there is a ‘reasonable excuse’ for this failure. As it is in the public interest to assist law enforcement agencies to pursue their law enforcement and public protection activities, Health Services should assess requests for surveillance records in the absence of a warrant on a case by case basis. In deciding whether to provide surveillance records Health Services need to balance this need with their own obligations of confidentiality to their patients and the often sensitive nature of health information. Factors that should be considered prior to disclosing surveillance records without a warrant include: • The seriousness of the alleged offence • The degree of evidence available that suggests the surveillance record contains information that will assist with law enforcement • Whether significant personal information relating to third parties will be disclosed, especially if this information is of a sensitive nature eg if the camera is near the entrance to a methadone clinic or an STD clinic • How well sign posted the camera surveillance is ie will staff and visitors to the area have a reasonable expectation that they will be captured in surveillance records? • Any industrial arrangements as the surveillance records may also include footage of staff. Health Services should develop clear protocols for determining in each instance whether such records should be provided to other parties, and identify who within the Health Service has the authority to approve the release of those records.
Workplace Camera Surveillance (November 2005)
13-6
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
For more information on the disclosure of personal information to law enforcement agencies refer to the following sections of the NSW Health Privacy Manual (Policy Directive PD2005_593) • Section 11.2.7 – Law enforcement agencies, including police • Section 11.3.4 – Reporting ‘serious criminal offences’.
Prohibited surveillance: It is prohibited under the Workplace Surveillance Act 2005 to carry out any surveillance of an employee in any change room, toilet facility or shower or other bathing facility at work.
Covert camera surveillance: In seeking the approval of the Director-General to apply for a covert surveillance authority, the Health Service will need to submit a written request addressing the following: • Why covert surveillance is required • The actions taken to date to investigate and/or manage the situation • Other options considered by the Health Service to resolve or manage the situation and why they were not taken or were not successful. Where the Director-General has granted approval for the Health Service to apply for a covert surveillance authority, all relevant requirements of the Workplace Surveillance Act 2005 must be observed. These requirements include the following: • Surveillance must be used only to detect whether a staff member is engaged in an unlawful activity in the workplace (Section 20) • Surveillance must not be used for the purpose of monitoring the staff member’s work performance (Section 20) • Surveillance must not occur in any change room, toilet facility, shower or other bathing facility (Section 20) • The Health Service must obtain a covert surveillance authority from a Magistrate, approving the covert surveillance (Section 23) • A surveillance supervisor designated by the Magistrate must oversee the surveillance (Section 27) • The surveillance activity must meet any conditions prescribed by the surveillance authority (Section 29) • The covert surveillance authority remains in force for the period specified in the authority, which will not exceed 30 days (Section 29). Following the covert surveillance, employers have a number of further obligations under the Act, as outlined below: • The Health Service must ensure that any recordings within their control are protected against loss, unauthorised access or use (Section 36) • The Health Service must only use or disclose the surveillance records for a relevant purpose (Section 37)
Workplace Camera Surveillance (November 2005)
13-7
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
• •
The Health Service also has a duty to report back in writing to the Magistrate issuing the authority, within 30 days of its expiry, the results of the surveillance (Section 35) If the Health Service proposes to take any action against a staff member as a result of the covert surveillance, then that Health Service must provide the staff member or the staff member’s lawyer with access to the recording within a reasonable period after access is requested (Section 29).
************
Workplace Camera Surveillance (November 2005)
13-8
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
14.
Provision of Security Services
Policy: As part of the facility security risk management process, Health Services must ensure, in consultation with staff and key stakeholders, that appropriate security services are available to respond effectively to security related issues. Health Services, following the risk assessment process, are required to establish and document minimum standards for security services in each facility. Special Constables: As part of the facility security risk management process, Health Services must ensure that all practical violence risk control strategies are implemented prior to supporting an application for Special Constable status. The risk management process must be documented and may from time to time be reviewed by the Department of Health or other external agencies. The Department of Health does not support the creation of Special Constables in Health Services as a key security risk control strategy. (Note: Refer to Chapter 28 of this Manual for policy on the use of weapons by security staff.)
Guidelines: Security Services Risk Management: Each Health Service should determine the level of need for security, the type of security services required and the coverage to be provided. As part of the risk management process, Health Services should consider a number of issues that impact on determining an appropriate level of security including: •
The type of work being performed (eg emergency, alcohol and other drugs or mental health areas that may require access to 24/7 security)
Provision of Security Services (December 2003)
14-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
• • • • • • • •
The likely clientele using the service The number of staff on duty at any one time The size and layout of the facility The nature of incidents that have occurred previously The geographical location of the area being assessed (eg is it isolated?) The crime risk of the locality (police can advise) Proximity of local police services The current security controls in place and their effectiveness in reducing risk (eg access control measures).
It would be expected that in priority areas such as emergency departments the risk assessment process would highlight the need to have access to appropriate security services on a 24/7 basis. Access to appropriate security services is not limited to the posting of security officers on site and may include, for example, arrangements for immediate response from patrolling officers. In mental health facilities, the risk assessment may result in a similar outcome. However, the balance between security and the therapeutic environment may vary between facilities and as a result it is critical that management and staff of mental health facilities constructively decide on the way in which security services are to be provided and mental health emergencies are to be managed. The provision of effective security services may be achieved through engagement of security officers, health and security assistants, contractors, on-call patrols, other appropriately licensed parties or a combination of these arrangements.
Role of Security Services: The duties of security staff will vary according to the type, location, size and local circumstances of the health workplace. However, in broad terms they are generally responsible for assisting with the security of staff, patients, visitors and assets of the health workplace. The security role should never be confused with that of a police officer. Although security staff may assist police, the primary role of each service is different. The security officer/health and security assistant roles are health service specific roles with a strong emphasis on prevention and assisting in the management of incidents. Security staff should not place themselves at unnecessary risk in carrying out their duties, regardless of their occupational role. In practice there may be times when the duty of care to patients or others may require intervention but at no time should the duty of care override a staff member’s right to safety. For more information refer to Chapter 26 of this Manual and the Department’s Zero Tolerance Policy and Framework Guidelines (Circular 2003/48).
Provision of Security Services (December 2003)
14-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Attached to this Chapter (at Appendix 14.1) is detailed information on the scope of duties that may be undertaken by security staff in Health Services.
Using Force in the Execution of Duty: Security staff may be required to use physical force in the course of their duties. Physical force should be limited to: • • •
Assisting with the restraint of a patient at the direction or request of an appropriate staff member (eg nurse, medical officer etc) Evasive self defence as is necessary to protect themselves, with due regard to the concept of “reasonable force’' and The minimum force necessary to protect staff while observing their own safety.
Health Services, through education and training strategies, need to ensure security staff understand the concept of “reasonable force” and are aware that their actions may be scrutinised by a court of law. Evasive Self-Defence: The law recognises that an individual may protect themselves or another person from a threat of attack or injury. The protection afforded by the law is limited to situations where: • •
The person believes the action is necessary to defend themselves or another person or The action is necessary to prevent or terminate unlawful deprivation of their liberty or the liberty of another person.
In order to be lawful the conduct must be a reasonable response in the circumstances as he or she perceives them, and there must be some reasonable proportion between the threat perceived and his or her response to it. The purpose of evasive self-defence is to assist staff to escape from a violent situation when retreat is blocked, when all other non-physical strategies are inappropriate or have failed and the staff member is under attack or attack is imminent. When properly used, it may minimise the risk of injury and minimise the potential trauma. In these circumstances the behaviour of staff should be defensive rather than aggressive, controlling rather than punitive and with no more force than is necessary in the given situation. The degree of force used must be proportionate to the degree of potential harm faced and must not be applied for longer than is reasonably required to control that risk.
Provision of Security Services (December 2003)
14-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Restraints: Restraints are human or mechanical actions that restrict a person’s freedom of movement. The term ‘chemical restraint’ is sometimes used to refer to the use of medication to sedate and control behaviour. Physical Restraint: Sometimes it is necessary for patients to be restrained to protect them from hurting themselves or others. It is expected that this would be for brief periods of time. At all times the principle of reasonable force is to be adhered to. Security staff are to work under the direction of a clinician when using restraint on patients. However there may be occasions where security staff may need to act without the direct instruction of clinical staff. Such situations would be rare and would be limited to acute emergency situations where: • •
There are no clinicians in the immediate vicinity at that particular moment, and where failure to act immediately will clearly result in injury or trauma or Clinical staff are unable to issue instructions (eg they are injured or incapacitated).
Mechanical Restraints: Non-metallic, soft or leather restraints supplied by a medical appliance company are the only acceptable mechanical restraints to be used by security officers or others when directed by a clinician to restrain a patient in this way. Metal handcuffs are not to be used on patients. As with physical restraint, the principle of reasonable force must be exercised at all times when using mechanical restraints. Chemical Restraint: Guidelines on the use of chemical restraint are contained in the document titled ‘Management of Adults with Severe Behavioural Disturbance – Guidelines for Clinicians in NSW (May 2002)’.
Searching Patients and Visitors: To ensure the security of staff, patients and other visitors to health facilities, there may be circumstances where the searching of patients and visitors is considered an important risk control strategy.
Provision of Security Services (December 2003)
14-4
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
However, the power to search an individual is restricted to narrow circumstances allowed under criminal law and the Mental Health Act which are strictly regulated, or when the individual consents. Without clear lawful authority, any search initiated without consent would be a trespass upon the person and therefore unlawful. Where, after an assessment of risks (including the legal context), a health facility determines the need for procedures to search for weapons and other dangerous objects, Health Services should consider the following points. Under the Inclosed Lands Protection Act 1901 a Health Service, as occupier of its premises, has the right to determine who may enter its premises, and is entitled to impose conditions of entry. These conditions may include the following: • • •
Prohibited weapons, illegal drugs or alcohol are not to be brought into the facility The Health Service reserves the right to search persons if there is a reasonable suspicion that a person has brought such weapons or drugs into the facility A person who refuses to be searched when requested will be escorted from the premises.
Any procedure should therefore ensure that persons entering Health Service premises are aware of these conditions. The situation is somewhat different in relation to persons involuntarily detained under the Mental Health Act, which provides for the involuntary detention of persons suffering from a mental illness that place themselves or others at risk of serious harm. The objects of the Act include facilitating treatment and care, and section 31 (2) specifically allows a detained person to be given such treatment as the medical superintendent 'thinks fit'. This combination of provisions would authorise searching of involuntary patients where the search was directed towards care and/or treatment, or prevention of harm to the patient or others and there is a reason to believe that the search is necessary. Introducing related policies would require clearly articulated procedures, comprehensive staff training and appropriate back up. Retention and Restoration of Weapons or Implements On occasion people may present to health service facilities carrying weapons or implements that give rise to security fears for staff. This can occur, in particular, in emergency departments where the fact that treatment has been sought in an emergency situation means people have not necessarily had an opportunity to organise their affairs and properly secure or remove weapons or implements.
Provision of Security Services (December 2003)
14-5
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
There are many weapons that are listed as prohibited in Schedule 1 of the Weapons Prohibition Act 1998. However a weapon or implement may not be prohibited but still give rise to concerns for security should a person retain it in their possession while on health service premises. Circumstances may arise where a person may have a permit to carry a weapon or their occupation has been exempted from the Weapons Prohibition Act 1998 however this does not entitle them to retain a weapon on health service property if it causes staff to fear for their security (refer to Chapter 6 – ‘Security Arrangements for Patients in Custody’ for information relating to firearms security for police). Health Services must have procedures in place to manage issues associated with the retention of weapons. When developing these procedures, the following risk control strategies should be considered by Health Services: •
People who hand custody of a weapon or implement to health service staff should, where practicable, be offered a receipt for their property
•
All weapons and implements should be placed in a plastic bag, to protect any forensic evidence. Staff handling weapons and implements should wear gloves.
•
Should the weapon or implement fall into the category of a prohibited weapon, as defined by the Prohibited Weapons Act 1998, or carrying the weapon is against the law (eg juvenile with a knife), the police should be contacted and advised of the nature of the weapon and circumstances of retention. Security officers should fill out an incident report/or equivalent describing all details. This weapon should then be placed immediately into a designated safe until collected by police (refer to section below on Storage and Disposal of Weapons).
•
If the weapon or implement does not fall into the category of a prohibited weapon but there are concerns regarding the nature of the weapon or implement (large knives, screwdrivers, slide hammers etc), the police should be contacted and advised of the nature of the weapon or implement and the circumstances of retention. Security officers should fill out an incident report/or equivalent describing all details. This weapon or implement should then be placed immediately into a designated safe until collected by police (refer to section below on Storage and Disposal of Weapons).
Provision of Security Services (December 2003)
14-6
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Should the person have lawful rights to that weapon or implement and it is necessary to return it to them on their departure from health service premises then the usual practices for managing patient’s valuables should apply including: -
-
Locking the weapon or implement into a safe and entering the details into a valuables book/or equivalent, including the name and address of the owner. The owner should be advised that they have a period to claim the weapon after which time it will be destroyed. When returning the weapon or implement to the owner ensuring the item is signed for in the valuables book/or equivalent.
Storage and Disposal of Weapons or Implements: Health Services must have procedures in place for storing weapons or implements awaiting collection by the lawful owner or by police. The procedures must reflect the relevant requirements of the Evidence Act 1995. When developing these procedures, the following risk control strategies should be considered by Health Services: •
The weapon or implement should be placed into a designated safe which should be located in the Security Department (or other appropriate area) where access is restricted to security personnel only
•
The designated safe should be key operated. Security staff should have access to the safe to ensure that weapons or implements are secured immediately.
•
The safe should be emptied by a nominated senior staff member (eg: Area Security Manager) on a daily basis and the contents of the safe transferred to another safe which can be accessed by this senior staff member only. Weapons or implements are to be kept in this safe pending collection by the lawful owner, police or disposal.
•
Where a weapon or implement has not been collected by the lawful owner, and the required timeframe for keeping property has expired, arrangements should be made by the Health Service for its disposal.
Provision of Security Services (December 2003)
14-7
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Licensing Requirements for Security Staff (including Health and Security Assistants): Security staff employed in Health Services need to be licensed to carry out those duties generally covered under a Class 1 (A), (B) or (C) security industry licence. Health Services need to ensure that security staff are appropriately licensed for the duties they are required to undertake. Types of Licenses: • • •
Class 1A - authorises the licencee to patrol, guard, watch or protect property (including the guarding of cash in transit) or to carry on such other activities as may be prescribed by the regulations Class 1B - authorises the licencee to act as a bodyguard Class 1C - authorises the licencee to act as a crowd controller or bouncer.
To qualify for the issue of a class 1 (A), (B) or (C) security industry licence, units of the National Security Industry Competency Standards must be completed. Applicants must also have an appropriately accredited, WorkCover approved senior first aid training certificate. Master Security Licence: Employers of people undertaking security activities are required, under the Security Industry Act 1997, to hold a Master Security Licence. The holder of a Master Security Licence is not authorised to carry out security related duties themselves unless they also hold an appropriate security licence. The holder of a Master Security Licence is required, as a condition of their Licence, to hold membership of an approved Industry Organisation. The Security Industry Registry website provides details of approved Industry Organisations (www.police.nsw.gov.au/sir).
Pre-employment Screening of Security Staff: Departmental circular 2003/71 provides guidelines on the processes for undertaking pre-employment screening of applicants for security related positions. Pre-employment screening processes are designed to assist Health Services to identify the capabilities and deficiencies of applicants for security-related positions and therefore enhance the merit-based recruitment process. Used in conjunction with responses to selection criteria, a structured interview and reference checks these pre-employment screening tests help gauge the person who will ‘best fit’ a defined security role.
Provision of Security Services (December 2003)
14-8
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Appendix 14.1 Scope of Duties Security Staff (including Health and Security Assistants): Security staff, while working to a routine of duties to be performed, need to be capable of prioritising their duties in a range of different circumstances. Examples of the core duties of security staff may include, but not be limited to: •
Incident Response: responding to incidents triggered by duress alarms, burglar alarms, calls for assistance etc. Security staff trained in aggression minimisation and management may be called upon to support staff in attempts to de-escalate or calm others and if necessary take control of the situation. Under the direction of clinical staff, security staff may assist with the restraint of patients.
•
Emergency Response: providing an emergency response to a range of issues such as fire and disasters (internal and external) Security staff are generally best placed to provide a first aid response until the local management emergency response is implemented or external emergency agencies arrive.
•
Escorts: providing a range of escorts. This may include escorting staff to car parks, particularly during the non-daylight hours and escorting cashier staff when money is transported or coin collection is undertaken (where the security officer is are appropriately licensed to do so).
•
Client Services: providing directions and advice to others. Security staff, by the nature of their position, are generally perceived as “safe people”. As such they should be approachable and prepared to assist visitors, patients as well as staff. Assisting others is an important task as it gives the security staff information and feedback on what is happening on the site while projecting a positive image of the health care facility.
•
Locking/unlocking buildings/rooms: locking or unlocking various buildings or rooms within a health care facility. Locking/unlocking is undertaken to ensure staff, patient, visitor and asset security.
•
Patrolling: undertaking patrols to ensure secure areas remain secure and to provide a visible presence of security staff to act as a deterrent to criminal or antisocial behaviour
Provision of Security Services (December 2003)
14-9
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Parking control: controlling parking on the health care facility campus including providing direction to drivers or the issuing of infringement tickets
•
Reports and Investigations: reporting and/or investigating security incidents that occur at the health care facility. Security staff need to take accurate notes as a legal record of events.
•
Key control: operating or managing the health care facility key control process or system
•
Access control: operating or managing the heath care facility access control process or system
•
Identification: operating or managing the health care facility identification production and distribution system
•
Helicopter landings/departures: providing emergency services and crowd/traffic control during a helicopter landing and departure at a health care facility to ensure the security of persons in and around any helicopter.
While the role of security staff will be reasonably consistent, the range of duties will vary in line with the type of health facility, its staff and the community.
**********
Provision of Security Services (December 2003)
14-10
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
15.
Security in the Clinical Environment
Policy: As part of the facility security risk management process, Health Services must ensure, in consultation with staff and key stakeholders, that all reasonably foreseeable security risks associated with the clinical environment are identified, assessed, eliminated where reasonably practicable or effectively controlled. Health Services must ensure that the process is appropriately documented. Note: In implementing the requirements of this Chapter the following documents should also be consulted: • • • •
Memorandum of Understanding between NSW Police and NSW Health, and the accompanying flowcharts Mental Health For Emergency Departments (red book – May 2002) Management of Adults with Severe Behavioural Disturbance: Guidelines for Clinicians (green book – May 2002) and Guidelines on the Management of Challenging Behaviour in Residential Aged Care Facilities in NSW (Department of Health - August 2000)
Note: For issues relating to staff working in the community refer to Chapter 16 of this Manual.
Guidelines: Health Services should develop procedures, in consultation with staff and other stakeholders, to effectively manage security risks in clinical environments. The aim of these procedures is to protect people and assets and minimise the likelihood of incidents related to robbery, abduction and violence. Additionally, clinical protocols should be implemented to manage aggression arising from a patient’s medical or psychiatric condition. Priority Areas: Within the clinical environment a number of areas exist where the likelihood of security incidents occurring may be increased. These areas may include emergency departments, maternity units, admissions areas, mental health services, drug and alcohol services including methadone dispensing clinics, brain injury units, aged care/dementia units and during individual patients specials (IPS).
Security in the Clinical Environment (December 2003)
15-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Security Risk Management: Chapter 1 of this Manual provides guidance material on the risk management process and these principles apply equally to identifying and controlling risks in the clinical environment. The following risk control strategies should be considered by Health Services: Building Design: •
Ensuring, where possible, that waiting areas: -
Are comfortable, decorated in muted colours and spacious Have a clear path to commonly used fittings and facilities (eg phones, water and snack dispensers, toilets etc) Have adequate signage, seating, ventilation and temperature control Have furnishings that cannot be moved and/or used as weapons Are well maintained (eg water and snack dispensers, lighting, phones are in working order and clean and tidy etc)
•
Ensuring the design of desks, counters and screens are determined by their purpose and the degree of risk associated with the tasks and work area
•
Ensuring interview rooms are designed to: -
-
Include two doors (staff members should sit close to one of the doors, with furniture between them and the client and no obstruction blocking their exit, doors should open outward to facilitate quick exit of staff) Have controlled access (but still allow for escape) Include duress alarms Include safety glass windows so staff can be seen while retaining client privacy
•
Ensuring that waiting areas and common space in mental health units are sufficiently large to give people ‘space’ and avoid the stress of overcrowding
•
Avoiding the creation of isolated work areas when designing facilities (eg do not isolate work areas that are 24 hours by separating them with work areas that are only occupied in the day time or Monday to Friday)
•
Positioning the nurses’ station to allow for an unobstructed view of the entries/exits to a ward.
Security in the Clinical Environment (December 2003)
15-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Access Control: •
Implementing a system for securing and answering the access doors
•
Providing a secure means of delivering a service after hours (eg dispensing fit packs to patients)
• Ensuring departments/units/wards and staff only areas are appropriately signposted to ensure ease of access and reduce the likelihood of people using being lost as an excuse for trespass. This includes consideration of the use of multi-language and/or international symbol signage. •
Assessing the need to install: -
Video surveillance at entrances, including ambulance bay doors and in clinical areas (eg nurseries) Intercoms at entrances Duress alarms (refer to Chapter 11 of this Manual for more information on alarm systems).
Patient Liaison and Management: •
Developing procedures for limiting the number of patient support people/visitors in treatment areas
•
Developing procedures for communicating with and monitoring waiting patients and waiting family members (eg Clinical Initiative Nurse)
•
Developing appropriate criteria and protocols for admission, assessment and transfer of patients particularly first assessment of patients and seeking and assessing any relevant risk information from services transferring, or the provision of information to services receiving the transferred patient
•
Developing, in consultation with staff, guidelines on patient triage, assessment and treatment/management protocols to reduce risks of aggression of medical origin (eg clinical guidelines/protocols for the diagnosis and management of mental illness, dementia, effects of alcohol and other drugs, delirium, brain injury etc) and making these readily available to staff
•
Implementing clinical and non-clinical protocols for preventing and managing violent behaviour
•
Documenting and analysing violent incidents
•
Conducting operational debriefings after an incident to ensure protocols were followed, equipment worked properly and that these were adequate to manage the event
Security in the Clinical Environment (December 2003)
15-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Establishing a well designed, well staffed, secure therapeutic environment which is compatible with clinical care objectives
•
Implementing a patient alert system (For further information refer to Departmental document titled Zero Tolerance: NSW Health Response to Violence in the Public Health System – Policy and Framework Guidelines)
•
Developing communication strategies for ensuring that patients and visitors are aware of their behavioural responsibilities and the consequences of not meeting those responsibilities
•
Developing processes for providing information and explanations to patients and those waiting (eg information on delays in procedures and timing to assist in reducing the risk of violence).
Security Services: •
Implementing a system of security patrols/response which includes assessing the need for the allocation of security staff to priority areas and/or at higher risk times.
Staffing Issues: •
Ensuring sufficient staffing levels to provide prompt clinical care, particularly during peak activity cycles to reduce the risk of violence from frustration, pain and/or boredom
• Ensuring adequate staff levels to allow the early recognition of potential for aggression, to deter violence and to provide for a response in duress situations. Education and Training: •
Ensuring that training is provided for all relevant staff, including security staff, in: -
Minimisation and management of aggression Duress response Emergency response procedures (eg fire, bomb, abduction)
(refer to Chapter 7 of this Manual for more information on security related education and training). Staff Awareness: •
Ensuring relevant staff are aware of their responsibility to: -
Comply with all established security procedures Implement work practices Report workplace hazards
Security in the Clinical Environment (December 2003)
15-4
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Participate in appropriate training in the minimisation and management of aggression and duress response Report all viole nt incidents as per local protocols Assist others if it is safe to do so and Behave appropriately towards patients and other staff and provide patients and their family members with adequate information
Recommending appropriate dress codes (eg avoiding dangling jewellery or clothing that could be grabbed during an attack and ensuring that identification tag necklaces are of the breakaway kind to avoid injury if grabbed by an assailant).
Searching Patients and Visitors: To ensure the security of staff, patients and other visitors to health facilities, there may be circumstances where the searching of patients and visitors is considered an important risk control strategy. However, the power to search an individual is restricted to narrow circumstances allowed under criminal law and the Mental Health Act which are strictly regulated, or when the individual consents. Without clear lawful authority, any search initiated without consent would be a trespass upon the person and therefore unlawful. Where, after an assessment of risks (including the legal context), a health facility determines the need for procedures to search for weapons and other dangerous objects, Health Services should consider the following points. Under the Inclosed Lands Protection Act 1901 a Health Service, as occupier of its premises, has the right to determine who may enter its premises, and is entitled to impose conditions of entry. These conditions may include the following: • • •
Prohibited weapons, illegal drugs or alcohol are not to be brought into the facility The Health Service reserves the right to search persons if there is a reasonable suspicion that a person has brought such weapons or drugs into the facility A person who refuses to be searched when requested will be escorted from the premises.
Any procedure should therefore ensure that persons entering Health Service premises are aware of these conditions. The situation is somewhat different in relation to persons involuntarily detained under the Mental Health Act, which provides for the involuntary detention of persons suffering from a mental illness that place themselves or others at risk of serious harm. The objects of the Act include facilitating treatment and care, and section 31 (2) specifically allows a detained person to be given such treatment as the medical superintendent 'thinks fit'.
Security in the Clinical Environment (December 2003)
15-5
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
This combination of provisions would authorise searching of involuntary patients where the search was directed towards care and/or treatment, or prevention of harm to the patient or others and there is a reason to believe that the search is necessary. Introducing related policies would require clearly articulated procedures, comprehensive staff training and appropriate back up. Responding to Violence: To appropriately response to viole nce, Health Services should consider: •
Ensuring that staff are aware of and equipped to utilise options for responding to violence, theft and robbery (for more information refer to the Department’s document titled ‘Zero Tolerance: NSW Health Response to Violence in the Public Health System – Policy and Framework Guidelines)
•
Ensuring the implementation of a system for responding to duress incidents/alarms (refer to Chapter 29 of this Manual for more information)
•
Ensuring agreement is reached with other external emergency services regarding the management of violent situations (eg hostage situations)
•
Identifying and installing appropriate duress alarm technology and implementing protocols for their use and maintenance (refer to Chapter 11 of this Manual for more information)
•
Ensuring appropriate patient triage, assessment and treatment/management procedures are developed and implemented to reduce the risks of violence of medical origin
•
Implementing post-incident protocols, including immediate response, treatment of physical injuries and support for affected staff and patients (for more information refer to Departmental circular 2002/19).
Patient Restraint: Sometimes it is necessary for patients to be restrained to protect them from hurting themselves or others. Under the direction of clinical staff, security staff may assist with the restraint of patients. However there may be occasions where security staff may need to act without the direct instruction of clinical staff. Such situations would be rare a nd would be limited to acute emergency situations where: •
There are no clinicians in the immediate vicinity at that particular moment, and where failure to act immediately will clearly result in injury or trauma or
Security in the Clinical Environment (December 2003)
15-6
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Clinical staff are unable to issue instructions (eg they are injured or incapacitated).
It is expected that this would be for brief periods of time only and at all times the principle of reasonable force is to be adhered to. Non-metallic, soft or leather restraints supplied by a medical appliance company are the only acceptable mechanical restraints to be used by security officers or others when directed by a clinician to restrain a patient in this way. Residential aged care facilities should provide restraint free environments to their residents wherever possible. The use of restraints should only be as a last resort to prevent harm to the individual, other residents and staff and to optimise the resident’s health status. Physical or chemical restraint, in residential aged care facilities, may be used only after: • • • • • •
Thorough documented assessment of the resident and whether there is a need for physical or chemical restraint Consultation with family members, any appointed guardian, relevant health professionals and others on the need for and type of physical or chemical restraint Other less restrictive alternatives have been tried and have failed Adequate written recording on the resident’s file of the circumstances and considerations that led to the decision to use physical or chemical restraint The consent of the person has been obtained, if they have the capacity to give it Where the resident does not have the capacity to consent, authority has been obtained, as appropriate, from the person’s guardian or ‘person responsible’ or the Guardianship Tribunal as required by law.
Restraints can be temporarily used if the aged resident displays atypical behaviour which is likely to result in self-harm or harm to others and immediate action is necessary to protect the person or others and the appropriate approvals cannot be sought due to the urgency of the situation. The restraints used should not cause the person harm, agitation or distress or reduce their dignity or increase their risk of falling and the activity is to be documented. Patients with Particular Security Needs: In some circumstances patients who may be considered to be ‘at risk’ from outside threats of violence or kidnapping (eg children from non-custodial parents) may seek treatment or be admitted to a health care facility. Alternatively a patient may have particular security needs as a result of their medical or psychiatric condition (eg protection of a hypomanic woman from sexual exploitation). Where an individual identifies themselves, or is identified by another party to have a particular security need, Health Services should undertake a risk assessment to address any issues relating to security and a formal security plan developed.
Security in the Clinical Environment (December 2003)
15-7
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
In controlling security risks consideration should be given to: • • • • • • •
Whether the individual is a child or an adult The advice of local police (where applicable) The ward in which the individual is to be placed (busy or quiet, near security personnel etc) Where the patient is situated in the ward (away from doors, in own room etc) Special arrangements for duress calls Briefing security personnel and other relevant staff regarding any special procedures Implementing a static patrol in a ward (this option may be indicated in some circumstances especially if staffing levels on the ward are low).
In relation to the general security of children, reference should be made to Departmental Circular 96/74 ‘Guidelines for Protocol Development for the Security of Children in Hospital’. For security issues related to newborns, Health Services may consider the followi ng additional strategies as specified in Australian Standard 4485.2 – 1997 (Security for Health Care Facilities, Part 2: Procedures Guide): • • • • • • • • • • • •
Taking footprints of each newborn Taking a clear, high-quality, head and shoulder, colour photograph of the newborn Maintaining a full written description of the newborn, which should be kept with the footprint and photograph and entered as part of the newborn’s medical record Ensuring all hospital personnel (including senior management) wear conspicuous ID cards in the nursery and other newborn areas Using a distinctive code or second ID card for those authorised to handle newborns Ensuring that anyone transporting the newborn outside the mother’s room wears the appropriate identification Ensuring that the newborns are always supervised by either the mother or health care personnel Ensuring the identification of the person taking the newborn home from the hospital is sighted and the child’s band is matched with that of the parent Ensuring newborns are taken to mother one at a time rather than in a group Marking newborn T-shirts or gowns at the throat and the newborn’s blankets in all four corners with the hospital name and logo Instructing hospital personnel to ask visitors the name of the patient they are visiting Ensuring that the mother’s or the newborn’s name is not visible to visitors.
Security in the Clinical Environment (December 2003)
15-8
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Health care facilities should encourage the parent/s to actively participate in the newborn and infant security program, which is best achieved through admissions orientation and awareness programs. Related NSW Health and Other Resources: • • • • • • • • •
Zero Tolerance: NSW Health Response to Violence in the Public Health System – Policy and Framework Guidelines (Circular 2003/48) Memorandum of Understanding between NSW Health and NSW Police Management of Adults with Severe Behavioural Disturbance: Guidelines for Clinicians’ (green book) – May 2002 Mental Health For Emergency Departments’ (red book) – May 2002 Guidelines on the Management of Challenging Behaviour in Residential Aged Care Facilities in NSW – August 2000 Patient Restraints (Circular 93/77 – under review) Policies on Seclusion Practices, the Use of Restraint and the Use of IV sedation in Psychiatric In-Patient Facilities (Circular 94/127 – under review) Guidelines for the Promotion of Sexual Safety in Mental Health Services (Circular 2004/8) Guidelines for Protocol Development for the Security of Children in Hospital (Circular 96/74).
1(
)
************** _________________________________________________________________________ Security in the Clinical Environment (December 2003)
15-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
16. Security of Staff Working in the Community Policy: As part of the facility security risk management process, Health Services must ensure, in consultation with staff and key stakeholders, that all reasonably foreseeable security risks associated with staff working in the community are identified, assessed, eliminated where reasonably practicable or effectively controlled. Health Services must ensure that the process is appropriately documented and that at all times staff working in the community have access to appropriate field equipment (eg torches) and communication devices.
Guidelines: Risk Management in Community Health Services: Working in the community usually encompasses work that is carried out in patients’ or clients’ homes, on the street or elsewhere outside of Health Service control, within community health centres and public venues such as schools or community halls and in mobile units (eg community health and community mental health staff, home nursing staff, environmental health officers, hospital outreach workers, early childhood nurses, Aboriginal health workers). NSW Health staff working in the community face a particular set of risks associated with working in environments not under the control of the employer. Community health workers often work alone or in isolation, away from access to rapid support from other health care workers or even emergency services such as police. This makes them more vulnerable to the risk of violence. Chapter 1 of this Manual provides guidance material on the risk management process and these principles apply equally to security risks for staff working in the community. All community health staff should have access to local policies and procedures, developed in consultation with relevant staff and their representatives to assure, as far as possible, their security when working in the community. These policies and procedures should be communicated and implemented by Health Services and should cover: •
Obtaining relevant client information from the referring clinician/service
Security of Staff Working in the Community (December 2003)
16-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
• • • • • • •
Local risk assessment and management measures Injury prevention initiatives Staff training requirements Emergency procedures including local arrangements for security assistance from police Local reporting procedures Appropriate support for staff in the event of an incident Commitment to cultivating good relations with local police and other local services.
Staff should also have access to good quality information regarding contacts and locations, so they can do their job effectively and safely. It is also important that patients and other clients have information about staff and the purpose of visits, so they know what to expect.
Working in the Community (away from base): Health Services should consider the following risk management strategies: Preparing for Community Visits: •
Ensuring adequate information is provided to staff prior to a community visit, including: -
-
-
-
•
As much information as possible about the patient/client/business (particularly prior to the first visit) including any history of violent behaviour or sexual harassment Relevant information about other members of the household, likely visitors and attitude of neighbours Information about the geographical location of the premises (eg is it in a high crime area, geographically isolated, have reduced accessibility to/availability of police) Specific information about the premises (is there security access, stairs, external lighting, hiding places, are the premises modern, in good repair, is phone connected etc) or any other known dangers or concerns from other workers Releva nt information from other resources (eg point of referral, inpatient facilities, relevant patient/client records, other staff, local GPs and local police)
Developing a system where other staff who may have provided a service or inspected the premises in the past are consulted and these issues are documented (eg in-patient medical records). Under the Privacy and Personal Information Protection Act 1998 (PPIPA), disclosure of personal information is permissible provided it is necessary ‘to prevent or lessen a serious and imminent threat to the life or health of the individual to whom the information relates or another person’.
Security of Staff Working in the Community (December 2003)
16-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Implementing a system for file flagging/alerts to highlight a history of aggressive behaviour or other risks. Any patient alert system needs to incorporate the requirements of the PPIPA, as outlined above. For further information on file flagging refer to Zero Tolerance Policy and Framework Guidelines (Circular 2003/48).
•
Advising staff to speak to the patient/client by phone prior to appointments, particularly first appointments, to confirm the appointment and clarify the purpose of the visit, as this can also provide insights, including establishing if there are likely to be any visitors
•
Arranging for patients or clients to be seen at clinics where other staff are present, rather than at home if there is a potential for, or history of, violence
•
Arranging for another member of staff or police to be present with the staff member during the visit if there is a potential for, or history of, violence or the situation is unknown
•
Providing appropriate communication devices, remote duress alarms, vehicle security and tracking devices
•
Providing staff training (eg in related policies and procedures, back to base communication, use and maintenance of security equipment provided, verbal deescalation and defusion, evasive self-defence, negotiation and conflict resolution)
•
Providing a driver or taxi, if appropriate, to areas where cars may be vandalised or staff have to go through unsafe areas to make a visit and ensuring that a return fare is booked for when the visit is finalised so the staff member can leave the area safely
•
Providing staff working in the evening and at night with an appropriate torch (such as a halogen mag light) and spot lights on the side of vehicles
•
Where there is a risk of violence and other risk control strategies have failed to control the risks or resolve the issues, arranging for senior management to write to the household indicating that visits will not be made to that address and that alternative arrangements will need to be made
•
Developing and implementing procedures for transfer of relevant clinical and risk information on a client when the client changes services
•
Developing and implementing incident reporting procedures
•
Providing appropriate support for staff in the event of an incident
•
Cultivating good ongoing relations with local police and other emergency services
Security of Staff Working in the Community (December 2003)
16-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Developing response plans or procedures for addressing and responding to security incidents during home visits, or when agreed reporting to base protocols with the community health worker are not maintained
•
Developing procedures for after hours/weekend security.
Prior to Leaving Base: •
Establishing a system where prior to commencing community based activities, the health care worker completes a movement sheet or similar so the base knows: -
-
The name, address and telephone number of the clients being visited The expected times of appointments The expected length of appointments Any alterations to the schedule of visits or changes in daily routine (where the staff member does not know these in advance they should be communicated to base as they occur) and The proposed route and map references.
During Community Visits: •
Providing staff with well maintained vehicles and communication devices
•
Ensuring staff are made aware of the general security precautions attached (Appendix 16.1) to this Chapter and the Working in the Community Checklist (Appendix 16.2).
At the Conclusion of Community Visits: •
Ensuring local procedures are developed and implemented to address requirements for communicating with base when visits are completed, or at other agreed times (eg end of shift)
•
Providing appropriate support to staff who cancel or end a visit as a result of a perceived or real threat to their health, safety or welfare.
After Hours Visits in the Community: Health care workers who are required to visit clients in the community outside normal business hours can be particularly vulnerable. Generally speaking no client should be registered with the after hours community service prior to being visited and assessed by staff during business hours, unless all of the following conditions are met: • •
Two staff members attend or police are present Staff carry a mobile p hone/effective communication device
Security of Staff Working in the Community (December 2003)
16-4
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
• •
•
A monitoring system is in place to identify that staff have returned to base or proceeded home Reliable information has been received that provides details on whether: - The person needs to be seen after hours - The patient has a history of violence - The patient is currently being violent - The patient has access to a weapon - The patient has any known violent family members or associates Duress response arrangements are in place.
Where a clinical need for a first visit after hours has been identified the manager, in consultation with the relevant staff members, should be satisfied that the visit can be undertaken safely. In assessing whether a visit can occur safely the manager, in consultation with the relevant staff member, should: • •
Be advised of the full clinical diagnosis by the treating Medical Officer Obtain all identified relevant information.
Where staff arrive at a site and the person is intoxicated or suffering withdrawal or there are signs of agitation, disorientation or aggressiveness, the police are to be called or arrangements made for the person to be seen in an emergency department or police station or alternative safe venue. Clients and/or carers should be given instructions to ensure that the house is illuminated and easily identified, access gates are unlocked and animals have been restrained when they are expecting the service.
Working in Isolated Clinics and Community Health Centres: Isolated sites can include clinics situated in school buildings (which are unattended at weekends, after hours and school holidays) and early childhood centres situated in community premises. Health Services should consider the following risk management strategies: •
Ensuring two staff members are rostered on simultaneously
•
Ensuring clinic premises are secure, appropriately located and have a means of communication. In some circumstances it may be appropriate to also provide security services (where premises are leased from other agencies refer to Chapter 5 of this Manual fo r more information).
•
Ensuring emergency and evacuation procedures are developed and communicated to staff (including pre programming emergency numbers into phones, if possible)
Security of Staff Working in the Community (December 2003)
16-5
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Ensuring all major emergency telephone numbers are prominently displayed and an effective contact network is established within the local community prior to the staff member working at the site
•
Ensuring that doors are locked when clinics are not in session and that the doors are locked when staff are working alone out of clinic ho urs
•
Establishing a system for people seeking entry to identify themselves without the staff member having to open the door (eg installation of an intercom system)
•
Ensuring that all door and window locks are in good working order and maintenance problems are responded to and resolved promptly
•
Ensuring that blinds are placed on windows and staff close blinds after hours to reduce the likelihood of break-ins
•
Ensuring the visibility of computers, equipment etc is limited by placing them away from windows and doors
•
Establishing a system where the health care worker completes a movement sheet which establishes arrival and departure times, routes taken and any foreseeable difficulties with travel to and from the clinic
•
Establishing a system where a staff member leaving an isolated workplace advises another staff member of destination, purpose and anticipated return. This will include procedures for what to do in the event of an incident or if the staff member does not check in by the advised time.
•
Displaying signage (eg that indicates that ‘no drugs or money are stored on these premises’ and that ‘these premises are protected by alarm’) that can act as a deterrent to would be thieves
•
Ensure a duress response is planned, tested regularly and activated when the staff member requires it.
When Confronted with Violent or Potentially Violent Behaviour: Under no circumstances should any NSW Health staff member working in the community knowingly place themselves or another person at risk. If a client, carer or member of a household or site being visited makes physical or verbal threats, staff members should retreat and/or seek further assistance.
Security of Staff Working in the Community (December 2003)
16-6
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Where the staff member is unable to retreat as their exit is blocked and all other nonphysical strategies have failed, evasive self-defence may be necessary. Evasive self-defence involves manoeuvres designed to free the individual to enable them to retreat. In such circumstances staff should always use their telephone/radio/duress alarm to call for assistance. Staff should not hesitate to request police assistance. They should contact police on 000 rather than ringing a local police station, and they should explain to the police the urgency of the issue so that an appropriate response can be formulated. When contacting police to arrange a police escort, the relevant police station should be contacted directly, or if unsure about the relevant police station, contact the Police Assistance Line on 131 444 (this is a 24 hour service). If potentially aggressive animals a re not restrained the visit should not proceed until the animal is restrained. It is most important that all security incidents are reported as per local reporting protocols as soon as possible after the event, and, if relevant, be documented on the client’s file.
Evasive Self-Defence: The law recognises that an individual may protect themselves or another person from a threat of attack or injury. The protection afforded by the law is limited to situations where: • •
The person believes the action is necessary to defend themselves or another person or To prevent or terminate unlawful deprivation of their liberty or the liberty of another person.
In order to be lawful the conduct must be a reasonable response in the circumstances as he or she perceives them, and there must be some reasonable proportion between the threat perceived and his or her response to it. The purpose of evasive self-defence is to assist staff to escape from a violent situation when retreat is blocked, when all other non-physical strategies are inappropriate or have failed and the staff member is under attack or attack is imminent. When properly used, it may minimize the risk of injury and minimize the potential trauma. In these circumstances the behaviour of staff should be defensive rather than aggressive, controlling rather than punitive and with no more force than is necessary in the given situation. The degree of force used must be
Security of Staff Working in the Community (December 2003)
16-7
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
proportionate to the degree of potential harm faced and must not be applied for longer than is reasonably required to control that risk.
Field Communication Technology: Staff working in the community need to have access to suitable communication devices (perhaps more than one). The devices should be selected to give as complete communication coverage in the event of an emergency as possible. Suitable devices can include mobile telephones, satellite telephones, two-way radios, long-range duress alarms, duress beacons and tracking devices that can provide the location of the person. When providing communication devices the following elements should be addressed in local procedures and in training of staff: • • • • •
How to communicate with designated support systems (eg base, other staff, police) The limitations of the equipment Testing, maintaining and operating communication systems Effective and efficient methods of communicating problems Initiating a duress alarm.
**********
Security of Staff Working in the Community (December 2003)
16-8
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Appendix 16.1 General Security Precautions for Staff Working in the Community Staff working in the community should: • • • • • • • • • • • • • • • • • • • • •
•
Lock their vehicle while driving through areas identified as potentially dangerous Conceal all bags, drugs and equipment when first entering the car so that nothing is visible while travelling, and staff are not seen to be hiding them as they park or prior to leaving the car for the visit Drive to the nearest police, fire or petrol station or a pre-determined ‘safe’ venue if they suspect they are being followed Assess the situation as they approach and not enter a location if they have doubts about their security Remain aware of the environment and potential escape routes in case problems arise Make an excuse not to enter the premises if the person answering the door gives cause for concern eg if they are drunk, if the patient is not in, or if a potentially dangerous relative is present Show identity badges Follow the occupant when entering the premises Avoid walking in deserted places, or taking short cuts through secluded alleys or vacant lots Walk in the centre of footpaths away from buildings Observe windows and doorways for loiterers Walk around, rather than through groups of people Not enter areas of unrest, or where there appears to be trouble in the neighbourhood Check lighting and stairwells when entering a building where no lift is available Look before entering a lift and not enter if concerned Stay near to the door and control panel in lifts and be observant of other passengers Not search for clients by unnecessarily knocking on doors Not remain in the parked car for a prolonged period either before or after making the visit Ensuring any correspondence for a client is pushed firmly under the door or placed in their letterbox Determine whether the client is at home prior to entering the premises if an unfamiliar person opens the door Immediately leave if firearms or other weapons are seen (the presence of weapons should be noted in the client’s file and communicated to police and management). Staff should not return to these premises until the matter is resolved. Cross the street and walk in the opposite direction or into an open business if there is suspicion of being followed by a car
Security of Staff Working in the Community (December 2003)
16-9
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
• • • • •
Treat clients and visitors courteously at all times Park in a well lit area as close to the patient’s home as possible Park in a way to allow exit (ie do not allow car to be blocked in) Ensure animals are restrained If in doubt, take a second person/security/police with you.
Security of Staff Working in the Community (December 2003)
16-10
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Appendix 16.2 Working in the Community Checklist: This tool has been developed to assist with the safety requirements of staff making community visits to patients/clients. It should be consistently used as a personal safety selfmonitoring procedure. This checklist depends on access to mobile phones or radios and availability of a base contact at all hours. Health Services may wish to develop this checklist to become service specific. 1.
Before First Visit 1.1
¨
Has client history been obtained? Are there any issues which affect security?
1.2
¨
Has client been contacted and advised that animals must be restrained If in doubt, ie history of aggressive behaviour, psychiatric illness, arrange for two people to attend visit or relocate the visit to a safer environment if possible.
2.
3.
4.
Before leaving base 2.1
¨
Has Movement Sheet, or similar approved visit record, been completed and left with Base (or if off-site, call Base and give information)
2.2
¨
Take torch, duress alarm, pager and mobile phone or radio as issued
On route 3.1
¨
Are car doors locked
3.2
¨
Is parking available in a well lit area as close as possible to the client’s home
3.3
¨
Where possible, avoid walking in deserted places
During visit 4.1
¨
If there is any doubt about entering the premises, don’t do so
4.2
¨
Position yourself in such a way to enable a quick exit if necessary
4.3
¨
Report immediately to base if you require security backup. Do not hesitate to call the police or base if you see the need.
4.4
¨
Report any incident of concern to your supervisor and complete an Incident Form
4.5
¨
Leave the premises if you feel threatened in any way
Security of Staff Working in the Community (December 2003)
16-11
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
5.
After hours/weekend visits In addition to 1-4 above, after hours visits (1700-0700) must not be made unless 5.1
¨
The client has already been assessed OR two staff attend OR police are in attendance Note: If in doubt, ie history of aggressive behaviour, psychiatric illness, relocate the visit to a safer environment if possible.
6.
5.2
¨
Carry a duress alarm, torch, pager and mobile phone or radio as issued
5.3
¨
Contact base before and after visit in accordance with local policy
Follow-up 6.1
¨
Ensure the receiving health care provider is advised of any risks associated with the patients behaviour (where patients are being transferred)
**********
Security of Staff Working in the Community (December 2003)
16-12
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
17.
Security in Rural and Remote Health Services
Policy: As part of the facility risk management process, Health Services must consider the factors specific to rural and remote workplaces when ensuring, in consultation with staff and key stakeholders, that all reasonably foreseeable security risks are identified, assessed, eliminated where reasonably practicable or effectively controlled and the process appropriately documented. Where staff residences are provided they must be included in the facility risk management process.
Guidelines: Security Risk Management in Rural and Remote Health Services: The risk management process, as outlined in Chapter 1 of this Manual, should be used to identify, assess and control risk in rural and remote workplaces. However, health care workers in rural and remote areas face unique challenges. When undertaking risk management in rural and remote workplaces, Health Services need to consider issues that may impact on the implementation of risk management activities. Challenges that may influence the types of risk management activities considered by Health Services include: • • • • • • • •
High staff turnover leading to reduced continuity of knowledge Reduced access to police and emergency services Delayed response times for emergency services and othe r referral agencies Complications and time delays associated with organising transport of victims or perpetrators out of the community Small populations, close community ties and lack of anonymity Conflict between reporting requirements and cultural sensitivities Communication difficulties (eg no mobile phone coverage etc) Co-location of residence and clinic, therefore increasing the risk of violence for staff
Security in Rural and Remote Health Services (December 2003)
17-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Staff working in isolation from colleagues and support systems.
An important element in effectively controlling risk in rural and remote workplaces involves being prepared. Preparedness requires gathering information that is relevant to the local service and region, developing local policies and procedures that will work in a particular situation, providing suitable premises and equipment and setting up support systems. In particular potential local social controls that could be used to overcome some of the challenges associated with effective risk management activities in rural and remote areas need to be recognised. For example, the role of the local community can be pivotal in preventing and reducing incidents of violence. Remote health services can work in partnership with other community organisations and businesses to: • • • • •
Combine resources (eg security patrols) Create a safety net for those affected by occupational violence (eg refuge, counselling, legal aid) Educate the community about violence, the law and the consequences of being violent Encourage, support and initiate community activities to address the causes of violence Encourage perpetrators to take personal responsibility for their actions as a starting point for overcoming violent tendencies.
Specific activities could include: • • • • • •
Family interventions in prison Drug and alcohol programs Anger management groups Support groups for those who want to stop violence Crime prevention programs and other police linked activities Support and encouragement for other similar community elicited activities.
Other risk control strategies that need to be considered by rural and remote health services include: • •
Providing staff with access to information and training on aggression minimisation and management (including evasive manoeuvres) Providing staff with access to counselling services for a range of family and work-related issues which may include: -
-
Engaging an EAP person who co-ordinates both internal counselling and external referrals. An even greater sensitivity to client confidentiality and appropriate referral is required within small communities, and/or Providing a toll free telephone counselling/crisis line.
Security in Rural and Remote Health Services (December 2003)
17-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
(refer to Departmental circular 2000/42, Policy Framework and Better Practice Guidelines for the Development of Employee Assistance Programs – under review) • • • • • • • • •
Applying CPTED principles for any building being designed, altered or extended, including staff residences attached to clinics (refer to Chapter 4 of this Manual) Signposting restricted/staff only areas Providing access control procedures and systems (refer to Chapter 9 of this Manual) Installing effective duress and intruder alarms (refer to Chapter 11 of this Manual) Ensuring vehicles are well maintained, suited to the terrain and equipped with communication devices Providing good perimeter security and definition of boundaries Ensuring a response occurs if a duress call is made or an alarm is triggered Ensuring time out and relief for staff affected by violence and Establishing and supporting a peer support network for staff.
Field Communication Technology: Staff working in rural and remote health services need to have access to suitable communication devices (perhaps more than one). The devices should give as complete a communication coverage as possible, in the event of an emergency. Suitable devices can include mobile telephones, satellite telephones, two-way radios, long range duress alarms and GPS duress beacons that can provide the location of the person. GPS duress beacons, in particular, should be considered by rural and remote health services due to their ability to assist in locating a staff member who has had an accident, a mechanical breakdown or is experiencing some other misfortune or injury. When providing communication devices the following elements should be addressed in local procedures and in training of staff: • • • • • •
Communicating with designated support systems (eg base, other staff, emergency services) The limitations of the equipment Testing, maintaining and operating communication systems Effective and efficient methods of communicating problems Initiating duress alarms and Responding to duress alarms where this is a designated part of the staff member’s role.
Security in Rural and Remote Health Services (December 2003)
17-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Related NSW Health or Other Resources: •
When It’s Right in Front of You – Assisting Health Care Workers to Manage the Effects of Violence in Rural and Re mote Australia (National Health and Medical Research Council – August 2002).
**********
Security in Rural and Remote Health Services (December 2003)
17-4
18. Security in Pharmacies Policy: As part of the facility security risk management process, Health Services must ensure, in consultation with staff, key stakeholders and appropriate advisory bodies, that all reasonably foreseeable security risks associated with pharmacy areas are identified, assessed, eliminated where reasonably practicable or effectively controlled. Health Services must ensure that the process is appropriately documented and effective procedures are developed and implemented.
Guidelines: The pharmacy is an area requiring high security. Health Services should develop procedures, in consultation with staff and other stakeholders, to effectively manage pharmacy security risks. The aim of these procedures is to protect people and assets, prevent and detect drug diversion and minimise the likelihood of incidents related to robbery and assault occurring in pharmacy areas. *
This chapter should be read in conjunction with section 4 of Departmental Circular 2001/64, Policy on the Handling of Medication in New South Wales Public Hospitals, which includes advice on security related matters in hospital pharmacy departments.
Security Risk Management: Chapter 1 of this Manual provides guidance material on the risk management process and these principles apply equally to pharmacy related security risks. As part of the risk management process for the pharmacy area, the following risk control strategies should be considered by Health Services: •
Constructing walls, floor and ceilings of the pharmacy out of solid material, with as few windows as possible
•
Extending walls, where practicable, to the underside of the floor slab above to prevent any intrusion over the wall 2(6/05)
Pharmacy Security (June 2005)
18-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Reinforcing windows on the perimeter walls to prevent entry. Existing windows may be reinforced by adhering a shatter resistant film or by replacing the glass with laminated glass.
•
Incorporating laminated glass windows into the design of the front of the pharmacy to enable staff to carry out transfer operations with safety, while maintaining communication with staff and patients
•
Designing a two door entry approach (ie one door for the public and hospital staff to enter to access front glass transaction windows and a separate door for the entry of pharmacy staff to the pharmacy)
•
Incorporating provision for closing off open areas at the front of the pharmacy when closed, (eg by a locked door from the corridor or locked shutter doors)
•
Fitting doors to the pharmacy with quality single cylinder dead locks to comply with fire regulations. Where practicable locks are to be key code or card operated externally and fitted with either a turn snib or handle internally to enable occupants to escape in emergencies
•
Ensuring doors are kept closed and locked to restrict entry
•
Installing an intruder alarm system that meets Australian Standard AS 2201 and incorporates a duress alarm/s to enable staff to activate the alarm in the event of an emergency and •
Restricting access to the pharmacy to authorised staff only and controlling this by: -
•
Fitting single cylinder key, code or card operated dead locks to perimeter doors Having a restricted keying system fitted to the locks in order to prevent duplication of keys Strictly regulating the issue of keys, codes or cards at all times, including provision for after hours access Keeping doors closed and locked to restrict entry Installing closed circuit television monitors at access doors to screen entry of personnel and record any access to the pharmacy after hours
Ensuring, where the risk assessment warrants it, that mobile staff have personal duress alarms.
Pharmacy Security (June 2005)
18-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Further information: •
For further information on Circular 2001/64, Policy on the Handling of Medication in New South Wales Public Hospitals, contact: The Duty Officer Pharmaceutical Services Branch NSW Health Department PO Box 103 GLADESVILLE NSW 1675 Telephone: (02) 9879 3214 Facsimile: (02) 9859 5165
**********
Pharmacy Security (June 2005)
18-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
19. Security in Car Parks Policy: As part of the facility risk management process, Health Services must ensure, in consultation with staff and key stakeholders that: • • • •
All reasonably foreseeable security risks associated with car parks are identified, assessed, eliminated where reasonably practicable or effectively controlled The process is appropriately documented Effective car park security procedures are developed and implemented and Designated car spaces for afternoon and night shift staff are allocated where practicable and warranted by the risk assessment.
Guidelines: Health Services should develop procedures, in consultation with staff and other stakeholders, to effectively manage car park related security risks. The aim of these procedures is to protect people and assets and minimise the likelihood of incidents related to robbery and assault occurring in car parks.
Security Risk Management: Chapter 1 of this Manual provides guidance material on the risk management process and these principles apply equally to security risks in car parks. As part of this process, the following risk control strategies should be considered by Health Services: •
Providing, where practicable, afternoon and night shift staff with designated, controlled parking spaces as close as possible to the facility in a well lit, easily observed area connected to the facility by well lit paths
•
Ensuring entry to designated staff parking areas in dual purpose car parks is controlled by gates in the afternoon and night (eg boom gate could be left up in the morning and put down about 1-2 hours before afternoon shift commences so they are operated by staff pass cards). Exit boom gates should operate automatically (ie after a certain time a card is needed to enter but exit can occur any time).
•
Ensuring vehicle entry to car parks is by automated gates or doors, via camera and intercom, or by passing through an entry/exit gate staffed by security personnel
Security in Carparks (December 2003)
19-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Requiring security staff to undertake high profile patrolling in car parks associated with the facility
•
Requiring security staff to undertake random audits on vehicles in a car park (eg door unlocked, window down, valuables exposed etc) and secure the vehicle if possible
•
Displaying signs in car parks reinforcing theft awareness (eg park smarter, lock it or lose it)
•
Displaying signs that advise that regular patrols are undertaken and CCTV monitoring is in place
•
Providing security escorts for staff at the conclusion of afternoon and night shifts. This would include designating a mustering spot for staff to assemble.
•
Ensuring landscaping is done in a way to provide minimal protection for intruders
•
Ensuring single and multi storey car parks have: -
Good lighting (refer to AS 1158.3.1 and Chapter 12 of this Manual) Emergency telephone or intercoms direct to security staff or switchboard Landscaping which leaves the area open and does not intrude on line of sight As few dark corners and support columns in the design as possible Flexibility to close some entrances and exits during low traffic periods Approved locks on exits intended for emergency exit only Frequent patrols by security staff
•
Restricting the parking of delivery vehicles to a parking dock
•
Ensuring facility vehicles are parked in a secure overnight car park with good lighting and regular security patrols. A fe nced compound or lock-up garage is preferable.
•
Ensuring all facility vehicle keys are held by the designated custodian when the vehicle is not in use, and taken by the driver when the vehicle is required
•
Providing security for bicycles and motorcycles (ie lockers or storage areas, a stationary rack that secures the frame and both wheels without a chain, or a stationary object the user can lock the frame and wheels to with their own cable chain and lock)
Security in Carparks (December 2003)
19-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
In addition to control strategies implemented by Health Services to reduce risk associated with theft or aggression, staff should be advised to: •
Comply with security systems established in their local workplace for their protection
•
Use security escort services or travel in groups to the car park when working at night
•
Meet at designated mustering spots
•
Park in well lit areas close to the facility when working at night (if possible, using car spaces located near the workplace specifically allocated to afternoon/night shift workers) or moving the vehicle closer during break
•
Report any suspicious activity
•
Not confront any potential assailants or persons seen attempting to break into a vehicle
•
Not leave valuable or attractive items on view in the vehicle, including small amounts of change scattered in consoles
•
Not load valuable or attractive items into the vehicle in public areas, if the vehicle is to remain parked
•
Not leave important papers, driver’s licence or registration papers in vehicles
•
Avoid parking in isolated or dark places and try to park under a street light or in a well lit area. Consider if there will be sufficient light when returning to vehicles after shifts.
•
Activate/use any alarms or other protection devices where they are fitted to the vehicle or car park
•
Close all windows, lock all doors and take the keys when leaving the vehicle
•
Carry keys in hands when approaching vehicle as this will avoid having to stand and search for keys on arrival at vehicle
•
Do not unlock central locking systems or alarm systems until you are close to the vehicle.
********
Security in Carparks (December 2003)
19-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
20. Security of Property Policy: As part of the facility security risk management process, Health Services must ensure, in consultation with staff and key stakeholders, that all reasonably foreseeable security risks associated with the potential for theft are identified, assessed, eliminated where reasonable practicable or effectively controlled. Health Services must ensure that the process is appropriately documented and effective security procedures are developed and implemented to minimise theft.
Guidelines: Through the process of risk management Health Services should develop and implement procedures to prevent and deter theft. Health Services should be aware that the potential risk of theft exists from visitors, patients, opportunistic passers-by as well as from planned crimes. Every case of theft needs to be reported to the police and no arrangements should be entered into to accept settlement on condition that the Health Service refrains from instituting legal proceedings. Corrupt conduct is to be reported to the Independent Commission Against Corruption. For more information refer to Policy Directive PD2005_173 (Reporting Possible Corrupt Conduct to the Independent Commission Against Corruption).
Security Risk Management: Chapter 1 of this Manual provides guidance material on the risk management process and these principles apply equally to theft related security risks. As part of this process, Health Services should consider the following risk control strategies: • Developing policy relating to theft and the reporting of theft to police and ensuring that patients, staff and visitors are aware of this policy • Keeping a register of health care facility property • Keeping a register of property theft to assist with identifying problem areas or patterns of behaviour • Keeping assets registers up-to-date and providing full descriptions of each item, including serial numbers • Identifying all assets with a unique physical marking, such as an engraving or a bar code
Security of Property (November 2005)
20-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
• • • • • • •
Storing attractive portable items (calculator, cameras, tape recorders etc) separately in a locked area. Only designated staff should have access Investigating all theft Enforcing an effective key control program (for more information refer to Chapter 10 of this Manual) CCTV monitoring of priority areas Installation of alarm systems (refer to Chapter 11 of this Manual for more information) Ensuring effective perimeter and internal access control (refer to Chapter 9 of this Manual for more information) Ensuring CPTED principle are applied when designing/refurbishing facilities.
Specific Areas for Attention: The following risk control strategies, covering specific areas for attention, should be considered by Health Services: Engineering/Maintenance: • • • • • •
Ensuring access control to areas where tools or equipment are stored Branding or stencilling all tools or equipment to show ownership Keeping a written record of tools or equipment on loan from one section to another Ensuring staff are made accountable for the equipment allocated to them Ensuring that vehicles are parked away from storage areas to reduce opportunities to steal items Conducting regular checks of inventory.
Transport: • • • • •
Ensuring petrol pumps are only operated by authorised staff. The petrol pumps should be locked when not in use Regularly monitoring the vehicle running petrol sheets purchase details and comparing them to distance travelled Where practicable ensuring that vehicles are securely garaged or parked in compounds Ensuring each facility has in place a policy regarding the use of, and access to, facility owned vehicles Conducting frequent and random inspections which include attention to: - Complete and current compilation of vehicle running sheets - Replacement of original parts, accessories or tyres
Security of Property (November 2005)
20-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Inspecting and recording details of each vehicle’s condition, including an inventory of all accessories fitted before the vehicle is sent to the dealer or auction for disposal.
Laundry: •
• • • • • • • •
• • •
Checking delivery weights (quantities) against delivery dockets (generally this will be done by the facility Linen Supply Personnel). A signed copy in the Linen Supply Area should be used to check against amounts and quantities charged for. Checking account delivery amounts and quantities against Linen Service records for correctness Ensuring linen is not left unaccompanied on trolleys in areas with public access Restricting access to the linen supply area to facility linen supply personnel only Ensuring that vehicles are parked in areas away from the linen supply area Ensuring that staff are not allowed to take bags into the linen supply area Conducting spot checks of linen levels held against stock records Limiting access to linen stock rooms in wards and facility areas, and ensure that these have minimum stock levels Undertaking spot checks of facility areas which have been allocated linen to look for: - Excess stock, above the agreed imprest levels - Shortage of stock Ensuring that soiled linen bags are not left outside wards or in easily accessible positions. Keeping records of the quantity of soiled linen bags picked up from each facility area Displaying posters relating to the theft of linen and the consequences. These should be placed in strategic areas where they are visible to external persons and facility staff.
Catering: • • • •
Regularly reviewing work areas and levels of stores held, querying large stocks Checking supplies ordered against menu cycle to determine if quantities ordered are comparative with the menu cycle Checking comparable deliveries for quantity, quality and delivery dockets signed. Deliveries should be immediately moved to secure storage areas. Ensuring that fridges and store areas are locked at all times and only opened to take supplies necessary for the meal that is to be cooked. Ideally the store should then be locked.
Security of Property (November 2005)
20-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
• • • •
• • •
•
• • • • •
•
Note: Keys must be kept in a locked cabinet and are the responsibility of the Catering Officer. Establishing a conflict of interest policy, stating no staff can use the facility purchasing power for personal use Ensuring that no personal bags are left in the kitchen work area Restricting the amount of food retained in the kitchen to minimum quantities Ensuring that external doors are locked at all times, with only one exit point that is visible to the Catering Officer. Fire Exit doors should only be able to be opened from the inside, and should have a buzzer alarm that activates when opened. Ensuring that windows are screened to prevent goods being passed outside Ordering commercial sizes of items to limit theft. Packaged quantities should not be of such a size that they pose a manual handling risk to staff. Not allowing utensils or equipment to be borrowed by kitchen staff. The facility name should be stencilled or marked on portable items (eg knives and food trays). Not allowing leftover food to be taken home. This can cause over-cooking to create a surplus and encourages taking more than just leftovers. Ensuring additional meals that may be diverted for non-patient consumption are not provided as part of the meal run. Preventing unauthorised access to the kitchen. Persons are not allowed in the kitchen area unless accompanied by a senior kitchen officer. Ensuring that all stores and fridges are locked when maintenance work is being carried out Regularly checking trolleys used to transport food from the kitchen for food or other goods that should not be there Ensuring that stocks of food held in wards are kept to a minimum Checking the return of cutlery, plates and food trays from wards against what was issued. Food equipment should not be left lying around or reserves of cutlery maintained in ward areas. Ensuring vending machines are in high traffic/populated areas to create a passive surveillance situation.
Stores: • •
• • •
Ensuring staff are aware of stock control procedures for incoming and outgoing goods Conducting stock takes of consumable stores and check all items listed in the assets register - both quarterly and when there is a change of management Keeping stock levels to workable minimums Checking invoices against the stock card to ensure goods received are marked on records, and requisitions for store goods against stock cards Ensuring that all goods received are signed for and compared against orders in the Goods Inwards books
Security of Property (November 2005)
20-4
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
• •
• • • • • • •
• •
• • • •
• • •
Ensuring that goods being delivered to facility areas are not left in accessible places and vehicles are not left unattended. Goods received should be immediately located in a secure area. Ensuring that goods to be delivered to facility areas are receipted/signed for with copies of signed paperwork kept with facility and stores area Checking altered requisitions for accuracy before acceptance. Internal requisitions that have been altered should not be acceptable under any circumstances. If there are sufficient staff, ensuring that there is a separate stock controller, who maintains all stock level records Where possible, ensuring that goods are ordered and issued as complete packages, ensuring broken packages stand out Conducting physical checks to look for broken packages or seals, and to ensure that bottom packages of large stocks have not been tampered with Preventing stores staff from carrying bags into the store area Locating, as far as practical, stores away from public areas and change and lunch room areas Preventing access by employees from other stores, if store areas are specialised Ensuring that products such as detergents are issued in commercial sizes to restrict theft, though packages should not be so large as to create a manual handling risk to staff Ensuring that vehicles are parked in an area away from the store Restricting entry/exit to the store to only one door. The Supply Officer needs to be able to see the door from his/her office. Fire exit doors must only be able to be opened from the inside and have an alarm that activates when opened. Ensuring that only authorised persons are allowed in store areas Examining garbage removal devices to ensure stock articles are not being transported out of the store area Locking away items such as batteries Ensuring that stocks held in areas are securely stored and not easily accessible to patients and unauthorised staff. Where possible, ward stores need to be locked and accessible only to the nurse or unit manager or their delegate. Regularly review imprest system to ensure stock levels are appropriate Ensuring stores returned dockets are used and signed by the ward area if goods are returned from areas to the store Conducting regular checks of areas to ensure there are no hidden stores.
Administration: • •
Securing administration areas to prevent access to unauthorised persons Ensuring that the administration area is not left unoccupied during work hours or securing the area if it is to be left unoccupied
Security of Property (November 2005)
20-5
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
•
Keeping records containing sensitive information secured at all times. They should only be made available to authorised persons (Refer to Chapter 21 for additional information). Storing office consumables in a lockable area and nominating one member of the administrative staff to issue stationery requirements.
Mail Deliveries: • • •
•
• •
• •
Ensuring receptacles for mail are clearly labelled and cannot be accessed or opened by unauthorised staff Ensuring deliveries of mail are made in a restricted, defined area Keeping registered mail/couriered packages separate from other incoming mail and establishing procedures for receiving and promptly securing registered mail/couriered packages Ensuring that incoming mail (including registered mail/courier packages) are kept in a secure location to prevent loss and unauthorised access until they can be delivered to the addressee Limiting the access of staff to the mail areas or using a sign-in access card system Keeping the area for receiving incoming/outgoing mail separate from other operational areas including using a counter to separate the mail area from other working areas Ensuring all work areas are visible to supervisors Eliminating desk drawers and similar places of concealment.
Chapter 25 of this Manual provides information for identifying and handling suspicious items, including mail. Cash Handling: •
Ensuring cash handling, receipting and banking practices are consistent with the document entitled ‘Accounting Manual for Public Health Organisations’.
Patients' Property: •
Telling patients before admission, that: - Large sums of money, items of significant value, monetary or otherwise, should not be brought into the facility and that the facility will not accept any liability for their safekeeping - The facility will not be liable for any loss if money or valuables are brought in by a patient and accepted for safekeeping (if accepted for safekeeping the valuables will be placed in an envelope, which is then sealed and endorsed in a manner to identify the patient. The patient will be given a receipt, a copy of which is attached to the envelope which will then be placed in a safe)
Security of Property (November 2005)
20-6
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
-
Monies and valuables are kept in the ward by the patient at his/her risk
Note: Where money is placed into the Patients’ Trust Account the details should be entered into the Patients’ Valuables Register. •
• • • •
Ensuring that random checks are made of the Patient's Valuables Register against the envelopes held in the safe and against the Patient's Trust Account ledger, to ensure monies and valuables are secure Note: This may be subject to a patients’ authority if the patient has explicitly indicated no-one is to have access to items held on their behalf. Making random checks on withdrawal authorities to verify the balances of monies held and that all valuables are accounted for Providing a means of securing individual wardrobe lockers or closets for clothing (if lockers are provided) Ensuring that patients mark items that will be laundered by the facility with their name Issuing receipts if a facility accepts patients’ clothing for safekeeping. A cloakroom should be used to store the clothing and must be kept locked.
Staff Property: • • • •
Discouraging staff from bringing large sums of money, personal documents or belongings into the workplace Wherever possible, ensuring that staff are paid by cheque or direct deposits to guard against theft Ensuring that staff are provided with a lockable storage area (eg locker or cupboard) for safe keeping of their property Ensuring car parks have good lighting to deter theft and vandalism.
Searching Persons and their Property: The power to search an individual is restricted to narrow circumstances allowed under criminal law, which are strictly regulated, or when the individual consents. Without clear lawful authority, any search initiated without consent would be a trespass upon the person and therefore unlawful. If a person is suspected of being in possession of stolen property and refuses to be searched the police should be called. Where possible the person suspected of theft should be kept under observation pending the arrival of the police. See Chapter 14 of this Manual for further information on searching patients and visitors. Related NSW Health and Other Resources: •
Policy Directive PD2005_206 (Policy on the Handling of Medication in New South Wales Public Hospitals)
Security of Property (November 2005)
20-7
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
• •
Policy Directive PD2005_173 (Reporting Possible Corrupt Conduct to the Independent Commission Against Corruption) Accounting Manual for Public Health Organisations (1996).
************
Security of Property (November 2005)
20-8
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
21. Security of Information Policy: As part of the facility security risk management process, Health Services must ensure that all reasonably foreseeable security risks associated with the protection of official information and material (including electronic information*) from unauthorised disclosure are identified, assessed, eliminated where reasonably practicable or effectively controlled. Health Services must ensure that the risk management process is undertaken in consultation with staff and key stakeholders, is appropriately documented and effective plans and procedures developed and implemented which reflect relevant legislation, information security standards and Government policy. *‘Electronic information’ is defined in PD 2005_314 as information that is electronically created, processed, held, maintained and transmitted by NSW Health. It also refers to information held for, or on behalf of, other government agencies and private entities.
Guidelines: The types and levels of security required for official information and material will depend on a number of factors including the requirements of legislation, Government and NSW Health policy and the risks associated with unauthorised disclosure or misuse.
Security Risk Management: Chapter 1 of this Manual provides guidance material on the risk management process and these principles apply equally to information security. In addition to meeting the requirements of legislation and policy, Health Services should consider, as part of the risk management process, the following strategies: • Ensuring that an information security plan is developed, documented and implemented which outlines risk control strategies arising from the risk assessment process • Providing training to staff on information systems and the controls in place to manage security information risks and • Monitoring and reviewing risk controls to ensure they remain effective in reducing risk.
Security of Information (November 2005)
21-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Legislative and Policy Environment: Security of Electronic Information: ‘PD2005_314 – Electronic Information Security Policy’ affirms the NSW Health commitment to the provision of appropriate levels of security across all of its information systems. This policy is based on a number of key principles, as outlined below: • NSW Health’s major objective is the provision of health care services underlined by the overall welfare of the people it treats • The implementation of information security controls must not impact on the timely provisions of those services • All personal health information will be securely managed and that privacy and confidentiality will be preserved. The community must be confident NSW Health observes this principle • All other critical and sensitive information will also be securely managed and privacy and confidentiality maintained • All staff have a responsibility for the security and maintenance of critical and sensitive information including personal health information • All other information will be classified for the purposes of determining the level of security required • Providing information security education and developing awareness for all people dealing with electronic information as an integral part of maintaining adequate protection over that information and • The release of information will comply with relevant and current State and Federal legislation. The key requirements of information security, as outlined in PD2005_314, are: • Ensuring appropriate availability of information and services • Allowing secure access to information services • Preventing loss of integrity of information and transactions • Ensuring authenticity of all relevant parties • Ensuring confidentiality of information and transactions • Ensuring an audit log of significant events and • Ensuring fraud prevention. The NSW Premier’s Department Circular 2001/46 - Security of Electronic Information enforces the duty which government has in safeguarding its vast information assets. In recognition of this, Cabinet has directed that all agencies (including Health Services) undertake specific measures. These include, but are not limited to: • Implementation of information security management policies and plans: Health Services should set a clear direction and demonstrate their support for, and commitment to, information security through the issue of a formally agreed and documented security policy
Security of Information (November 2005)
21-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
•
•
Assignment of information security responsibility to a nominated officer: Having a nominated person take overall responsibility for the development and implementation of information security measures provides for a coordinated approach Ensuring that all staff understand their responsibilities for information security: Because the use of electronic information occurs at all levels of staff and across all business areas, effective security requires accountability and the explicit assignment of responsibility to all providers and users of information and Having IT systems certified to the national information security management standard AS/NZS 7799 Part 2:2003 (Specification for Information Security Management Systems).
Security of Personal Health Information: Health Privacy Principle 5, established under the Health Records and Information Privacy Act 2002, requires personal health information to have appropriate security safeguards to prevent unauthorised use, disclosure, loss or other misuse. ‘Appropriate’ will be defined by the circumstances in which the information is stored and used. The NSW Health Privacy Manual (PD2005_593) provides guidance material to assist Health Services to comply with the security requirements established in the Health Records and Information Privacy Act 2002. As public sector agencies, health services are also subject to the requirements of the State Records Act 1998. That Act has extensive provisions as to the minimum length of time public records should be retained. Health services should therefore refer to the General Disposal Authority (GDA 17) Public health services: Patient/Client Records, issued by State Records NSW in determining how long to retain clinical and client/patient records. Security of Incident Information: In 2003 the NSW Safety Improvement Program commenced implementation across all Health Services. The key objective of the Program is to ensure a coordinated approach to the management of all incidents that occur in the NSW health system. Effective management includes the identification, reporting, review or investigation, analysis of and appropriate action and feedback on all incidents. Given the sensitive nature of some of the information collected as a result of the NSW Safety Improvement Program, particularly in relation to root cause analysis (which is subject to a statutory privilege), it is important that all related information is appropriately secured in line with the requirements of legislation and Government and NSW Health policy for the security of personal health information and confidential and sensitive information.
Security of Information (November 2005)
21-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Labelling Information: There is an obvious need to protect sensitive official information from unauthorised access. Accordingly, all Health Services should use ‘labels’ to mark such information, whether it be in electronic, paper or other format. Consistency in labelling will ensure that confidentiality and consistent controls are implemented for sensitive information within a Health Service and across NSW Health. There are three levels of labelling. These are, in ascending order of sensitivity: • • •
X -IN-CONFIDENCE (where X may be ‘CABINET, COMMERCIAL, CLIENT, PERSONNEL or some other term selected by the Health Service as appropriate to their needs) PROTECTED HIGHLY PROTECTED
The absence of a sensitivity label means that official information continues to be handled in accordance with existing Health Service practices, including compliance with the Freedom Of Information Act 1989. The Premier’s Department Circular 2002/69 (Guide to Labelling Sensitive Information) provides standards for the preparation, handling, removal, auditing, copying, storage, disposal and transmission of sensitive information and should be utilised by Health Services when developing local procedures. Further Reference: NSW Health Policy: • PD2005_314 – Electronic Information Security Policy • PD2005_127: Principles for Creation, Management, Storage and Disposal of Health Care Records • PD2005_593 – NSW Health Privacy Manual • PD2005_404 – NSW Incident Information Management System (IIMS) Policy • PD2005_608 – Patient Safety and Clinical Quality Program • NSW Patients Matters Manual. Other Policy: • Premier’s Department Circular 2001/46 – Security of Electronic Information • Premier’s Department Circular 2003/02 - Electronic Information Security: Business Continuity Planning • Premier’s Department Circular 2002/69 – Guide to labelling Sensitive Information
Security of Information (November 2005)
21-4
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
• • •
Information Security Guideline Part 1- Risk Management (Office of Information Technology – June 2002) Information Security Guideline Part 2 – Examples of Threats and Vulnerabilities (Office of Information Technology – June 2002) General Disposal Authority No.17 : Public health services: Patient/Client records (available from State Records NSW at http://www.records.nsw.gov.au)
Standards: • ISO/IEC AS/NZS 17799:2001 – Information technology: Code of practice for information security management • AS/NZ – HB231:2000 – Information Security Risk Management Legislation: • Privacy and Personal Information Protection Act 1998 • Freedom of Information Act 1989 • NSW State Records Act 1998 • State Records Regulation 1999 (NSW) • Children and Young Person (Care and Protection) Act 1998 • Health Records and Information Privacy Act 2002 • Health Care Complaints Act 1993 • Public Finance and Audit Act 1983 • NSW Electronic Transactions Act 2000 • Electronic Transactions Regulation 2001
**********
Security of Information (November 2005)
21-5
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
22. Security of Medical Gases Policy: As part of the facility security risk management process, Health Services must ensure, in consultation with staff, key stakeholders and appropriate advisory bodies, that all reasonably foreseeable security risks associated with storing medical gases are identified, assessed, eliminated where reasonably practicable or effectively controlled. Health Services must ensure that the process is appropriately documented and effective procedures are developed and implemented.
Guidelines: Health Services should develop procedures, in consultation with staff and other stakeholders, to effectively manage security risks associated with storing medical gases. The aim of these procedures is to protect people and minimise the likelihood of incidents related to theft, tampering and damage occurring. Local procedures need to reflect the relevant elements of: • • • • • •
Australian Standard 4332 (The Storage and Handling of Gases in Cylinders) The Dangerous Goods Act 1975 The Dangerous Goods (General) Regulation 1999 The Occupational Health and Safety Regulation 2001 (Chapters 2 & 6) Departmental circular 82/345 (Security of Medical Gas Cylinders) and Departmental circular 80/241 (Safe Practice in the Handling of Compressed Medical Gas Cylinders).
Security Risk Management: Chapter 1 of this Manual provides guidance material on the risk management process and these principles apply equally to security risks associated with storing medical gases. As part of this process, the following risk control strategies should be considered by Health Services: •
Ensuring access to any storage areas is restricted by use of doors, barriers and signs. Sources are to be secured against unauthorised removal, tampering, vandalism and misuse.
•
Ensuring appropriate access control procedures are developed and implemented
Security of Medical Gases (December 2003)
22-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Documenting the location of medical gases both in the bulk storage facility and at the ward level
•
Ensuring records are kept for medical gases used for fieldwork. They should include: -
•
Who is using the source and who is responsible for it Where has the source been taken How is it stored/secured Date and time of issue Date and time of return Any unusual circumstances
Ensuring procedures are implemented for reporting theft, tampering and damage to medical gases.
**********
Security of Medical Gases (December 2003)
22-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
23. Security of Radioactive Substances Policy: As part of the facility security risk management process, Health Services must ensure, in consultation with staff, key stakeholders and appropriate advisory bodies, that all reasonably foreseeable security risks associated with radioactive substances are identified, assessed, eliminated where reasonably practicable or effectively controlled. Health Services must ensure that the process is appropriately documented and effective procedures are developed and implemented.
Guidelines: Health Services should develop procedures, in consultation with staff and other stakeholders, to effectively manage security risks associated with storing radioactive substances. The aim of these procedures is to protect people and minimise the likelihood of incidents related to theft, vandalism and misuse occurring. Issues relating to radiation safety are prescribed in the Radiation Control Act 1990 and the Radiation Control Regulation 2003.
Security Risk Management: Chapter 1 of this Manual provides guidance material on the risk management process and these principles apply equally to security risks associated with storing radioactive substances. As part of this process, the following risk control strategies should be considered by Health Services: •
Ensuring stores (including waste stores) are properly marked with approved warning signs, and regulations regarding their use are posted at access points
•
Ensuring access to any storage areas is restricted by use of doors, locks, barriers and signs. Sources are secured against unauthorised removal and tampering
•
Ensuring access control procedures are developed and implemented
•
Maintaining records of the location of radioactive substances and irradiating apparatus
Security of Radioactive Substances (December 2003)
23-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Ensuring records are kept of all radioactive substances discharged from the premises which include the following information: -
•
The type of radioactive substances discharged The estimate of the total activity of the radioactive substances discharged The manner in which the radioactive substances were discharged The date on which the radioactive substances were discharged
Ensuring any loss or theft of radioactive material, as required by the Radiation Control Regulation 1993, is reported to: -
The officer responsible for radiation safety The Director-General of the Department of Health within three days after the person becomes aware of the loss or theft The Chief Executive Officer or Facility Manager Police and Radiation Control Section, Environment Protection Authority
As much information as possible about the source should be given. Note: In emergency situations involving suspected or actual damage, spillage, loss or theft of radioactive substances the Radiation Control Section of the Environment Protection Authority should be contacted •
Ensuring, where a local radiation safety manual is prepared, the manual includes a section on the security of radioisotopes used and/or stored in those facilities. All radioisotopes used or stored within a facility and their subsequent disposal must be recorded in a register. No unauthorised access to radioisotopes is to be permitted.
Security during Transportation of Radioactive Substances: •
Only authorised persons undertake the escort of radioactive substances when being transported within an organisation
•
When radioactive substances are transported by road, the transport needs to be in accordance with the legal requirements as per Section 23 of the Radiation Control Regulation 1993 and the Safe Transport of Radioactive Material Code of Practice – 2001 (Australian Radiation Protection and Nuclear Safety Agency).
**********
Security of Radioactive Substances (December 2003)
23-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
24.
Fire Security
Policy: As part of the facility security risk management process, Health Services must ensure, in consultation with staff, key stakeholders and appropriate advisory bodies, that all reasonably foreseeable security risks associated with fire are identified, assessed, eliminated where reasonably practicable or effectively controlled. Health Services must ensure that the process is appropriately documented and effective fire security procedures are developed and implemented.
Guidelines: Health Services should develop procedures, in consultation with staff and other stakeholders, to manage fire related security risks. The aim of these procedures is to protect assets and people, minimise the risk of fire hazards and the spread of fire and smoke. Local procedures should incorporate any risk control strategies identified from the risk management process undertaken in each workplace. These procedures need to be consistent with local fire safety procedures, including emergency evacuation procedures. The requirements of the relevant Australian Standards, Building Codes and guidelines specified by fire authorities will also need to be reflected in these procedures.
Security Risk Management: Chapter 1 of this Manual provides guidance material on the risk management process and the principles apply equally to fire related security situations. However there will be particular activities necessary to ensure that the security risks associated with fire are effectively controlled. An internal fire emergency brings with it a range of security considerations including: • • •
The possibility of the fire being a diversionary tactic for criminal activity Theft or looting of other parts of the facility during a fire and Securing any (evacuated) patients in custody, scheduled patients, patients with cognitive deficits and (unaccompanied) children and babies.
Fire Security (December 2003)
24-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Other issues to be considered are: • • • • • •
Accounting for staff, patients and other occupants of the building or facility in a safe area away from the risks of the fire Securing (evacuated) patients who may be confused and inclined to wander and who could be injured as a result Isolating the fire scene until the police and the fire brigade assume control of the site Controlling crowds and traffic until the police can assist Ensuring the Fire Brigade is directed to the fire by the quickest route and Operating any Emergency Warning and Intercommunication System (EWIS) or other emergency communication equipment.
What to do in the Event of a Fire: Health Services should develop local procedures that outline what to do in the event of a fire. These procedures should reflect the following elements: • • • • • •
Details on who should be contacted in the event of a fire and when this contact should occur The role of health service staff and emergency services A nominated emergency co-ordinator and delegates (in the absence of the coordinator) Guidelines on the use of fire equipment The evacuation process (including priority for the removal of patients) and Details on assembly points.
Departmental Circular 2003/87 (Guidelines for Fire Safety in Health Care Facilities) provides detailed information on fire safety management, statutory requirements, fire protection, fire safety emergency response procedures, training and evacuation and advisory services.
Managing Post Incident Issues: Departmental Circular 2002/19 titled ‘Effective Incident Response: A Framework for Prevention and Management in the Health Workplace’ outlines a framework to assist with managing post incident issues such as incident reporting, dealing with media, incident investigation and supporting those who were involved in the incident. Departmental Circular 2003/75 titled ‘NSW Health Policy and Procedures for Injury Management and Return to Work’ provides policy and guidelines for the management of workplace injuries.
**********
Fire Security (December 2003)
24-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
25. Bomb Threat Policy: As part of the facility security risk management process, Health Services must ensure, in consultation with staff, key stakeholders and appropriate advisory bodies, that all reasonably foreseeable security risks associated with receiving bomb threats are identified, assessed, eliminated (where reasonably practicable) or effectively controlled. Health Services must ensure that the process is appropriately documented and effective bomb threat emergency procedures are developed and implemented.
Guidelines: Health Services need to develop local procedures for assessing and managing potential threats and security issues that may arise from a threat. Local procedures should incorporate the relevant outcomes of the risk management processes undertaken in the workplace. The aim of the procedures is to protect lives and assets and minimise business disruption.
Security Risk Management: Chapter 1 of this Manual provides guidance material on the risk management process and the principles apply equally to potential situations associated with a threat. However there will be particular activities necessary to ensure that risks associated with threats are effectively controlled. A bomb threat brings with it a range of security considerations including: • • • •
The possibility of the bomb threat being a diversionary tactic for criminal activity Securing (evacuated) patients who may be confused and inclined to wander and who could be injured as a result Theft or looting of an evacuated facility Securing any (evacuated) patients in custody, scheduled patients, patients with cognitive deficits and (unaccompanied) children and babies.
Health Services need to develop local procedures that outline what should be done to assist in preventing devices being brought into the workplace and in the event of a bomb threat.
Bomb Threat (December 2003)
25-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Security and Housekeeping: The following activities may assist with preventing devicess being brought into the workplace: • • • • • • •
Fitting good quality door fittings, locks and alarms to deter after hours penetration of the workplace (refer to Chapters 9 and 11 of this Manual for more information) Restricting or minimising entry/exit points (refer to Chapter 11 of this Manual for more information) Considering the installation of surveillance equipment (closed circuit television monitors) Introducing visitor registration and identification procedures (refer to Chapter 9 of this Manual for more information) Instituting a lock-up or security check procedure at the close of business each day/night. Daily open-up procedures should complement close of business procedures. Conducting internal physical security inspections and surveys Utilising the services of professional advisory bodies such as police, security professionals etc to assist with assessing the threat to the workplace.
Housekeeping: Good housekeeping complements security. Regular disposal of rubbish has several highly desirable benefits: • • •
The number of potential target areas is reduced Searchers are not distracted unnecessarily by extraneous objects Hygienic/sanitary conditions encourage thorough searching.
Locking surplus office accommodation, cupboards and similar furniture reduces sites for caches of potentially dangerous items and the opportunity for hiding lethal explosive or incendiary devices.
What to do if there is a Bomb Threat: Health Services should develop local procedures that outline what to do in the event of a bomb threat. These procedures should reflect the following elements: • • • • •
Details on who should be contacted in the event of a bomb threat and when this contact should occur The role of health service staff and emergency services A nominated emergency co-ordinator and their delegates (in the absence of the co-ordinator) Guidelines on the use of safety equipment The evacuation process (including priority for the removal of patients and multiple evacuation routes) and
Bomb Threat (December 2003)
25-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Information on assembly points (including procedures for searching prior to evacuation).
Samples of a Bomb Threat Checklist (Appendix 25.1) and a Bomb Threat Procedure (Appendix 25.2) are attached to this Chapter. In developing local procedure Health Services should ensure that provision is made for evacuation and assembly point routes to be searched to ensure staff, patients and visitors are not unnecessarily exposed to danger during evacuation. Procedures for Identifying and Handling Suspicious Items (including Mail): During the risk management process special attention should be given to those areas where: • • •
Mail opening and sorting are carried out The public has direct access Suspicious items could be introduced unnoticed.
Health Services should ensure that procedures for handling suspicious items encompass the identification of screening areas, criteria for identifying suspect items, and emergency responses where suspicious items are identified. Screening Areas: Health Services should establish a screening point for all mail, that is, a central processing point for all mail for the workplace. At which point in the process mail passes through this central area, between arrival and delivery to the relevant officer, will vary according to the size and function of the workplace. The visual/manual screening process should serve to identify as ‘clear’ the majority of mail items processed through the screening point. When a suspect item is detected through the initial screening, the area should be cleared of staff and a call made for assistance, in line with local procedures. Identifying Suspicious Items: Suspicious items may display a combination of the following characteristics: -
Excessive securing material Excessive weight Protruding wires or tin foil Oily stains and discolourations Visual distractions Excessive postage Proper names and title not, or incorrectly, used An address which is handwritten or poorly typed Restrictive markings eg CONFIDENTIAL
Bomb Threat (December 2003)
25-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
-
Common words misspelt Either unusual or foreign origin No sender address Does not fit with the usual type of mail received by the facility Lopsided or unevenly weighted or in a stiff or rigid envelope.
Responding when an Item is Assessed as Suspicious: If an item is considered suspect, local procedures should include the following steps to ensure the security of staff: • • • • • • • • •
•
Contact the emergency co-ordinator Confirm that the item has come through the postal system. An item that has come through the postal system usually does not have the same degree of sophistication as a device that has been placed or delivered by a courier. Check with the addressee if he/she is expecting the item. If a return address is on the article, check with the originator. Isolate the article. Place the suspect item in a safe isolation area (if safe to do so). Consider whether evacuation is necessary. Evacuation should always be considered in the event of a potential bomb threat. The area to be evacuated is related to the size of the item and the degree of the threat. Obtain as much information as possible (without handling the suspect item) in relation to dimensions, balance, stains, history or threats, type or construction of the package and its exact location to pass on to the emergency co-ordinator Under no circumstance should any attempt be made to open the item, as it is generally this action that will cause the device to activate The suspect item should not be immersed in water as this may cause it to activate Suspect items should not be placed in confined spaces such as filing cabinets or cupboards as this will only increase the blast effect if it detonates. Where possible the item should be placed in an area where the gases produced by an explosion can be vented, for example near an open window (but not near a window where people are passing by and may be injured by the blast). Suspect items should not be carried or transported through congested areas and this could expose others to unnecessary hazards.
Managing Post Incident Issues: Departmental circular 2002/19 titled ‘Effective Incident Response: A Framework for Prevention and Management in the Health Workplace’ outlines a framework for managing post-incident issues such as incident reporting, dealing with media, incident investigation and supporting those who were involved in the incident.
Bomb Threat (December 2003)
25-4
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Departmental circular 2003/75 titled ‘NSW Health Policy and Procedures for Injury Management and Return to Work’ provides policy and guidelines for the management of workplace injuries. Related NSW Health and Other Resources: •
Bombs: Defusing the Threat (Australian Bomb Data Centre – 2001)
Further Information: For further information contact: Australian Bomb Data Centre GPO Box 361 CANBERRA ACT 2601 Telephone: 02-628 70750 Fax: 02-628 70770 Email: [email protected]
**************
Bomb Threat (December 2003)
25-5
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Appendix 25.1 A Sample Bomb Threat Checklist TIME CALL TAKEN: BOMB THREAT CHECK LIST
CALLER’S VOICE
QUESTIONS TO ASK
Accent (specify):
(Place a copy of this checklist under your telephone)
Any impediment (specify): Voice (loud, soft etc): Speech (fast, slow etc):
QUESTIONS TO ASK 1. When is the bomb going to explode?
Diction (clear, muffled etc): Manner (calm, emotional etc):
2. Where did you put the bomb?
Did you recognise the voice? If so, who do you think it was?
3. When did you put it there?
Was the caller familiar with the area? THREAT LANGUAGE Well spoken: Incoherent:
4. What does the bomb look like?
Irrational: Taped: Message read by caller: Abusive: Other:
5. What kind of bomb is it? 6. What will make the bomb explode? 7. Did you place the bomb?
BACKGROUND NOISES Street noises: House noises:
8. Why did you place the bomb?
Aircraft: Voices: Music:
9. What is your name?
Machinery: Other: Local call:
Bomb Threat (December 2003)
25-6
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
10. Where are you? 11. What is your address?
Long distance: STD: OTHER Gender of caller: Estimated age: CALL FINISHED
EXACT WORDING OF THREAT
Date: Time: Duration of call:
ACTION
Number called: RECIPIENT
Report call immediately to:
Name:
Phone number:
Telephone number: Signature:
REMEMBER KEEP CALM – DON’T HANG UP EVEN AFTER THE CALLER HAS HUNG UP
Bomb Threat (December 2003)
25-7
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Appendix 25.2 Sample Bomb Threat Procedure In the event of a bomb threat: •
If a bomb threat is received by telephone, staff should: -
•
Remain calm, control emotions and not shout Complete the Bomb Threat Checklist Try to keep the caller talking as long as possible Try to raise the alarm to ensure appropriate action is commenced as soon as possible DO NOT HANG UP THE PHONE, even after the caller has hung up (it can make it easier to trace the caller) Contact the emergency co-ordinator or supervisor and inform them: - That a bomb threat has been received - Of their name, telephone number and location - Details of the threat.
The emergency co-ordinator should: -
-
•
Call the police and tell them: - That a bomb threat has been made or a suspicious item located - Their name, address, telephone number of the facility - The exact location of the suspicious object or the details of the threat Arrange for a staff member to be at the appropriate facility entrance to guide the police to the suspicious item by the quickest route. Once a suspicious item is found the senior police officer is responsible for managing the situation. Co-ordinate the evacuation by selecting the evacuation route and searching the evacuation and assembly point routes prior to the evacuation. If a suspicious item is located staff should:
-
Remain calm, control emotions and not shout DO NOT TOUCH THE OBJECT OR COVER IT Evacuate the immediate area and post sentries Contact the emergency co-ordinator or supervisor and inform them: - That a suspicious item has been found - Their name, department and telephone number - The exact location of the item - The description of the item
WARNING: DO NOT USE RADIO TRANSCEIVERS, CORDLESS PHONES OR MOBILE TELEPHONES NEAR THE OBJECT.
Bomb Threat (December 2003)
25-8
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities
26. Violence Policy: As part of the facility security risk management process, Health Services must ensure, in consultation with staff and key stakeholders, that all reasonably foreseeable risks associated with violence towards staff, patients or visitors by another individual are identified, assessed, eliminated (where reasonably practicable) or effectively controlled and that the process is appropriately documented. Note: Attention is drawn to the agreement between the NSW Nurses’ Association and NSW Health that in isolated facilities/units a minimum of two nurses must be rostered on each shift. If a second nurse is not available on a shift then a security officer should be hired or other appropriate personnel be in attendance. This agreement occurred in 1996 and was reflected in the 1996 and 1998 versions of the Security Manual which also stated that similar attention should be paid to the needs of community health workers who attend patients in isolated circumstances or in locations without ready access to support. For the purposes of this Chapter, violence is defined as any incident in which an individual is abused, threatened or assaulted and includes verbal, physical or psychological abuse, threats or other intimidating behaviours, intentional physical attacks, aggravated assault, threats with an offensive weapon, sexual harassment and sexual assault.
Guidelines: Corporate Governance and Accountability in Health: The Corporate Governance and Accountability in Health Better Practice Reference Guide, developed by the Department and the Health Services Association of NSW, states that under the NSW Occupational Health and Safety Act 2000 primary responsibility for achieving a violence free workplace for staff, patients and the public rests ultimately with the CE of DoH area health service and Royal Alexandra Hospital for Children. The Better Practice Reference Guide suggests that Boards consider the following important strategies in mitigating violent behaviour: •
OHS in the design of new facilities and upgrades
Violence (December 2003)
26-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
• • •
Appropriate communication systems, duress alarm systems and protocols particularly for staff working in the community or at isolated sites Duress alarm systems for staff working in priority areas such as emergency departments, mental health units and drug and alcohol clinics Restricting patient access through the use of key/electronic access to areas that hold cash, drugs or equipment.
Violence Risk Management: Chapter 1 of this Manual provides guidance material on the risk management process and these principles apply equally to managing and preventing violence in the workplace. As part of this process, the following risk control strategies should be considered by Health Services: •
Vehicle and Car Park Security: Ø Ensuring there is adequate lighting in car parks and around facilities Ø Providing security escorts for staff leaving the facility after dark Ø Aligning, where possible, the start and end of shifts with main public transport timetables Ø Implementing procedures for reporting poorly lit or dark areas of the facility, for both parking vehicles and walking Ø Advising staff to leave and arrive at work with colleagues where possible Ø Providing a mustering area at the facility for staff to gather, if there is time between the shift ending and buses and trains arriving Ø Ensuring that staff know of and use allocated after hours access/exit points Ø Instructing staff to lock all vehicle doors while driving through dangerous areas.
•
Movement at Work: Ø Ensuring all appropriate entry doors and windows are, where possible, locked Ø Ensuring staff are aware of their responsibility to wear personal identification at all times Ø Making sure staff are aware that all personal belongings are to be locked away and providing facilities to ensure this can happen Ø Ensuring offices, filing cabinets and desk drawers are locked when unattended Ø Making sure staff know to look for early warning signs of possible violence (eg anger or agitation, pacing back and forth, withdrawal when approached, tensed muscles, raised voices) Ø Ensuring staff know to contact security staff or police if suspicious person(s) are seen.
Violence (December 2003)
26-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Ensuring Safe Movement of Staff at Night: Ø Where practicable locating a secure car park as near as possible to the facility Ø Ensuring surrounds to car parks and living quarters are well lit, and monitored by security services if possible - areas where a person could hide should be eliminated as far as possible Ø Providing security escorts, at the end of afternoon and night shifts, to staff when going to their vehicles or living quarters Ø Developing procedures to ensure that staff do not move through or go to isolated parts of the facility alone, or open the door (at night) alone.
•
Transporting Cash Securely: Ø Ensuring that the relevant requirements of the Approved Industry Code of Practice for Cash in Transit are implemented.
•
Providing Secure Staff Accommodation: Ø Limiting access to staff accommodation by key or card control access system Ø Ensuring surrounds are well lit, and that there are no areas where a person could hide Ø Ensuring windows, doors and locks can be properly secured while still allowing for adequate ventilation.
What to do when Confronted with Violent Behaviour: It is important that all staff are aware that a range of options exists when faced with violent individuals. These responses will depend on a number of factors including the nature and severity of the event, whether it is a patient, visitor or intruder and the skills, experience and confidence of the staff member/s involved. This may include immediately triggering a duress response (as defined in Chapter 29 of this Manual). When confronted with violent behaviour, immediate and short-term options available to staff include the following. Note that these are presented in no particular order and that more than one strategy can be used, depending on the circumstances: • • • • • •
Issuing a verbal warning Seeking support from other staff Requesting that the aggressor leave Requesting review by a clinician Using verbal de-escalation and distraction techniques Retreating
Violence (December 2003)
26-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
• • • • •
Utilising NSW Health security and/or clinical restraint policies as appropriate Utilising NSW Health sedation policies as appropriate Initiating internal emergency response in line with local protocols eg security, duress response team etc (refer to Chapter 29 - Duress Response Arrangements) Initiating external emergency response in line with local protocols eg external security services, police Providing police with the necessary info rmation to charge perpetrators.
If a staff member feels unsafe at any time they should call for back-up and/or retreat, if appropriate. At all times the key priority is to prevent injury (to staff and others). When considering options the following points should always be kept in mind: • • • • •
The possibility of an underlying clinical condition contributing to the violent behaviour must always be a consideration, therefore assessment by a clinician at the earliest opportunity should be considered When confronted with violent behaviour it is important to remain calm and assess the level of threat as this will allow decisions to be made as to the most appropriate action Regardless of action taken, de-escalation and containment should always be the primary considerations At all times the key priority is to prevent injury (to yourself and those around you) Be aware of the potential for violence, recognise contributing factors/warning signs, stay calm, initiate early, appropriate action.
In some cases violent behaviour is not a one-off incident but reflects a pattern of behaviour for an individual. In these instances longer term options to manage repeated violent behaviour include: • • • • • • • • •
Formal patient management plans Written warnings Conditional patient treatment agreements Exclusion of visits Conditional visiting rights Patient alerts in conjunction with support management plan Recognition of inability to treat in certain circumstances Taking out an AVO to protect staff Having charges laid.
The ‘Zero Tolerance Policy and Framework Guidelines’ (Circular 2003/48) provides more detailed information on all of the above options. If faced with an armed hold -up situation the priorities are: •
Safety of self and
Violence (December 2003)
26-4
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Safety of others.
Chapter 27 (Armed Hold-up) provides more detailed information on what to do if faced with an armed hold-up situation.
NSW Health Zero Tolerance Policy to Violence: NSW Health has adopted a policy of zero tolerance to all forms of violence in the health workplace. The zero tolerance response means that all violent incidents need to be promptly, appropriately and consistently managed to prevent escalation and to minimise their impact on staff, patients and visitors. For further information please see the NSW Health document titled ‘Zero Tolerance Policy and Framework Guidelines’ (Departmental Circular 2003/48).
Managing Post Incident Issues: Departmental Circular 2002/19 titled ‘Effective Incident Response: A Framework for Prevention and Management in the Health Workplace’ outlines a framework for managing post-incident issues such as incident reporting, dealing with media, incident investigation and supporting those who were involved in the incident. Departmental Circular 2003/75 titled ‘NSW Health Policy and Procedures for Injury Management a nd Return to Work’ provides policy and guidelines for the management of workplace injuries.
**********
Violence (December 2003)
26-5
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
27. Armed Hold-Up Policy: As part of the facility security risk management process, Health Services must ensure, in consultation with staff and key stakeholders, that all reasonably foreseeable risks associated with armed hold -up are identified, assessed, eliminated where reasonably practicable or effectively controlled. Health Services must ensure that the process is appropriately documented and effective armed hold-up response procedures are developed and implemented.
Guidelines: Health Services should develop local procedures, in conjunction with the risk management process, to deal with a potential or actual armed hold-up. The aim of these procedures is to protect lives and prevent disruption to the running of a facility. In the context of this Chapter armed hold -up includes threats or implied threats (for the purpose of stealing money, drugs or other property) that involve any equipment or material that may be utilised as a weapon.
Security Risk Management: Chapter 1 of this Manual provides guidance material on the risk management process and the principles apply equally to potential situations associated with armed hold up. Issues to be addressed during the risk management process should include: •
• • •
Assessing vulnerable areas within the Health Service, such as pharmacies and cashiers’ counters to determine if: - The location of such facilities is secure - Cash and accountable drugs are kept to a minimum within these areas and - The routes and times are varied when cash is conveyed to and from the facility (Refer to Chapter 5 of this Manual for more information on identifying security issues when leasing out or leasing premises) Ensuring the training provided to staff in armed hold-up procedures is appropriate Ensuring the adequacy of alarm systems and physical barriers and Reviewing security system controls.
Armed Hold-up (December 2003)
27-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
What to do in the Event of an Armed Hold-up: Health Services should develop local procedures that outline what to do during an armed hold-up and immediately following an armed hold-up. These procedures should reflect the following elements: • • • • • • •
Details on who should be contacted in the event of an armed hold-up and when this contact should occur The role of health service staff and emergency services A nominated emergency co-ordinator and delegates (in the absence of the coordinator) The evacuation process (including priority for the removal of patients) Survival strategies for staff during an armed hold -up Isolating the site and Preserving the site following the incident.
A sample procedure has been included (Appendix 27.1) to this Chapter for the information of Health Services.
Managing Post Incident Issues: Departmental circular 2002/19 titled ‘Effective Incident Response: A Framework for Prevention and Management in the Health Workplace’ outlines a framework for managing post-incident issues such as incident reporting, dealing with media, incident investigation and supporting those who were involved in the incident. Departmental circular 2003/75 titled ‘NSW Health Policy and Procedures for Injury Management and Return to Work’ provides policy and guidelines for the management of workplace injuries.
**********
Armed Hold-up (December 2003)
27-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Appendix 27.1 Sample Procedure What to do in the Event of an Armed Hold-up: During an armed hold-up and immediately following an armed hold-up the following actions should be taken: •
During an armed hold-up staff should: -
Co-operate with the perpetrator’s instructions Assume and behave as if the weapon is real or loaded Remain calm, control emotions, avoid eye contact and make no sudden movements Not attack the perpetrator or touch anything they may have handled Note the perpetrator’s clothing and any other distinguishing features Not challenge the perpetrator Attempt to stay facing the person Activate any alarm if safe to do so.
During an armed hold-up the protection of life is most important. Staff should not knowingly place themselves or anyone else at unnecessary risk. •
After an armed hold-up the manager, or other delegated person of the affected area should: -
•
Close the area where the robbery took place and advise people not to touch anything at the scene Ask all witnesses to wait for the police to arrive or ask for their name, address and telephone number if they insist on leaving Ensure witnesses do not discuss the robbery until interviewed by the police Ensure that the emergency department is alerted and advised of the number of people requiring treatment Ensure all witnesses are offered counselling. Witnesses who are staff of the Health Service can access their EAP or other post incident support services. Ensure media issues are appropriately managed and arrange an area where a press conference can be held if necessary Advise unauthorised staff not to speak to the media Ensure the names of injured people are not given to the media until relatives have been notified.
After an armed hold-up staff should: -
Look after staff and others directly involved or a ffected by the hold-up Advise the manager/supervisor of the incident
Armed Hold-up (December 2003)
27-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
-
Activate any alarms, if safe to do so, if not previously activated Dial 000 and ask for the police or contact the nominated emergency coordinator at the facility and tell them: -
•
What the Emergency Co-ordinator should do: -
•
Ask the facility switchboard to advise senior staff on duty of the incident and to stand-by in case of injury Arrange to evacuate surrounding area if the hold-up is still in progress and post sentries to stop unsuspecting people walking into a dangerous situation Co-ordinate the scene until the police arrive Ensure a return to normal working practices as soon as possible
What security staff should do during and after an armed hold-up: -
•
The name, address and telephone number of the facility The exact location of the robbery and the number of intruders What the intruders looked like What vehicles were used if known What weapons were used
Observe from a safe distance, remain unobtrusive and where necessary evacuate the surrounding areas and post sentries to stop unsuspecting people walking into a dangerous situation Do not place themselves, or anyone else, at risk Keep onlookers away from the scene Sounds the alarm if it is safe to do so.
What the switchboard operator should do during and after an armed hold -up -
-
-
Ask anyone reporting a hold -up - His/her name - Location of the incident - If the incident is still in progress (if the incident is in progress police are to be advised on 000 immediately and other details gathered after) - If there are any injuries - The number of perpetrators, descriptions, direction and means of escape If the police have not been contacted dial 000 and ask for police. Tell them all the details that have been gathered from the person reporting the hold-up Report the hold-up to the emergency co-ordinator or the most senior staff member if the emergency co-ordinator is not on duty Be the communication link between management, on-site staff and police.
*********
Armed Hold-up (December 2003)
27-4
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
28. Use of Weapons By Security Staff Policy: For the purposes of this Chapter weapons are defined as batons or handcuffs only. Schedule 1 of the Weapons Prohibition Act 1998 includes batons and handcuffs in its definition of weapons and as such there are legal implications for their use and misuse. No other weapons, as defined by the Weapons Prohibition Act 1998 will be considered for issue to security staff in Health Services. The Department of Health does not support the issuing of weapons to security staff as a key security risk control s trategy. As part of the facility security risk management process, Health Services must ensure that all practical violence risk control strategies are implemented prior to considering issuing security staff with weapons. Health Services must take into consideration that issuing weapons to security staff has its own set of risks that also need to be identified, assessed, eliminated where reasonably practicable or controlled. These risks may include: • • •
The potential for weapons to be taken and used against staff, patients or visitors The potential for injury to staff who may use the weapons and the potential for injury to those the weapons are used against The potential for legal action over the use and misuse of weapons.
Note: Handcuffs are not to be used on patients. The risk management process must be documented and may from time to time be reviewed by the Department of Health or other external agencies.
Legislative Framework: Weapons Prohibition Regulation 1999: Schedule 1 of the Weapons Prohibition Regulation 1999 states that persons employed to carry on a security activity, as defined by the relevant sections of the Security Industry Act 1997, and who hold a class 1A or class 2D licence are exempt from the requirement, under the NSW Weapons Prohibition Act 1998, to have a permit to possess an extendable or telescopic baton and/or handcuffs. Use of Weapons by Security Staff (December 2003)
28-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
This exemption applies only where the person is acting in the course of employment (or in the course of carrying out business) and only if the Commissioner for Police is satisfied that the person is trained in the use of these prohibited weapons. Therefore, in order to fulfil their legislative responsibilities Health Services are required to: • •
Ensure staff issued with weapons are licensed security officers as per the requirements of the NSW Security Industry Act 1997 Ensure specialist training is provided to security officers prior to the issuing of weapons, as per the requirements of the NSW Weapons Prohibition Regulations 1999.
Only training provided by a person who holds a prohibited weapons instructor’s permit will meet this condition of the Prohibited Weapons Regulation 1999. Recognition of prior learning (RPL) certification can be accepted only where the security officer has evidence of initial training (eg certificate issued by the training provider). It should be noted that the Australasian Police Ministers’ Council has agreed that capsicum spray will not be authorised for personnel other than Police, Corrective Services and the Military. Occupational Health and Safety Act 2000 and Occupational Health and Safety Regulation 2001: The NSW Occupational Health and Safety Regulation 2001 requires employers to identify hazards, assess the risks arising from the hazards in their workplaces and develop strategies to eliminate or control these risks. The Occupational Health and Safety Regulation 2001 requires employers to take the following measures, in the order presented, to minimise security risks to the lowest level reasonably practicable, where these risks cannot be eliminated: 1. 2. 3. 4. 5.
Substituting the hazard giving rise to the risk with a hazard that gives rise to a lesser risk Isolating the hazard from the person put at risk Minimising the risk by engineering means (eg building design) Minimising the risk by administrative means (eg adopting safe working practices or providing appropriate training, instruction or information) Using personal protective equipment.
If no single measure will sufficiently minimise risk, a combination of the above measures is required.
Use of Weapons by Security Staff (December 2003)
28-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
WorkCover NSW has provided the following advice on the definition of personal protective equipment as outlined in the EEC Directive (89/656): ‘PPE is any equipment worn or held by the employee to protect him/her against one or more health or safety risks at the workplace, including all complementary equipment or accessories that can contribute to this purpose. This definition excludes: • • • • • • • •
Normal workwear and uniforms Equipment of first aid and rescue services PPE for military and police use PPE used in road vehicles (e.g. safety belts in cars) Sports equipment Self-defence or deterrent materials Portable risk and nuisance factors Detection and warning devices.’
Guidelines: Local procedures which aim to minimise harm and ensure staff are acting within the law are to be developed. The following points should be included in local procedures: • • • •
The use of weapons is a last resort action, after all other avenues to resolve the situation have been exhausted Batons are to be used in a defensive role only Handcuffs are only to be used to restrain detainees while waiting for the police to arrive to make an arrest. The handcuffed person must be handed over to the police as soon as possible. Handcuffs are not to be used on patients. In all cases, no more force than is reasonably necessary is to be used.
Health Services need to ensure that procedures governing the use of weapons include instructions on application and use, with emphasis on safety and caution and legal responsibilities for the staff member who has been issued the weapon. Documentation: Incidents involving the use of weapons should be recorded in detail and a procedural debriefing carried out. A register listing the weapons training undertaken by each security staff member should be kept.
Use of Weapons by Security Staff (December 2003)
28-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Serial numbers or permanent markings should be affixed to all weapons to allow regular checks against inventory. All losses of weapons are to be reported to police. Contracted Security: Contracts with external security providers should include arrangements that ensure that local Health Service procedures on the use of security equipment, particularly weapons, are met.
**********
Use of Weapons by Security Staff (December 2003)
28-4
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
29. Duress Response Arrangements Policy: As part of the facility security risk management process, Health Services must ensure that appropriate arrangements for providing an appropriate, timely and effective response to both clinical and other duress situations (including response to duress alarms) are developed and implemented in consultation with staff and key stakeholders.
Guidelines: Despite all efforts to minimise the likelihood of incidents occurring in NSW Health workplaces, unexpected and unusual incidents that require a duress response, including threatened or actual violence, may occur. It is important that all staff are aware that there is a range of options available when faced with violent individuals. These responses will depend on a number of factors including the nature and severity of the event, whether it is a patient, visitor or intruder, and the skills, experience and confidence of the staff member/s involved. One response available to all staff is the triggering of a duress response. All staff, including those working in institutional and community (including domestic) settings, should feel assured that i n the event of triggering a duress alarm or seeking urgent assistance in a threatening situation, an appropriate response will be initiated. Staff should also be assured that it is better to trigger an alarm/seek assistance early as this can prevent escalation. Acceptance by managers that staff are entitled to call for assistance in duress situations is an underpinning principle of the Department’s Zero Tolerance Policy and Framework Guidelines (Circular 2003/48). Early recognition of an incident and adequate and appropriate response can minimise the risk of injury to staff, patients and others and prevent escalation. This chapter should be considered in conjunction with Chapter 26 (Violence) and Chapter 27 (Armed Hold-up) of this Manual.
Duress Response Arrangements (December 2003)
29-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
What is a Duress Response? The aims of a duress response are to: • • •
Get sufficient numbers of skilled personnel to a situation as soon as possible in order to contain the incident and maximise the chances of a good outcome Minimise the risk of injury and Demonstrate support for staff and others in duress situations.
The nature of the duress response will vary from facility to facility depending on local issues such as the nature of the facility, or unit within the facility, availability of staff to respond and access to external services such as police or private security firms. A ‘clinical duress response’ is taken to mean a formalised urgent response by health staff to a clinical situation in which the safety of a staff member, patient or others is threatened by the behaviour of a patient where the behaviour is a result of the patient’s medical condition. A clinical duress response is similar to a cardiac arrest response. The aim is to get sufficient numbers of skilled personnel to the patient as soon as possible in order to maximise the chances of a good outcome. Other duress responses are utilised where there are threats such as robbery or assaults by individuals, where there is no clinical situation, and would largely involve a security response rather than a clinical response. The following characteristics are features of an effective duress response: • • • • • • • • • • • • •
Requires one call or alarm trigger Call or trigger is early rather than later in the event Staff are aware of protocols for getting assistance Response is as fast as possible Response is standardised as far as possible to reduce confusion Response is sufficient to meet local needs and where necessary includes consideration of contingency plans while awaiting response Team members are well trained in the response procedure including their roles Each team has a delegated leader and an agreed assembly point All shifts are covered and processes are in place to cover unexpected staff shortages (eg due to sick leave) Links with local protocols, where appropriate, for retreat, restraint, sedation and additional back up Incorporates post incident management and support processes Includes operational review and debriefing Is regularly evaluated and updated as necessary.
As described in Australian Standard 4083 –1997 Health Services should refer to the call to initiate a duress response as ‘code black’.
Duress Response Arrangements (December 2003)
29-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Chapter 1 of this Manual provides guidance material on the risk management process and the principles apply equally to identifying and managing potential situations that may require a duress response.
Duress Response Teams: An integral part of an effective duress response is the establishment of a duress response team. It is recognised that not all services/facilities may have the internal resources to mount a comprehe nsive duress team approach. However, a duress response team ensures that a response is initiated in an adequate, timely, organised and effective way; comprehensive investigation occurs; staff support is offered; and a review of the incident occurs. In mental health facilities, or facilities with mental health units, the duress response should involve sufficient numbers of people to provide for the safe management and restraint, if necessary, of the patient in accordance with the guidelines in the Departmental document titled ‘Management of Adults with Severe Behavioural Disturbance – May 2002’. Training of staff is a crucial component of ensuring the effective implementation of the duress response plan.
Planning, Implementing and Reviewing a Duress Response: The Occupational Health and Safety Regulation 2001 requires employers to consult with staff when making decisions affecting their health, safety and welfare at work. Risk control strategies include the planning, implementation and review of duress response procedures. Key stakeholders, that should be consulted, may include senior management, risk managers, staff representatives, human resource personnel, security staff, OH&S Committee representatives, health unions, representatives of priority areas such as mental health and emergency departments, community staff, and other stakeholders such as local police and ambulance. Procedures developed need to be realistic and achievable in the workplace, provide the best possible response time and include consideration of contingencies such as the simultaneous occurrence of more than one duress situation. Attached to this chapter (Appendix 29.1) are some model duress response plans. The following values should underpin the development of a duress response: • • • • •
Safety of patients, staff and others Appropriate, adequate, timely and effective response Respect and dignity of staff and patients (although safety is the priority) Empathy and recognition of the experiences of all involved Offer of support and care as needed
Duress Response Arrangements (December 2003)
29-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Support for rapid and effective treatment and rehabilitation as indicated.
Health Service or facility emergency procedures (eg fire, bomb threat, medical emergency etc) should be compatible with duress response plans. When developing a duress response plan: • • • • • • •
Ensure a duress response plan exists for all public health care workplaces and community services (ie within the organisation and outside of the organisation where health work is carried out) Consult with staff on the development and review of duress response plans Respect the rights of staff to call for a duress response if and when they identify a need Encourage calling for a duress response/back-up early in the event, preferably before escalation Ensure a preventative and risk management culture exists Provide adequate and appropriate personal protective equipment, escape routes and safe havens Ensure staff and response team partners (eg other government, non government and/or community respondents) attend relevant training.
The duress response plan should clearly state the responsibilities of staff. These may include: • • • • • • •
Implementing early notification of a potential duress incident Using personal protective equipment, safe havens and escape routes, as provided Attending training in aggression minimisation/de-escalation and duress response management where provided Assuming any delegated role and responsibilities in the command, control and coordination of a duress response Documenting involvement in the duress incident in accordance with local policy and procedures Assisting with formal operational review and debriefing of a duress incident and Assisting with implementing any preventive measures identified through evaluation strategies.
Within a duress response procedure communication protocols should: •
• •
Determine, through the risk assessment process, communication strategies and devices which best suit the local needs and contexts in which staff work (eg fixed or personal duress alarms, mobile telephones, radios, remote geographic positioning d uress beacons etc) Be clear for all staff in all workplaces and services and Consider using strategies and devices used by other emergency service providers responding to emergency situations if appropriate.
Duress Response Arrangements (December 2003)
29-4
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Managing Post Incident Issues: Departmental circular 2002/19 titled ‘Effective Incident Response: A Framework for Prevention and Management in the Health Workplace’ outlines a framework for managing post-incident issues such as incident reporting, dealing with media, incident investigation and supporting those who were involved in the incident. Departmental circular 2003/75 titled ‘NSW Health Policy and Procedures for Injury Management and Return to Work’ provides policy and guidelines for the management of workplace injuries.
**********
Duress Response Arrangements (December 2003)
29-5
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Appendix 29.1 Model Duress Response Procedures for a Medium/Large Facility: The following is a model of a duress response for a medium/large facility where staff are available to respond to a duress alarm 24 hours a day, 7days a week. This model is intended as a guide as the duress response procedures developed and implemented in a facility need to reflect the risk identified through the risk management process. •
Capacity to identify a situation / incident which requires a duress response: Ø There are clear protocols for staff calling a duress response Ø The duress response is triggered early before things get out of hand Ø There is a culture of no blame for staff members who feel threatened and call for a duress response.
•
Simple and clear communication: Ø There is a one call or alarm trigger from the person calling for a duress response to initiate the duress response – through a duress alarm, or telephone to a central coordinating person Ø Once a duress call is made, responding members attend quickly Ø Redundancy is built in (eg if the paging system is down or there are 2 simultaneous alarms) Ø There are simple ways of obtaining back up if needed - From facility resources - From external agencies such as police.
•
There is a team response: Ø There are sufficient numbers of personnel responding to meet needs Ø Team is multidisciplinary (Medical / Nursing / Security / others) Ø There is a designated leader who is identified prior to any response (this should be a clinical person for clinical duress incidents) Ø There is an agreed assembly point to enable a better co-ordination of response and avoid responding team members entering unsafe areas on their own.
•
During the response: Ø There is an immediate assessment of the situation by the team leader is this situation appropriate for intervention by the team? The duress response team may decide not to intervene and call the police (eg hostage situation or incidents involving weapons) and then the role of the team may be to keep others away from the area
Duress Response Arrangements (December 2003)
29-6
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Ø There are protocols and training for likely events such as - De-escalation - Sedation - Restraint - Retreat - Securing the scene - Crowd control - Back up / hand over to security agencies Ø There is clear documentation of the response and intervention Ø Data is kept on every duress response. •
After the response: Ø There is a review of the duress response by the manager of the duress response team Ø There is an investigation of the incident Ø Staff involved in the response, or affected by the incident, are offered support Ø Recommendations from the investigation are implemented.
Each Health Service will need to develop context specific plans based on risk assessment which takes into account their procedures, physical facilities, staffing and clientele.
Smaller Facility Duress Response: In circumstances such as smaller health facilities, community outreach and home visits, a more flexible and dynamic approach to staff safety and duress response is required. However, even in these circumstances, staff still need to have access to an appropriate emergency response. The following model is intended as a guide only as the duress response procedures developed and implemented need to reflect the risk identified through the risk management process. •
Dynamic safety measures include: Ø Mobile communication devices: mobile duress alarms, mobile phones and/or tracking devices in cars Ø Response to alarms Ø Regular and repeated risk assessments by staff - if it feels unsafe, do not proceed Ø Systems which track staff movements. For example let colleagues know of your whereabouts, itinerary and expected return; scheduled check ins with base; protocols for responding to failure to keep schedule (eg informing police).
Duress Response Arrangements (December 2003)
29-7
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Ø Use of two staff or an additional security officer rather than lone workers Ø Establish a rrangements with local business to share security resources (eg security patrols) Ø Regular liaison with the local police / emergency services, with police being the lead agency Ø Thorough staff training in early recognition of potential situations and deescalation techniques •
Review of effectiveness of each response call to identify areas of improvement.
*********
Duress Response Arrangements (December 2003)
29-8
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
30. Effective Incident Management Policy: Health Services must ensure that the policy outlined in Departmental circular 2002/19 titled ‘Effective Incident Response: A Framework for the Prevention and Management in the Health Workplace’ (or subsequent revised policy) is implemented.
Guidelines: The purpose of Departmental Circular 2002/19 is to assist health care facilities to minimise the potential for incidents to occur and to develop a planned response to such incidents if and when they occur. The document provides guidelines for planning incident prevention and management protocols or procedures, and guidelines on the essential components of incident management. The policy, within this document, focuses on the impact of incidents on staff and provides a framework to assist staff to deal with their experience. All relevant requirements for a culturally sensitive response, gender equity and occupational health and safety should be encompassed. This chapter should be read in conjunction with Chapter 29 (Duress Response Procedures).
**********
Effective Incident Management (December 2003)
30-1
SECURITY CONTINUOUS IMPROVEMENT PROGRAM
Chapter 31: Part One - Guidelines Chapter 32: Part Two - Assessment Tool Chapter 33: Part Three - Improvement Plan
TABLE OF CONTENTS
Executive Summary Conducting the Survey: A Process Overview
PART ONE (Chapter 31)
GUIDELINES FOR CONDUCTING A SECURITY SURVEY USING THE NSW HEALTH SECURITY IMPROVEMENT TOOL
1.0
Introduction to the NSW Health Security Continuous Improvement Program
2.0
Purpose and Scope of the Improvement Plan
3.0
Status of the Tool
3.1
Annual Internal Security Survey
3.2
Five Yearly External Security Survey
4.0
Target Group for Using the Tool to Conduct Security Surveys
5.0
Overview of the Improvement Program
5.1
Part One: The Guidelines
5.2
Part Two: The Tool 5.2.1 Health Facility Report 5.2.2 Detailed Indicative Evidence Guidelines 5.2.3 The Assessment Tool
5.3
Part Three: The Security Improvement Plan
6.0
Interpreting the Assessment Tool
6.1
Sections
6.2
Elements 6.2.1 Determining Which Elements to Survey 6.2.2 Mandatory Elements
6.3
Standards
6.4
Indicative Evidence
6.5
Scoring and Interpreting Results
6.6
Comments and Recommendations
7.0
How to Use the Tool
7.1
Preparing to Conduct a Security Survey
7.2
Conducting the Security Survey
7.3
Reporting Survey Results
7.4
Departmental Reporting Requirements
PART TWO
NSW HEALTH SECURITY IMPROVEMENT TOOL
(Chapter 32)
Health Facility Report Health Facility Report Coversheet Health Facility Summary Sheet Health Facility Score Sheet
Detailed Indicative Evidence Guidelines What is Indicative Evidence? Sources of Evidence – what to look for and how to use it Using Verbal Information Using Documentary Information Using Observation Common Forms of Indicative Evidence
Section One
Security Risk Management Framework
1.1
Security Risk Management Policy and Program
1.2
Security Risk Management Responsibilities
1.3
Security Risk Management in the Planning Process
1.4
Health Service Leasing of Property to/from External Parties
1.5
Security Arrangements for Patients in Custody
1.6
Security Education and Training
1.7
Security Continuous Improvement
Section Two
Core Security Risk Controls
2.1
Access Control
2.2
Key Control
2.3
Alarm Systems
2.4
Lighting
2.5
Provision of Security Services
2.6
Duress Response Arrangements
Section Three
Security Risk Controls in Priority Areas
3.1
The Clinical Environment
3.2
Security of Staff Working in the Community
3.3
Rural and Remote Health Services
3.4
Security in Pharmacies
Section Three
Security Risk Controls in Priority Areas (continued)
3.5
Security in Car Parks
3.6
Security of Property
3.7
Security of Information
3.8
Security of Medical Gases
3.9
Security of Radioactive Substances
Section Four
Security Risk Controls in Unplanned Events
4.1
Fire Security
4.2
Bomb Threat
4.3
Violence
4.4
Armed Hold-up
PART THREE
SECURITY IMPROVEMENT PLAN
(Chapter 33)
EXECUTIVE SUMMARY NSW Health is committed to the ongoing elimination and control of security risks to patients, staff, visitors and property. Its principal policy documents in this area are NSW Health circular 2003/92 and supporting publication Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities December 2003 (the Security Manual). The Security Manual forms the platform on which the Security Continuous Improvement Program sits. The Security Continuous Improvement Program consists of Guidelines for using the Security Improvement Tool to conduct a security survey, the survey Tool itself and a template for the resulting Security Improvement Plan. The program should be implemented in close consultation with the Security Manual. The purpose of the Program is to assist public health organisations: • Keep staff, patients and visitors safe, and keep property secure • Meet the relevant NSW OHS legislative requirements, and NSW Health policy requirements contained in the Security Manual • Measure essential aspects of their security risk management program for feedback to appropriate levels of management • Identify areas of the local security risk management program requiring improvement • Ensure local security risk management continuous improvement through the development and implementation of an improvement plan. The Security Improvement Tool and support materials will assist public health organisations to measure implementation of key aspects of the Security Manual and develop an Improvement Plan to address identified shortcomings and to drive continuous improvement. The Tool is to be used to conduct the annual internal security survey required in Chapter 8 of the NSW Health Security Manual. The Security Improvement Plan should be prepared as soon as possible after completion of the security survey, and in consultation with key facility contacts and other relevant stakeholders. Once the Improvement Plan has been drafted, it should be forwarded to the relevant manager/s for further discussion if appropriate, in preparation for final approval via local approval protocols, and implementation.
********************
Part One - Guidelines for Conducting a Security Survey Using the NSW Health Security Improvement Tool
31-1
CONDUCTING A SECURITY SURVEY – A PROCESS OVERVIEW
Public Health Organisation/Facility •
Identify survey team leader and team members, at least one of whom must hold a security licence (Section 4.0).
Team Leader, Security Survey •
Ensure that all team members read all the materials, including the Guidelines which explain the process, and are familiar with the Tool and the Security Manual.
Security Survey Team Preparation • • • • • • •
Read the Guidelines (Part 1 Guidelines – Chapter 31), and have a good working knowledge of the Security Manual, the Tool (Part 2 – Chapter 32) and the Indicative Evidence (Part 2 – Chapter 32) Meet with the relevant senior executive/s to explain the survey, and provide a copy of the Executive Summary (Part 1 – Chapter 31) Determine which Elements are to be included in the survey (Section 6.2.1) ensuring all Mandatory Elements are included as a minimum (Section 6.2.2) Identify which physical parts of the facility are to be surveyed Make arrangements to visit the facility, interview staff and view documentation Take copies of the Tool, Guidelines and Health Facility Report Have access to the Security Manual.
Conducting the Security Survey • • •
Inspect the facility, review the documentation and interview key staff Record observations and agree on the standard to be assigned for each element Record results on the Score Summary Sheet and complete the Health Facility Report (Part 2).
Reporting Results • •
Complete the Security Improvement Plan (Part 3 – Chapter 33) in consultation with key facility contacts (Part 1; 5.3) Submit a copy of the Improvement Plan (Part 3 – Chapter 33), Health Facility Report (Part 2 – Chapter 32) and the Executive Summary (Part 1 – Chapter 31) to appropriate management, following local protocols.
Team Leader, Security Survey •
Ensure that a copy of the Health Facility Report, completed survey and Improvement Plan is retained in an appropriate place.
Public Health Organisation / Facility • •
Ensure that an electronic copy of the Health Facility Report is readily available should the Department require a copy Implement the Security Improvement Plan.
Part One - Guidelines for Conducting a Security Survey Using the NSW Health Security Improvement Tool
31-2
PART ONE GUIDELINES FOR CONDUCTING A SECURITY SURVEY USING THE NSW HEALTH SECURITY IMPROVEMENT TOOL
1.0
Introduction to the NSW Health Security Continuous Improvement Program (Improvement Program)
NSW Health is committed to the ongoing elimination and control of security risks to patients, staff, visitors and property. Its principal policy documents in this area are NSW Health circular 2003/92 and supporting publication Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities December 2003 (the Security Manual). The purpose of the Security Manual is to: • Outline NSW Health policy on key aspects of personal and property security • Provide detailed guidelines to assist public health organisations develop local security risk management programs and procedures • Assist public health organisations meet the relevant EQuIP criteria for security • Assist public health organisations maintain an effective security program that is based on a structured, on-going risk management process, consultation, appropriate documentation and record keeping and regular monitoring and evaluation and • Assist public health organisations to meet their legislative obligations. The chapters of the Security Manual can be located on the NSW Health website at www.health.nsw.gov.au/audit/manuals/protecting_people_property.pdf The Security Manual forms the platform on which the Improvement Program sits. The Security Improvement Tool, associated Guidelines and Security Improvement Plan, as outlined in this document, are linked to, and flow from the Security Manual. They will assist public health organisations to regularly measure implementation of key aspects of the Security Manual, identify areas requiring improvement and plan for implementation of those improvements. The remainder of Part 1 provides detailed guidelines on the Security Continuous Improvement Program and its implementation by public health organisations.
2.0
Purpose and Scope of the Improvement Program
As suggested above, the Improvement Program was developed to support and complement the Security Manual. The purpose of the Improvement Program is to assist public health organisations to: • Keep staff, patients and visitors safe, and keep property secure • Meet the relevant NSW OHS legislative requirements, and NSW Health policy requirements contained in the Security Manual • Measure essential aspects of their security risk management program for feedback to appropriate levels of management • Identify areas of the local security risk management program requiring improvement • Ensure local security risk management continuous improvement through the development of an improvement plan. Part One - Guidelines for Conducting a Security Survey Using the NSW Health Security Improvement Tool
31-3
The Security Continuous Improvement Program is provided in three parts: Part One (Chapter 31)
Part Two
Guidelines for Conducting a Security Survey Using the NSW Health Security Improvement Tool (the Guidelines) Security Improvement Assessment Tool (the Tool)
(Chapter 32)
Part Three
Security Improvement Plan (Improvement Plan).
(Chapter 33)
The Guidelines include detailed information for those using the Tool to conduct a security survey and develop a Security Improvement Plan. Therefore users must be familiar with the Guidelines and the Security Manual prior to conducting a security survey. The Tool provides public health organisations with a mechanism for assessing their security risk management program against the requirements of the Security Manual. The Improvement Plan will flow from an analysis of the results of the security survey, and allows public health organisations to systematically plan and implement improvements to the local security risk management program.
3.0
Status of the Tool
3.1
Annual Internal Security Survey
The Tool must be used to conduct the annual internal security survey as required in Chapter 8 of the Security Manual. Use of the Tool aims to promote consistency in the way security systems are assessed, allow for benchmarking and allow the Department to access consistent information on health system security performance as required.
3.2
Five Yearly External Security Survey
Public health organisations may wish to consider making the Tool available for use by external security services when they are engaged to conduct the five yearly external survey. Having someone independent of the Area using the Tool to conduct the survey may provide some informative insights on the status of the security risk management system and on how the Tool is being used by internal assessors. It may also constitute a useful quality assurance mechanism.
4.0
Target Group for Using the Tool to Conduct Security Surveys
The Tool has been developed for use by NSW Health staff with a good working knowledge of risk management principles and their application in security risk management. Therefore, the intended users of the Tool include security staff, risk management staff, OHS staff and OHS Profilers. When the Tool is being used to conduct the annual security survey, at least two people from the target group should undertake the survey, where possible. In all cases, at least one assessor must hold a security licence eg security officer, security manager or health and security assistant. Other relevant personnel may also wish Part One - Guidelines for Conducting a Security Survey Using the NSW Health Security Improvement Tool
31-4
to take part in some or all of the survey eg facility manager, Area representative, unit manager etc. Depending on resources, the assessment team should be structured to maximize opportunities for surveying the facility with ‘fresh eyes’. It is desirable that public health organisations continue to use external security experts to conduct the five year external security survey. However, where this poses significant difficulties eg lack of available external security experts in some rural areas, the external survey may also be conducted by such individuals or groups suggested in the previous paragraph, provided they are from another Area, as advised in Chapter 8 of the Security Manual.
5.0
Overview of the Improvement Program
5.1
Part One: The Guidelines (Chapter 31)
Part 1 of the Program consists of The Guidelines (1.0 to 7.0) and includes an Executive Summary and detailed information for those using the Tool. Assessors will need to be familiar with all of Part 1, and have a good working knowledge of the Security Manual prior to using the Tool to conduct the security survey.
5.2
Part Two: The Tool (Chapter 32)
Part Two consists of the Health Facility Report, Detailed Indicative Evidence Guidelines and the Assessment Tool itself.
5.2.1 Health Facility Report The Tool begins with the Health Facility Report, which forms a template for recording relevant information associated with conducting the survey. The Health Facility Report includes the following: • Health Facility Coversheet (Coversheet) • Health Facility Summary Sheet (Summary Sheet) • Health Facility Score Sheet (Score Sheet). The Coversheet includes facility details, survey score, date the survey took place and facility contact officer details. The Summary Sheet includes the public health organisation and facility name, assessor name/s and titles, date survey was conducted, and parts of the facility physically visited during the survey. The Score Sheet includes the score achieved for each Element, the score and percentage for each Section and the facility’s total score and percentage for both a full survey and a Mandatory Elements only survey. A copy of the completed Health Facility Report should accompany the Security Improvement Plan when it is presented to management.
5.2.2 Detailed Indicative Evidence Guidelines The indicative evidence guidelines provide detailed information on accessing and using Indicative Evidence, as listed in the Indicative Evidence column of the Tool itself, to determine what Standard to allocate against the particular Element being assessed. Part One - Guidelines for Conducting a Security Survey Using the NSW Health Security Improvement Tool
31-5
The Detailed Indicative Evidence Guidelines must be closely consulted and well understood by assessors prior to their commencing a security survey.
5.2.3 The Assessment Tool The assessment part of the Tool is designed to focus on the following aspects of each key component of the security risk management program as outlined in the Security Manual: • • •
Determining the existence of appropriate systems and procedures Assessing the level of employee involvement in, and awareness of these systems and procedures Ascertaining the degree to which these systems and procedures are implemented in the workplace.
The structure and layout of the Tool are similar to that of the NSW Health OHS Profile, as this approach is well known to Chief Executives, Executive Directors and OHS Profilers, is relatively simple to use and provides a mechanism for identifying areas requiring improvement. The Tool’s content follows that of the Security Manual, with some slight variations, as follows: • • •
The Tool incorporates the requirements of chapters 3 and 4 of the Security Manual into a single element (1.3 Security Risk Management in the Planning Process) The Tool incorporates the requirements of chapters 14 and 28 of the Security Manual into a single element (2.6 Provision of Security Services) The Tool does not include standards or indicative evidence for Chapter 30 Effective Incident Management.
The Tool consists of four Sections that reflect the four main sections of the Security Manual. Each Section in the Tool is divided into a number of Elements, with each Element reflecting the corresponding chapter from the Manual. Four possible levels of performance, or Standards, are outlined for each Element, ranging from minimal performance to best practice. Examples to support each Standard are cited in the Indicative Evidence column to assist the assessor in allocating the correct standard of performance for that Element. Each Element includes a scoring system, and a ‘Standards Achieved and Notes’ column which can be completed by the assessor as each Element is assessed.
5.3
Part Three: The Security Improvement Plan (Chapter 33)
The Improvement Plan should be developed as soon as possible after the completion of the security survey, in consultation with the key facility contacts for the survey and other relevant stakeholders. It is crucial to the successful implementation of the Improvement Plan that all those with a key role to play in its implementation are consulted during its development. For example, if the security survey indicates that the emergency department duress alarm system is inadequate, and the associated duress response is not well organised, then relevant personnel in the emergency department, including management, should be consulted and some in principle agreement reached on proposed recommendations to remedy the situation. This will then pave the way for the formal approval process once the Improvement Plan is completed. Part One - Guidelines for Conducting a Security Survey Using the NSW Health Security Improvement Tool
31-6
The Improvement Plan template lists all Elements. The assessor should list and prioritise recommended improvement strategies against the appropriate Element to address significant gaps in security risk management identified via the survey. The Improvement Plan also includes headings for responsibility (to identify those with responsibility for the implementation of the various recommendations), timeframes for implementing each strategy and resource implications. The target audience for the Improvement Plan will depend on the scope of the proposed improvements and the type and amount of resources required to implement the Plan, and may include unit managers, the facility manager and/or Area Chief Executive. In the example given above, the senior management position in the emergency department would certainly be included in the formal approval process for the Improvement Plan. The approval and implementation process for the Improvement Plan will need to be consistent with local policies, procedures and practices. The important point is that the information in the Plan should be used in the most appropriate manner to ensure that serious gaps in security risk management are dealt with promptly, and that other deficiencies are identified for improvement in forward planning. Public health organisations may choose to follow the same process they use for developing and implementing local Numerical Profile OHS Improvement Plans.
6.0
Interpreting the Assessment Tool
6.1
Sections
The four sections in the Tool, reflecting the four relevant sections of the Security Manual, are: • Section 1 Security Risk Management Framework • Section 2 Core Security Risk Controls • Section 3 Security Risk Controls in Priority Areas • Section 4 Security Risk Controls in Unplanned Events.
6.2
Elements
Each Section is sub-divided into a number of key Elements, ranging from 4 to 9, depending on the section. There is a total of 26 Elements in the Tool. Each Element describes the particular policy from the Security Manual to be surveyed.
6.2.1 Determining Which Elements to Survey Depending on the public health organisation, some Elements in the Tool may not be applicable eg there may be no radioactive substances associated with the facility and therefore the related Element does not need to be completed. However, good judgment should be used when determining what Elements, if any, may not need to form part of the survey. For example, a metropolitan facility may assume that there are no rural or remote facilities, when in fact there may be a community health service on the grounds, whose location is quite removed from the main building. The important points to consider in this instance are the security risks associated with the location of the service, its access to an emergency response and the timeliness of that response.
Part One - Guidelines for Conducting a Security Survey Using the NSW Health Security Improvement Tool
31-7
Similarly, while a facility might not have a car park, it should not automatically dismiss this Element, as, where evening and night staff are required to park off site, this may in fact actually increase security risks. After careful assessment, where it is determined that an Element is not relevant, a note of ‘not applicable’ should be inserted next to the particular Element on the Score Sheet.
6.2.2 Mandatory Elements When public health organsiations are conducting the annual survey, all Elements of the Tool relevant to the facility should be assessed, particularly when the results of the survey are being used to support EQuIP accreditation requirements. As a minimum, however, the following 20 Elements must be assessed each year: • Section One: Elements 1.1, 1.2, 1.3, 1.4, 1.5, 1.6, 1.7 • Section Two: Elements 2.1, 2.2, 2.3, 2.4, 2.5, 2.6 • Section Three: Elements 3.1, 3.2, 3.3, 3.4, 3.5 • Section Four: Elements 4.3, 4.4 The Department may vary these mandatory Elements from time to time.
6.3
Standards
The rating mechanism used to measure performance is called a Standard. After each Element is assessed, the assessor assigns one of the four possible Standards, A, B, C or D, to the Element. This rating system is used consistently for all Elements, and all Standards are assigned a pre-determined score. Standard D
Minimum / Nil
Signifies little or no activity against the element
Standard C
Some
Signifies that there is some risk management activity ie some consultation has occurred, some risk assessment and risk control activities have taken place, but there is still a significant amount that needs to be done to reach minimal compliance with the relevant policy in the Security Manual.
Standard B
Reasonabl e
Signifies a reasonable level of risk management activity ie appropriate consultation has occurred, significant risk assessment and risk control activities have taken place and there is compliance with most, though not all, aspects of the relevant policy in the Security Manual. Some but not all control strategies are implemented, and review of control strategies may have occurred to some degree.
Standard A
High
Signifies a high level of risk management activity, training and consultation with staff and their representatives, a high level of commitment to OHS from all levels of the organisation, all significant security risks have been assessed and as far as practicable, all relevant risk controls have been implemented. There is compliance with all aspects of the relevant policy in the Security Manual. There is a continuous improvement mechanism in place that would include regular monitoring, review and a feedback loop into the system. Standard A signifies excellence/best practice.
Part One - Guidelines for Conducting a Security Survey Using the NSW Health Security Improvement Tool
31-8
6.4
Indicative Evidence
Indicative Evidence is evidence that will help determine how well the public health organisation performs against the particular Element. The evidence listed in the Indicative Evidence part of the Tool gives suggestions for the kind of information that can be sought by assessors to assist them to determine the relevant Standard. There are three main ways of collecting evidence: verbal information, documentary information and observation. Each of these methods will need to be used against each Element, to be sure that the correct Standard is applied. Each method will provide a slightly different perspective on the Element being assessed, and will help the assessor get a clearer picture of what is happening in relation to the particular Element. The nature of the evidence that will provide this information will vary from facility to facility and even within the facility. The Indicative Evidence list does not include all of the evidence that could show performance against each Standard. Equally, assessors do not need to check on every suggested item under Indicative Evidence. The knowledge, skills, expertise and experience of the assessor, as well as his or her familiarity with the area being assessed, will determine the range and depth of Indicative Evidence reviewed, before allocating the Standard. Assessors will need to keep this in mind when reviewing evidence, to ensure that the Indicative Evidence does not become the de facto Standard.
6.5
Scoring and Interpreting Results
The Tool has a maximum possible score of 780 points ie the sum of all the A scores, with each of the four Sections worth a total of 210, 180, 270 and 120 respectively. Where Elements are not applicable, assessors should omit the score and the total score available is reduced by the amount of that Element's A Standard ie 30. For example, during a particular survey, Element 3.3 is considered to be not applicable. The maximum score for 3.3 is 30 points, therefore this must be subtracted from the possible total for the entire survey ie 780 minus 30, which results in the new possible total becoming 750. As a Standard is allocated against each Element it can be recorded in the Standard Achieved and Notes section of the Tool. At the conclusion of the survey the scores for all Elements completed are then transferred to the Health Facility Score Sheet. The score for each Section, and the final score must then be aggregated, and expressed as a percentage. For example, if the maximum possible score for a particular Section is 210, and the actual score is 120, then to obtain the percentage score for the Section, the actual score (120) is divided by the maximum score (210), and then multiplied by 100 to convert to a percentage, resulting in a score of 57.1% for that particular Section. If the maximum possible score for the survey is 750, and the actual score is 540, then to obtain the percentage score, the actual score (540) is divided by the maximum possible score (750), and then multiplied by 100. This results in a score of 72%.
Part One - Guidelines for Conducting a Security Survey Using the NSW Health Security Improvement Tool
31-9
Similarly, the scores for the mandatory Elements should also be noted in the Mandatory Elements columns in the Health Facility Score Sheet, and the corresponding calculations completed ie scores totalled and converted to a percentage. Because all facilities are required, as a minimum, to conduct the survey of all applicable mandatory Elements, this provides an opportunity for some comparative analysis and benchmarking across facilities. The percentage result for the total survey represents the facility’s progress towards achievement of best practice in security risk management. Assessors need to determine Standards on a hard but fair basis. There is no ‘passmark’. Accordingly, if all aspects of a Standard (not to be confused with all the suggested Indicative Evidence) are not met, then the next Standard and score down must be assigned. For example, if all aspects of a B Standard are not met, then the C Standard and score should be assigned. Lower scores do not necessarily indicate that additional security risk management activities are not being performed, but perhaps that security risk management policies, procedures and practices are not fully implemented, are not documented, or not well communicated to or understood by relevant staff. As much of the information obtained by the assessors is through discussions with local staff, it is possible that information that is incomplete, incorrect or not up to date could be obtained. Therefore, assessors should ensure that they seek a variety of information sources.
6.6
Comments Column
Assessors can use this part of the Tool as they are conducting the security survey, to record their comments that support the Standard they have assigned and any particular areas that require special mention. For example, obvious control strategies that are missing can be quickly jotted down. These notes will form the basis for developing the associated Security Improvement Plan.
7.0
How to use the Tool
7.1
Preparing to Conduct a Security Survey
•
• •
Determine who will conduct the survey (see section 4.0). For example, a team approach using OHS, risk, security and clinical staff may result in a more comprehensive assessment. At least one of the assessors must be the holder of a security licence eg security manager, security officer, health and security assistant. Inclusion of one officer who conducted the last security survey will provide some continuity to the process. Depending on resources, the assessment team should be structured to maximise opportunities for surveying the facility with ‘fresh eyes’. Identify which Elements in the four Sections, if any, will not be included in the survey if they are deemed inappropriate. For example, there may be no radioactive substances. Ensure that the assessors have a good working knowledge of the guidelines for conducting the security survey and the indicative evidence guidelines, as well as the relevant chapters of the Security Manual and their associated Sections in the Tool.
Part One - Guidelines for Conducting a Security Survey Using the NSW Health Security Improvement Tool
31-10
•
• • • • • • •
• •
7.2 •
• • • • • •
• •
Determine in advance, as far as possible, which parts of the facility (eg emergency department, car parks, pharmacy, mental health, community health etc) are applicable to which Elements and plan to address all possible Elements when physically in those areas. It is not necessary that all Sections of the Tool be completed at the one time. For example, it may be easier to plan the facility survey over a defined period of time eg a week, around the availability of those concerned. Determine who will need to be interviewed as part of the survey. Meet with the relevant senior executive/s to explain the survey. The Executive Summary at the beginning of the Guidelines may be useful information to provide at this time. Make arrangements in advance to access the facility, meet with the appropriate personnel for interviews, review documentation and make visual observations. Review the guidelines for conducting the survey (Part One of the document) and the Detailed Indicative Evidence Guidelines. Ensure that sufficient time is allocated for the completion of the survey. Be aware of the results and recommendations arising from the heath facility’s last Security Improvement Plan if relevant, and the results of any associated survey conducted by the public health organisation’s Internal Audit Unit. The report from any crime risk assessment survey conducted by Police may also be relevant and should be consulted if possible. Have a copy of the Guidelines and the Tool, including the Health Facility Report. Depending on the knowledge, skills and experience of the assessor/s, access to relevant sections of the Security Manual may also be useful. Complete the relevant sections of the Health Facility Report ie name of facility to be surveyed, name of assessors etc (see first section of the Tool for template).
Conducting the Security Survey If working as part of an assessment team, determine and agree on protocols for conducting the security survey and identify who will record the findings. Team members will have valuable input to make from their own operational perspective and area of expertise. Review the area of the facility being assessed against the relevant Element, using the Indicative Evidence as a guide. Gather relevant information, talk to staff, supervisors, managers and OHS Committee members, ask questions, view policies, procedures and other relevant documentation, take notes. When asking questions, listen and confirm responses. This is not the time to be debating with managers. Determine and agree the Standard to be assigned for each Element and record in the Standard Achieved and Notes column. Complete the Comments column as each Element is completed, while observations/suggestions/recommendations for improvement are still fresh. It may also be useful at this time to ‘walk through’ each Element of a particular Section with the manager or supervisor of the area being assessed, explaining why a particular Standard has been allocated, with the aim of getting consensus on the allocated Standard. At this time it is important to reinforce the positive aspects of the area’s performance. Complete all Elements of the Tool that are relevant to the facility. When the survey is concluded, complete the Score Sheet by circling the allocated score for each Element, totalling the score for each Section, calculating the percentage for each Section, then totalling the health facility’s overall score and percentage (see 6.5).
Part One - Guidelines for Conducting a Security Survey Using the NSW Health Security Improvement Tool
31-11
• • •
Assessors may choose to do this as they are conducting the survey, or at the end of the survey. For any Elements not completed, note them as “not applicable” on the Score Sheet. Using a similar method, complete the Mandatory Elements section of the Score Sheet. Complete any outstanding sections of the Health Facility Report.
7.3 • •
• •
Reporting Survey Results Draft the Improvement Plan in consultation with all key stakeholders (see section 5.3). Submit the Improvement Plan for approval using the appropriate local approval protocols. A copy of the completed Health Facility Report should also be included, and a copy of the Executive Summary of the Security Improvement Program, if appropriate. A full copy of the Health Facility Report, completed Survey and Improvement Plan should be retained in an appropriate place. It is recommended that the Plan be submitted within four weeks of the survey being conducted. All relevant managers should be included in the sign off as part of the approval process.
7.4
Departmental Reporting Requirements
The Health Facility Report (coversheet, summary sheet and score sheet) must be readily available for forwarding electronically to the Department, should the results be required.
8.0
Related Documents and Legislation
The following NSW Health documents should be closely consulted when using this Tool • Zero Tolerance Policy and Framework Guidelines (Circular 2003/48) • NSW Health Workplace Health and Safety: Policy and Better Practice Guide (Circular 2004/87).
8.1 • • • • • • • • • •
Other documents to be considered in conjunction with this Tool Corporate Governance and Accountability in Health – A Better Practice Reference Guide (Department of Health and Health Services Association of NSW – December 2002) Mental Health for Emergency Departments – A Reference Guide (2002) Management of Adults with Severe Behavioural Disturbances – Guidelines for Clinicians in NSW Health (2002) Working Group for Mental Health Care in Emergency Departments – Final Report and Recommendations Effective Incident Response: A Framework for Prevention and Management in the Health Workplace (Circular 2002/19) Design Series: Health Facility Guideline – Security and Safety (Circular 2003/13) Local Area or facility disaster management plans Reportable Incident Briefs to the NSW Department of Health (Circular 2003/88) NSW Health Policy and Procedures for Injury Management and Return to Work (Circular 2003/75) # Australian Standard 4485.1-1997 – Security for Health Care Facilities (Part 1: General Requirements)
Part One - Guidelines for Conducting a Security Survey Using the NSW Health Security Improvement Tool
31-12
8.1 • • •
Other documents to be considered in conjunction with this Tool (continued) # Australian Standard 4485.2-1997 - Security for Health Care Facilities (Part 2: Procedures Guide) Australian Standard 4083-1997 – Planning for Emergencies; Healthcare Facilities WorkCover NSW – Violence in the Workplace Guide (2002).
# EQuIP standards require the management of security risks with reference to any relevant Australian Standards. In line with this, reference should be made to Australian Standard 4485.1-1997 – Security for Health Care Facilities (Part 1: General Requirements) and Australian Standard 4485.2-1997 – Security for Health Care Facilities (Part 2: Procedures Guide).
8.2 • • • • • •
Legislation to be considered in conjunction with this Tool Occupational Health and Safety Act 2000 Occupational Health and Safety Regulation 2001 Security Industry Act 1997 (including Master Licence and Security Organisation Code of Practice) Security Industry Regulation 1998 Weapons Prohibition Regulation 1999 Workplace Surveillance Act 1998.
Part One - Guidelines for Conducting a Security Survey Using the NSW Health Security Improvement Tool
31-13
Part Two
Security Improvement Assessment Tool
Health Facility Report Detailed Indicative Evidence Guidelines The Tool
Security Continuous Improvement Program Health Facility Report
Health Facility Coversheet Area Health Service: ____________________ Facility: ______________________________ Score:
%
Date: ___/____/ 20___ Full Report Or Mandatory Elements Only Report (Please tick appropriate option) Facility contact officer:_________________ Phone number:_____________________
Security Risk Management Health Facility Summary Sheet Area Health Service: Facility: Address/Location: Date of Survey: Survey Conducted by: Name 1:
Tel:
Signature:
Tel:
Signature:
Tel:
Signature:
Title: Name 2: Title: Name 3: Title: Principal Facility Contacts: Name: 1.
Title/Phone:
2. 3. 4. 5. 6. 7. 8. Parts of facility physically visited during survey (eg ED, Mental Health, Outpatients etc):
NSW Health Security Improvement Tool – Part 2 – Score Sheets
Page 32–3
HEALTH FACILITY SCORE SHEET
ALL ELEMENTS (Insert N/A for “Not Applicable” beside those elements that have not been included in the survey)
STANDARD ACHIEVED
ELEMENT
(Please circle the score)
1. SECURITY RISK MANAGEMENT FRAMEWORK D (nil)
C (some)
B (reasonable)
A (high)
1.1 Security Risk Management Policy and Program
Mandatory
0
10
20
30
1.2 Security Risk Management Responsibilities
Mandatory
0
10
20
30
1.3 Security Risk Management in the Planning Process
Mandatory
0
10
20
30
1.4 Health Service Leasing of Property to or From External Parties
Mandatory
0
10
20
30
1.5 Security Arrangements for Patients in Custody
Mandatory
0
10
20
30
1.6 Security Education and Training
Mandatory
0
10
20
30
1.7 Security Continuous Improvement FACILITY RESULTS ALL ELEMENTS, SECTION 1
Mandatory
0
10
20
30
Facility’s score:
[Total maximum score for section 1 is 210]
out of a possible
Facility’s %:
2. CORE SECURITY RISK CONTROLS 2.1 Access Control
Mandatory
0
10
20
30
2.2 Key Control
Mandatory
0
10
20
30
2.3 Alarm Systems
Mandatory
0
10
20
30
2.4 Lighting
Mandatory
0
10
20
30
2.5 Provision of Security Services
Mandatory
0
10
20
30
2.6 Duress Response Arrangements FACILITY RESULTS ALL ELEMENTS, SECTION 2
Mandatory
0
10
20
30
Facility’s score:
[Total maximum score for section 2 is 180]
out of a possible
Facility’s %:
3. SECURITY RISK CONTROLS IN PRIORITY AREAS 3.1 The Clinical Environment
Mandatory
0
10
20
30
3.2 Security of Staff Working in the Community
Mandatory
0
10
20
30
3.3 Rural and Remote Health Services
Mandatory
0
10
20
30
3.4 Security in Pharmacies
Mandatory
0
10
20
30
3.5 Security in Car Parks
Mandatory
0
10
20
30
3.6 Security of Property
0
10
20
30
3.7 Security of Information
0
10
20
30
3.8 Security of Medical Gases
0
10
20
30
3.9 Security of Radioactive Substances FACILITY RESULTS ALL ELEMENTS, SECTION 3
0
10
20
30
Facility’s score:
[Total maximum score for section 3 is 270]
Facility’s %:
out of a possible
4. SECURITY RISK CONTROLS IN UNPLANNED EVENTS 4.1 Fire Security
0
10
20
30
4.2 Bomb Threat
0
10
20
30
4.3 Violence
Mandatory
0
10
20
30
4.4 Armed Hold-Up FACILITY RESULTS ALL ELEMENTS, SECTION 4
Mandatory
0
10
20
30
Facility’s score:
[Total maximum score for section 4 is 120] ALL ELEMENTS TOTAL score
out of a possible
Facility’s %: out of a possible
NSW Health Security Improvement Tool – Part 2 – Score Sheets
TOTAL PERCENTAGE
%
Page 32–4
HEALTH FACILITY SCORE SHEET
MANDATORY ELEMENTS ONLY STANDARD ACHIEVED
ELEMENT
(Please circle the score)
1. SECURITY RISK MANAGEMENT FRAMEWORK D (nil)
C (some)
B (reasonable)
A (high)
1.1 Security Risk Management Policy and Program
0
10
20
30
1.2 Security Risk Management Responsibilities
0
10
20
30
1.3 Security Risk Management in the Planning Process
0
10
20
30
1.4 Health Service Leasing of Property to or From External Parties
0
10
20
30
1.5 Security Arrangements for Patients in Custody
0
10
20
30
1.6 Security Education and Training
0
10
20
30
1.7 Security Continuous Improvement FACILITY RESULTS ALL ELEMENTS, SECTION 1
0
10
20
30
Facility’s score:
[Total maximum score for section 1 is 210]
Facility’s %:
out of a possible
2. CORE SECURITY RISK CONTROLS 2.1 Access Control
0
10
20
30
2.2 Key Control
0
10
20
30
2.3 Alarm Systems
0
10
20
30
2.4 Lighting
0
10
20
30
2.5 Provision of Security Services
0
10
20
30
2.6 Duress Response Arrangements FACILITY RESULTS ALL ELEMENTS, SECTION 2
0
10
20
30
Facility’s score:
[Total maximum score for section 2 is 180]
Facility’s %:
out of a possible
3. SECURITY RISK CONTROLS IN PRIORITY AREAS 3.1 The Clinical Environment
0
10
20
30
3.2 Security of Staff Working in the Community
0
10
20
30
3.3 Rural and Remote Health Services
0
10
20
30
3.4 Security in Pharmacies
0
10
20
30
3.5 Security in Car Parks FACILITY RESULTS ALL ELEMENTS, SECTION 3
0
10
20
30
Facility’s score:
[Total maximum score for section 3 is 150]
Facility’s %:
out of a possible
4. SECURITY RISK CONTROLS IN UNPLANNED EVENTS 4.3 Violence
0
10
20
30
4.4 Armed Hold-Up FACILITY RESULTS ALL ELEMENTS, SECTION 4
0
10
20
30
Facility’s score:
[Total maximum score for section 4 is 60]
Facility’s %:
MANDATORY ELEMENTS TOTAL score
out of a possible
NSW Health Security Improvement Tool – Part 2 – Score Sheets
out of a possible
TOTAL PERCENTAGE:
%
Page 32–5
Detailed Indicative Evidence Guidelines 1.0
What is Indicative Evidence?
Indicative Evidence means evidence that helps to determine how well the public health organisation performs against a given Element. The evidence listed in this part of the Tool gives suggestions for the kind of information that can be sought by assessors to assist them determine the relevant Standard. It does not list all of the evidence that could show performance against each Standard. Equally, assessors do not need to check on every suggested item under Indicative Evidence. The knowledge, skills, expertise and experience of the assessor, as well as his or her familiarity with the area being assessed, will determine the range and depth of Indicative Evidence reviewed, before allocating the Standard. It is critical that assessors keep an improvement focus when conducting the survey. That is, the important work is not in determining a score, but helping the facility identify areas where it works well and areas that are in need of improvement. It is relatively easy to apply a score, indeed this can be done in a superficial manner, but in order to take an improvement focus assessors must examine the facility closely and use all their skills, experiences and senses to determine where the gaps are, and how the facility might best deal with them.
2.0
Sources of Evidence – what to look for and how to use it
In assessing each Element, the assessor should look for evidence that the Standard is or is not met. The nature of the evidence will vary from facility to facility and between different departments within the facility. There are three main ways of collecting evidence: verbal information, documentary information and observation. Assessors should use each of these methods for each Element to ensure that the correct Standard is applied. Each method gives a slightly different perspective on the Element being assessed and will assist in generating a clearer idea about what is happening. Documentary evidence may lead assessors to ask questions about particular issues, or may verify verbal information that the assessor has heard. Seeing how the facility works (observation) will help verify what the assessor has heard, too. If contradictions are found, assessors may need to dig deeper and find out more to verify findings. This process of using different sources of information to build a picture is called triangulation and is critical to being able to make a fair and verifiable assessment. There is no substitute for getting inside the detail and seeing, feeling and hearing how it operates from different perspectives. This is relatively easy if assessors are not familiar with the facility – they are able to ask what might seem to be ‘silly questions’ because they are not expected to know the answer. It’s more difficult when assessors know the facility or the people in the facility know the assessor. In this case, people will answer assessor’s questions differently than they would a stranger’s. In selecting how the assessment will be conducted, assessors should ask themselves what should this facility look, sound and act like when this Standard is applied.
NSW Health Security Improvement Tool – Part 2 – Indicative Evidence
Page 32– 6
For example, consider pharmacy security: • What would an assessor expect an ‘A’ standard secure pharmacy to look like in the facility being assessed? • What access controls would expect to be found? • How do cleaners, maintenance staff and so on gain access without compromising security? • How would the assessor expect drugs to be delivered, stored, dispensed and disposed of? • What paperwork would the assessor expect and how would it help or hinder security? • What would the building be like? • What features of the building would help or hinder security? And so on... The Indicative Evidence in the Tool can be used to help form a picture in the assessor’s mind. Starting with a mental picture of what the ‘A’ Standard pharmacy should look like will open the assessor’s mind to what makes a lower scoring version as well as to variations that could meet the ‘A’ Standard in ways not imagined. The onus is on the assessor to have an image in mind, and to give the facility a chance to demonstrate that image or convince the assessor that what they have in place meets or betters the Standard.
3.0
Using verbal information
Structured interviews are formal interview of people using pre-determined questions. These types of interviews can be done only when it is clear what needs to be asked. Semi structured interviews use a combination of prepared questions and open discussion to probe further and allow the interviewee room to express ideas and opinions. Group interviews are good for focusing on a particular topic if it is possible, as people’s ideas and thoughts bounce off others and more information may be obtained than from a series of private interviews. Group interviews are difficult to arrange in some areas, but are an efficient use of time and can yield excellent results. Private interviews may need to be conducted if the topic is confidential or if interviewees request it. Informal discussions can give ‘off the cuff’ information that can be very revealing; these include conversations that assessors may have while walking around the facility, over a cup of tea or in the corridor. Assessors need to be alert at these times. If assessors hear a series of ‘stories’ in these circumstances, they should not be discounted or discarded as ‘gossip’, on the other hand, they should not be used indiscriminately. In informal talk people will tell their view of the world; their stories can reveal the soft underbelly as well as reinforce how well a facility operates. If the information is pertinent to the assessment, assessors should seek verification by looking at other sources of information, for example documentary evidence, or view first hand if the assessor has heard that a physical aspect of the building works well or doesn’t work well. Assessors should choose to talk to people at all levels in the facility who are affected by the Element under consideration. In the pharmacy for example, the assessor would talk with the following people: chief pharmacist, other pharmacy staff, medical and nursing staff from areas that use the pharmacy frequently as well as infrequently, cleaning staff, security staff, property staff and users if appropriate. NSW Health Security Improvement Tool – Part 2 – Indicative Evidence
Page 32– 7
4.0
Using documentary information
Minutes of meetings can reveal a lot about what and how things happen in an organisation, especially when compared with verbal information. For example, if the minutes of the OHS committee have recurring discussion about a particular hazard that is not dealt with for a considerable period of time, or if management representatives are not listed as being present at meetings, assessor may be led to form an opinion about how resources are managed and the level of commitment to security. Similarly, the nature of other documents can reveal how the facility formally operates. It is not simply enough to know that the documents exist; assessors will need to trawl through them to build a picture of how the facility works. Examples of documents that can expect to be examined in the course of a full assessment include: • Minutes • Leasing contracts • Hazard and incident reports • Checklists • Training contents • Attendance lists for induction and other training • Risk assessments • Work plans and timetables for implementing control measures • Security improvement plans • Budget allocations • Policies, procedures and protocols etc. These documents can be read on a superficial level to get an overview and they allow the assessor to follow a particular story through from beginning to end. For example, if a staff member says that they wrote up a security breach in the pharmacy as a hazard report but that it ‘went nowhere’, the assessor might choose to use that as an example in their document examination. The assessor could find the specific hazard report and follow it through the system to see what happened to it. This process will give information about how the system operates in practice (with real people in mind) and where the strong and weak points are. The assessor will be able to form questions to ask those people involved in the case and determine its nature. It may be revealed as an example of general inaction or failure of systems in the area or it may have been an outrider, perhaps something that had been dealt with but communicated poorly.
5.0
Using observation
Walking through the facility can give a very strong sense of how the facility works, especially when putting on various ‘hats’. Assessors will want to physically verify that the various security risk management processes and controls work in action. Examples include: • Are alarm systems installed and operating? Are staff duress alarm systems installed where they are needed and are they working? Do the associated procedures work in practice or do people take different action (and is that more or less sensible)? • Potential drug theft from the pharmacy: are doors locked, access denied as appropriate and other security arrangements in place? • Imagining being a first-time visitor trying to find your way through the facility: is the correct signage in place and does it make sense? Are assessors inadvertently led into what should be secure areas? NSW Health Security Improvement Tool – Part 2 – Indicative Evidence
Page 32– 8
During a walk-through, assessors will have informal conversations with people that can give insight into the operation of the facility; for example, hearing about the level of consultation that has been undertaken. Assessors should go to areas of the facility that are most affected by the Element being assessed. For example, assessors may learn about how pharmacy security operates at the point of service by sitting in the pharmacy waiting area for a while and simply observing how business is conducted.
6.0
Common forms of indicative evidence
In order to reduce the length of the Tool, common forms of indicative evidence are listed in the chart on the following pages and are not repeated under each Element of the Tool. Where there are forms of evidence that are specific to a particular Element, these are mentioned in the Indicative Evidence column within the body of the Tool. Assessors are NOT restricted to the use of these forms of indicative evidence, neither should they demand that each of these forms of evidence is available in order to be able to assess at a particular Standard. Assessors should look for these common forms of evidence, as well as be alert to other indicators of achievement or lack of achievement. Assessors may be faced with quite innovative approaches to achieving the Standards. Assessors must ask themselves “Does this do what it says it will do in order to fulfill the standard?” and “Can it do this reliably?” The chart on the following pages, which lists the common forms of indicative evidence (documentary, verbal and observation), will assist assessors in determining what forms of evidence lead to a particular A, B, C or D Standard.
NSW Health Security Improvement Tool – Part 2 – Indicative Evidence
Page 32– 9
Standard D Signifies little or no activity against the element. You can expect to find little or no evidence of achievement of the standard. You can expect that evidence of work towards the standard will be scanty, uncoordinated and patchy.
Standard C Signifies that there is some risk management activity ie some consultation has occurred, some risk assessment and risk control activities have taken place, but there is still a significant amount that needs to be done to reach minimal compliance with the relevant policy in the Security Manual. Standard C
Documentary Evidence
•
The policy for the element outlines a risk management approach to controlling the risks associated with the element and was developed in consultation with key staff and stakeholders.
•
The policy for the element identifies responsibilities of supervisors and staff.
•
Sight evidence that the requirements for the element and procedures for managing the risks associated with the element were established using a risk management approach, in consultation with key staff and stakeholders.
•
Sight written procedure that identifies responsibilities of supervisors & staff.
•
View documents recording any relevant risk assessments and/or recommended control measures.
•
Policy documents about the element are on display at Reception, Staff Canteen and OHS Noticeboard, or other places where they can be readily seen by staff, supervisors and managers.
•
Program materials, procedures and/or plans about the element are written and are readily available to be viewed by all staff, supervisors and managers. ‘Readily available’ will mean different things in different contexts. In addition to sighting the materials, assessors must ask staff about this.
•
Documentary evidence can help verify that the requirements for the element and the management of the risks arising from the element are not fully implemented or are flawed. Look for evidence that the policy may not be implemented in some departments, or some aspects of the policy may not have been implemented at all. For example, although this is a limited list: o
Memo from management about the allocation of resources to the element and evidence that it has been actioned.
o
In minutes of the Security Risk Management Committee (if one exists) or OHS Committee meetings.
o
Sight documented cases of security risk management, including identification and assessment of hazards and control of risks, have been conducted in consultation with employees, but not fully implemented.
NSW Health Security Improvement Tool – Part 2 – Indicative Evidence
Page 32– 10
Standard C continued….
Documentary Evidence
o
Sight evidence that not all risks are identified, or that not all identified risks are controlled.
o
Sight incident reports, registers or other documents that may indicate that there may be identified lapses in some areas, or some aspects of the policy or procedure may not have been implemented. Seek documentary evidence that control measures have not been implemented.
Standard C
Verbal Evidence
•
Interview staff, supervisors and managers to determine their awareness and understanding of the policy and procedures and their specific responsibilities.
•
Interview staff representatives to determine the level of consultation used to develop the policy and procedures.
•
Interviews with staff, supervisors and managers may provide evidence that the requirements for the element and the management of the risks arising from the element are not fully implemented or are flawed. For example, this might be evident in following ways (although this is a limited list): o
Awareness by supervisors and/or staff about the commitment of resources to deal with specific issues concerning the element,
o
Where the risk cannot be eliminated, ask people how appropriate control strategies, consistent with the hierarchy of controls, are implemented so that risks are reduced to the lowest practicable level.
o
Evidence that security-related hazards are controlled in consultation with staff and supervisors.
o
Evidence that not all risks are identified, or that not all identified risks are controlled.
o
Listen for evidence that the policy may not be implemented in some departments, or some aspects of the policy may not have been implemented at all. There may be identified lapses in some areas, or some aspects of the procedure may not have been implemented.
o
Evidence that control measures have not been implemented.
Standard C
Observation Evidence
•
Sight evidence that the procedures are readily available for staff, supervisors and managers to read.
•
Observation in the area may provide evidence that the policy, program, procedures and/or plans for the element and the management of the risks arising from the element are not fully implemented or are flawed. For example, this might be evident in following ways (although this is limited): o
Where the risk cannot be eliminated, observe on-site where appropriate control strategies, consistent with the hierarchy of controls, are implemented so that risks are reduced to the lowest practicable level.
NSW Health Security Improvement Tool – Part 2 – Indicative Evidence
Page 32– 11
Standard C continued…
Observation Evidence
o
Sight evidence that not all risks are identified, or that not all identified risks are controlled.
o
Look for on-site evidence that the policy may not be implemented in some departments, or some aspects of the policy may not have been implemented at all. For example, some forms of lighting or access control that are needed may not have been installed throughout the facility, or they may have been installed in some areas but not others.
Standard B Standard B builds on Standard C and should indicate that there is compliance with good practice for the standard. You should consider some of the same types of indicative evidence (some of these are repeated below) but be looking for superior performance, such as completion of control plans, follow up of identified hazards, high levels of consultation and communication with staff, supervisors and managers and therefore, high levels of understanding about the element amongst these people. These are types of features that differentiate Standard B performance from Standard C. Standard B signifies a reasonable level of risk management activity ie appropriate consultation has occurred, significant risk assessment and risk control activities have taken place and there is compliance with most, though not all, aspects of the relevant policy in the Security Manual. Some but not all control strategies are implemented, and review of control strategies may have occurred to some degree. Standard B
Documentary Evidence
In addition to the Standard C Documentary Evidence: •
•
Documentary evidence can help verify that the requirements for the element and the management of the risks arising from the element are fully implemented. Look for evidence that the policy is implemented in all departments and that all aspects of the policy have been implemented. For example, this might be evident in the following ways (although this is a limited list): o
Sight documented cases of security risk management, including identification and assessment of hazards and control of risks, having been conducted in consultation with employees and fully implemented.
o
Sight documentary evidence that risks are identified and controlled.
o
Sight incident reports, registers or other documents that indicate how thoroughly the policy or procedure has been implemented.
Sight evidence of expenditure on the element based on the facility’s business plan.
NSW Health Security Improvement Tool – Part 2 – Indicative Evidence
Page 32– 12
Standard B
Verbal Evidence
In addition to the Standard C Verbal Evidence:
•
•
Sight evidence of a satisfactory system to ensure dissemination of the procedures throughout the facility to staff, supervisors and managers.
•
Staff and stakeholders can discuss the process of determining the arrangements for the element. In particular, they are aware of the risk management approach and the section and appendices on the element in the latest version of the Security Manual. Key stakeholders may include: senior management, risk managers, staff representatives, human resource personnel, security staff, OH&S Committee representatives, health unions, representatives of priority areas such as mental health and emergency departments, community staff, and other stakeholders such as local police and ambulance. This evidence can be obtained through interviews with staff, management and external stakeholders if appropriate.
Interviews with staff, supervisors and managers may provide evidence that the requirements for the element and the management of the risks arising from the element are fully implemented. For example, this might be evident in following ways (although this is a limited list): o
Evidence that risks are identified and controlled.
o
Listen for evidence that the policy is fully implemented in all areas.
Standard B
Observation Evidence
In addition to the Standard C Observation Evidence: •
In determining the requirements for the element, the issues outlined in the section on the element in the latest version of the Security Manual have been considered.
•
Observation in the area may provide evidence that the policy, program, procedures and/or plans for the element and the management of the risks arising from the element are fully implemented. For example, this might be evident in following ways (although this is a limited list): o
Sight evidence that risks are identified and controlled.
o
Look for on-site evidence that the policy is fully implemented in all areas. For example, look for evidence of consistent application of control measures (where this is appropriate).
NSW Health Security Improvement Tool – Part 2 – Indicative Evidence
Page 32– 13
Standard A Standard A builds on Standard B and indicates best practice for the standard. To be assessed at Standard A, all of Standard B should be in place, therefore the Standard B types of indicative evidence are not repeated below. Instead, Standard A requirements are the ‘cream’ on Standard B performance and you will be looking for some features that indicate a commitment to continuous improvement and practices that put this commitment into effect. These are features that differentiate Standard A performance from Standard B. Standard A signifies a high level of risk management activity ie in consultation with staff and their representatives, all significant security risks have been assessed and as far as practicable, all relevant risk controls have been implemented. There is compliance with all aspects of the relevant policy in the Security Manual. There is a continuous improvement mechanism in place that would include regular monitoring, review and a feedback loop into the system. Standard A signifies excellence/best practice. Standard A
Documentary Evidence
In addition to the Standard B Documentary Evidence: •
Sight documentary evidence of review of the element within the last three years (eg committee minutes).
Standard A
Verbal Evidence
In addition to the Standard B Verbal Evidence: •
Interviews with staff, supervisors and managers may provide evidence of review of the element within the last three years.
•
Interview staff, supervisors and managers to determine their level of involvement in the review process.
Standard A
Observation Evidence
In addition to the Standard B Observation Evidence: •
On-site observation may provide evidence that the element is reviewed as part of refurbishment of the workplace, changes in systems, changes in work organisation and changes in the community or external environment (including legislative change) that may impact on the element. (For example, duress response arrangements may be reviewed as part of refurbishment of the workplace, changes in security systems, changes in work organisation and changes in the community that may impact on the need for and nature of duress response arrangements.)
NSW Health Security Improvement Tool – Part 2 – Indicative Evidence
Page 32– 14
SECURITY IMPROVEMENT ASSESSMENT TOOL SECTION 1. SECURITY RISK MANAGEMENT FRAMEWORK TABLE OF CONTENTS 1.1 Security Risk Management Policy and Program 1.2 Security Risk Management Responsibilities 1.3 Security Risk Management in the Planning Process 1.4 Health Service Leasing of Property to or from External Parties 1.5 Security Arrangements for Patients in Custody 1.6 Security Education and Training 1.7 Security Continuous Improvement
Part Two – Security Improvement Tool – Section 1 – Security Risk Management Framework
Page 32-15
SECTION
Security Risk Management Framework
ELEMENT
1.1 Security Risk Management Policy and Program Standards
There is a minimal or no statement of policy or formal program for Security Risk Management. C. There is a written policy and formal program for Security Risk Management that is available in the workplace and is endorsed by the facility’s current management but they are not fully implemented. Some security related hazards are identified, assessed and attempts have been made to control these risks. B. There is a written Security Risk Management Policy: λ That is signed by the Chief Executive. λ That is developed and implemented in consultation with staff and in accordance with the Security Manual. λ That is given to managers, supervisors and all staff. λ That states management’s responsibilities and commitment to the provision of the necessary resources to enable the policy to be implemented. λ That states the responsibilities of supervisors and staff in the implementation of the policy. λ Where managers and supervisors are aware of their policy and statutory responsibilities for security risk management. The policy is accompanied by a formal program: λ That has been developed consultatively. λ That has been documented in accordance with the Security Manual. λ That has been distributed to all departments/divisions of the facility. λ That incorporates a risk management approach: λ Where security-related hazards are identified, assessed and controlled λ Where staff and stakeholders (including patients and visitors) are consulted in accordance with the Security Manual.
Indicative Evidence
MANDATORY Standard Achieved And Notes
D.
Look for common forms of indicative evidence.
1. 2.
3.
4.
Look for common forms of indicative evidence and also: Sight evidence that the public (patients and visitors) is engaged in the management of security. This may be through the display of security messages, the inclusion of security in patient information brochures and in the display of a code of conduct for all persons at the facility. Sight evidence of chief executive/senior management and staff involvement in the development of the security risk management program. Sight documentary evidence of consultation (eg through minutes of meetings) and assess quality of that consultation through interviews with management, supervisors and staff. Sight evidence that appropriate expertise is used in specialist areas, eg planning to install a duress alarm system.
Part Two – Security Improvement Tool – Section 1 – Security Risk Management Framework
Page 32-16
SECTION
Security Risk Management Framework
ELEMENT
1.1 Security Risk Management Policy and Program Standards
Indicative Evidence
MANDATORY Standard Achieved and Notes
B (continued) λ
A.
Where risks cannot be eliminated, the hierarchy of controls is used to find control strategies so that risks are reduced to the lowest practicable level λ Where risk control strategies are monitored and evaluated for effectiveness λ Where each stage of the risk management process is documented and made available to relevant parties. λ Where incidents are reported and investigated. In addition to B, the Policy statement is reviewed as required and is dated within the last three years. Management is held accountable for security risk management in accordance with Policy. Managers systematically ensure that all levels in the facility understand and implement the security risk management program. A system is in place for monitoring legislative changes and initiating actions to achieve compliance.
1. 2.
3.
Look for common forms of indicative evidence and also: Sight evidence that a system for compliance measurement and monitoring, and informing appropriate managers, employees, contractors, students and volunteers where applicable, of new/amended legislation and policy. Managers’ reports on remedial measures made after incidents, progress towards achievement of objectives and other security risk management activities to management meetings. λ Evidence of compliance is monitored, for example by λ Performance appraisals, λ Action plans in place, λ Business plans λ Minutes of management or various consultative meetings
COMMENTS
Part Two – Security Improvement Tool – Section 1 – Security Risk Management Framework
Page 32-17
SECTION
Security Risk Management Framework
ELEMENT
1.2 Security Risk Management Responsibilities Standards
D. C. B.
A.
There is little or no understanding of responsibilities for security management in the facility. Security risk management responsibilities are written down but are not fully understood. Security risk management responsibilities, as described in the Security Manual, are incorporated into the security risk management policy and program. All personnel at the facility are aware of their responsibilities and the responsibilities of others with respect to security risk management. In addition to B, managers systematically ensure that all levels in the facility understand their security risk management responsibilities. A system is in place for monitoring legislative changes to responsibilities and ensuring these are disseminated as appropriate and incorporated into policy and program.
Indicative Evidence
MANDATORY Standard Achieved and Notes
Look for common forms of evidence. Look for common forms of evidence.
1.
Sight evidence of consultation on security with employees and the community (eg via a security committee or security as an agenda item on community committees).
COMMENTS
Part Two – Security Improvement Tool – Section 1 – Security Risk Management Framework
Page 32-18
SECTION ELEMENT
Security Risk Management Framework 1.3 Security Risk Management in the Planning Process Standards
D. C.
MANDATORY
Little or no consideration is given to security risk management in the facility planning activities. Security risk management occurs in some planning activities but not consistently across the facility.
Indicative Evidence
1.
2.
3.
Standard Achieved and Notes
Interviews with management and staff indicate that security risk management decisions are sometimes made following an analysis of the impact of the decision on personal and property security. Sight evidence of plans that incorporate security risk management or evidence that security risk management has been addressed in the planning process (eg minutes of planning meetings, refurbishments etc). Sight evidence that planning for security risk management has not been implemented fully across the facility. λ
Examples of some departments where security risk management has not been included in planning processes.
λ
B.
Security risk management is considered in all formal and informal planning processes in consultation with employees, including the development of: 1. Strategic plans 2. Business plans 3. Service development plans 4. Disaster/emergency plans 5. Project Definitions Plans (as part of Facility Planning) 6. Procurement process, including processes for procuring services, premises, equipment, furniture, fixtures and fittings and 7. OHS improvement and management plans.
1.
Examples of the need to re-fit a recently constructed or renovated facility to control a security risk would provide this evidence. For example, examine documentation or interview management, supervisors and staff. Ask: Was security risk management left out of the original plans? Was it in the original plans but then cut out deliberately to keep to budget, with the intention of re-fitting later? If so, is there evidence that the facility has budgeted for the necessary re-fitting of security items? Sight evidence of plans that incorporate security risk management or evidence that security risk management has been addressed in consultation with employees in the planning process for strategic plans, business plans, service development plans, disaster/emergency plans, Project Definitions Plans (as part of Facility Planning), procurement process, including processes for procuring services, premises, equipment, furniture, fixtures and fittings and OHS improvement and management plans.
Part Two – Security Improvement Tool – Section 1 – Security Risk Management Framework
Page 32-19
SECTION
Security Risk Management Framework
ELEMENT
1.3 Security Risk Management in the Planning Process Standards
B. (continued)
Indicative Evidence 2.
3.
4.
5.
A.
In addition to B, security risks are considered and addressed in consultation with employees during the planning process ensuring that a more secure environment is achieved once the plan is implemented. The effectiveness of planning and design controls is evaluated.
1.
2. 3.
4.
MANDATORY Standard Achieved and Notes
Sight evidence that consideration has been given to security risk management in the design of new or modified workplaces in consultation with employees. λ Minutes planning meetings, examination of building/refurbishment plans, or minutes of OHS Committee meetings are examples of sources of this evidence. Sight evidence that that the Crime Prevention Through Environmental Design (CPTED) guidelines and the relevant sections of the Security Manual are incorporated into building/refurbishment plans. Look for representation of people with security risk management expertise on committees that plan new and/or modified workplaces. Sight documentation and interview members of such committees to determine the level of involvement of such experts. Interviews with management and staff indicate decisions are made following an analysis of the impact of the decision on personal and property security. Sight examples where security risks have been addressed during the planning process such that concerns have been addressed and controlled eg, improvements in design, implementation of procedures, purchase of equipment etc. Sight evidence that hazards are identified and risks controlled during the design phase and prior to occupancy of premises. Sight evidence that security risks are considered prior to making changes to staffing, work practices, procedures, systems of work, or operational policies (eg isolated workers). Sight evidence that the effectiveness of planning and design controls is evaluated.
COMMENTS
Part Two – Security Improvement Tool – Section 1 – Security Risk Management Framework
Page 32-20
SECTION
Security Risk Management Framework
ELEMENT
1.4 Health Service Leasing of Property to or from External Parties Standards
D. C.
B.
There is little or no evidence that security issues are considered in leasing arrangements. Informal procedural arrangements for dealing with the security risks associated with leasing to or from external parties are developed but are not fully implemented
Formal policy and procedures for dealing with the security risks associated with leasing to or from external parties are developed in consultation with staff and key stakeholders, all reasonably foreseeable security risks associated with: λ λ
Leasing property for use by Health Services or
Leasing health facility premises to external organisations are identified, assessed and eliminated where reasonably practicable, or effectively controlled in accordance with Policy. The process is appropriately documented and arrangements for security are included in leases.
Indicative Evidence
1. 2.
1. 2.
3.
MANDATORY Standard Achieved and Notes
Sight evidence of procedures for dealing with security risks associated with leasing to or from external parties. Sight evidence that in at least one case of leasing to or from external parties the security risk management issues have been addressed in the leasing arrangements, and that risk controls have been implemented in consultation with staff and the external parties. Look for common forms of indicative evidence and also: Sight evidence that that Crime Prevention Through Environmental Design (CPTED) guidelines and the relevant sections of the Security Manual are incorporated when leasing property to or from external parties. Sight evidence that the risks associated with leasing premises from external parties, as outlined in the Security Manual, have been identified, assessed and controlled. Evidence may include (but is not limited to) the management of security risks associated with: λ Geographic location λ Local crime risk λ The capacity of communications technology to work at the site, sight evidence that checks have been made λ Proximity of local police services and/or a duress response team λ The number of people to be working at the premises λ The service to be provided from the premises and the likely clientele λ Security already provided at the premises (eg within a shopping centre) and the availability of these arrangements as part of the lease λ Parking and public transport arrangements λ The provision and availability of property maintenance (eg who is responsible for glass repair and is it available 24hrs a day?)
Part Two – Security Improvement Tool – Section 1 – Security Risk Management Framework
Page 32-21
SECTION ELEMENT
Security Risk Management Framework
MANDATORY
1.4 Health Service Leasing of Property to or from External Parties Standards
Indicative Evidence
Standard Achieved and Notes
λ λ
B. (continued)
4.
Access controls (eg what is the practice for basic lock-up?) Security of approaches (eg lighting, gardens, potential hiding places). Sight evidence that in negotiating leases to external parties security risks have been identified, assessed and controlled in accordance with the Security Manual. Evidence may include (but is not limited to) the management of security risks associated with: λ
The nature of the business (eg type of customers, likelihood of armed robbery of banking services, control of large numbers of people at food outlets)
λ
The placement of the business (eg the need for external delivery doors for cash delivery to a banking facility, restriction or prevention of access to the premises via the health facility)
λ
A.
In addition to B, policy and procedures are reviewed at least every three years in consultation with staff. As a result, policy and procedures are modified as appropriate. Evaluation of the effectiveness of risk controls is built into the security risk management process and there is feedback to enable modification of risk controls as well as policy and procedures where appropriate.
Any security arrangements made by or with the external party (eg clear definition of security arrangements provided by the lessee and/or the health facility and the limits of those arrangements; any health service policies that need to be implemented by the lessee, such as firearms security) 5. Sight evidence that police crime risk assessments have been carried out before the finalisation of leases to or from external parties. 6. Examine leases to ensure that security risk management is incorporated explicitly, including clauses to cover identified risks and responsibility for building maintenance. 7. Interview staff engaged in lease negotiation and lessees to evaluate the effectiveness of the incorporation of security risk management in the process. Look for common forms of indicative evidence.
Part Two – Security Improvement Tool – Section 1 – Security Risk Management Framework
Page 32-22
SECTION ELEMENT
Security Risk Management Framework
MANDATORY
1.4 Health Service Leasing of Property to or from External Parties
COMMENTS
Part Two – Security Improvement Tool – Section 1 – Security Risk Management Framework
Page 32-23
SECTION
Security Risk Management Framework
ELEMENT
1.5 Security Arrangements for Patients in Custody Standards
D.
C.
Security risks associated with patients in custody not considered. There are no procedures or formal rules that incorporate the operational procedures of other Departments. Staff are aware of the existence of informal local arrangements for the management of patients in custody, but these arrangements are not always implemented or activated.
Indicative Evidence
1. 2.
3.
B.
Security risks associated with patients in custody are managed, as part of the facility security risk management process, in consultation with staff and relevant external Departments (eg Department of Corrective Services, Department of Juvenile Justice and NSW Police Service). In particular:
1. 2.
3.
λ
All reasonably foreseeable security risks associated with all patients in custody are identified and assessed
λ
Effective security procedures for controlling security risks, which are consistent with the operational controls of the relevant external Departments, are developed and implemented
4.
λ
The procedures are appropriately documented and communicated to relevant staff.
5.
6.
Look for common forms of indicative evidence and also: Sight evidence, or ascertain through interview, that staff are aware of the existence of local procedures for patients in custody and the Patients in Custody and the Risk Management sections of the Security Manual. Following receipt of notification that a patient in custody is to be admitted to the facility, staff briefings are held or copies of agreed protocols are circulated or made readily available. Look for common forms of indicative evidence and also: Sight evidence that the Health facility’s procedures accommodate the local operational requirements of the Departments of Police, Corrective Services and Juvenile Justice. Sight evidence or establish through interview that police, corrective services and juvenile justice management and custodial staff are made aware of relevant health facility protocols. Following receipt of notification that a patient in custody is to be treated in/ or admitted to the facility, staff briefings are held or copies of agreed protocols are circulated or made readily available. Sight evidence that there are processes to ensure that appropriate personnel are made aware of an inmate/detainee admission and that public and media enquiries are managed in accordance with policy and that other enquiries are answered with due regard to the clinical and statutory responsibilities for the patient’s ongoing care. Sight evidence that Security Manual policy is practiced with respect to the management of inmates/detainees of Correctional Services, Juvenile Justice or Police.
Part Two – Security Improvement Tool – Section 1 – Security Risk Management Framework
MANDATORY Standard Achieved and Notes
20
Page 32-24
SECTION ELEMENT
Security Risk Management Framework
Standards A.
MANDATORY
1.5 Security Arrangements for Patients in Custody
In addition to B, policy and procedures for the management of patients in custody are reviewed at least every three years, in consultation with staff and relevant government departments.
Indicative Evidence
Standard Achieved and Notes
Look for common forms of indicative evidence.
Evaluation of the effectiveness of risk controls is built into the risk management process and there is feedback to enable modification of policy, procedures and risk controls.
COMMENTS
Part Two – Security Improvement Tool – Section 1 – Security Risk Management Framework
Page 32-25
SECTION
Security Risk Management Framework
ELEMENT
1.6 Security Education and Training Standards
D.
C.
Management and staff have received little or no education and training about their statutory obligations with respect to security risk management. Management is aware of the existence of the Education and Training and the Risk Management sections of the Security Manual, but they are not fully implemented. That is, neither the assessment nor delivery of the training and education needs of supervisors and staff with respect to security risk management is complete.
Indicative Evidence
1.
2.
3.
4. 5.
B.
In addition to C, managers have been instructed on the application of policy and procedures as outlined in the Security Manual, and in particular they ensure that: λ
λ
λ
All staff are provided with appropriate security related education and training, including violence prevention and management training, consistent with legislative requirements as part of the Health Service security risk management program Education and training are appropriate to the role of the staff member and targeted to the level and type of security risk that may be encountered in the course of their work and Details of security related education and training conducted within the Health Service are documented and maintained.
1.
2.
3. 4.
MANDATORY Standard Achieved and Notes
Sight evidence, or ascertain through interview, that management is aware of the existence of the Education and Training and the Risk Management sections of the Security Manual. Sight evidence of some work towards completing a training needs analysis for security risk management. The work may have just commenced, or be in the process of completion. In any case it should have been developed and conducted in consultation with Health Service learning and development personnel. Sight evidence that some education and training for management, supervisors and staff in security risk management and aggression minimisation has been delivered but that this is not yet complete. Sight evidence that education and training are provided at induction. Sight evidence through interview and/or examination of records, that appropriately qualified people have conducted all education or training. Sight evidence, through interview or by the examination of documentation, including training records, that education and training are provided in compliance with the Occupational Health and Safety Act 2000 and the OHS Regulation 2001. This will include induction training, training about specific risks and training in hazard management. Sight evidence that a complete training needs analysis is conducted at least two-yearly and is developed and conducted in consultation with Health Service learning and relevant development personnel. Sight evidence that education and training records are maintained and are kept up to date. Sight evidence that education and training is provided at appropriate stages of work, including (but not limited to): λ At induction λ On arrival at a new work area (eg induction onto a ward)
Part Two – Security Improvement Tool – Section 1 – Security Risk Management Framework
Page 32-26
B.
λ As on-going refresher training during the course of
(continued)
employment λ When there are changes to work practices or procedures λ When new activities are introduced to the work area λ When incident investigations identify new hazards and new
controls are introduced. Sight evidence that staff at risk of violence (eg security, mental health, emergency department, drug and alcohol) are being provided with violence prevention and management training in line with the NSW Health circular 2003/50 NSW Health Training Program – A Safer Place to Work: Preventing and Managing Violent Behaviour in the Health Workplace. 6. Sight evidence that training in duress response/restraint techniques and procedures is given to appropriate people. 7. Sight evidence that evaluation of the effectiveness of education and training is conducted against appropriate, pre-determined performance indicators. Indicators might include (but are not limited to): λ Awareness about health service security related policies and practices λ Changes in the number of incidents occurring λ Changes in the number of hazards being reported Look for common forms of indicative evidence. 5.
A.
In addition to B, management of security education and training forms part of the security risk management process of the facility. These processes (policy and procedures) are reviewed at least every three years, in consultation with staff. Evaluation of the effectiveness of education and training to the control of risk is built into the risk management process and there is feedback to enable modification of education and training systems to appropriately skill staff and reduce risk. Changes in work practices generate formal discussion about changes in associated security risk management education and training and this is fed back into the education and training and security risk management processes of the facility on an ongoing basis.
COMMENTS
Part Two – Security Improvement Tool – Section 1 – Security Risk Management Framework
Page 32-27
SECTION
Security Risk Management Framework
ELEMENT
1.7 Security Continuous Improvement Standards
D.
There is little or no evaluation of the security risk management program. A process for evaluating the security risk management program is in place but is not fully implemented. Security improvement plans exist but are not fully implemented.
C.
Indicative Evidence
1.
2. B.
As part of the continuous improvement process, the health care facility evaluates all aspects of their security management program and ensures that evaluation outcomes are used in the on-going development of the security risk management program.
1.
As a minimum, the health care facility: Undertakes an internal security survey on an annual basis (defined as a process that evaluates the implementation of a security management program and effectiveness of that program against a pre-determined set of criteria) o Undergoes an external security survey every five years. (This survey can be undertaken by appropriately qualified staff from another Health Service).
o
Note: The use of this Security Improvement Tool will satisfy the requirement to undertake a survey on an annual and five-yearly basis, as outlined in the Security Manual.
MANDATORY Standard Achieved and Notes
Sight evidence that there are performance indicators for some aspects of the security risk management program and that these aspects are monitored against those criteria. Sight evidence that security improvement plans are at least partially implemented. Interview management and staff to ascertain that performance criteria are established in a consultative manner and that consideration is given to the reliability and validity of the information used, as well as to base line data when available. Performance indicators may be linked to program outcomes or components of the program and may change with time as the program is developed, implemented and improved. Performance indicators may be derived from various sources, including but not limited to: λ
Hazard and incident reports
λ
Duress response records
λ
OHS committee meeting minutes
λ
Results of security audits, surveys and inspections
λ
Workers compensation data
λ
2. 3.
4.
Workplace grievance records and staff turnover in priority areas. Examples of security-related performance indicators can be found in the Security Manual Sight evidence that a security survey is conducted annually, that an improvement plan is developed based on the outcome of the survey and that there is action towards implementation of the improvement plan. Sight evidence that an external survey of security is conducted every five years, that an improvement plan is developed based on the outcome of the survey and that there is action towards implementation of the improvement plan.
Part Two – Security Improvement Tool – Section 1 – Security Risk Management Framework
Page 32-28
SECTION
Security Risk Management Framework
ELEMENT
1.7 Security Continuous Improvement Standards
A.
In addition to B, the security assessment systematically feeds into a process of continuous improvement such that findings/recommendations of the assessment are fed back into the planning and development of the security risk management program, and changes implemented and evaluated for effectiveness.
Indicative Evidence 1. 2. 3.
MANDATORY Standard Achieved and Notes
Sight security improvement plan for all surveys. Sight evidence that the security improvement plan has been implemented. Sight evidence that the actions in the improvement plan have been evaluated for effectiveness and to ensure that no new risks have been introduced.
COMMENTS
Part Two – Security Improvement Tool – Section 1 – Security Risk Management Framework
Page 32-29
SECURITY IMPROVEMENT ASSESSMENT TOOL SECTION 2. CORE SECURITY RISK CONTROLS TABLE OF CONTENTS 2.1 2.2 2.3 2.4 2.5 2.6
Access Control Key Control Alarm Systems Lighting Provision of Security Services Duress Response Arrangements
Part Two – Security Improvement Tool – Section 2 – Core Security Risk Controls
Page 32–30
SECTION
Security Risk Management Framework
ELEMENT
2.1 Access Control Standards
D. C.
B.
There is no statement of policy for Access Control to the facility. There is a written policy and procedure for Access Control that is available in the workplace and is endorsed by the facility’s current management but is not fully implemented. The Access Control policy and procedures have been developed: λ In conjunction with key staff and stakeholders, and λ In accordance with the guidelines in the latest version of the Security Manual. The Access Control policies and procedures are documented and implemented. The consultation process has included the identification, assessment and elimination (where reasonably practicable) or effective control of security risks associated with access to workplaces. The Access Control policy and procedures include: λ Securing perimeters λ Controlling access to the land on which the facility is placed λ Providing safe access and egress, especially after hours and during emergencies λ Controlling access to vulnerable areas λ Clear signage λ Staff identification systems.
Indicative Evidence
MANDATORY Standard Achieved and Notes
Look for common forms of indicative evidence.
1. 2.
Look for common forms of indicative evidence and also: Interview staff about their knowledge and understanding of their access control responsibilities, including staff identification systems, according to the policy and procedures. 3. Sight evidence through talking to staff and stakeholders (for example stories about breaches or thwarted breaches of the system) that the access control system: λ Is secure enough to resist attempts to breach the system λ Can effectively differentiate between those who have authorized access and those who have not (eg fictitious cards?; numbers of cards = numbers of staff) λ Is reliable (can weak links be found?) λ Is regularly maintained and tested λ Includes an alternative system or process for providing access in the event of failure. 4. Review security surveys of high risk areas such as pharmacy, medical records, emergency departments, drug and alcohol.
Part Two – Security Improvement Tool – Section 2 – Core Security Risk Controls
Page 32–31
SECTION
Core Security Risk Controls
ELEMENT
2.1 Access Control Standards
A.
In addition to B, the Access Control policy and procedures are reviewed every three years or more frequently where there are changes in the workplace or in systems that impact on access control.
Indicative Evidence
MANDATORY Standard Achieved and Notes
Look for common forms of indicative evidence.
COMMENTS
Part Two – Security Improvement Tool – Section 2 – Core Security Risk Controls
Page 32–32
SECTION
Core Security Risk Controls
ELEMENT
2.2 Key Control Standards
Indicative Evidence
D.
There is little or no key control in evidence and little or no evidence that this is considered as part of the facility security risk management process.
C.
There is a written policy for Key Control that is available in the workplace and is endorsed by the facility’s current management but is not fully implemented.
Look for common forms of indicative evidence.
B.
The Key Control policy and procedures have been developed:
1. 2.
λ
in conjunction with key staff and stakeholders, and
λ
in accordance with the guidelines in the latest version of the Security Manual. The Key Control policies and procedures are documented and implemented. The consultation process has included the identification, assessment and elimination (where reasonably practicable) or effective control of security risks, such as theft and assault, associated with poor key control.
3.
4. The Key Control policy and procedures include the management of Security Keys that give access to: λ
Pharmacies, drug safes and cabinets λ Safes and other security containers λ Containers that hold security keys λ Specialist areas where for clinical/legal reasons patient movement around the facility is restricted λ Major important or sensitive assets and General Administration Keys which give access to support services and domestic assets.
MANDATORY Standard Achieved and Notes
Look for common forms of indicative evidence and also: Interview managers and supervisors (from across the facility) about their knowledge and understanding of their key control responsibilities, including security keys and general administration keys, according to the policy and procedures. Sight evidence that they know how to use the keys that they have access to. Interview staff about their knowledge and understanding of their key control responsibilities, including security keys and general administration keys, according to the policy and procedures. Sight evidence that the key control system can minimise the likelihood of theft and assault through talking to staff and stakeholders (for example stories about breaches or thwarted breaches of the system) and through sighting documentation that shows that the key control system: λ Is secure enough to resist attempts to breach the system λ Can effectively differentiate between those who have written delegation to hold and issue keys and those who have not λ Is reliable (can weak links be found?) λ Is regularly maintained and tested λ Includes a back-up system or process for providing access in the event of failure.
Part Two – Security Improvement Tool – Section 2 – Core Security Risk Controls
Page 32–33
SECTION
Core Security Risk Controls
ELEMENT
2.2 Key Control Standards
A.
In addition to B, the Key Control policy and procedures are reviewed every three years or more frequently when there are changes in the workplace or in systems that impact on key control.
Indicative Evidence
MANDATORY Standard Achieved and Notes
Look for common forms of indicative evidence.
COMMENTS
Part Two – Security Improvement Tool – Section 2 – Core Security Risk Controls
Page 32–34
SECTION
Core Security Risk Controls
ELEMENT
2.3 Alarm Systems Standards
D.
C.
B,
There is little or no evidence that the requirements for alarm systems have been established or that these are considered as part of the facility security risk management process. The requirements for alarm systems are determined and those systems are reviewed, but these processes are not fully implemented. The requirements for alarm systems (eg duress and intruder alarms) have been developed: λ In consultation with key staff and stakeholders, and
Indicative Evidence
MANDATORY Standard Achieved and Notes
Look for common forms of indicative evidence.
1. 2.
λ
In accordance with the guidelines in the latest version of the Security Manual so as to ensure that staff members, patients and assets are secure. As part of the risk management process, a regular review of all alarms systems occurs.
3.
Look for common forms of indicative evidence and also: In determining the requirements for alarms, the following risks have been assessed: λ Potential for violence against staff λ The type of work being carried out by staff λ Working in isolation λ Cash handling λ Goods and equipment stored in the area λ Level of external security risks λ Level of internal security risks λ Exits that may be left open by staff or patients λ The security needs of ‘at risk’ patients such as wandering elderly patients in wards, or children at risk of unauthorised removal from the facility λ Potential for use of emergency exits (eg fire escapes) by thieves to remove assets λ Potential for break in via doors and/or windows to remove assets and λ Potential for break into and theft of vehicles. Interview managers and supervisors (from across the facility) about their knowledge and understanding of their responsibilities concerning alarm systems. Sight evidence that they know how to use the alarm systems.
Part Two – Security Improvement Tool – Section 2 – Core Security Risk Controls
Page 32–35
SECTION
Core Security Risk Controls
ELEMENT
2.3 Alarm Systems Standards
B.
(continued)
Indicative Evidence 4.
5. 6.
MANDATORY Standard Achieved and Notes
Interview staff about their knowledge and understanding of their responsibilities with respect to alarm systems. Sight evidence that they know how to use the alarm systems. Evidence of expenditure for alarm systems based on the facility’s business plan. Sight evidence that the alarm system can minimise the likelihood of theft and assault through talking to staff and stakeholders (for example stories about breaches or thwarted breaches of the system) and through sighting documentation that shows that the alarm system: λ Complements any other protective measures taken by the facility λ
A.
In addition to B, the requirements for alarm systems are reviewed every three years or more frequently where there are changes in the workplace or in systems that impact on the effective functioning of alarms.
7. 1. 2.
3.
Features and configuration are appropriate to the identified needs and possible risk. Sight evidence of regular testing and maintenance of alarms. Evidence of review of the requirements for alarm systems within the last three years. Evidence that staff are involved in the review process. This can be obtained through documentation (eg committee minutes) and/or interviews with staff involved in the process. Evidence that the requirements for alarm systems are reviewed as part of refurbishment of the workplace, changes in security systems and changes in work organisation that may impact on the effective functioning of alarms.
COMMENTS
Part Two – Security Improvement Tool – Section 2 – Core Security Risk Controls
Page 32–36
SECTION
Core Security Risk Controls
ELEMENT
2.4 Lighting Standards
D.
C. B.
There is little or no evidence that the requirements for lighting have been established or that these are considered as part of the facility security risk management process. The requirements for lighting are determined and those systems are reviewed, but these processes are not fully implemented. The requirements for lighting have been developed: λ
in consultation with key staff and stakeholders, and
Indicative Evidence
A.
In addition to B, the requirements for lighting are reviewed every three years or more frequently where there are changes in the workplace or in systems that impact on the security provided by lighting.
Standard Achieved and Notes
Look for common forms of indicative evidence. 1. 2.
λ
in accordance with the guidelines in the latest version of the Security Manual. so as to ensure that internal and external lighting is sufficient to eliminate, where reasonably practicable, or control security risks related to poor lighting, and meet the relevant Australian Standards.
MANDATORY
3. 4.
5. 1. 2.
3.
Look for common forms of indicative evidence. The external lighting system used is that recommended for health facilities and uses luminaries of the High-Pressure Sodium (HPS) type in order to improve security in the vicinity of the light. Evidence of expenditure for lighting based on the facility’s business plan. Sight evidence that the selected lighting can improve security through talking to staff (including the Facilities Manager) and stakeholders (for example stories about breaches or thwarted breaches of security where lighting played a role). Sight evidence of regular testing and maintenance of lighting. Evidence of review of the requirements for lighting within the last three years. Evidence that staff are involved in the review process. This can be obtained through documentation (eg committee minutes) and/or interviews with staff involved in the process. Evidence that the requirements for lighting are reviewed as part of refurbishment of the workplace, changes in security systems and changes in work organisation that may impact on the security provided by lighting.
COMMENTS
Part Two – Security Improvement Tool – Section 2 – Core Security Risk Controls
Page 32–37
Core Security Risk Controls
SECTION
MANDATORY
2.5 Provision of Security Services
ELEMENT Standards
There is little or no evidence that the requirements for security services within each facility have been determined using a risk management approach. C. The requirements for security services within each facility have been determined using a risk management approach and in consultation with key staff and stakeholders, and some security services have been made available. Where security staff have been issued with batons or handcuffs, the associated risk assessment clearly identifies that this is a necessary risk control strategy, even after all other appropriate risk control strategies have been implemented. There are written procedures for managing the risks associated with the use of weapons by security staff that are available in the workplace and were developed in consultation with staff and key stakeholders using a risk management approach, but they are not fully implemented. B. In addition to C, the requirements for security services and for managing the risks associated with the use of weapons by security staff (where applicable) have been developed: λ In consultation with key staff and stakeholders, and
Indicative Evidence
Standard Achieved and Notes
D.
λ
In accordance with the guidelines and appendices in the latest version of the Security Manual so as to ensure that appropriate security services are provided to be able to respond effectively to security-related issues. Minimum standards for the provision of security services in the facility and the procedures for managing the risks associated with the use of weapons by security staff (where applicable) are documented and implemented.
Look for common forms of indicative evidence. Note: The Department of Health does not support the issue of batons and/or handcuffs as a key risk control strategy, and all other appropriate risk control strategies higher up the hierarchy of risk controls should be given priority for implementation, prior to considering the necessity of batons or handcuffs. Chapter 14 of the Security Manual must be closely consulted when assessing this Element.
1. 2.
Look for common forms of indicative evidence Sight evidence that in determining the requirements for security services, the following issues have been considered: λ The type of work being performed (eg emergency, alcohol and other drugs or mental health areas that may require access to 24/7 security) λ
The likely clientele using the service
λ
The number of staff on duty at any one time
λ
The size and layout of the facility
λ
The nature of incidents that have occurred previously
λ
The geographical location of the area being assessed (eg is it isolated?).
Part Two – Security Improvement Tool – Section 2 – Core Security Risk Controls
Page 32–38
Core Security Risk Controls
SECTION
Standards B.
MANDATORY
2.5 Provision of Security Services
ELEMENT
Indicative Evidence
(continued) The procedures take into account: λ
The need to implement all practical violence risk control strategies prior to considering issuing security staff with weapons
λ
The potential for weapons to be taken and used against staff, patients or visitors
λ
The potential for injury to staff who may use the weapons and those who the weapons are used against
λ
The potential for legal action over the use and misuse of weapons
λ
The legislative framework, including the Weapons Prohibition Regulation 1999 and the Security Industry Act 1997
λ
Managing post-incident issues.
λ
The crime risk of the locality (police can advise)
λ
Proximity of local police services
Standard Achieved and Notes
λ
3.
The current security controls in place and their effectiveness in reducing risk (eg access control measures). Sight evidence that the procedures for the use of weapons by security staff (where applicable) include the following: λ Instructions on application and use (eg the use of weapons is a last resort action, after all other avenues to resolve the situation have been exhausted) and should only be used defensively λ
Clear guidelines that ensure staff are acting within the law and that minimise harm
λ
Recording the use of weapons in detail
λ
Carrying out procedural debriefing following the use of weapons
λ
Providing specialist training prior to the issuing of weapons and the maintenance of a weapons training register
λ
4. 5. 6.
7.
Maintenance of a weapons inventory, including permanent identification of weapons. Sight appropriate licences and first aid accreditation of security staff. Sight evidence that current pre-employment guidelines are implemented when selecting people for security-related positions. Interview managers and supervisors (from across the facility) to determine their knowledge and understanding of the role of and their responsibilities towards security services and the use of weapons by security staff, including arrangements in contracts with external security providers. Interview staff (including security staff) about their knowledge and understanding of the role of and their responsibilities with respect to security services. This should provide the assessor with information about the nature of policy and procedures, their dissemination to staff and the level of appropriate training.
Part Two – Security Improvement Tool – Section 2 – Core Security Risk Controls
Page 32–39
Core Security Risk Controls
SECTION
Standards B.
MANDATORY
2.5 Provision of Security Services
ELEMENT
Indicative Evidence
(continued)
Standard Achieved and Notes
In particular, determine that: λ
The emphasis of security services is on prevention – see chapter 26 of the Security Manual and the NSW Health Zero Tolerance to Violence Policy and Guidelines (circular 2003/48)
λ
Security staff are aware of the differences between security service roles and police roles
λ
In the management of incidents physical force should be limited to assistance with restraint, evasive self-defence, defensive not aggressive responses and the minimum of force within the constraints of the law
λ
The use of physical and mechanical restraints is always in accordance with Chapter 14 of the Security Manual
λ
The use of chemical restraints is always in accordance with the guideline ‘Management of Adults with Severe Behavioural Disturbance – Guidelines for Clinicians in NSW (May 2002)’
λ
Searching of patients and visitors is within legal and policy guidelines (see the Mental Health Act and Chapter 14 of the Security Manual) both in voluntary and involuntary situations
λ
8.
9.
The retention, restoration, storage and disposal of weapons is carried out in accordance with Chapters 6 and 14 of the Security Manual the Prohibited Weapons Act 1998 and the Evidence Act 1995. Sight evidence that the selected security services can improve security through talking to staff and stakeholders (for example stories about breaches or thwarted breaches of security where security services played a role). Sight evidence that evaluation of the effectiveness of security services is conducted against appropriate, pre-determined performance indicators. Indicators might include (but are not limited to): λ Awareness about health service security related policies and practices
Part Two – Security Improvement Tool – Section 2 – Core Security Risk Controls
Page 32–40
Core Security Risk Controls
SECTION
Standards B.
MANDATORY
2.5 Provision of Security Services
ELEMENT
(continued)
Indicative Evidence λ
Standard Achieved and Notes
Changes in the number of incidents occurring
λ
A.
In addition to B, the requirements for security services and the procedures for managing the risks associated with the use of weapons by security staff (where applicable) are reviewed every three years. This may be more frequent where there are changes in the workplace or in systems, legislation, policy, or guidelines that impact on these areas, or where an incident in the workplace suggests that the current processes may be inadequate.
Qualitative analysis of the management of incidents by security services. 10. If the security risk management process has been reviewed by the Department of Health or other external agency, sight the results of these reviews for evidence of compliance with the Security Manual. Examples of implementation of suggested action from these reviews will also reveal information. 11. Sight evidence that strategies for controlling risks associated with the use of weapons by security staff are included in the repertoire of action, including ensuring that the staff issued with weapons are licensed security officers and that they receive specialised training. 1. Evidence of review of the requirements for security services, the need for batons and handcuffs and managing risks associated with the use of batons and handcuffs by security staff within the last three years. 2. Evidence that staff are involved in the review process. This can be obtained through documentation (eg committee minutes) and/or interviews with staff involved in the process. 3. Evidence that the requirements and procedures for security services are reviewed as part of refurbishment of the workplace, changes in security systems, changes in work organisation and changes in the community that may impact on the need for security services or on the use of weapons by security staff.
COMMENTS
Part Two – Security Improvement Tool – Section 2 – Core Security Risk Controls
Page 32–41
Core Security Risk Controls
SECTION
MANDATORY
2.6 Duress Response Arrangements
ELEMENT Standards
There is little or no evidence that duress response arrangements have been established or that these are considered as part of the facility security risk management process. C. Duress response arrangements are determined using a risk management approach, but these processes are not fully implemented. B. As part of the facility security risk management process, there are appropriate, timely and effective response arrangements for both clinical and other duress situations (including response to duress alarms) that have been developed and implemented:
Indicative Evidence
Standard Achieved and Notes
D.
Look for common forms of indicative evidence.
1. 2.
λ
In consultation with key staff and stakeholders, and λ In accordance with the relevant guidelines and appendices in the latest version of the Security Manual. Staff are aware of the options available to them when faced with a violent individual, that consider: λ the nature and severity of the event, λ whether it is a patient, visitor or intruder, and λ the skills, experience and confidence of the staff member/s involved. Where appropriate a duress response team is established. It consists of enough people to provide appropriate response depending on the nature of the facility, and the members are trained. Staff understand that they can expect an appropriate response to a duress alarm or when seeking urgent assistance in a threatening situation. Management accepts that staff are entitled to call for assistance in duress situations in accordance with the Department’s Zero Tolerance Policy and Framework Guidelines (Circular 2003/48).
3.
Look for common forms of indicative evidence and also: There is evidence that in planning, implementing and reviewing duress response arrangements, the following issues have been considered: λ Safety of patients, staff and others λ Ensuring that the response is appropriate, adequate, timely and effective λ Respect and dignity of staff and patients (although safety is the priority) λ Empathy and recognition of the experiences of all involved λ Offer of support and care as needed λ Support for rapid and effective treatment and rehabilitation as indicated λ Compatibility with the facility’s emergency procedures (eg fire, bomb threat, medical emergency etc) with duress response plans. Staff are aware that there is a range of options available to them when faced with a violent individual, including triggering a duress alarm. These will vary from facility to facility. Interviews with staff and management should elicit knowledge about the features of an effective duress response: λ Requires one call or alarm trigger λ Call or trigger is early rather than later in the event λ Staff are aware of protocols for getting assistance λ Response is as fast as possible λ Response is standardised as far as possible to reduce confusion
Part Two – Security Improvement Tool – Section 2 – Core Security Risk Controls
Page 32–42
SECTION
Core Security Risk Controls
ELEMENT
2.6 Duress Response Arrangements Standards
B.
(continued) Staff and management understand that early recognition of an incident and adequate and appropriate response can minimise the risk of injury to staff, patients and others and prevent escalation. Staff understand the difference between a clinical and non-clinical duress alarm. Staff understand how to manage post-incident issues.
A.
In addition to B, duress response arrangements are reviewed every three years or more frequently where there are changes in the workplace or in systems that impact on the need for duress response arrangements.
MANDATORY Indicative Evidence
Standard Achieved and Notes
λ
Response is sufficient to meet local needs and where necessary includes consideration of contingency plans while awaiting response λ Team members are well trained in the response procedure including their roles λ Each team has a delegated leader and an agreed assembly point λ All shifts are covered and processes are in place to cover unexpected staff shortages (eg due to sick leave) λ Links with local protocols, where appropriate, for retreat, restraint, sedation and additional back up λ Incorporates post incident management and support processes λ Includes operational review and debriefing λ Is regularly evaluated and updated as necessary. 4. Sight evidence that duress response plans/procedures are realistic and achievable in the workplace, provide the best possible response time and include consideration of contingencies such as the simultaneous occurrence of more than one duress situation. Assessors should refer to Appendix 29.1 for examples of model duress response plans. 5. Sight evidence that the duress response communication protocols are in accordance with the relevant chapter of the Security Manual Look for common forms of indicative evidence.
COMMENTS
Part Two – Security Improvement Tool – Section 2 – Core Security Risk Controls
Page 32–43
SECURITY IMPROVEMENT ASSESSMENT TOOL SECTION 3. SECURITY RISK CONTROLS IN PRIORITY AREAS TABLE OF CONTENTS
3.1 The Clinical Environment 3.2 Security of Staff Working in the Community 3.3 Rural and Remote Health Services 3.4 Security in Pharmaciess 3.5 Security in Car Parks 3.6 Security of Property 3.7 Security of Information 3.8 Security of Medical Gases 3.9 Security of Radioactive Substances
Part Two – Security Improvement Tool – Section Three – Security Risk Control in Priority Areas
Page 32–44
SECTION
Security Risk Controls in Priority Areas
ELEMENT
3.1 The Clinical Environment Standards
D.
C.
B.
There is little or no evidence that managing security in the clinical environment has been considered as part of the facility security risk management process. There is a written procedure for managing security in the clinical environment that is available in the workplace and was developed in consultation with staff and key stakeholders using a risk management approach, but it is not fully implemented. In addition to C, procedures for managing security in the clinical environment have been developed: λ
Indicative Evidence
Standard Achieved and Notes
Look for common forms of indicative evidence.
1. 2.
In consultation with staff and key stakeholders, and
λ
In accordance with the guidelines in the latest version of the Security Manual and relevant legislation. The procedures for managing security in the clinical environment are documented and implemented. The consultation process has included the identification, assessment and elimination (where reasonably practicable) or effective control of security risks associated with the clinical environment to minimise the likelihood of incidents related to robbery, abduction and violence. Clinical and operational protocols have been developed consultatively and are implemented to manage aggression arising from a patient’s medical or psychiatric condition.
MANDATORY
3.
4.
Look for common forms of indicative evidence and also: Sight evidence that the following documents have been consulted in the preparation of procedures for Security in the Clinical Environment: λ Memorandum of Understanding between NSW Police and NSW Health, and the accompanying flowcharts λ Mental Health For Emergency Departments (red book – May 2002) λ Management of Adults with Severe Behavioural Disturbance: Guidelines for Clinicians (green book – May 2002) and λ Guidelines on the Management of Challenging Behaviour in Residential Aged Care Facilities in NSW (Department of Health - August 2000) Sight evidence through talking to staff and stakeholders that risks have been identified, assessed and controlled in priority areas within the facility, including: λ emergency departments, maternity units, admissions areas, mental health services, drug and alcohol services including methadone dispensing clinics, brain injury units, aged care/dementia units and during individual patient specials (IPS). Sight evidence that strategies for controlling security in the clinical environment are included in the repertoire of action. These may include: λ Building design, access control, patient liaison and management, the provision of security services, the management of staffing issues, the provision of education and training, staff awareness, searching patients and visitors, appropriate responses to violence, patient restraint, the identification of patients with particular security needs.
Part Two – Security Improvement Tool – Section Three – Security Risk Control in Priority Areas
Page 32–45
SECTION
Security Risk Controls in Priority Areas
ELEMENT
3.1 The Clinical Environment Standards
A
In addition to B, the procedures for managing security in the clinical environment are reviewed every three years or more frequently where there are changes in the workplace or in systems, legislation, policy, or guidelines that impact on this area, or where an incident in the workplace suggests that the current processes may be inadequate.
Indicative Evidence
MANDATORY Standard Achieved and Notes
Look for common forms of indicative evidence.
COMMENTS
Part Two – Security Improvement Tool – Section Three – Security Risk Control in Priority Areas
Page 32–46
SECTION
Security Risk Controls in Priority Areas
ELEMENT
3.2 Security of Staff Working in the Community Standards
D. C.
B.
Indicative Evidence
There are minimal or no procedure for managing the security of staff working in the community. There are written procedures for managing the security of staff working in the community that are available in the workplace. They are developed in consultation with staff and key stakeholders using a risk management approach, but they are not fully implemented.
1. 2.
In addition to C, procedures for managing the security of staff working in the community have been developed:
1. 2.
λ
In consultation with staff (especially staff who work in the community) and key stakeholders, and
λ
In accordance with the guidelines in the latest version of the Security Manual and relevant legislation. The procedures for managing the security of staff working in the community are documented and implemented. The consultation process has included the identification, assessment and elimination (where reasonably practicable) or effective control of security risks associated with working in the community. The procedures acknowledge that community workers work in environments that are not under the immediate control of the employer. They may work in isolation, away from ready access to security providers and they are therefore vulnerable to the risk of violence. At all times staff working in the community have access to appropriate field equipment (eg torches) and communication devices.
3. 4.
5.
MANDATORY Standard Achieved and Notes
Look for common forms of indicative evidence and also: Seek evidence (documentary or through interviews with staff – particularly those who work in the community, supervisors and managers) that the procedures are at least partially implemented. Look for common forms of indicative evidence, but also consider: λ Evidence that aggression minimisation training has been provided. λ That staff working in the community have access to appropriate field equipment (eg torches) and communication devices. Look for common forms of indicative evidence and also: Sight evidence that the procedures cover: λ Obtaining relevant client information from the referring clinician/service λ Local risk assessment and management measures λ Injury prevention initiatives λ Crimes Prevention Liaison λ Staff training requirements λ Emergency procedures and local arrangements for security assistance from police λ Local reporting procedures λ Appropriate support for staff in the event of an incident λ Commitment to cultivating good relations with local police and other local services. Obtain evidence, through talking to community workers, that they have good quality information about contacts and locations. If possible obtain evidence from community-based patients or other clients that they are informed about community staff and the purpose of their visits. Obtain evidence through interview that community workers know what to do when confronted with aggressive, violent or potentially violent behaviour.
Part Two – Security Improvement Tool – Section Three – Security Risk Control in Priority Areas
Page 32–47
SECTION
Security Risk Controls in Priority Areas
ELEMENT
3.2 Security of Staff Working in the Community Standards
Indicative Evidence
B. (continued)
6.
A.
1. 2.
In addition to B, the procedures for managing the security of staff working in the community are reviewed every three years or more frequently where there are changes in the workplace or in systems, legislation, policy, or guidelines that impact on this area, or where an incident in the workplace suggests that the current processes may be inadequate.
MANDATORY Standard Achieved and Notes
Sight evidence that strategies for controlling security risks to staff working in the community include (but are not limited to): λ Effective preparation for community visits, arranging for security support during visits, ceasing visits to particular households, effective handover of information about risky situations, cultivating good relations with local police, comprehensive administrative protocols so that the whereabouts of community workers is known, use of checklists in the Security Manual, providing well-maintained vehicles and equipment, testing of duress alarms and other equipment, 24/7 availability of a base contact, training in the use of communications and duress equipment and strict control of after hours visits, providing aggression minimisation training as well as regular refresher/update courses, use of security/police escort for high risk situations. Look for common forms of indicative evidence and also: Evidence that the local police and crimes prevention team are involved in the review process as a means of building partnerships and fostering sharing of information.
COMMENTS
Part Two – Security Improvement Tool – Section Three – Security Risk Control in Priority Areas
Page 32–48
SECTION
Security Risk Controls in Priority Areas
ELEMENT
3.3 Rural and Remote Health Services Standards
D.
C.
There are minimal or no procedures for managing security in rural and remote facilities. Alternative: The rural or remote health service has no procedure for managing the security risks specifically associated with being rural or remote. Procedures for managing reasonably foreseeable security risks in rural and remote facilities, including staff residences, are developed in consultation with staff and key stakeholders using a risk management approach, but these processes are not fully implemented.
Indicative Evidence
1. 2.
MANDATORY Standard Achieved and Notes
Look for common forms of indicative evidence and also: Seek evidence (documentary or through interviews with staff, supervisors and managers) that the procedures are partially implemented. For example, this might be evident in the following ways: λ
B.
In addition to C, procedures for managing security in rural and remote facilities, including staff residences, have been developed: λ λ
In consultation with staff and key stakeholders, and
In accordance with the guidelines in the latest version of the Security Manual and relevant legislation. The procedures for managing security risks in rural and remote facilities, including staff residences, are documented and implemented. The consultation process has included the identification, assessment and elimination (where reasonably practicable) or effective control of security risks associated with rural and remote facilities.
1. 2.
Memo from management about the allocation of resources to manage security in rural and remote facilities, including staff residences, and evidence that it has been actioned. This includes resource allocation to training (eg aggression minimisation, the use of equipment) and the provision of adequate equipment, vehicles and accommodation. Look for common forms of indicative evidence and also: Sight evidence that the procedures include consideration of the issues that potentially face rural and remote facilities, including: λ High staff turnover leading to reduced continuity of knowledge λ Reduced access to police and emergency services λ Delayed response times for emergency services and other referral agencies λ Complications and time delays associated with organising transport of victims or perpetrators out of the community λ Small populations, close community ties and lack of anonymity λ Conflict between reporting requirements and cultural sensitivities
Part Two – Security Improvement Tool – Section Three – Security Risk Control in Priority Areas
Page 32–49
SECTION
Security Risk Controls in Priority Areas
ELEMENT
3.3 Rural and Remote Health Services Standards
Indicative Evidence
MANDATORY Standard Achieved and Notes
λ
B. (continued)
Communication difficulties (eg no mobile phone coverage etc) Co-location of residence and clinic, therefore increasing the risk of violence for staff λ Staff working in isolation from colleagues and support systems. Obtain evidence (written or oral) that there is a high level of preparedness in the facility, including: gathering information relevant to the local service and region, developing local policies and procedures that will work in a particular situation, providing suitable premises and equipment and setting up support systems such as partnerships with local emergency services and businesses. If possible obtain evidence from community-based people that partnerships have been developed to improve security. Sight evidence that staff are equipped with effective field communication technology or procedures that give as complete a communication coverage as possible, in the event of an emergency, such as: mobile telephones, satellite telephones, twoway radios, long range duress alarms and GPS duress beacons that can provide the location of the person. Sight evidence that there has been appropriate training in procedures, the use of equipment and aggression minimisation. λ
3.
4. 5.
6. A.
In addition to B, the procedures for managing security in rural and remote facilities, including staff residences, are reviewed every three years or more frequently where there are changes in the workplace or in systems, legislation, policy, or guidelines that impact on this area, or where an incident in the workplace suggests that the current processes may be inadequate.
Part Two – Security Improvement Tool – Section Three – Security Risk Control in Priority Areas
Page 32–50
SECTION
Security Risk Controls in Priority Areas
ELEMENT
3.3 Rural and Remote Health Services
MANDATORY
COMMENTS
Part Two – Security Improvement Tool – Section Three – Security Risk Control in Priority Areas
Page 32–51
SECTION
Security Risk Controls in Priority Areas
ELEMENT
3.4 Security in Pharmacies Standards
D.
C.
B.
There is little or no evidence that the requirements for pharmacy security have been established or that these are considered as part of the facility security risk management process. The requirements for pharmacy security are determined in consultation with staff and key stakeholders using a risk management approach, but these processes are not fully implemented. In addition to C, procedures for the management of pharmacy security are developed: λ In consultation with key staff and stakeholders, and λ In accordance with the guidelines in the latest version of the Security Manual and relevant legislation such that all reasonably foreseeable security risks associated with pharmacy areas are identified, assessed, eliminated where reasonably practicable or effectively controlled in order to protect people and assets, prevent and detect drug diversion and minimise the likelihood of incidents related to robbery and assault occurring in pharmacy areas. The procedures are appropriately documented and implemented.
A.
Note: Section 4 of Departmental Circular 2001/64, Policy on the Handling of Medication in New South Wales Public Hospitals, includes advice on security related matters in hospital pharmacy departments. In addition to B, the requirements for pharmacy security are reviewed every three years or more frequently where there are changes in the workplace or in systems, legislation, policy, or guidelines that impact on this area, or where an incident in the workplace suggests that the current processes may be inadequate.
Indicative Evidence
1.
Look for common forms of indicative evidence.
1. 2.
Look for common forms of indicative evidence and also: In determining the requirements for security in pharmacies, the issues outlined in the section on pharmacy security in the latest version of the Security Manual have been considered. These cover: λ Building design or modification λ Key control mechanisms λ Access control systems, including staff ID and duress alarms λ Drug security in accordance with Section 4 of Departmental Circular 2001/64. Sight evidence of regular testing and maintenance of pharmacy security systems.
3.
MANDATORY Standard Achieved and Notes
Look for common forms of indicative evidence.
Part Two – Security Improvement Tool – Section Three – Security Risk Control in Priority Areas
Page 32–52
SECTION
Security Risk Controls in Priority Areas
ELEMENT
3.4 Security in Pharmacies
MANDATORY
COMMENTS
Part Two – Security Improvement Tool – Section Three – Security Risk Control in Priority Areas
Page 32–53
SECTION
Security Risk Controls in Priority Areas
ELEMENT
3.5 Security in Car Parks Standards
There is little or no evidence that the requirements for car park security have been established or that these are considered as part of the facility security risk management process. C. The requirements for car park security are determined in consultation with staff and key stakeholders using a risk management approach, but these processes are not fully implemented. B. In addition to C, procedures for the management of car park security are developed: λ In consultation with key staff and stakeholders (including the public, local Police and Crimes Prevention Team), and λ In accordance with the guidelines in the latest version of the Security Manual and relevant legislation such that all reasonably foreseeable security risks associated with car parks are identified, assessed, eliminated where reasonably practicable or effectively controlled in order to protect people and assets and minimise the likelihood of incidents related to robbery and assault occurring in car parks. Designated car spaces for afternoon and night shift staff are allocated where practicable and warranted by the risk assessment. The procedures are appropriately documented and implemented. A. In addition to B, the requirements for car park security are reviewed every three years or more frequently where there are changes in the workplace or in systems, legislation, policy, or guidelines that impact on this area, or where an incident in the workplace suggests that the current processes may be inadequate.
Indicative Evidence
MANDATORY Standard Achieved and Notes
D.
1.
Look for common forms of indicative evidence and also:
1. 2.
Look for common forms of indicative evidence and also: In determining the requirements for security in car parks, the issues outlined in the section on car park security in the latest version of the Security Manual have been considered. These cover: λ Car park design for controlled access and egress and to improve security λ Use of designated parking for workers and delivery vehicles λ Secure access between the car park and the facility λ Use of security staff as patrols and escorts λ Signage λ Lighting λ Monitoring via CCTV λ Garaging of facility vehicles
Look for common forms of indicative evidence.
COMMENTS
Part Two – Security Improvement Tool – Section Three – Security Risk Control in Priority Areas
Page 32–54
SECTION
Security Risk Controls in Priority Areas
ELEMENT
3.6 Security of Property Standards
D.
C.
B.
There is little or no evidence that the requirements for the security of property have been established or that these are considered as part of the facility security risk management process. The requirements for the security of property are determined in consultation with staff and key stakeholders using a risk management approach, but these processes are not fully implemented. In addition to C, policies and procedures to prevent and deter theft are developed: λ In consultation with key staff and stakeholders, and λ In accordance with the guidelines and appendices in the latest version of the Security Manual and relevant legislation such that all reasonably foreseeable security risks that may lead to theft are identified, assessed, eliminated where reasonably practicable or effectively controlled in order to protect people and assets. The policy and procedures identify that the potential risk of theft exists from visitors, patients, and opportunistic passers-by as well as from planned crimes. Every case of theft is reported to the police and no arrangements are entered into to accept settlement on condition that the facility refrains from instituting legal proceedings [see note below]. The policy and procedures are appropriately documented and effective security procedures implemented. Note: For more information refer to Departmental circular 2000/41, Reporting Possible Corrupt Conduct to the Independent Commission Against Corruption.
Indicative Evidence
1. 2.
1. 2.
Standard Achieved and Notes
Look for common forms of indicative evidence and also: Awareness by supervisors and/or staff about the commitment of resources to deal with specific issues concerning the security of property, for example in orientation programs and in information pamphlets for patients. Look for common forms of indicative evidence and also: There is evidence that in determining the requirements for the security of property, the following risk control strategies have been considered: λ Developing policy relating to theft and the reporting of theft to police and ensuring that patients, staff and visitors are aware of this policy λ Cash handling, receipting and banking practices are consistent with the “Accounting Manual for Public Health Organisations”. λ Keeping a register of health facility property, including serial numbers where appropriate λ Keeping a register of property theft to assist with identifying problem areas or patterns of behaviour λ Keeping assets registers up-to-date and providing full descriptions of each item, including serial numbers λ Identifying all assets with a unique physical marking, eg engraving or barcode λ Storing attractive portable items (calculators, cameras, tape recorders, lap tops etc) separately in a locked area. Only designated staff should have access to them λ Investigating all theft λ Enforcing an effective key control program (refer to Chapter 10 of the Security Manual)
Part Two – Security Improvement Tool – Section Three – Security Risk Control in Priority Areas
Page 32–55
SECTION
Security Risk Controls in Priority Areas
ELEMENT
3.6 Security of Property Standards
Indicative Evidence
Standard Achieved and Notes
λ
B. (continued)
CCTV monitoring of priority areas Installation of alarm systems (refer to Chapter 11 of the Security Manual) λ Ensuring effective perimeter and internal access control (refer to Chapter 9 of the Security Manual) λ Ensuring CPTED principle are applied when designing/refurbishing facilities. λ Installation of locks on change rooms (eg in imaging facilities), provision of secure change rooms and lockers for staff, lockable cupboards or drawers for office staff, written and verbal advice to patients and staff about bringing personal property and valuables into the hospital, signage in car parks warning against leaving valuables in vehicles. Sight evidence that cases of theft have been reported to the police. Sight evidence of a collaborative relationship with local police and local crimes team. Sight evidence that specific areas that need attention have been considered as high risk and are dealt with accordingly including: engineering/maintenance areas (tools and vehicles), transport (petrol and vehicles), laundry (linen), catering (food stores, utensils), stores (stock, attractive items), administration (sensitive information), cash handling (money), patients’ property, staff property. λ
3. 4. 5.
Part Two – Security Improvement Tool – Section Three – Security Risk Control in Priority Areas
Page 32–56
SECTION
Security Risk Controls in Priority Areas
ELEMENT
3.6 Security of Property Standards
A.
In addition to B, the requirements for the security of property are reviewed every three years or more frequently where there are changes in the workplace or in systems, legislation, policy, or guidelines that impact on this area, or where an incident in the workplace suggests that the current processes may be inadequate.
Indicative Evidence 1. 2.
Standard Achieved and Notes
Look for common forms of indicative evidence and also: Sight evidence that evaluation of the effectiveness of the security of property is conducted against appropriate, pre-determined performance indicators. Indicators might include (but are not limited to): λ Awareness about facility security related policies and practices λ Changes in the number of incidents occurring λ Qualitative analysis of the management of incidents by security services.
COMMENTS
Part Two – Security Improvement Tool – Section Three – Security Risk Control in Priority Areas
Page 32–57
SECTION
Security Risk Controls in Priority Areas
ELEMENT
3.7 Security of Information Standards
D.
C.
B.
There is little or no evidence that the requirements for information security have been established or that these are considered as part of the facility security risk management process. The requirements for the security of information (including personnel, patient and other official information) are determined in consultation with key staff and stakeholders using a risk management approach, but these processes are not fully implemented. In addition to C, policies and procedures to protect the security of information are developed: λ In consultation with key staff and stakeholders, and λ In accordance with relevant legislation, information security standards and the guidelines and appendices in the latest version of the Security Manual and relevant legislation and guidelines such that all reasonably foreseeable security risks associated with the protection of official information and material (including electronic information) from unauthorised disclosure are identified, assessed, eliminated where reasonably practicable or effectively controlled in order to protect people and assets. The policy and procedures prevent the disclosure of information that would prejudice or be harmful to the interests of the facility, its staff or its patients. The policy and procedures are appropriately documented and effective security procedures implemented.
Notes: Electronic information means information that is created, processed, held, maintained and transmitted by NSW Health and information held for, or on behalf of, other government agencies and private entities.
Indicative Evidence
1.
Look for common forms of indicative evidence.
1. 2.
Look for common forms of indicative evidence and also: Sight evidence that in determining the requirements for the security of information, the following key principles have been considered, and are reflected in the development and implementation of policies and procedures: λ NSW Health’s major objective is the provision of health care services underlined by the overall welfare of the people it treats λ The implementation of information security controls is not to impact on the timely provision of those services λ All personal health information will be securely managed and privacy and confidentiality will be preserved λ All other critical and sensitive information will also be securely managed and privacy and confidentiality maintained λ All staff have a responsibility for the security and maintenance of critical and sensitive information including personal health information λ All other information (such as personnel records, minutes, reports of investigations) will be classified for the purposes of determining the level of security required, λ Providing information security education and developing awareness for all people dealing with electronic information as an integral part of maintaining adequate protection over that information and
Part Two – Security Improvement Tool – Section Three – Security Risk Control in Priority Areas
Standard Achieved and Notes
Page 32–58
SECTION
Security Risk Controls in Priority Areas
ELEMENT
3.7 Security of Information Standards
Reference must be made to Departmental circular 2003/47, The NSW Health Electronic Information Security Policy, which outlines NSW Health policy for information security.
Indicative Evidence λ
3.
4.
5. A.
In addition to B, the requirements for the security of information are reviewed every three years or more frequently where there are changes in the workplace or in systems, legislation, policy, or guidelines that impact on this area, or where an incident in the workplace suggests that the current processes may be inadequate.
Standard Achieved and Notes
1.
The release of information will comply with relevant and current State and Federal legislation. Sight evidence that IT systems are certified to the national information security management standard AS/NZS 7799 Part 2:2003 (Specification for Information Security Management Systems). Sight evidence (through documentation and interview) that the responsibility for information security management is assigned to a nominated officer. Sight evidence of effective & appropriate use of labelling to secure information. Look for common forms of indicative evidence.
COMMENTS
Part Two – Security Improvement Tool – Section Three – Security Risk Control in Priority Areas
Page 32–59
SECTION
Security Risk Controls in Priority Areas
ELEMENT
3.8 Security of Medical Gases Standards
D.
C.
B.
There is little or no evidence that the requirements for the security of medical gases have been established or that these are considered as part of the facility security risk management process. The requirements for the security of medical gases are determined in consultation with staff and key stakeholders using a risk management approach, but these processes are not fully implemented. In addition to C, procedures for the secure storage of medical gases are developed: λ
In consultation with key staff and stakeholders, and
λ
In accordance with relevant legislation, Australian Standards and the guidelines in the latest version of the Security Manual and relevant legislation such that all reasonably foreseeable security risks associated with the storage of medical gases are identified, assessed, eliminated where reasonably practicable or effectively controlled in order to protect people and minimise the likelihood of incidents related to theft, tampering and damage. The procedures are appropriately documented and implemented.
Indicative Evidence
Standard Achieved and Notes
Look for common forms of indicative evidence.
1. 2.
Look for common forms of indicative evidence and also: Site evidence that the requirements of the relevant legislation, Australian Standards and guidelines in the latest version of the Security Manual have been incorporated into the facility’s policies and procedures on the secure storage of medical gases and that the following risk control strategies have been considered: λ Access to any storage areas is restricted by use of doors, barriers and signs. Sources should be secured against unauthorised removal, tampering, vandalism and misuse λ Appropriate access control procedures are developed and implemented λ Documenting the location of medical gases both in the bulk storage facility and at the ward level λ Records are kept for medical gases used for fieldwork. They should include: Who is using the source and who is responsible for it Where has the source been taken How is it stored/secured Date and time of issue Date and time of return Any unusual circumstances λ Procedures are implemented for reporting theft, tampering and damage to medical gases.
Part Two – Security Improvement Tool – Section Three – Security Risk Control in Priority Areas
Page 32–60
SECTION
Security Risk Controls in Priority Areas
ELEMENT
3.8 Security of Medical Gases Standards
Indicative Evidence
Standard Achieved and Notes
λ
A.
In addition to B, the requirements for the security of medical gases are reviewed every three years or more frequently where there are changes in the workplace or in systems, legislation, policy, or guidelines that impact on this area, or where an incident in the workplace suggests that the current processes may be inadequate.
1.
That any medical gases that are also classified as dangerous goods are stored in accordance with legislation and that the necessary licences have been obtained and are current. Look for common forms of indicative evidence.
COMMENTS
Part Two – Security Improvement Tool – Section Three – Security Risk Control in Priority Areas
Page 32–61
SECTION
Security Risk Controls in Priority Areas
ELEMENT
3.9 Security of Radioactive Substances Standards
D.
C.
B.
There is little or no evidence that the requirements for the secure management of radioactive substances have been established or that these are considered as part of the facility security risk management process. The requirements for the secure management of radioactive substances are determined in consultation with staff and key stakeholders using a risk management approach, but these processes are not fully implemented. In addition to C, procedures for the secure management of radioactive substances are developed: λ
in consultation with key staff and stakeholders, and
λ
in accordance with the relevant legislation and guidelines in the latest version of the Security Manual and relevant legislation. such that all reasonably foreseeable security risks associated with radioactive substances are identified, assessed, eliminated where reasonably practicable or effectively controlled in order to protect people and minimise the likelihood of incidents related to theft, vandalism and misuse. The procedures are appropriately documented and implemented. Note: In emergency situations involving suspected or actual damage, spillage, loss or theft of radioactive substances the Radiation Control Section of the Environment Protection Authority should be contacted
Indicative Evidence
Standard Achieved and Notes
Look for common forms of indicative evidence.
1. 2.
Look for common forms of indicative evidence and also: Site evidence that the requirements of the relevant legislation and guidelines in the latest version of the Security Manual have been incorporated into the facility’s policies and procedures on the secure management of radioactive substances and that the following risk control strategies have been considered: λ Stores (including waste stores) are properly marked with approved warning signs, and regulations regarding their use are posted at access points λ Access to any storage areas is restricted by use of doors, locks, barriers and signs. Sources are secured against unauthorised removal and tampering λ Access control procedures are developed and implemented λ Maintaining appropriate records of the location, security and discharge of radioactive substances and irradiating apparatus λ Any loss or theft of radioactive material is reported in compliance with legislation. λ Only authorised persons undertake the escort of radioactive substances when being transported within an organisation λ When radioactive substances are transported by road, the transport is in accordance with the legal requirements
Part Two – Security Improvement Tool – Section Three – Security Risk Control in Priority Areas
Page 32–62
SECTION
Security Risk Controls in Priority Areas
ELEMENT
3.9 Security of Radioactive Substances Standards
A.
In addition to B, the requirements for the secure management of radioactive substances are reviewed every three years or more frequently where there are changes in the workplace or in systems, legislation, policy, or guidelines that impact on this area, or where an incident in the workplace suggests that the current processes may be inadequate.
Indicative Evidence
Standard Achieved and Notes
Look for common forms of indicative evidence.
COMMENTS
Part Two – Security Improvement Tool – Section Three – Security Risk Control in Priority Areas
Page 32–63
SECURITY IMPROVEMENT ASSESSMENT TOOL SECTION 4. SECURITY RISK CONTROLS IN UNPLANNED EVENTS TABLE OF CONTENTS 4.1 Fire Security 4.2 Bomb Threat 4.3 Violence 4.4 Armed Hold-up
Part Two – Security Improvement Tool – Section Four – Security Risk Controls in Unplanned Events
Page 32–64
SECTION
Security Risk Controls in Unplanned Events
ELEMENT
4.1 Fire Security Standards
D. C.
B.
There is no evidence that fire security has been considered as part of the facility security risk management process. There are written procedures for managing the security risks associated with fire that are available in the workplace and were developed in consultation with staff and key stakeholders using a risk management approach, but they are not fully implemented. In addition to C, procedures for managing the security risks associated with fire have been developed: λ In conjunction with staff and key stakeholders, and λ In accordance with the guidelines in the latest version of the Security Manual. The procedures for managing the security risks associated with fire are documented and implemented. The consultation process has included the identification, assessment and elimination (where reasonably practicable) or effective control of security risks associated with fire. The procedures take into account: λ The possibility that fire is a diversionary tactic for criminal activity λ The risk of theft or looting during a fire λ The need to secure patients in custody who have been evacuated, scheduled patients, patients with cognitive deficits and unaccompanied children and babies.
Indicative Evidence
1. 2.
1. 2.
3.
4.
Standard Achieved and Notes
Look for common forms of indicative evidence and also: Records that document inspection of fire equipment by registered organisations may give evidence that the procedures are at least partially implemented. Look for common forms of indicative evidence and also: Sight evidence that the following documents have been consulted in the preparation of procedures for managing the security risks associated with fire: λ Guidelines for Fire Safety in Health Care Facilities (Departmental Circular 2003/87) λ Local fire safety procedures, including emergency evacuation procedures λ Australian Standards λ Building Codes λ Guidelines specified by fire authorities. Sight evidence that the following issues are effectively dealt with in the procedures: λ Accounting for staff, patients and other occupants of the building or facility λ Securing evacuated patients who may be confused and inclined to wander λ Isolating the fire scene until the police and fire brigade assume control of the site λ Controlling crowds and traffic until the police can assist λ Ensuring the fire brigade is directed to the fire by the quickest route λ Operating any Emergency Warning and Intercommunication System. Sight evidence that strategies for controlling security risks associated with fire are included in the repertoire of action. These should include:
Part Two – Security Improvement Tool – Section Four – Security Risk Controls in Unplanned Events
Page 32–65
Security Risk Controls in Unplanned Events
SECTION
4.1 Fire Security
ELEMENT Standards B.
(continued)
A.
In addition to B, the procedures for managing the security risks associated with fire are reviewed every three years or more frequently where there are changes in the workplace or in systems, legislation, policy, or guidelines that impact on this area, or where an incident in the workplace suggests that the current processes may be inadequate.
Indicative Evidence
Standard Achieved and Notes
λ
Details on who should be contacted in the event of a fire and when this contact should occur λ The role of facility staff and emergency services λ A nominated emergency coordinator and delegates λ Guidelines on the use of fire equipment λ The evacuation process λ Details on assembly points. Look for common forms of indicative evidence.
COMMENTS
Part Two – Security Improvement Tool – Section Four – Security Risk Controls in Unplanned Events
Page 32–66
Security Risk Controls in Unplanned Events
SECTION
4.2 Bomb Threat
ELEMENT Standards D.
There is no evidence that bomb threat has been considered as part of the facility security risk management process.
C.
There are written procedures for managing the security risks associated with receiving bomb threats that are available in the workplace and were developed in consultation with staff and key stakeholders using a risk management approach, but they are not fully implemented. In addition to C, procedures for managing the security risks associated with receiving bomb threats have been developed:
B.
λ
Indicative Evidence
1.
Look for common forms of indicative evidence.
1. 2.
Look for common forms of indicative evidence and also: Sight evidence that the following issues are effectively dealt with in the procedures: λ The possibility that a bomb threat is a diversionary tactic for criminal activity λ Securing evacuated patients λ The possibility of theft or looting of an evacuated facility λ Effective security and housekeeping to prevent bombs being brought into the workplace Sight evidence that strategies for controlling security risks associated with bomb threats are included in the repertoire of action. These may include: λ Access control (eg locks and alarms, minimising entry/exit points, visitor registration procedures) λ Specific steps to take if there is a bomb threat λ Mail screening procedures, including how to respond if an item is assessed as suspicious.
In conjunction with staff and key stakeholders, and
λ
In accordance with the guidelines in the latest version of the Security Manual. The procedures for managing the security risks associated with bomb threats are documented and implemented. The consultation process has included the identification, assessment and elimination (where reasonably practicable) or effective control of security risks associated with receiving bomb threats. The procedures take into account: λ
Preventing bombs being brought into the workplace, including procedures for identifying and handling suspicious items (including mail)
λ
Steps to take if there is a bomb threat
λ
Managing post-incident issues.
3.
Part Two – Security Improvement Tool – Section Four – Security Risk Controls in Unplanned Events
Standard Achieved and Notes
Page 32–67
Security Risk Controls in Unplanned Events
SECTION
4.2 Bomb Threat
ELEMENT Standards A.
In addition to B, the procedures for managing the security risks associated with receiving bomb threats are reviewed every three years or more frequently where there are changes in the workplace or in systems, legislation, policy, or guidelines that impact on this area, or where an incident in the workplace suggests that the current processes may be inadequate.
Indicative Evidence
Standard Achieved and Notes
Look for common forms of indicative evidence.
COMMENTS
Part Two – Security Improvement Tool – Section Four – Security Risk Controls in Unplanned Events
Page 32–68
SECTION
Security Risk Controls in Unplanned Events
ELEMENT
4.3 Violence Standards
D. C.
B.
There is no evidence that violence has been considered as part of the facility security risk management process. There are written procedures for managing the risks associated with violence that are available in the workplace and were developed in consultation with staff and key stakeholders using a risk management approach, but they are not fully implemented. In addition to C, procedures for managing the risks associated with violence have been developed: λ
Indicative Evidence
1.
Look for common forms of indicative evidence.
1. 2.
Look for common forms of indicative evidence and also: Sight evidence that the following documents have been consulted in the preparation of procedures for managing the risks associated with violence: λ Zero Tolerance Policy and Framework Guidelines (Circular 2003/48) λ Management of Adults with Severe Behavioural Disturbance – May 2002 λ Corporate Governance and Accountability in Health Better Practice Guide λ 1996 Agreement between the NSW Nurses’ Association and NSW Health Sight evidence that the following circumstances are effectively dealt with in the procedures: λ Vehicle and car park security λ Movement at work λ Safe movement of staff at night λ Transporting cash securely λ Providing secure staff accommodation λ What to do when confronted with violent individuals. Check that risk control measures are working effectively and are maintained adequately, eg: λ Alarms λ Locks and access restrictions λ Lighting λ Surveillance equipment.
In conjunction with staff and key stakeholders, and
λ
In accordance with the guidelines in the latest version of the Security Manual. The procedures for managing the risks associated with violence are documented and implemented. The consultation process has included the identification, assessment and elimination (where reasonably practicable) or effective control of risks associated with violence. The procedures take into account: λ
The NSW Health zero tolerance policy to all forms of violence in the health workplace
λ
Designing new facilities and upgrading existing facilities
λ
Communication systems, duress alarm systems and protocols particularly for staff working in the community or in isolated areas
λ
Access restrictions, such as key/electronic access to areas that hold cash, drugs or equipment
λ
Protocols to manage aggression arising from a patient or client’s medical or psychiatric condition
λ
Managing post incident issues.
3.
4.
Part Two – Security Improvement Tool – Section Four – Security Risk Controls in Unplanned Events
MANDATORY Standard Achieved and Notes
Page 32–69
SECTION
Security Risk Controls in Unplanned Events
ELEMENT
4.3 Violence Standards
B.
A.
(continued)
In addition to B, the procedures for managing the risks associated with violence are reviewed every three years or more frequently where there are changes in the workplace or in systems, legislation, policy, or guidelines that impact on this area, or where an incident in the workplace suggests that the current processes may be inadequate.
Indicative Evidence 5.
1. 2.
3.
MANDATORY Standard Achieved and Notes
Sight evidence that strategies for controlling risks associated with violence are included in the repertoire of action. These should include the need for all violent incidents to be promptly, appropriately and consistently managed to prevent escalation and to minimise their impact on staff, patients and visitors. Specific actions could include: λ Issuing a verbal warning λ Seeking support from other staff λ Requesting that the aggressor leave λ Requesting review by a clinician λ Using verbal de-escalation and distraction techniques λ Retreating λ Using sedation or restraint policies λ Initiating internal or external emergency response procedures. Sight evidence of review of the procedures for managing risks associated with violence within the last three years. Sight evidence that staff are involved in the review process. This can be obtained through documentation (eg committee minutes) and/or interviews with staff involved in the process. Sight evidence that the procedures and physical controls are reviewed as part of refurbishment of the workplace, changes in security systems and changes in work organisation that may impact on violence.
COMMENTS
Part Two – Security Improvement Tool – Section Four – Security Risk Controls in Unplanned Events
Page 32–70
SECTION
Security Risk Controls in Unplanned Events
ELEMENT
4.4 Armed Hold-up Standards
D.
There is no evidence that armed hold-up has been considered as part of the facility security risk management process.
C.
There are written procedures for managing the risks associated with armed hold-up that are available in the workplace and were developed in consultation with staff and key stakeholders using a risk management approach, but they are not fully implemented. In addition to C, procedures for managing the risks associated with armed hold-up have been developed:
B.
λ
Indicative Evidence
1. 2.
λ
λ
Designing new facilities and upgrading existing facilities to control for risks of armed hold-up
λ
Vulnerable areas within the health service
λ
Providing training to relevant staff
λ
Ensuring the adequacy of alarm systems and physical barriers
λ
Reviewing security system controls
λ
Managing post incident issues.
Standard Achieved and Notes
Look for common forms of indicative evidence.
In conjunction with staff and key stakeholders, and
In accordance with the guidelines in the latest version of the Security Manual. The procedures for managing the risks associated with armed hold-up are documented and implemented. The consultation process has included the identification, assessment and elimination (where reasonably practicable) or effective control of risks associated with armed hold-up. The procedures take into account:
MANDATORY
3.
4.
Look for common forms of indicative evidence and also: Sight evidence that the following issues are effectively dealt with in the procedures: λ Who to contact in the event of an armed hold-up and when λ The role of facility staff and emergency services λ A nominated emergency coordinator and delegates λ Evacuation processes λ Survival strategies for staff during an armed hold-up λ Isolating the site λ Preserving the site following the incident. Check that risk control measures are working effectively and are maintained adequately, eg: λ Alarms λ Barriers, locks and access restrictions λ Security presence. Sight evidence through talking to staff and stakeholders that risks have been identified, assessed and controlled in priority areas within the facility, including pharmacies and cashiers’ counters, to ensure that: λ The location of such facilities is secure λ Cash and accountable drugs are kept to a minimum λ The routes and times are varied when cash is conveyed to and from the facility. Refer to Chapter 5 of the Security Manual for information on security issues and leased premises.
Part Two – Security Improvement Tool – Section Four – Security Risk Controls in Unplanned Events
Page 32–71
SECTION
Security Risk Controls in Unplanned Events
ELEMENT
4.4 Armed Hold-up Standards
B.
(continued)
A.
In addition to B, the procedures for managing the risks associated with armed hold-up are reviewed every three years or more frequently where there are changes in the workplace or in systems, legislation, policy, or guidelines that impact on this area, or where an incident in the workplace suggests that the current processes may be inadequate.
Indicative Evidence
MANDATORY Standard Achieved and Notes
5.
Sight evidence that training provided to staff in armed hold-up procedures is appropriate. 6. Sight evidence that strategies for controlling risks associated with armed hold-up are included in the repertoire of action, including roles for emergency coordinators, security staff and switchboard operators. Look for common forms of indicative evidence.
COMMENTS
Part Two – Security Improvement Tool – Section Four – Security Risk Controls in Unplanned Events
Page 32–72
PART THREE
Security Improvement Plan
SECURITY IMPROVEMENT PLAN FACILITY/STATION/SERVICE: SECTION 1 ELEMENT
DATE: SECURITY RISK MANAGEMENT FRAMEWORK RECOMMENDATIONS / ACTIONS RESPONSIBILITY TIMEFRAMES
RESOURCES
1.1 Security Risk Management Policy and Program
1.2 Security Risk Management Responsibilities
1.3 Security Risk Management in the Planning Process
Part Three – Security Improvement Tool – Section 1 – Security Improvement Plan
Page 33–1
SECTION 1 ELEMENT
SECURITY RISK MANAGEMENT FRAMEWORK RECOMMENDATIONS / ACTIONS RESPONSIBILITY TIMEFRAMES
RESOURCES
1.4 Health Service Leasing of Property To or From External Parties
1.5 Security Arrangements for Patients in Custody
1.6 Security Education and Training
1.7 Security Continuous Improvement
Part Three – Security Improvement Tool – Section 1 – Security Improvement Plan
Page 33–2
SECTION 2 ELEMENT
CORE SECURITY RISK CONTROLS RECOMMENDATIONS
RESPONSIBILITY / ACTIONS
TIMEFRAMES
RESOURCES
2.1 Access Control
2.2 Key Control
2.3 Alarm Systems
Part Three – Security Improvement Tool – Section 1 – Security Improvement Plan
Page 33–3
SECTION 2 ELEMENT
CORE SECURITY RISK CONTROLS RECOMMENDATIONS / ACTIONS RESPONSIBILITY
TIMEFRAMES
RESOURCES
2.4 Lighting
2.5 Provision of Security Services
2.6 Duress Response Arrangements
Part Three – Security Improvement Tool – Section 1 – Security Improvement Plan
Page 33–4
SECTION 3 ELEMENT
SECURITY RISK CONTROLS IN PRIORITY AREAS RECOMMENDATIONS / ACTIONS RESPONSIBILITY TIMEFRAMES
RESOURCES
3.1 The Clinical Environment
3.2 Security of Staff Working in the Community
3.3 Rural and Remote Health Services
Part Three – Security Improvement Tool – Section 1 – Security Improvement Plan
Page 33–5
SECTION 3 ELEMENT
SECURITY RISK CONTROLS IN PRIORITY AREAS RECOMMENDATIONS TIMEFRAMES RESPONSIBILITY / ACTIONS
RESOURCES
3.4 Security in Pharmacies
3.5 Security in Car Parks
3.6 Security of Property
Part Three – Security Improvement Tool – Section 1 – Security Improvement Plan
Page 33–6
SECTION 3 ELEMENT
SECURITY RISK CONTROLS IN PRIORITY AREAS RECOMMENDATIONS / ACTIONS RESPONSIBILITY TIMEFRAMES
RESOURCES
3.7 Security of Information
3.8 Security of Medical Gases
3.9 Security of Radioactive Substances
Part Three – Security Improvement Tool – Section 1 – Security Improvement Plan
Page 33–7
SECTION 4 ELEMENT
SECURITY RISK CONTROLS IN UNPLANNED INCIDENTS RECOMMENDATIONS TIMEFRAMES RESPONSIBILITY / ACTIONS
RESOURCES
4.1 Fire Security
4.2 Bomb Threat
4.3 Violence
Part Three – Security Improvement Tool – Section 1 – Security Improvement Plan
Page 33–8
SECTION 4 ELEMENT
SECURITY RISK CONTROLS IN UNPLANNED INCIDENTS RECOMMENDATIONS TIMEFRAMES RESPONSIBILITY / ACTIONS
RESOURCES
4.4 Armed Hold-Up
Assessors …………………………………………… Name (Please print) ………………………………………….. Signature
………………… Date
…………………………………………… Name (Please print) ………………………………………….. Signature
………………… Date
…………………………………………… Name (Please print) ………………………………………….. Signature
………………… Date
Part Three – Security Improvement Tool – Section 1 – Security Improvement Plan
Page 33–9
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Summary of Policy Statements ______________________________________________________________ Following is a consolidation of the policy statements contained in each chapter:
1.
Security Risk Management Policy and Program
Health Services will have in place a security risk management policy, signed by the chief executive officer, and an effective and appropriately maintained security risk management program developed, in consultation with staff, which ensures that: All reasonably foreseeable security related hazards are identified and assessed Risks associated with these hazards are eliminated where reasonably practicable Where the risk cannot be eliminated, appropriate control strategies, consistent with the hierarchy of controls, are implemented so that risks are reduced to the lowest practicable level Each stage of the risk management process is documented and made available to relevant parties Incidents are reported and investigated and Risk control strategies are monitored and regularly evaluated for effectiveness.
2.
Responsibilities
No policy statement for this Chapter
3.
Security Risk Management in the Planning Process
Health Services must ensure that security issues are considered and addressed, using a risk management approach, in all formal and informal planning processes, including the development of: • • • • • •
•
Strategic plans Business plans Service development plans Disaster/emergency plans Project Definition Plans (as part of Facility planning) Procurement Processes, including processes for procuring services, premises, equipment, furniture, fixtures and fittings and OHS improvement and management plans.
4.
Health Facility Design Standards
It is NSW Health policy that the design standards outlined in the Department’s Design Series: Health Facility Guideline - Safety and Security (PD2005_293) are incorporated into all new health building designs and redesign/refurbishment of existing facilities to enhance personal and property security.
___________________________________________________________________ Summary of Policy Statements: November 2005
1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
5.
Health Service Leasing of Property to or from External Parties
Health Services must ensure, in consultation with staff and key stakeholders, that all reasonably foreseeable security risks associated with: • •
Leasing property for use by Health Services or Leasing health facility premises to external organisations
are identified, assessed, eliminated where reasonably practicable or effectively controlled, that the process is appropriately documented and arrangements for security included in leases.
6.
Security Arrangements for Patients in Custody
As part of the facility security risk management process, Health Services must ensure, in consultation with staff and relevant external Departments (ie Department of Corrective Services, Department of Juvenile Justice and NSW Police Service), that: • • •
7.
All reasonably foreseeable security risks associated with patients in custody are identified and assessed Effective security procedures for eliminating or controlling security risks, which are consistent with the operational controls of the relevant external Departments, are developed and implemented The procedures are appropriately documented and communicated to relevant staff.
Security Education and Training
Health Services must ensure that: • • •
8.
All staff are provided with appropriate security related education and training, including violence prevention and management training, consistent with legislative requirements as part of the Health Service security risk management program Education and training are appropriate to the role of the staff member and targeted to the level and type of security risk that may be encountered in the course of their work and Details of security related education and training conducted within the Health Service are documented and maintained.
Security Continuous Improvement
As part of the continuous improvement process, Health Services must evaluate all aspects of their security management program and ensure that evaluation outcomes are used in the on-going development of this program. For the purposes of this policy a security survey is defined as a process that evaluates the implementation of a security management program and effectiveness of that program against a pre-determined set of criteria. As a minimum, health care facilities are required to: • •
Undertake an annual internal security survey using the NSW Health Security Improvement Assessment Tool, provided in Chapters 31, 32 and 33, ensuring that at least one member of the survey team holds a security licence Ensure that, as a minimum, all Elements identified as mandatory are included in the annual survey
___________________________________________________________________ Summary of Policy Statements: November 2005
2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
• • •
9.
Ensure that the results of the annual survey, as contained in the Health Facility Report (coversheet, summary sheet and score sheet), are readily available for forwarding electronically to the Department, should the results be required Undergo an external security survey every five years **** Ensure that results of the annual and external security surveys are forwarded to Health Service Internal Audit Units, which must review the results and where warranted, include an audit of the services or facilities in their audit plans.
Access Control
As part of the facility security risk management process, Health Services must ensure, in consultation with staff and key stakeholders, that all reasonably foreseeable security risks associated with access to workplaces are identified, assessed, eliminated where reasonably practicable or effectively controlled. Health Services must ensure that this process is appropriately documented and effective access control procedures, including the implementation of staff identification systems, are developed and implemented.
10.
Key Control
As part of the facility security risk management process, Health Services must ensure, in consultation with staff and key stakeholders, that all reasonably foreseeable security risks associated with key control are identified, assessed, eliminated where reasonable practicable or effectively controlled. Health Services must ensure that the process is appropriately documented and effective key control procedures are developed and implemented.
11.
Alarm Systems
As part of the facility security risk management process, Health Services must establish their requirements for alarm systems (eg duress and intruder alarms) to ensure that staff members, patients, and Health Service assets are secure. A regular review of all alarm systems must occur as part of the risk management process.
12.
Lighting
As part of the facility security risk management process, Health Services must ensure, in consultation with staff and key stakeholders, that internal and external lighting is sufficient to eliminate, where reasonably practicable, or control security related risks and meet the relevant Australian Standards.
13.
Workplace Camera Surveillance
Health Services must ensure, in consultation with staff and key stakeholders, that where workplace camera surveillance is used as part of the facility security risk management program, effective procedures are developed and implemented that are consistent with relevant legislation. When implementing this policy, Health Services should review the Workplace Surveillance Act 2005 and the Workplace Surveillance Regulation 2005 in detail, to ensure that all relevant requirements are met. Note: Where a Health Service is considering the use of covert camera surveillance, the Health Service Chief Executive (or delegate) must seek the approval of the Director-General prior to applying for a ‘covert surveillance authority’.
___________________________________________________________________ Summary of Policy Statements: November 2005
3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
14.
Provision of Security Services
As part of the facility security risk management process, Health Services must ensure, in consultation with staff and key stakeholders, that appropriate security services are available to respond effectively to security related issues. Health Services, following the risk assessment process, are required to establish and document minimum standards for security services in each facility. Special Constables: As part of the facility security risk management process, Health Services must ensure that all practical violence risk control strategies are implemented prior to supporting an application for Special Constable status. The risk management process must be documented and may from time to time be reviewed by the Department of Health or other external agencies. The Department of Health does not support the creation of Special Constables in Health Services as a key security risk control strategy. (Note: Refer to Chapter 28 of this Manual for policy on the use of weapons by security staff.)
15.
Security in the Clinical Environment
As part of the facility security risk management process, Health Services must ensure, in consultation with staff and key stakeholders, that all reasonably foreseeable security risks associated with the clinical environment are identified, assessed, eliminated where reasonably practicable or effectively controlled. Health Services must ensure that the process is appropriately documented. Note: In implementing the requirements of this Chapter the following documents should also be consulted: • • • •
Memorandum of Understanding between NSW Police and NSW Health, and the accompanying flowcharts Mental Health For Emergency Departments (red book – May 2002) Management of Adults with Severe Behavioural Disturbance: Guidelines for Clinicians (green book – May 2002) and Guidelines on the Management of Challenging Behaviour in Residential Aged Care Facilities in NSW (Department of Health - August 2000)
Note: For issues relating to staff working in the community refer to Chapter 16 of this Manual.
16.
Security of Staff Working in the Community
As part of the facility security risk management process, Health Services must ensure, in consultation with staff and key stakeholders, that all reasonably foreseeable security risks associated with staff working in the community are identified, assessed, eliminated where reasonably practicable or effectively controlled. Health Services must ensure that the process is appropriately documented and that at all times staff working in the community have access to appropriate field equipment (eg torches) and communication devices.
___________________________________________________________________ Summary of Policy Statements: November 2005
4
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
17.
Security in Rural and Remote Health Services
As part of the facility risk management process, Health Services must consider the factors specific to rural and remote workplaces when ensuring, in consultation with staff and key stakeholders, that all reasonably foreseeable security risks are identified, assessed, eliminated where reasonably practicable or effectively controlled and the process appropriately documented. Where staff residences are provided they must be included in the facility risk management process.
18.
Security in Pharmacies
As part of the facility security risk management process, Health Services must ensure, in consultation with staff, key stakeholders and appropriate advisory bodies, that all reasonably foreseeable security risks associated with pharmacy areas are identified, assessed, eliminated where reasonably practicable or effectively controlled. Health Services must ensure that the process is appropriately documented and effective procedures are developed and implemented.
19.
Security in Car Parks
As part of the facility risk management process, Health Services must ensure, in consultation with staff and key stakeholders that: • • •
•
20.
All reasonably foreseeable security risks associated with car parks are identified, assessed, eliminated where reasonably practicable or effectively controlled The process is appropriately documented Effective car park security procedures are developed and implemented and Designated car spaces for afternoon and night shift staff are allocated where practicable and warranted by the risk assessment.
Security of Property
As part of the facility security risk management process, Health Services must ensure, in consultation with staff and key stakeholders, that all reasonably foreseeable security risks associated with the potential for theft are identified, assessed, eliminated where reasonable practicable or effectively controlled. Health Services must ensure that the process is appropriately documented and effective security procedures are developed and implemented to minimise theft.
21.
Security of Information
As part of the facility security risk management process, Health Services must ensure that all reasonably foreseeable security risks associated with the protection of official information and material (including electronic information) from unauthorised disclosure are identified, assessed, eliminated where reasonably practicable or effectively controlled. Health Services must ensure that the risk management process is undertaken in consultation with staff and key stakeholders, is appropriately documented and effective plans and procedures developed and implemented which reflect relevant legislation, information security standards and Government policy.
___________________________________________________________________ Summary of Policy Statements: November 2005
5
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
22.
Security of Medical Gases
As part of the facility security risk management process, Health Services must ensure, in consultation with staff, key stakeholders and appropriate advisory bodies, that all reasonably foreseeable security risks associated with storing medical gases are identified, assessed, eliminated where reasonably practicable or effectively controlled. Health Services must ensure that the process is appropriately documented and effective procedures are developed and implemented.
23.
Security of Radioactive Substances
As part of the facility security risk management process, Health Services must ensure, in consultation with staff, key stakeholders and appropriate advisory bodies, that all reasonably foreseeable security risks associated with radioactive substances are identified, assessed, eliminated where reasonably practicable or effectively controlled. Health Services must ensure that the process is appropriately documented and effective procedures are developed and implemented.
24.
Fire Security
As part of the facility security risk management process, Health Services must ensure, in consultation with staff, key stakeholders and appropriate advisory bodies, that all reasonably foreseeable security risks associated with fire are identified, assessed, eliminated where reasonably practicable or effectively controlled. Health Services must ensure that the process is appropriately documented and effective fire security procedures are developed and implemented.
25.
Bomb Threat
As part of the facility security risk management process, Health Services must ensure, in consultation with staff, key stakeholders and appropriate advisory bodies, that all reasonably foreseeable security risks associated with receiving bomb threats are identified, assessed, eliminated (where reasonably practicable) or effectively controlled. Health Services must ensure that the process is appropriately documented and effective bomb threat emergency procedures are developed and implemented.
26.
Violence
As part of the facility security risk management process, Health Services must ensure, in consultation with staff and key stakeholders, that all reasonably foreseeable risks associated with violence towards staff, patients or visitors by another individual are identified, assessed, eliminated (where reasonably practicable) or effectively controlled and that the process is appropriately documented. Note: Attention is drawn to the agreement between the NSW Nurses’ Association and NSW Health that in isolated facilities/units a minimum of two nurses must be rostered on each shift. If a second nurse is not available on a shift then a security officer should be hired or other appropriate personnel be in attendance. This agreement occurred in 1996 and was reflected in the 1996 and 1998 versions of the Security Manual which also stated that similar attention should be paid to the needs of community health workers who attend patients in isolated circumstances or in locations without ready access to support.
___________________________________________________________________ Summary of Policy Statements: November 2005
6
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
For the purposes of this Chapter, violence is defined as any incident in which an individual is abused, threatened or assaulted and includes verbal, physical or psychological abuse, threats or other intimidating behaviours, intentional physical attacks, aggravated assault, threats with an offensive weapon, sexual harassment and sexual assault.
27.
Armed Hold-up
As part of the facility security risk management process, Health Services must ensure, in consultation with staff and key stakeholders, that all reasonably foreseeable risks associated with armed hold-up are identified, assessed, eliminated where reasonably practicable or effectively controlled. Health Services must ensure that the process is appropriately documented and effective armed hold-up response procedures are developed and implemented.
28.
Use of Weapons by Security Staff
For the purposes of this Chapter weapons are defined as batons or handcuffs only. Schedule 1 of the Weapons Prohibition Act 1998 includes batons and handcuffs in its definition of weapons and as such there are legal implications for their use and misuse. No other weapons, as defined by the Weapons Prohibition Act 1998 will be considered for issue to security staff in Health Services. The Department of Health does not support the issuing of weapons to security staff as a key security risk control strategy. As part of the facility security risk management process, Health Services must ensure that all practical violence risk control strategies are implemented prior to considering issuing security staff with weapons. Health Services must take into consideration that issuing weapons to security staff has its own set of risks that also need to be identified, assessed, eliminated where reasonably practicable or controlled. These risks may include: • • •
The potential for weapons to be taken and used against staff, patients or visitors The potential for injury to staff who may use the weapons and the potential for injury to those the weapons are used against The potential for legal action over the use and misuse of weapons.
Note: Handcuffs are not to be used on patients. The risk management process must be documented and may from time to time be reviewed by the Department of Health or other external agencies.
29.
Duress Response Arrangements
As part of the facility security risk management process, Health Services must ensure that appropriate arrangements for providing an appropriate, timely and effective response to both clinical and other duress situations (including response to duress alarms) are developed and implemented in consultation with staff and key stakeholders.
30.
Effective Incident Management
Health Services must ensure that the policy outlined in Departmental policy directive PD2005_234 titled ‘Effective Incident Response: A Framework for the Prevention and Management in the Health Workplace’ (or subsequent revised policy) is implemented.
___________________________________________________________________ Summary of Policy Statements: November 2005
7
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities .
EQuIP Standard: The following table outlines the relevant security related EquIP standard. The effective implementation of the policies outlined in this Manual will ensure that the following EQuIP standards, to the level of MA are met. Standard 5.1 – A systemic risk management program is used to manage services and facilities and ensure that the safety and health or all persons within the organisations are protected. Criterion
5.1.6 Security management supports safe practice and a safe environment. NB: The organisation needs to achieve a rating of MA or higher for this criterion to gain ACHS accreditation
LA – Awareness
SA – Implementation (LA + the following)
MA – Evaluation (SA + the following)
There is an organisation-wide security policy.
There is an organisationwide system to assess security risks, determine priorities and eliminate risks or implement controls.
The system to manage security risks operates with reference to any relevant:
Major security risks are identified. Staff are instructed in, and understand their responsibilities, in security management. External service providers comply with requirements to eliminate or control on-site security risks.
EQuIP Standard (December 2003)
Ø Service planning includes strategies for security management.
Ø Ø
Staff are consulted to enable them to contribute to the decisions that affect organisational and personal security risks in the workplace. Security management plans are co-ordinated with any relevant external authorities.
Ø
Australian Standards state/ territory standards codes of practice industry guidelines.
The security management system is evaluated and improved to ensure it supports safe practice and a safe environment.
EA – Benchmarking (MA + the following) Performance indicators for security management are measured and compared internally and with external systems and improvements made, as required.
OA – Leader (EA + the following) The organisation is recognised as a leader in the development and implementation of systems for the management of security risks.
Index A ACCESS - SAMPLE RISK ASSESSMENT TOOL .................................................................................... 1.9 ACCESS CONTROL - CLINICAL ENVIRONMENT ................................................................................ 15.3 ACCESS CONTROL - CORE SECURITY ............................................................................................ 32.31 ACCESS CONTROL - DESIGN ISSUES.................................................................................................. 9.2 ACCESS CONTROL - DOORS................................................................................................................. 9.2 ACCESS CONTROL - GUIDELINES ........................................................................................................ 9.1 ACCESS CONTROL - IDENTIFICATION/ELECTRONIC ACCESS.......................................................... 9.4 ACCESS CONTROL - PERSONNEL/CONTRACTOR ID SYSTEMS....................................................... 9.3 ACCESS CONTROL - POLICY................................................................................................................. 9.1 ACCESS CONTROL - SCOPE OF DUTIES - SECURITY STAFF........................................................ 14.10 ACCESS CONTROL - SECURITY RISK MANAGEMENT........................................................................ 9.1 ACCESS CONTROL - SIGNS................................................................................................................... 9.3 ACCESS CONTROL - SUMMARY OF POLICY STATEMENTS ................................................................. 3 ACCESS CONTROL - VIDEO INTERCOM SYSTEMS ............................................................................ 9.3 ACCESS CONTROL - WINDOWS............................................................................................................ 9.3 ADMINISTRATION - SAMPLE RISK ASSESSMENT TOOL .................................................................. 1.13 ADMINISTRATION - SECURITY OF PROPERTY.................................................................................. 20.5 ADMINISTRATIVE CONTROLS - SECURITY RISK CONTROL .............................................................. 1.5 AFTER HOURS VISITS - WORKING AWAY FROM BASE.................................................................... 16.4 ALARM SYSTEMS - CORE SECURITY ............................................................................................... 32.35 ALARM SYSTEMS - DURESS ALARMS................................................................................................ 11.2 ALARM SYSTEMS - GUIDELINES......................................................................................................... 11.1 ALARM SYSTEMS - INSTALLING DURESS ALARM ............................................................................ 11.3 ALARM SYSTEMS - INTRUDER ALARMS ............................................................................................ 11.6 ALARM SYSTEMS - POLICY ................................................................................................................. 11.1 ALARM SYSTEMS - SECURITY RISK MANAGEMENT ........................................................................ 11.1 ALARM SYSTEMS - SUMMARY OF POLICY STATEMENTS .................................................................... 3 ALARM SYSTEMS - TRAINING ............................................................................................................. 11.5 APPENDICES - SUMMARY OF POLICY STATEMENTS ........................................................................... 1 ARMED HOLD-UP - GUIDELINES ......................................................................................................... 27.1 ARMED HOLD-UP - POLICY.................................................................................................................. 27.1 ARMED HOLD-UP - POST INCIDENT ISSUES ..................................................................................... 27.2 ARMED HOLD-UP - SAMPLE PROCEDURE - WHAT TO DO............................................................... 27.3 ARMED HOLD-UP - SECURITY RISK MANAGEMENT......................................................................... 27.1 ARMED HOLD-UP - SUMMARY OF POLICY STATEMENTS..................................................................... 7 ARMED HOLD-UP - UNPLANNED EVENTS........................................................................................ 32.71 ARMED HOLD-UP - WHAT TO DO - ARMED HOLD-UP ....................................................................... 27.2 ARRESTING POLICE - CUSTODY OF POLICE ...................................................................................... 6.7 ASSESSING/PRIORITISING RISK - RISK MANAGEMENT POLICY..................................................... 1.16 ASSESSMENT TOOL - CORE SECURITY RISK CONTROLS ............................................................ 32.30 ASSESSMENT TOOL - SECURITY RISK MANAGEMENT FRAMEWORK ......................................... 32.15 ASSESSMENT TOOL - SECURITY SURVEY - INTERPRETING .......................................................... 31.7
B BEDSIDE COURTS - CUSTODY OF POLICE.......................................................................................... 6.8 BOMB THREAT - BOMB THREAT - WHAT TO DO ............................................................................... 25.2 BOMB THREAT - CHECKLIST ............................................................................................................... 25.6 BOMB THREAT - GUIDELINES ............................................................................................................. 25.1 BOMB THREAT - HANDLING/IDENTIFYING - SUSPICIOUS ITEMS.................................................... 25.3 BOMB THREAT - IDENTIFYING/HANDLING - SUSPICIOUS ITEMS.................................................... 25.3 BOMB THREAT - POLICY...................................................................................................................... 25.1 BOMB THREAT - POST INCIDENT ISSUES ......................................................................................... 25.4
BOMB THREAT - PROCEDURE ............................................................................................................ 25.8 BOMB THREAT - RELATED RESOURCES ........................................................................................... 25.5 BOMB THREAT - SECURITY AND HOUSEKEEPING........................................................................... 25.2 BOMB THREAT - SECURITY RISK MANAGEMENT ............................................................................. 25.1 BOMB THREAT - SUMMARY OF POLICY STATEMENTS......................................................................... 6 BOMB THREAT - UNPLANNED EVENTS............................................................................................ 32.37 BOMB THREAT - WHAT TO DO - BOMB THREAT ............................................................................... 25.2 BUILDING DESIGN - CLINICAL ENVIRONMENT.................................................................................. 15.2
C CAR PARK/VEHICLE SECURITY - VIOLENCE ..................................................................................... 26.2 CAR PARKS - PRIORITY AREAS ........................................................................................................ 32.54 CAR PARKS - SUMMARY OF POLICY STATEMENTS.............................................................................. 5 CASH HANDLING - SAMPLE RISK ASSESSMENT TOOL ................................................................... 1.11 CASH HANDLING - SECURITY OF PROPERTY................................................................................... 20.6 CATERING - SECURITY OF PROPERTY.............................................................................................. 20.3 CHAPTER 1 - SECURITY RISK MANAGEMENT FRAMEWORK ............................................................ 1.1 CHAPTER 10 - KEY CONTROL ............................................................................................................. 10.1 CHAPTER 11 - ALARM SYSTEMS ........................................................................................................ 11.1 CHAPTER 13 - WORKPLACE CAMERA SURVEILLANCE ................................................................... 13.1 CHAPTER 14 - PROVISION OF SECURITY SERVICES....................................................................... 14.1 CHAPTER 15 - SECURITY IN THE CLINICAL ENVIRONMENT............................................................ 15.1 CHAPTER 16 - SECURITY OF STAFF WORKING IN THE COMMUNITY ............................................ 16.1 CHAPTER 17 - SECURITY IN RURAL AND REMOTE HEALTH SERVICES ........................................ 17.1 CHAPTER 18 - SECURITY IN PHARMACIES........................................................................................ 18.1 CHAPTER 19 - SECURITY IN CAR PARKS .......................................................................................... 19.1 CHAPTER 2 - RESPONSIBILITIES .......................................................................................................... 2.1 CHAPTER 20 - SECURITY PROPERTY ................................................................................................ 20.1 CHAPTER 21 - SECURITY OF INFORMATION..................................................................................... 21.1 CHAPTER 22 - SECURITY OF MEDICAL GASES................................................................................. 22.1 CHAPTER 23 - SECURITY OF RADIOACTIVE SUBSTANCES ............................................................ 23.1 CHAPTER 24 - FIRE SECURITY............................................................................................................ 24.1 CHAPTER 25 - BOMB THREAT ............................................................................................................. 25.1 CHAPTER 26 - VIOLENCE..................................................................................................................... 26.1 CHAPTER 27 - ARMED HOLD-UP......................................................................................................... 27.1 CHAPTER 28 - USE OF WEAPONS BY SECURITY STAFF ................................................................. 28.1 CHAPTER 29 - DURESS RESPONSE ARRANGEMENTS.................................................................... 29.1 CHAPTER 3 - SECURITY RISK MANAGEMENT - PLANNING PROCESS............................................. 3.1 CHAPTER 30 - EFFECTIVE INCIDENT MANAGEMENT....................................................................... 30.1 CHAPTER 31 - PART ONE - GUIDELINES............................................................................................ 31.1 CHAPTER 32 - PART TWO - ASSESSMENT TOOL.............................................................................. 32.1 CHAPTER 33 - PART THREE - IMPROVEMENT PLAN ........................................................................ 33.1 CHAPTER 4 - HEALTH FACILITY DESIGN STANDARDS ...................................................................... 4.1 CHAPTER 5 - HEALTH SERVICE LEASING - PROPERTY - EXTERNAL............................................... 5.1 CHAPTER 6 - SECURITY ARRANGEMENTS - PATIENT IN CUSTODY ................................................ 6.1 CHAPTER 7 - SECURITY EDUCATION AND TRAINING ........................................................................ 7.1 CHAPTER 8 - SECURITY CONTINUOUS IMPROVEMENT .................................................................... 8.1 CHAPTER 9 - ACCESS CONTROL.......................................................................................................... 9.1 CHECKLIST - BOMB THREAT ............................................................................................................... 25.6 CHECKLIST - SECURITY OF STAFF WORKING IN THE COMMUNITY ............................................ 16.11 CLIENT SERVICES - SCOPE OF DUTIES - SECURITY STAFF ........................................................... 14.9 CLINICAL ENVIRONMENT - ACCESS CONTROL ................................................................................ 15.3 CLINICAL ENVIRONMENT - BUILDING DESIGN.................................................................................. 15.2 CLINICAL ENVIRONMENT - EDUCATION/TRAINING .......................................................................... 15.4 CLINICAL ENVIRONMENT - GUIDELINES............................................................................................ 15.1 CLINICAL ENVIRONMENT - PATIENT LIAISON/MANAGEMENT......................................................... 15.3 CLINICAL ENVIRONMENT - PATIENT RESTRAINT ............................................................................. 15.6 CLINICAL ENVIRONMENT - PATIENTS - SECURITY NEEDS ............................................................. 15.7
CLINICAL ENVIRONMENT - POLICY .................................................................................................... 15.1 CLINICAL ENVIRONMENT - PRIORITY AREAS ................................................................................. 32.45 CLINICAL ENVIRONMENT - RELATED RESOURCES ......................................................................... 15.9 CLINICAL ENVIRONMENT - RESPONDING TO VIOLENCE ................................................................ 15.6 CLINICAL ENVIRONMENT - SEARCHING PATIENTS/VISITORS ........................................................ 15.5 CLINICAL ENVIRONMENT - SECURITY RISK MANAGEMENT ........................................................... 15.2 CLINICAL ENVIRONMENT - SECURITY SERVICES ............................................................................ 15.4 CLINICAL ENVIRONMENT - STAFF AWARENESS .............................................................................. 15.4 CLINICAL ENVIRONMENT - STAFFING ISSUES.................................................................................. 15.4 CLINICAL ENVIRONMENT - SUMMARY OF POLICY STATEMENTS ....................................................... 4 COMMUNICATION TECHNOLOGY - SECURITY IN RURAL/REMOTE AREAS................................... 17.3 COMMUNICATION TECHNOLOGY - SECURITY OF STAFF IN COMMUNITY .................................... 16.8 COMMUNITY - PRIORITY AREAS - STAFF WORKING...................................................................... 32.47 COMMUNITY HEALTH SERVICES - GUIDELINES - RISK MANAGEMENT ......................................... 16.1 COMMUNITY VISITS - WORKING AWAY FROM BASE ....................................................................... 16.2 COMPETENCY BASED TRAINING - GUIDELINES................................................................................. 7.3 CONCLUSION COMMUNITY VISITS - WORKING AWAY FROM BASE............................................... 16.4 CONDUCTING - SECURITY SURVEY - PROCESS OVERVIEW .......................................................... 31.2 CONSULTATION - GUIDELINES ............................................................................................................. 1.2 CONTINUOUS IMPROVEMENT - SECURITY RISK MANAGEMENT ................................................. 32.28 CONTINUOUS IMPROVEMENT - SUMMARY OF POLICY STATEMENTS............................................... 2 CONTRACTED SECURITY - WEAPONS - SECURITY STAFF ............................................................. 28.4 CORE SECURITY - ACCESS CONTROL ............................................................................................ 32.31 CORE SECURITY - ALARM SYSTEMS ............................................................................................... 32.35 CORE SECURITY - DURESS RESPONSE ARRANGEMENTS........................................................... 32.42 CORE SECURITY - KEY CONTROL.................................................................................................... 32.33 CORE SECURITY - LIGHTING............................................................................................................. 32.37 CORE SECURITY - PROVISION OF SECURITY SERVICES.............................................................. 32.38 CORE SECURITY RISK CONTROLS - ASSESSMENT TOOL ............................................................ 32.30 CORPORATE GOVERNANCE/ACCOUNTABILITY - GUIDELINES ...................................................... 26.1 CORRECTIVE SERVICES INMATES - PATIENTS IN CUSTODY ........................................................... 6.2 COVERT SURVEILLANCE - WORKPLACE CAMERA SURVEILLANCE .............................................. 13.7 CRIME PREVENTION - GUIDELINES ..................................................................................................... 4.1 CUSTODY OF POLICE - ARRESTING POLICE ...................................................................................... 6.7 CUSTODY OF POLICE - BEDSIDE COURTS.......................................................................................... 6.8 CUSTODY OF POLICE - FIREARMS..................................................................................................... 6.10 CUSTODY OF POLICE - INTRODUCTION.............................................................................................. 6.7 CUSTODY OF POLICE - MENTAL HEALTH PATIENTS ......................................................................... 6.9 CUSTODY OF POLICE - PATIENTS IN CUSTODY................................................................................. 6.7 CUSTODY OF POLICE - PERSONS REFUSED BAIL ............................................................................. 6.8 CUSTODY OF POLICE - POLICE GUARD .............................................................................................. 6.8 CUSTODY OF POLICE - RESTRAINTS................................................................................................... 6.9 CUSTODY OF POLICE - SUPERVISION................................................................................................. 6.9
D DEFINITIONS - HEALTH SERVICE ............................................................................................................ 2 DEFINITIONS - INTRODUCTION................................................................................................................ 1 DEFINITIONS - NSW HEALTH.................................................................................................................... 1 DEFINITIONS - SECURITY ......................................................................................................................... 1 DEFINITIONS - WORKPLACE CAMERA SURVEILLANCE................................................................... 13.1 DESIGN ISSUES - ACCESS CONTROL.................................................................................................. 9.2 DEVELOPING PERFORMANCE INDICATORS - GUIDELINES .............................................................. 8.2 DISPOSAL/STORAGE - WEAPONS - GUIDELINES ............................................................................. 14.7 DISTINGUISHING BETWEEN FUNDS - SPECIAL PURPOSE & TRUST FUND..................................... 4.3 DOCUMENTATION - WEAPONS - SECURITY STAFF ......................................................................... 28.3 DOORS - ACCESS CONTROL................................................................................................................. 9.2 DURESS ALARMS - ALARM SYSTEM .................................................................................................. 11.2 DURESS RESPONSE - DURESS RESPONSE ARRANGEMENTS ...................................................... 29.2
DURESS RESPONSE - SUMMARY OF POLICY STATEMENTS............................................................... 7 DURESS RESPONSE ARRANGEMENTS - CORE SECURITY........................................................... 32.42 DURESS RESPONSE ARRANGEMENTS - DURESS RESPONSE ...................................................... 29.2 DURESS RESPONSE ARRANGEMENTS - DURESS RESPONSE TEAMS ......................................... 29.3 DURESS RESPONSE ARRANGEMENTS - GUIDELINES .................................................................... 29.1 DURESS RESPONSE ARRANGEMENTS - MODEL RESPONSE PROCEDURES .............................. 29.6 DURESS RESPONSE ARRANGEMENTS - PLANNING/IMPLEMENTATION ....................................... 29.3 DURESS RESPONSE ARRANGEMENTS - POLICY............................................................................. 29.1 DURESS RESPONSE ARRANGEMENTS - POST INCIDENT ISSUES ................................................ 29.5 DURESS RESPONSE TEAMS - DURESS RESPONSE ARRANGEMENTS ......................................... 29.3 DURING COMMUNITY VISITS - WORKING AWAY FROM BASE ........................................................ 16.4
E EDUCATION - TRAINING - SECURITY RISK MANAGEMENT............................................................ 32.26 EDUCATION/TRAINING - CLINICAL ENVIRONMENT .......................................................................... 15.4 EDUCATION/TRAINING - SUMMARY OF POLICY STATEMENTS ........................................................... 2 EFFECTIVE INCIDENT MANAGEMENT - GUIDELINES ....................................................................... 30.1 EFFECTIVE INCIDENT MANAGEMENT - POLICY................................................................................ 30.1 EMERGENCY DEPARTMENTS - SAMPLE RISK ASSESSMENT TOOL.............................................. 1.12 EMERGENCY PROCEDURES - SAMPLE RISK ASSESSMENT TOOL................................................ 1.14 EMERGENCY RESPONSE - SCOPE OF DUTIES - SECURITY STAFF............................................... 14.9 ENGINEERING CONTROL - SECURITY RISK CONTROL ..................................................................... 1.5 ENGINEERING/MAINTENANCE - SECURITY OF PROPERTY ............................................................ 20.2 EQUIP STANDARDS - INTRODUCTION .................................................................................................... 2 ESCORTS - SCOPE OF DUTIES - SECURITY STAFF ......................................................................... 14.9 EVALUATION EDUCATION/TRAINING - GUIDELINES .......................................................................... 7.5 EVASIVE SELF-DEFENCE - GUIDELINES............................................................................................ 14.3 EVASIVE SELF-DEFENCE - SECURITY OF STAFF IN COMMUNITY ................................................. 16.7 EVASIVE SELF-DEFENCE TRAINING - GUIDELINES............................................................................ 7.4 EVENT OF A FIRE - FIRE SECURITY - WHAT TO DO ......................................................................... 24.2 EVIDENCE GUIDELINES - SECURITY IMPROVEMENT TOOL............................................................ 32.6 EXECUTION OF DUTY - GUIDELINES - USING FORCE...................................................................... 14.3 EXECUTIVE SUMMARY ........................................................................................................................ 31.1 EXTERNAL ORGANISATIONS - NATURE OF BUSINESS - LEASING................................................... 5.3 EXTERNAL ORGANISATIONS - PLACEMENT OF BUSINESS - LEASING............................................ 5.3 EXTERNAL ORGANISATIONS - SECURITY ARRANGEMENTS - LEASING ......................................... 5.3 EXTERNAL ORGANISATIONS - SECURITY RISK MANAGEMENT - LEASING..................................... 5.2 EXTERNAL PARTIES - GUIDELINES - LEASING - PROPERTY............................................................. 5.1 EXTERNAL PARTIES - LEGISLATIVE FRAMEWORK - LEASING.......................................................... 5.1 EXTERNAL PARTIES - POLICY - LEASING - PROPERTY ..................................................................... 5.1 EXTERNAL PARTIES - SECURITY RISK MANAGEMENT - LEASING ................................................... 5.2
F FIRE - SUMMARY OF POLICY STATEMENTS .......................................................................................... 6 FIRE - UNPLANNED EVENTS ............................................................................................................. 32.65 FIRE SECURITY - GUIDELINES ............................................................................................................ 24.1 FIRE SECURITY - POLICY .................................................................................................................... 24.1 FIRE SECURITY - POST INCIDENT ISSUES ........................................................................................ 24.2 FIRE SECURITY - SECURITY RISK MANAGEMENT............................................................................ 24.1 FIRE SECURITY - WHAT TO DO - EVENT OF A FIRE ......................................................................... 24.2 FIREARMS - CUSTODY OF POLICE..................................................................................................... 6.10 FORENSIC PATIENTS - PATIENTS IN CUSTODY ............................................................................... 6.10 FURTHER INFORMATION - SECURITY IN PHARMACIES .................................................................. 18.3
G GENERAL ISSUES - WORKPLACE CAMERA SURVEILLANCE .......................................................... 13.3 GUIDELINES - ACCESS CONTROL ........................................................................................................ 9.1 GUIDELINES - ALARM SYSTEMS......................................................................................................... 11.1 GUIDELINES - ARMED HOLD-UP ......................................................................................................... 27.1 GUIDELINES - BOMB THREAT ............................................................................................................. 25.1 GUIDELINES - CLINICAL ENVIRONMENT............................................................................................ 15.1 GUIDELINES - COMPETENCY BASED TRAINING................................................................................. 7.3 GUIDELINES - CONSULTATION ............................................................................................................. 1.2 GUIDELINES - CORPORATE GOVERNANCE ACCOUNTABILITY ...................................................... 26.1 GUIDELINES - CRIME PREVENTION ..................................................................................................... 4.1 GUIDELINES - DEVELOPING PERFORMANCE INDICATORS .............................................................. 8.2 GUIDELINES - DISPOSAL/STORAGE - WEAPONS ............................................................................. 14.7 GUIDELINES - DURESS RESPONSE ARRANGEMENTS .................................................................... 29.1 GUIDELINES - EFFECTIVE INCIDENT MANAGEMENT ....................................................................... 30.1 GUIDELINES - EVALUATION EDUCATION/TRAINING .......................................................................... 7.5 GUIDELINES - EVASIVE SELF-DEFENCE............................................................................................ 14.3 GUIDELINES - EVASIVE SELF-DEFENCE TRAINING............................................................................ 7.4 GUIDELINES - FIRE SECURITY ............................................................................................................ 24.1 GUIDELINES - HEALTH FACILITY DESIGN STANDARDS..................................................................... 4.1 GUIDELINES - HEALTH SERVICE LEASING - PROPERTY - EXTERNAL ............................................. 5.1 GUIDELINES - HEALTH SERVICE RESOURCES................................................................................... 7.4 GUIDELINES - HOW THE MANUAL IS ARRANGED.................................................................................. 2 GUIDELINES - KEY CONTROL.............................................................................................................. 10.1 GUIDELINES - LIGHTING ...................................................................................................................... 12.1 GUIDELINES - MEASURING/EVALUATING PERFORMANCE ............................................................... 8.2 GUIDELINES - OVERVIEW ...................................................................................................................... 1.1 GUIDELINES - PRIORITY AREAS ......................................................................................................... 15.1 GUIDELINES - PROVISION OF SECURITY SERVICES ....................................................................... 14.1 GUIDELINES - PROVISION OF TRAINING ............................................................................................. 7.3 GUIDELINES - RECOGNITION PRIOR LEARNING ................................................................................ 7.3 GUIDELINES - RESTORATION/RETENTION - WEAPONS .................................................................. 14.5 GUIDELINES - RESTRAINTS................................................................................................................. 14.4 GUIDELINES - RETENTION/RESTORATION - WEAPONS .................................................................. 14.5 GUIDELINES - RISK MANAGEMENT - COMMUNITY HEALTH SERVICES ......................................... 16.1 GUIDELINES - ROLE SECURITY SERVICES ....................................................................................... 14.2 GUIDELINES - SEARCHING PATIENTS/VISITORS.............................................................................. 14.4 GUIDELINES - SECURITY ARRANGEMENTS - PATIENTS IN CUSTODY ............................................ 6.1 GUIDELINES - SECURITY CONTINUOUS IMPROVEMENT................................................................... 8.1 GUIDELINES - SECURITY EDUCATION AND TRAINING ...................................................................... 7.2 GUIDELINES - SECURITY IN CAR PARKS ........................................................................................... 19.1 GUIDELINES - SECURITY IN PHARMACIES ........................................................................................ 18.1 GUIDELINES - SECURITY IN RURAL AND REMOTE HEALTH SERVICES ........................................ 17.1 GUIDELINES - SECURITY OF INFORMATION ..................................................................................... 21.1 GUIDELINES - SECURITY OF MEDICAL GASES ................................................................................. 22.1 GUIDELINES - SECURITY OF PROPERTY........................................................................................... 20.1 GUIDELINES - SECURITY OF RADIOACTIVE SUBSTANCES............................................................. 23.1 GUIDELINES - SECURITY OF STAFF WORKING IN COMMUNITY..................................................... 16.1 GUIDELINES - SECURITY RISK MANAGEMENT ................................................................................. 14.1 GUIDELINES - SECURITY RISK MANAGEMENT - PLANNING PROCESS ........................................... 3.1 GUIDELINES - SECURITY RISK MANAGEMENT POLICY AND PROGRAM ......................................... 1.1 GUIDELINES - SECURITY SURVEY ..................................................................................................... 31.3 GUIDELINES - SPACE MANAGEMENT .................................................................................................. 4.2 GUIDELINES - SPECIALIST TRAINING .................................................................................................. 7.5 GUIDELINES - STORAGE/DISPOSAL - WEAPONS ............................................................................. 14.7 GUIDELINES - SURVEILLANCE .............................................................................................................. 4.2 GUIDELINES - TERRITORIAL REINFORCEMENT ................................................................................. 4.1 GUIDELINES - TRAINING NEEDS........................................................................................................... 7.2
GUIDELINES - TYPES OF KEYS ........................................................................................................... GUIDELINES - USING FORCE - EXECUTION OF DUTY...................................................................... GUIDELINES - VIOLENCE ..................................................................................................................... GUIDELINES - WEAPONS - SECURITY STAFF ................................................................................... GUIDELINES - WORKPLACE CAMERA SURVEILLANCE ....................................................................
10.1 14.3 26.1 28.3 13.2
H HANDLING/IDENTIFYING - SUSPICIOUS ITEMS - BOMB THREAT.................................................... 25.3 HAZARD IDENTIFICATION - SECURITY RISK MANAGEMENT POLICY............................................... 1.3 HAZARD REPORTING - SECURITY RISK MANAGEMENT POLICY...................................................... 1.7 HEALTH FACILITY DESIGN STANDARDS - GUIDELINES..................................................................... 4.1 HEALTH FACILITY DESIGN STANDARDS - POLICY ............................................................................. 4.1 HEALTH FACILITY DESIGN STANDARDS - SUMMARY POLICY STATEMENTS .................................... 1 HEALTH FACILITY SCORE SHEET - SECURITY MANAGEMENT TOOL ............................................ 32.4 HEALTH SERVICE - DEFINITIONS ............................................................................................................ 2 HEALTH SERVICE LEASING - PROPERTY - EXTERNAL - GUIDELINES ............................................. 5.1 HEALTH SERVICE LEASING - PROPERTY - EXTERNAL - LEGISLATION ........................................... 5.1 HEALTH SERVICE LEASING - PROPERTY - EXTERNAL - POLICY...................................................... 5.1 HEALTH SERVICE LEASING - PROPERTY - EXTERNAL - RISK .......................................................... 5.2 HEALTH SERVICE LEASING PROPERTY - SUMMARY POLICY STATEMENTS..................................... 2 HEALTH SERVICE RESOURCES - GUIDELINES................................................................................... 7.4 HELICOPTER LANDINGS/DEPARTURES - SECURITY STAFF ......................................................... 14.10 HOW THE MANUAL IS ARRANGED - GUIDELINES.................................................................................. 2 HOW THE MANUAL IS ARRANGED - INTRODUCTION ............................................................................ 2 HOW THE MANUAL IS ARRANGED - LEGISLATIVE FRAMEWORK ........................................................ 2 HOW THE MANUAL IS ARRANGED - POLICY .......................................................................................... 2 HOW TO USE THE TOOL - SECURITY SURVEY ............................................................................... 31.10
I IDENTIFICATION - SCOPE OF DUTIES - SECURITY STAFF ............................................................ 14.10 IDENTIFICATION/ELECTRONIC ACCESS - ACCESS CONTROL.......................................................... 9.4 IDENTIFYING - SUSPICIOUS ITEMS .................................................................................................... 25.3 IDENTIFYING/HANDLING - SUSPICIOUS ITEMS - BOMB THREAT.................................................... 25.3 INCIDENT INFORMATION - SECURITY OF INFORMATION ................................................................ 21.3 INCIDENT INVESTIGATION - SECURITY RISK MANAGEMENT POLICY ............................................. 1.7 INCIDENT MANAGEMENT - SECURITY RISK MANAGEMENT POLICY ............................................... 1.7 INCIDENT MANAGEMENT - SUMMARY OF POLICY STATEMENTS ....................................................... 7 INCIDENT REPORTING - SECURITY RISK MANAGEMENT POLICY.................................................... 1.7 INCIDENT RESPONSE - SCOPE OF DUTIES - SECURITY STAFF ..................................................... 14.9 INFORMATION - PRIORITY AREAS.................................................................................................... 32.58 INFORMATION - SUMMARY OF POLICY STATEMENTS ......................................................................... 5 INJURY MANAGEMENT - SECURITY RISK MANAGEMENT POLICY ................................................... 1.8 INSTALLING DURESS ALARM - ALARM SYSTEMS ............................................................................ 11.3 INTERPRETING - ASSESSMENT TOOL - SECURITY SURVEY .......................................................... 31.7 INTRODUCTION - CUSTODY OF POLICE.............................................................................................. 6.7 INTRODUCTION - DEFINITIONS................................................................................................................ 1 INTRODUCTION - EQUIP STANDARDS .................................................................................................... 2 INTRODUCTION - HOW THE MANUAL IS ARRANGED ............................................................................ 2 INTRODUCTION - PURPOSE AND SCOPE OF DOCUMENT ................................................................... 1 INTRODUCTION - RELATED DOCUMENTS/LEGISLATION ..................................................................... 3 INTRODUCTION - SECURITY SURVEY................................................................................................ 31.3 INTRODUCTION - VERSIONS .................................................................................................................... 4 INTRUDER ALARMS - ALARM SYSTEMS ............................................................................................ 11.6 ISOLATED CENTRES - SECURITY OF STAFF WORKING IN COMMUNITY....................................... 16.5
J JUVENILE JUSTICE DETAINEES - PATIENTS IN CUSTODY ................................................................ 6.5
K KEY CONTROL - CORE SECURITY.................................................................................................... 32.33 KEY CONTROL - GUIDELINES.............................................................................................................. 10.1 KEY CONTROL - MANAGING KEYS ..................................................................................................... 10.2 KEY CONTROL - POLICY ...................................................................................................................... 10.1 KEY CONTROL - SAMPLE RISK ASSESSMENT TOOL ....................................................................... 1.10 KEY CONTROL - SCOPE OF DUTIES - SECURITY STAFF ............................................................... 14.10 KEY CONTROL - SECURITY RISK MANAGEMENT ............................................................................. 10.1 KEY CONTROL - SUMMARY OF POLICY STATEMENTS......................................................................... 3
L LABELLING INFORMATION - SECURITY OF INFORMATION ............................................................. 21.4 LANDSCAPING - SAMPLE RISK ASSESSMENT TOOL ......................................................................... 1.9 LAUNDRY - SECURITY OF PROPERTY ............................................................................................... 20.3 LEASING OF PROPERTY - SECURITY RISK MANAGEMENT........................................................... 32.21 LEASING PREMISES - ORGANISATIONS - NATURE OF BUSINESS ................................................... 5.3 LEASING PREMISES - ORGANISATIONS - PLACEMENT OF BUSINESS ............................................ 5.3 LEASING PREMISES - ORGANISATIONS - SECURITY ARRANGEMENTS.......................................... 5.3 LEASING PREMISES - ORGANISATIONS - SECURITY RISK MANAGEMENT ..................................... 5.2 LEGISLATION - SECURITY SURVEY - RELATED DOCUMENTS ...................................................... 31.12 LEGISLATIVE FRAMEWORK - HOW THE MANUAL IS ARRANGED ........................................................ 2 LEGISLATIVE FRAMEWORK - LEASING - PROPERTY - EXTERNAL ................................................... 5.1 LEGISLATIVE FRAMEWORK - SECURITY EDUCATION AND TRAINING............................................. 7.1 LEGISLATIVE FRAMEWORK - WEAPONS - OHS ACT 2000 ............................................................... 28.2 LEGISLATIVE FRAMEWORK - WEAPONS - SECURITY STAFF.......................................................... 28.1 LEGISLATIVE FRAMEWORK - WEAPONS - WEAPONS PROHIBITION REG..................................... 28.1 LEGISLATIVE FRAMEWORK - WORKPLACE CAMERA SURVEILLANCE .......................................... 13.1 LEGISLATIVE/POLICY ENVIRONMENT - SECURITY OF INFORMATION .......................................... 21.2 LICENSING REQUIREMENTS - MASTER SECURITY LICENCE ......................................................... 14.8 LICENSING REQUIREMENTS - PROVISION OF SECURITY SERVICES............................................ 14.8 LICENSING REQUIREMENTS - TYPES OF LICENCES ....................................................................... 14.8 LIGHTING - CORE SECURITY............................................................................................................. 32.37 LIGHTING - GUIDELINES ...................................................................................................................... 12.1 LIGHTING - POLICY............................................................................................................................... 12.1 LIGHTING - SAMPLE RISK ASSESSMENT TOOL .................................................................................. 1.9 LIGHTING - SECURITY RISK MANAGEMENT ...................................................................................... 12.1 LIGHTING - SUMMARY OF POLICY STATEMENTS.................................................................................. 3 LOCKING/UNLOCKING BUILDINGS - SCOPE DUTIES - SECURITY STAFF ...................................... 14.9
M MAIL DELIVERIES - SECURITY OF PROPERTY.................................................................................. 20.6 MANAGING KEYS - KEY CONTROL ..................................................................................................... 10.2 MASTER SECURITY LICENCE - LICENSING REQUIREMENTS ......................................................... 14.8 MEASURING/EVALUATING PERFORMANCE - GUIDELINES ............................................................... 8.2 MEDICAL GASES - PRIORITY AREAS................................................................................................ 32.60 MEDICAL GASES - SUMMARY OF POLICY STATEMENTS ..................................................................... 5 MEDICAL RECORDS - SAMPLE RISK ASSESSMENT TOOL .............................................................. 1.14 MENTAL HEALTH PATIENTS - CUSTODY OF POLICE ......................................................................... 6.9 MODEL DURESS RESPONSE PROCEDURES - ARRANGEMENTS ................................................... 29.6
MONITORING AND REVIEW - SECURITY RISK MANAGEMENT POLICY............................................ 1.6 MOVEMENT AT WORK - VIOLENCE .................................................................................................... 26.2
N NATURE OF BUSINESS - LEASING - EXTERNAL ORGANISATIONS................................................... 5.3 NSW HEALTH - DEFINITIONS.................................................................................................................... 1
O OCCUPATIONAL HEALTH SAFETY ACT 2000 - WEAPONS ............................................................... 28.2 OPERATING ROOMS - SAMPLE RISK ASSESSMENT TOOL ............................................................. 1.12 OVERT CAMERA - WORKPLACE CAMERA SURVEILLANCE ............................................................. 13.2 OVERVIEW - GUIDELINES ...................................................................................................................... 1.1 OVERVIEW - SECURITY SURVEY........................................................................................................ 31.5
P PARKING CONTROL - SCOPE OF DUTIES - SECURITY STAFF ........................................................ 14.9 PATIENT LIAISON/MANAGEMENT - CLINICAL ENVIRONMENT......................................................... 15.3 PATIENT RESTRAINT - CLINICAL ENVIRONMENT ............................................................................. 15.6 PATIENTS - SECURITY NEEDS - CLINICAL ENVIRONMENT ............................................................. 15.7 PATIENTS IN CUSTODY - CORRECTIVE SERVICES INMATES ........................................................... 6.2 PATIENTS IN CUSTODY - CUSTODY OF POLICE................................................................................. 6.7 PATIENTS IN CUSTODY - FORENSIC PATIENTS ............................................................................... 6.10 PATIENTS IN CUSTODY - GUIDELINES - SECURITY ARRANGEMENTS ............................................ 6.1 PATIENTS IN CUSTODY - JUVENILE JUSTICE DETAINEES ................................................................ 6.5 PATIENTS IN CUSTODY - POLICY - SECURITY ARRANGEMENTS..................................................... 6.1 PATIENTS IN CUSTODY - SECURITY RISK MANAGEMENT ............................................................ 32.24 PATIENTS IN CUSTODY - SECURITY RISK MANAGEMENT - ARRANGEMENT ................................. 6.1 PATIENTS IN CUSTODY - SUMMARY OF POLICY STATEMENTS .......................................................... 2 PATIENTS' PROPERTY - SECURITY OF PROPERTY ......................................................................... 20.6 PATROLLING - SCOPE OF DUTIES - SECURITY STAFF .................................................................... 14.9 PERSONAL HEALTH INFORMATION - SECURITY OF INFORMATION .............................................. 21.3 PERSONAL PROTECTIVE EQUIPMENT - SECURITY RISK CONTROL ............................................... 1.6 PERSONNEL/CONTRACTOR ID SYSTEMS - ACCESS CONTROL....................................................... 9.3 PERSONS REFUSED BAIL - CUSTODY OF POLICE ............................................................................. 6.8 PHARMACIES - PRIORITY AREAS ..................................................................................................... 32.52 PHARMACIES - SUMMARY OF POLICY STATEMENTS........................................................................... 5 PLACEMENT OF BUSINESS - LEASING PREMISES - ORGANISATIONS ............................................ 5.3 PLACEMENT OF CAMERAS - WORKPLACE CAMERA SURVEILLANCE ........................................... 13.5 PLANNING PROCESS - GUIDELINES - SECURITY RISK MANAGEMENT ........................................... 3.1 PLANNING PROCESS - POLICY - SECURITY RISK MANAGEMENT.................................................... 3.1 PLANNING PROCESS - SECURITY RISK MANAGEMENT ................................................................ 32.19 PLANNING/IMPLEMENTATION/REVIEWING - DURESS RESPONSE................................................. 29.3 POLICE GUARD - CUSTODY OF POLICE .............................................................................................. 6.8 POLICY - ACCESS CONTROL................................................................................................................. 9.1 POLICY - ALARM SYSTEMS ................................................................................................................. 11.1 POLICY - ARMED HOLD-UP.................................................................................................................. 27.1 POLICY - BOMB THREAT ...................................................................................................................... 25.1 POLICY - CLINICAL ENVIRONMENT .................................................................................................... 15.1 POLICY - DURESS RESPONSE ARRANGEMENTS............................................................................. 29.1 POLICY - EFFECTIVE INCIDENT MANAGEMENT................................................................................ 30.1 POLICY - FIRE SECURITY .................................................................................................................... 24.1 POLICY - HEALTH FACILITY DESIGN STANDARDS ............................................................................. 4.1 POLICY - HEALTH SERVICE LEASING - PROPERTY - EXTERNAL...................................................... 5.1 POLICY - HOW THE MANUAL IS ARRANGED .......................................................................................... 2
POLICY - KEY CONTROL ...................................................................................................................... 10.1 POLICY - LIGHTING............................................................................................................................... 12.1 POLICY - PROVISION OF SECURITY SERVICES................................................................................ 14.1 POLICY - SECURITY ARRANGEMENTS - PATIENTS IN CUSTODY..................................................... 6.1 POLICY - SECURITY CONTINUOUS IMPROVEMENT ........................................................................... 8.1 POLICY - SECURITY EDUCATION AND TRAINING ............................................................................... 7.1 POLICY - SECURITY IN CAR PARKS ................................................................................................... 19.1 POLICY - SECURITY IN PHARMACIES ................................................................................................ 18.1 POLICY - SECURITY IN RURAL AND REMOTE HEALTH SERVICES ................................................. 17.1 POLICY - SECURITY OF INFORMATION.............................................................................................. 21.1 POLICY - SECURITY OF MEDICAL GASES ......................................................................................... 22.1 POLICY - SECURITY OF PROPERTY ................................................................................................... 20.1 POLICY - SECURITY OF RADIOACTIVE SUBSTANCES ..................................................................... 23.1 POLICY - SECURITY OF STAFF WORKING IN THE COMMUNITY ..................................................... 16.1 POLICY - SECURITY RISK MANAGEMENT - PLANNING PROCESS.................................................... 3.1 POLICY - SECURITY RISK MANAGEMENT POLICY AND PROGRAM.................................................. 1.1 POLICY - VIOLENCE.............................................................................................................................. 26.1 POLICY - WEAPONS - SECURITY STAFF............................................................................................ 28.1 POLICY - WORKPLACE CAMERA SURVEILLANCE ............................................................................ 13.1 POLICY AND PROGRAM - SECURITY RISK MANAGEMENT............................................................ 32.16 POST INCIDENT ISSUES - ARMED HOLD-UP ..................................................................................... 27.2 POST INCIDENT ISSUES - BOMB THREAT ......................................................................................... 25.4 POST INCIDENT ISSUES - DURESS RESPONSE ARRANGEMENTS ................................................ 29.5 POST INCIDENT ISSUES - FIRE SECURITY ........................................................................................ 24.2 POST INCIDENT ISSUES - VIOLENCE ................................................................................................. 26.5 PRECAUTION - SECURITY OF STAFF WORKING IN COMMUNITY ................................................... 16.9 PRE-EMPLOYMENT SCREENING - PROVISION SECURITY SERVICES ........................................... 14.8 PRIOR TO LEAVING BASE - WORKING AWAY FROM BASE.............................................................. 16.4 PRIORITY AREAS - CAR PARKS ........................................................................................................ 32.54 PRIORITY AREAS - CLINICAL ENVIRONMENT ................................................................................. 32.45 PRIORITY AREAS - GUIDELINES ......................................................................................................... 15.1 PRIORITY AREAS - INFORMATION.................................................................................................... 32.58 PRIORITY AREAS - MEDICAL GASES................................................................................................ 32.60 PRIORITY AREAS - PHARMACIES ..................................................................................................... 32.52 PRIORITY AREAS - PROPERTY ......................................................................................................... 32.55 PRIORITY AREAS - RADIOACTIVE SUBSTANCES ........................................................................... 32.62 PRIORITY AREAS - RURAL - REMOTE FACILITIES .......................................................................... 32.49 PRIORITY AREAS - STAFF WORKING - COMMUNITY...................................................................... 32.47 PRIORITY WORKPLACES - SECURITY RISK CONTROL...................................................................... 1.6 PROCEDURE - BOMB THREAT ............................................................................................................ 25.8 PROCESS OVERVIEW - CONDUCTING - SECURITY SURVEY .......................................................... 31.2 PROHIBITED SURVEILLANCE - WORKPLACE CAMERA SURVEILLANCE ....................................... 13.7 PROPERTY - EXTERNAL - GUIDELINES - HEALTH SERVICE LEASING ............................................. 5.1 PROPERTY - EXTERNAL - LEGISLATIVE - HEALTH SERVICE LEASING............................................ 5.1 PROPERTY - EXTERNAL - POLICY - HEALTH SERVICE LEASING...................................................... 5.1 PROPERTY - EXTERNAL - SECURITY RISK - HEALTH SERVICE LEASING ....................................... 5.2 PROPERTY - PRIORITY AREAS ......................................................................................................... 32.55 PROPERTY - SUMMARY OF POLICY STATEMENTS............................................................................... 5 PROVISION OF SECURITY SERVICES - CORE SECURITY.............................................................. 32.38 PROVISION OF SECURITY SERVICES - EVASIVE SELF-DEFENCE ................................................. 14.3 PROVISION OF SECURITY SERVICES - GUIDELINES ....................................................................... 14.1 PROVISION OF SECURITY SERVICES - LICENSING REQUIREMENTS............................................ 14.8 PROVISION OF SECURITY SERVICES - POLICY................................................................................ 14.1 PROVISION OF SECURITY SERVICES - PRE-EMPLOYMENT SCREENING ..................................... 14.8 PROVISION OF SECURITY SERVICES - RESTRAINTS ...................................................................... 14.4 PROVISION OF SECURITY SERVICES - RETENTION - WEAPONS................................................... 14.5 PROVISION OF SECURITY SERVICES - ROLE OF SECURITY SERVICES ....................................... 14.2 PROVISION OF SECURITY SERVICES - SCOPE OF DUTIES - STAFF.............................................. 14.9 PROVISION OF SECURITY SERVICES - SEARCHING PATIENTS/VISITORS.................................... 14.4 PROVISION OF SECURITY SERVICES - SECURITY RISK MANAGEMENT ....................................... 14.1
PROVISION OF SECURITY SERVICES - STORAGE/DISPOSAL WEAPONS ..................................... 14.7 PROVISION OF SECURITY SERVICES - SUMMARY OF POLICY............................................................ 3 PROVISION OF SECURITY SERVICES - USING FORCE .................................................................... 14.3 PROVISION OF TRAINING - GUIDELINES ............................................................................................. 7.3 PURPOSE AND SCOPE - SECURITY SURVEY.................................................................................... 31.3 PURPOSE AND SCOPE OF DOCUMENT - INTRODUCTION ................................................................... 1
R RADIOACTIVE SUBSTANCES - PRIORITY AREAS ........................................................................... 32.62 RADIOACTIVE SUBSTANCES - SUMMARY OF POLICY STATEMENTS ................................................. 6 RECOGNITION PRIOR LEARNING - GUIDELINES ................................................................................ 7.3 RELATED DOCUMENTS - LEGISLATION - SECURITY SURVEY ...................................................... 31.12 RELATED DOCUMENTS/LEGISLATION - INTRODUCTION...................................................................... 3 RELATED PROCEDURES - WORKPLACE CAMERA SURVEILLANCE ............................................... 13.5 RELATED RESOURCES - BOMB THREAT ........................................................................................... 25.5 RELATED RESOURCES - CLINICAL ENVIRONMENT ......................................................................... 15.9 RELATED RESOURCES - SECURITY IN RURAL/REMOTE HEALTH SERVICES............................... 17.4 RELATED RESOURCES - SECURITY OF PROPERTY ........................................................................ 20.7 REMOTE FACILITIES - PRIORITY AREAS - RURAL .......................................................................... 32.49 REPORTS/INVESTIGATIONS - SCOPE OF DUTIES - SECURITY STAFF ........................................ 14.10 RESPONDING - SUSPICIOUS ITEMS................................................................................................... 25.4 RESPONDING TO VIOLENCE - CLINICAL ENVIRONMENT ................................................................ 15.6 RESPONSIBILITIES ................................................................................................................................. 2.1 RESPONSIBILITIES - SECURITY RISK MANAGEMENT .................................................................... 32.18 RESPONSIBILITIES - SUMMARY OF POLICY STATEMENTS.................................................................. 1 RESTORATION/RETENTION - WEAPONS - GUIDELINES .................................................................. 14.5 RESTRAINTS - CUSTODY OF POLICE................................................................................................... 6.9 RESTRAINTS - GUIDELINES................................................................................................................. 14.4 RETENTION/RESTORATION - WEAPONS - GUIDELINES .................................................................. 14.5 RISK ASSESSMENT - SECURITY RISK MANAGEMENT POLICY/PROGRAM...................................... 1.4 RISK CONTROL - SECURITY RISK MANAGEMENT POLICY/PROGRAM ............................................ 1.5 RISK MANAGEMENT - COMMUNITY HEALTH SERVICES - GUIDELINES ......................................... 16.1 RISK MANAGEMENT - GUIDELINES .................................................................................................... 14.1 RISK MANAGEMENT - SECURITY IN RURAL/REMOTE HEALTH SERVICES.................................... 17.1 RISK MANAGEMENT - SECURITY OF INFORMATION........................................................................ 21.1 RISK MANAGEMENT - SECURITY OF MEDICAL GASES.................................................................... 22.1 RISK MANAGEMENT - SECURITY OF RADIOACTIVE SUBSTANCES ............................................... 23.1 RISK MANAGEMENT - VIOLENCE........................................................................................................ 26.2 ROLE SECURITY SERVICES - GUIDELINES ....................................................................................... 14.2 RURAL - REMOTE FACILITIES - PRIORITY AREAS .......................................................................... 32.49 RURAL/REMOTE HEALTH SERVICES - SUMMARY POLICY STATEMENTS .......................................... 4
S SAMPLE PROCEDURE - WHAT TO DO - ARMED HOLD-UP............................................................... 27.3 SAMPLE RISK ASSESSMENT TOOL - ACCESS .................................................................................... 1.9 SAMPLE RISK ASSESSMENT TOOL - ADMINISTRATION .................................................................. 1.13 SAMPLE RISK ASSESSMENT TOOL - CASH HANDLING ................................................................... 1.11 SAMPLE RISK ASSESSMENT TOOL - EMERGENCY DEPARTMENTS.............................................. 1.12 SAMPLE RISK ASSESSMENT TOOL - EMERGENCY PROCEDURES................................................ 1.14 SAMPLE RISK ASSESSMENT TOOL - KEY CONTROL ....................................................................... 1.10 SAMPLE RISK ASSESSMENT TOOL - LANDSCAPING ......................................................................... 1.9 SAMPLE RISK ASSESSMENT TOOL - LIGHTING .................................................................................. 1.9 SAMPLE RISK ASSESSMENT TOOL - MEDICAL RECORDS .............................................................. 1.14 SAMPLE RISK ASSESSMENT TOOL - OPERATING ROOMS ............................................................. 1.12 SAMPLE RISK ASSESSMENT TOOL - SECURITY DOCUMENTATION .............................................. 1.11 SAMPLE RISK ASSESSMENT TOOL - SECURITY EQUIPMENT......................................................... 1.14
SAMPLE RISK ASSESSMENT TOOL - SECURITY RISK MANAGEMENT ............................................. 1.9 SAMPLE RISK ASSESSMENT TOOL - STAFF LIVING QUARTERS .................................................... 1.13 SAMPLE RISK ASSESSMENT TOOL - STORES .................................................................................. 1.11 SAMPLE RISK ASSESSMENT TOOL - VEHICLES ............................................................................... 1.13 SAMPLE RISK ASSESSMENT TOOL - WARDS/DEPARTMENTS........................................................ 1.12 SCOPE OF DUTIES - SECURITY STAFF - ACCESS CONTROL........................................................ 14.10 SCOPE OF DUTIES - SECURITY STAFF - CLIENT SERVICES ........................................................... 14.9 SCOPE OF DUTIES - SECURITY STAFF - EMERGENCY RESPONSE............................................... 14.9 SCOPE OF DUTIES - SECURITY STAFF - ESCORTS ......................................................................... 14.9 SCOPE OF DUTIES - SECURITY STAFF - HELICOPTER LANDINGS............................................... 14.10 SCOPE OF DUTIES - SECURITY STAFF - IDENTIFICATION ............................................................ 14.10 SCOPE OF DUTIES - SECURITY STAFF - INCIDENT RESPONSE ..................................................... 14.9 SCOPE OF DUTIES - SECURITY STAFF - KEY CONTROL ............................................................... 14.10 SCOPE OF DUTIES - SECURITY STAFF - LOCKING/UNLOCKING .................................................... 14.9 SCOPE OF DUTIES - SECURITY STAFF - PARKING CONTROL ........................................................ 14.9 SCOPE OF DUTIES - SECURITY STAFF - PATROLLING .................................................................... 14.9 SCOPE OF DUTIES - SECURITY STAFF - PROVISION OF SERVICES.............................................. 14.9 SCOPE OF DUTIES - SECURITY STAFF - REPORTS/INVESTIGATIONS ........................................ 14.10 SCREENING AREAS - SUSPICIOUS ITEMS......................................................................................... 25.3 SEARCHING PATIENTS/VISITORS - CLINICAL ENVIRONMENT ........................................................ 15.5 SEARCHING PATIENTS/VISITORS - GUIDELINES.............................................................................. 14.4 SEARCHING PERSONS/PROPERTY - SECURITY OF PROPERTY.................................................... 20.7 SECURITY - DEFINITIONS ......................................................................................................................... 1 SECURITY AND HOUSEKEEPING - BOMB THREAT........................................................................... 25.2 SECURITY ARRANGEMENTS - LEASING - EXTERNAL ORGANISATIONS ......................................... 5.3 SECURITY ARRANGEMENTS - PATIENTS IN CUSTODY - GUIDELINES ............................................ 6.1 SECURITY ARRANGEMENTS - PATIENTS IN CUSTODY - POLICY..................................................... 6.1 SECURITY ARRANGEMENTS - PATIENTS IN CUSTODY - SECURITY RISK....................................... 6.1 SECURITY CONTINUOUS IMPROVEMENT - GUIDELINES................................................................... 8.1 SECURITY CONTINUOUS IMPROVEMENT - POLICY ........................................................................... 8.1 SECURITY DOCUMENTATION - SAMPLE RISK ASSESSMENT TOOL .............................................. 1.11 SECURITY EDUCATION AND TRAINING - EVALUATION ..................................................................... 7.5 SECURITY EDUCATION AND TRAINING - EVASIVE SELF-DEFENCE................................................. 7.4 SECURITY EDUCATION AND TRAINING - GUIDELINES ...................................................................... 7.2 SECURITY EDUCATION AND TRAINING - HEALTH SERVICE RESOURCES...................................... 7.4 SECURITY EDUCATION AND TRAINING - LEGISLATIVE FRAMEWORK............................................. 7.1 SECURITY EDUCATION AND TRAINING - MANAGING VIOLENT BEHAVIOUR .................................. 7.4 SECURITY EDUCATION AND TRAINING - NEEDS - STAFF ................................................................. 7.2 SECURITY EDUCATION AND TRAINING - POLICY ............................................................................... 7.1 SECURITY EDUCATION AND TRAINING - PROVISION OF TRAINING ................................................ 7.3 SECURITY EDUCATION AND TRAINING - RECOGNITION PRIOR LEARNING ................................... 7.3 SECURITY EDUCATION AND TRAINING - SPECIALIST TRAINING ..................................................... 7.5 SECURITY EQUIPMENT - SAMPLE RISK ASSESSMENT TOOL......................................................... 1.14 SECURITY IMPROVEMENT PLAN ........................................................................................................ 33.1 SECURITY IMPROVEMENT TOOL - EVIDENCE GUIDELINES............................................................ 32.6 SECURITY IMPROVEMENT TOOL - HEALTH FACILITY SCORE SHEET ........................................... 32.4 SECURITY IN CAR PARKS - GUIDELINES ........................................................................................... 19.1 SECURITY IN CAR PARKS - POLICY ................................................................................................... 19.1 SECURITY IN CAR PARKS - SECURITY RISK MANAGEMENT........................................................... 19.1 SECURITY IN PHARMACIES - FURTHER INFORMATION .................................................................. 18.3 SECURITY IN PHARMACIES - GUIDELINES ........................................................................................ 18.1 SECURITY IN PHARMACIES - POLICY ................................................................................................ 18.1 SECURITY IN PHARMACIES - SECURITY RISK MANAGEMENT........................................................ 18.1 SECURITY IN RURAL/REMOTE HEALTH SERVICES - COMMUNICATION........................................ 17.3 SECURITY IN RURAL/REMOTE HEALTH SERVICES - GUIDELINES ................................................. 17.1 SECURITY IN RURAL/REMOTE HEALTH SERVICES - POLICY.......................................................... 17.1 SECURITY IN RURAL/REMOTE HEALTH SERVICES - RELATED RESOURCES............................... 17.4 SECURITY IN RURAL/REMOTE HEALTH SERVICES - RISK MANAGEMENT.................................... 17.1 SECURITY NEEDS - CLINICAL ENVIRONMENT - PATIENTS ............................................................. 15.7 SECURITY OF INFORMATION - GUIDELINES ..................................................................................... 21.1
SECURITY OF INFORMATION - INCIDENT INFORMATION ................................................................ 21.3 SECURITY OF INFORMATION - LABELLING INFORMATION ............................................................. 21.4 SECURITY OF INFORMATION - LEGISLATIVE/POLICY ENVIRONMENT .......................................... 21.2 SECURITY OF INFORMATION - PERSONAL HEALTH INFORMATION .............................................. 21.3 SECURITY OF INFORMATION - POLICY.............................................................................................. 21.1 SECURITY OF INFORMATION - SECURITY RISK MANAGEMENT..................................................... 21.1 SECURITY OF MEDICAL GASES - GUIDELINES ................................................................................. 22.1 SECURITY OF MEDICAL GASES - POLICY ......................................................................................... 22.1 SECURITY OF MEDICAL GASES - SECURITY RISK MANAGEMENT................................................. 22.1 SECURITY OF PROPERTY - ADMINISTRATION.................................................................................. 20.5 SECURITY OF PROPERTY - CASH HANDLING................................................................................... 20.6 SECURITY OF PROPERTY - CATERING.............................................................................................. 20.3 SECURITY OF PROPERTY - ENGINEERING/MAINTENANCE ............................................................ 20.2 SECURITY OF PROPERTY - GUIDELINES .......................................................................................... 20.1 SECURITY OF PROPERTY - LAUNDRY ............................................................................................... 20.3 SECURITY OF PROPERTY - MAIL DELIVERIES.................................................................................. 20.6 SECURITY OF PROPERTY - PATIENTS' PROPERTY ......................................................................... 20.6 SECURITY OF PROPERTY - POLICY ................................................................................................... 20.1 SECURITY OF PROPERTY - RELATED RESOURCES ........................................................................ 20.7 SECURITY OF PROPERTY - SEARCHING PERSONS/PROPERTY.................................................... 20.7 SECURITY OF PROPERTY - SECURITY RISK MANAGEMENT .......................................................... 20.1 SECURITY OF PROPERTY - SPECIFIC AREAS FOR ATTENTION..................................................... 20.2 SECURITY OF PROPERTY - STAFF PROPERTY ................................................................................ 20.7 SECURITY OF PROPERTY - STORES ................................................................................................. 20.4 SECURITY OF PROPERTY - TRANSPORT .......................................................................................... 20.2 SECURITY OF RADIOACTIVE SUBSTANCES - GUIDELINES............................................................. 23.1 SECURITY OF RADIOACTIVE SUBSTANCES - POLICY ..................................................................... 23.1 SECURITY OF RADIOACTIVE SUBSTANCES - RISK MANAGEMENT ............................................... 23.1 SECURITY OF RADIOACTIVE SUBSTANCES - TRANSPORT OF ...................................................... 23.2 SECURITY OF STAFF WORKING IN COMMUNITY - CHECKLIST .................................................... 16.11 SECURITY OF STAFF WORKING IN COMMUNITY - COMMUNICATION ........................................... 16.8 SECURITY OF STAFF WORKING IN COMMUNITY - GUIDELINES..................................................... 16.1 SECURITY OF STAFF WORKING IN COMMUNITY - ISOLATED CENTRES....................................... 16.5 SECURITY OF STAFF WORKING IN COMMUNITY - POLICY ............................................................. 16.1 SECURITY OF STAFF WORKING IN COMMUNITY - PRECAUTIONS................................................. 16.9 SECURITY OF STAFF WORKING IN COMMUNITY - RISK MANAGEMENT........................................ 16.1 SECURITY OF STAFF WORKING IN COMMUNITY - SELF DEFENCE ............................................... 16.7 SECURITY OF STAFF WORKING IN COMMUNITY - VIOLENT BEHAVIOUR ..................................... 16.6 SECURITY OF STAFF WORKING IN COMMUNITY - WORKING AWAY ............................................. 16.2 SECURITY RISK CONTROL - ADMINISTRATIVE CONTROLS .............................................................. 1.5 SECURITY RISK CONTROL - ENGINEERING CONTROL ..................................................................... 1.5 SECURITY RISK CONTROL - PERSONAL PROTECTIVE EQUIPMENT ............................................... 1.6 SECURITY RISK CONTROL - PRIORITY WORKPLACES ...................................................................... 1.6 SECURITY RISK MANAGEMENT - ACCESS CONTROL........................................................................ 9.1 SECURITY RISK MANAGEMENT - ARMED HOLD-UP......................................................................... 27.1 SECURITY RISK MANAGEMENT - BOMB THREAT ............................................................................. 25.1 SECURITY RISK MANAGEMENT - CLINICAL ENVIRONMENT ........................................................... 15.2 SECURITY RISK MANAGEMENT - CONTINUOUS IMPROVEMENT ................................................. 32.28 SECURITY RISK MANAGEMENT - EDUCATION - TRAINING............................................................ 32.26 SECURITY RISK MANAGEMENT - FIRE SECURITY............................................................................ 24.1 SECURITY RISK MANAGEMENT - KEY CONTROL ............................................................................. 10.1 SECURITY RISK MANAGEMENT - LEASING - EXTERNAL ORGANISATIONS..................................... 5.2 SECURITY RISK MANAGEMENT - LEASING - PROPERTY - EXTERNAL ............................................ 5.2 SECURITY RISK MANAGEMENT - LEASING OF PROPERTY........................................................... 32.21 SECURITY RISK MANAGEMENT - LIGHTING ...................................................................................... 12.1 SECURITY RISK MANAGEMENT - PATIENTS IN CUSTODY ............................................................ 32.24 SECURITY RISK MANAGEMENT - PLANNING PROCESS ................................................................ 32.19 SECURITY RISK MANAGEMENT - PLANNING PROCESS - GUIDELINES ........................................... 3.1 SECURITY RISK MANAGEMENT - PLANNING PROCESS - POLICY.................................................... 3.1 SECURITY RISK MANAGEMENT - POLICY AND PROGRAM............................................................ 32.16
SECURITY RISK MANAGEMENT - RESPONSIBILITIES .................................................................... 32.18 SECURITY RISK MANAGEMENT - SECURITY - PATIENTS IN CUSTODY ........................................... 6.1 SECURITY RISK MANAGEMENT - SECURITY IN CAR PARKS........................................................... 19.1 SECURITY RISK MANAGEMENT - SECURITY IN PHARMACIES........................................................ 18.1 SECURITY RISK MANAGEMENT - SECURITY OF PROPERTY .......................................................... 20.1 SECURITY RISK MANAGEMENT - SUMMARY OF POLICY STATEMENTS ............................................ 1 SECURITY RISK MANAGEMENT FRAMEWORK - ASSESSMENT TOOL ......................................... 32.15 SECURITY RISK MANAGEMENT PLANNING PROCESS - SUMMARY.................................................... 1 SECURITY RISK MANAGEMENT POLICY/PROGRAM - ASSESSING RISK ....................................... 1.16 SECURITY RISK MANAGEMENT POLICY/PROGRAM - ASSESSMENT TOOL .................................... 1.9 SECURITY RISK MANAGEMENT POLICY/PROGRAM - GUIDELINES.................................................. 1.1 SECURITY RISK MANAGEMENT POLICY/PROGRAM - HAZARD REPORTING .................................. 1.7 SECURITY RISK MANAGEMENT POLICY/PROGRAM - HAZARDS ...................................................... 1.3 SECURITY RISK MANAGEMENT POLICY/PROGRAM - INCIDENT INVEST ........................................ 1.7 SECURITY RISK MANAGEMENT POLICY/PROGRAM - INCIDENT MANAGE ...................................... 1.7 SECURITY RISK MANAGEMENT POLICY/PROGRAM - INCIDENT REPORTING ................................ 1.7 SECURITY RISK MANAGEMENT POLICY/PROGRAM - INJURY MANAGEMENT................................ 1.8 SECURITY RISK MANAGEMENT POLICY/PROGRAM - MONITORING/REVIEW ................................. 1.6 SECURITY RISK MANAGEMENT POLICY/PROGRAM - POLICY .......................................................... 1.1 SECURITY RISK MANAGEMENT POLICY/PROGRAM - RISK ASSESSMENT ..................................... 1.4 SECURITY RISK MANAGEMENT POLICY/PROGRAM - RISK CONTROL ............................................ 1.5 SECURITY SERVICES - CLINICAL ENVIRONMENT ............................................................................ 15.4 SECURITY STAFF - ACCESS CONTROL - SCOPE OF DUTIES........................................................ 14.10 SECURITY STAFF - CLIENT SERVICES - SCOPE OF DUTIES ........................................................... 14.9 SECURITY STAFF - CONTRACTED SECURITY - WEAPONS ............................................................. 28.4 SECURITY STAFF - DOCUMENTATION - WEAPONS ......................................................................... 28.3 SECURITY STAFF - EMERGENCY RESPONSE - SCOPE OF DUTIES............................................... 14.9 SECURITY STAFF - ESCORTS - SCOPE OF DUTIES ......................................................................... 14.9 SECURITY STAFF - GUIDELINES - WEAPONS ................................................................................... 28.3 SECURITY STAFF - HELICOPTER LANDINGS/DEPARTURES - SCOPE ......................................... 14.10 SECURITY STAFF - IDENTIFICATION - SCOPE OF DUTIES ............................................................ 14.10 SECURITY STAFF - INCIDENT RESPONSE - SCOPE OF DUTIES ..................................................... 14.9 SECURITY STAFF - KEY CONTROL - SCOPE OF DUTIES ............................................................... 14.10 SECURITY STAFF - LEGISLATIVE FRAMEWORK - WEAPONS.......................................................... 28.1 SECURITY STAFF - LOCKING/UNLOCKING BUILDINGS - SCOPE .................................................... 14.9 SECURITY STAFF - PARKING CONTROL - SCOPE OF DUTIES ........................................................ 14.9 SECURITY STAFF - PATROLLING - SCOPE OF DUTIES .................................................................... 14.9 SECURITY STAFF - POLICY - WEAPONS............................................................................................ 28.1 SECURITY STAFF - PROVISION SECURITY SERVICES - SCOPE..................................................... 14.9 SECURITY STAFF - REPORTS/INVESTIGATIONS - SCOPE OF DUTIES ........................................ 14.10 SECURITY SURVEY - GUIDELINES ..................................................................................................... 31.3 SECURITY SURVEY - HOW TO USE THE TOOL ............................................................................... 31.10 SECURITY SURVEY - INTERPRETING - ASSESSMENT TOOL .......................................................... 31.7 SECURITY SURVEY - INTRODUCTION................................................................................................ 31.3 SECURITY SURVEY - OVERVIEW........................................................................................................ 31.5 SECURITY SURVEY - PROCESS OVERVIEW - CONDUCTING .......................................................... 31.2 SECURITY SURVEY - PURPOSE AND SCOPE.................................................................................... 31.3 SECURITY SURVEY - RELATED DOCUMENTS - LEGISLATION ...................................................... 31.12 SECURITY SURVEY - STATUS OF TOOL ............................................................................................ 31.4 SECURITY SURVEY - TARGET GROUP .............................................................................................. 31.4 SIGNS - ACCESS CONTROL................................................................................................................... 9.3 SPACE MANAGEMENT - GUIDELINES .................................................................................................. 4.2 SPECIALIST TRAINING - GUIDELINES .................................................................................................. 7.5 SPECIFIC AREAS FOR ATTENTION - SECURITY OF PROPERTY..................................................... 20.2 STAFF ACCOMMODATION - VIOLENCE.............................................................................................. 26.3 STAFF AT NIGHT - VIOLENCE.............................................................................................................. 26.3 STAFF AWARENESS - CLINICAL ENVIRONMENT .............................................................................. 15.4 STAFF LIVING QUARTERS - SAMPLE RISK ASSESSMENT TOOL .................................................... 1.13 STAFF PROPERTY - SECURITY OF PROPERTY ................................................................................ 20.7 STAFF WORKING - COMMUNITY - PRIORITY AREAS...................................................................... 32.47
STAFF WORKING IN COMMUNITY - SUMMARY POLICY STATEMENTS ............................................... 4 STAFFING ISSUES - CLINICAL ENVIRONMENT.................................................................................. 15.4 STAFFING ISSUES - WORKPLACE CAMERA SURVEILLANCE.......................................................... 13.4 STATUS OF TOOL - SECURITY SURVEY ............................................................................................ 31.4 STORAGE/DISPOSAL - WEAPONS - GUIDELINES ............................................................................. 14.7 STORES - SAMPLE RISK ASSESSMENT TOOL .................................................................................. 1.11 STORES - SECURITY OF PROPERTY ................................................................................................. 20.4 SUMMARY OF POLICY STATEMENTS - ACCESS CONTROL ............................................................ 3, 3 SUMMARY OF POLICY STATEMENTS - ALARM SYSTEMS ............................................................... 3, 3 SUMMARY OF POLICY STATEMENTS - APPENDICES ........................................................................... 1 SUMMARY OF POLICY STATEMENTS - ARMED HOLD-UP ............................................................... 7, 7 SUMMARY OF POLICY STATEMENTS - BOMB THREAT.................................................................... 6, 6 SUMMARY OF POLICY STATEMENTS - CAMERA SURVEILLANCE ....................................................... 3 SUMMARY OF POLICY STATEMENTS - CAR PARKS......................................................................... 5, 5 SUMMARY OF POLICY STATEMENTS - CLINICAL ENVIRONMENT .................................................. 4, 4 SUMMARY OF POLICY STATEMENTS - CONTINUOUS IMPROVEMENT .......................................... 2, 2 SUMMARY OF POLICY STATEMENTS - DESIGN STANDARDS......................................................... 1, 1 SUMMARY OF POLICY STATEMENTS - DURESS RESPONSE.......................................................... 7, 7 SUMMARY OF POLICY STATEMENTS - EDUCATION AND TRAINING.............................................. 2, SUMMARY OF POLICY STATEMENTS - FIRE .......................................................................................... SUMMARY OF POLICY STATEMENTS - FIRE SECURITY ....................................................................... SUMMARY OF POLICY STATEMENTS - INCIDENT MANAGEMENT .................................................. 7,
2 6 6 7
SUMMARY OF POLICY STATEMENTS - INFORMATION .................................................................... 5, 5 SUMMARY OF POLICY STATEMENTS - KEY CONTROL.................................................................... 3, 3 SUMMARY OF POLICY STATEMENTS - LEASING OF PROPERTY ........................................................ 2 SUMMARY OF POLICY STATEMENTS - LEASING PROPERTY .............................................................. 2 SUMMARY OF POLICY STATEMENTS - LIGHTING............................................................................. 3, 3 SUMMARY OF POLICY STATEMENTS - MEDICAL GASES ................................................................ 5, 6 SUMMARY OF POLICY STATEMENTS - PATIENTS IN CUSTODY ..................................................... 2, 2 SUMMARY OF POLICY STATEMENTS - PHARMACIES...................................................................... 5, 5 SUMMARY OF POLICY STATEMENTS - PLANNING PROCESS.............................................................. 1 SUMMARY OF POLICY STATEMENTS - PROGRAM ................................................................................ 1 SUMMARY OF POLICY STATEMENTS - PROPERTY.......................................................................... 5, 5 SUMMARY OF POLICY STATEMENTS - PROVISION SECURITY SERVICES......................................... 3 SUMMARY OF POLICY STATEMENTS - RADIOACTIVE SUBSTANCES ............................................ 6, 6 SUMMARY OF POLICY STATEMENTS - RESPONSIBILITIES............................................................. 1, SUMMARY OF POLICY STATEMENTS - RISK MANAGEMENT PLANNING ............................................ SUMMARY OF POLICY STATEMENTS - RURAL/REMOTE HEALTH SERVICES .................................... SUMMARY OF POLICY STATEMENTS - RURAL/REMOTE SERVICES ................................................... SUMMARY OF POLICY STATEMENTS - SECURITY RISK MANAGEMENT ............................................ SUMMARY OF POLICY STATEMENTS - SECURITY SERVICES ............................................................. SUMMARY OF POLICY STATEMENTS - STAFF IN COMMUNITY............................................................ SUMMARY OF POLICY STATEMENTS - STAFF WORKING COMMUNITY.............................................. SUMMARY OF POLICY STATEMENTS - VIDEO SURVEILLANCE ...........................................................
1 1 4 5 1 4 4 4 3
SUMMARY OF POLICY STATEMENTS - VIOLENCE ........................................................................... 6, 6 SUMMARY OF POLICY STATEMENTS - WEAPONS ........................................................................... 7, 7 SUPERVISION - CUSTODY OF POLICE................................................................................................. 6.9 SURVEILLANCE - GUIDELINES .............................................................................................................. 4.2 SURVEILLANCE RECORDS - WORKPLACE CAMERA SURVEILLANCE ........................................... 13.6 SUSPICIOUS ITEMS - BOMB THREAT - HANDLING/IDENTIFYING.................................................... 25.3 SUSPICIOUS ITEMS - BOMB THREAT - IDENTIFYING/HANDLING.................................................... 25.3 SUSPICIOUS ITEMS - IDENTIFYING .................................................................................................... 25.3 SUSPICIOUS ITEMS - RESPONDING................................................................................................... 25.4 SUSPICIOUS ITEMS - SCREENING AREAS ........................................................................................ 25.3
T TARGET GROUP - SECURITY SURVEY .............................................................................................. 31.4 TERRITORIAL REINFORCEMENT - GUIDELINES ................................................................................. 4.1 TRAINING - ALARMS SYSTEMS ........................................................................................................... 11.5 TRAINING - SECURITY RISK MANAGEMENT - EDUCATION............................................................ 32.26 TRAINING NEEDS - GUIDELINES........................................................................................................... 7.2 TRANSPORT - SECURITY OF PROPERTY .......................................................................................... 20.2 TRANSPORT RADIOACTIVE SUBSTANCES - SECURITY .................................................................. 23.2 TRANSPORTING CASH - VIOLENCE ................................................................................................... 26.3 TYPES OF KEYS - GUIDELINES ........................................................................................................... 10.1 TYPES OF LICENCES - LICENSING REQUIREMENTS ....................................................................... 14.8
U UNPLANNED EVENTS - ARMED HOLD-UP ....................................................................................... 32.71 UNPLANNED EVENTS - BOMB THREAT............................................................................................ 32.67 UNPLANNED EVENTS - FIRE ............................................................................................................. 32.65 UNPLANNED EVENTS - VIOLENCE ................................................................................................... 32.69 USING FORCE - EXECUTION OF DUTY - GUIDELINES...................................................................... 14.3
V VEHICLE/CAR PARK SECURITY - VIOLENCE ..................................................................................... 26.2 VEHICLES - SAMPLE RISK ASSESSMENT TOOL ............................................................................... 1.13 VERSIONS - INTRODUCTION .................................................................................................................... 4 VIDEO INTERCOM SYSTEMS - ACCESS CONTROL ............................................................................ 9.3 VIDEO SURVEILLANCE - SUMMARY OF POLICY STATEMENTS ........................................................... 3 VIOLENCE - CAR PARK/VEHICLE SECURITY ..................................................................................... 26.2 VIOLENCE - GUIDELINES ..................................................................................................................... 26.1 VIOLENCE - MOVEMENT AT WORK .................................................................................................... 26.2 VIOLENCE - POLICY.............................................................................................................................. 26.1 VIOLENCE - POST INCIDENT ISSUES ................................................................................................. 26.5 VIOLENCE - RISK MANAGEMENT........................................................................................................ 26.2 VIOLENCE - STAFF ACCOMMODATION.............................................................................................. 26.3 VIOLENCE - STAFF AT NIGHT.............................................................................................................. 26.3 VIOLENCE - SUMMARY OF POLICY STATEMENTS ................................................................................ 6 VIOLENCE - TRANSPORTING CASH ................................................................................................... 26.3 VIOLENCE - UNPLANNED EVENTS ................................................................................................... 32.69 VIOLENCE - VEHICLE/CAR PARK SECURITY ..................................................................................... 26.2 VIOLENCE - VIOLENT BEHAVIOUR ..................................................................................................... 26.3 VIOLENCE - ZERO TOLERANCE POLICY ............................................................................................ 26.5 VIOLENT BEHAVIOUR - SECURITY OF STAFF WORKING IN COMMUNITY ..................................... 16.6 VIOLENT BEHAVIOUR - VIOLENCE ..................................................................................................... 26.3
W WARDS/DEPARTMENTS - SAMPLE RISK ASSESSMENT TOOL........................................................ WEAPONS - GUIDELINES - DISPOSAL/STORAGE ............................................................................. WEAPONS - GUIDELINES - RESTORATION/RETENTION .................................................................. WEAPONS - GUIDELINES - RETENTION/RESTORATION .................................................................. WEAPONS - GUIDELINES - STORAGE/DISPOSAL ............................................................................. WEAPONS - OHS ACT 2000 - LEGISLATIVE FRAMEWORK ............................................................... WEAPONS - SECURITY STAFF - CONTRACTED SECURITY ............................................................. WEAPONS - SECURITY STAFF - DOCUMENTATION ......................................................................... WEAPONS - SECURITY STAFF - GUIDELINES ...................................................................................
1.12 14.7 14.5 14.5 14.7 28.2 28.4 28.3 28.3
WEAPONS - SECURITY STAFF - LEGISLATIVE FRAMEWORK.......................................................... 28.1 WEAPONS - SECURITY STAFF - POLICY............................................................................................ 28.1 WEAPONS - SUMMARY OF POLICY STATEMENTS ................................................................................ 7 WEAPONS - WEAPONS PROHIBITION REG 1999 - LEGISLATION.................................................... 28.1 WEAPONS PROHIBITION REG 1999 - LEGISLATION - WEAPONS.................................................... 28.1 WHAT TO DO - ARMED HOLD-UP ........................................................................................................ 27.2 WHAT TO DO - ARMED HOLD-UP - SAMPLE PROCEDURE............................................................... 27.2 WHAT TO DO - BOMB THREAT ............................................................................................................ 25.2 WHAT TO DO - EVENT OF A FIRE - FIRE SECURITY ......................................................................... 24.2 WINDOWS - ACCESS CONTROL............................................................................................................ 9.3 WORKING AWAY FROM BASE - AFTER HOURS VISITS.................................................................... 16.4 WORKING AWAY FROM BASE - COMMUNITY VISITS ....................................................................... 16.2 WORKING AWAY FROM BASE - CONCLUSION COMMUNITY VISITS............................................... 16.4 WORKING AWAY FROM BASE - DURING COMMUNITY VISITS ........................................................ 16.4 WORKING AWAY FROM BASE - PRIOR TO LEAVING BASE.............................................................. 16.4 WORKING AWAY FROM BASE - SECURITY - STAFF IN COMMUNITY.............................................. 16.2 WORKPLACE CAMERA SURVEILLANCE - COVERT SURVEILLANCE .............................................. 13.7 WORKPLACE CAMERA SURVEILLANCE - DEFINITIONS................................................................... 13.1 WORKPLACE CAMERA SURVEILLANCE - GENERAL ISSUES .......................................................... 13.3 WORKPLACE CAMERA SURVEILLANCE - GUIDELINES.................................................................... 13.2 WORKPLACE CAMERA SURVEILLANCE - LEGISLATIVE FRAMEWORK .......................................... 13.1 WORKPLACE CAMERA SURVEILLANCE - OVERT CAMERA ............................................................. 13.2 WORKPLACE CAMERA SURVEILLANCE - PLACEMENT OF CAMERAS ........................................... 13.5 WORKPLACE CAMERA SURVEILLANCE - POLICY ............................................................................ 13.1 WORKPLACE CAMERA SURVEILLANCE - PROHIBITED SURVEILLANCE ....................................... 13.7 WORKPLACE CAMERA SURVEILLANCE - RELATED PROCEDURES............................................... 13.5 WORKPLACE CAMERA SURVEILLANCE - STAFFING ISSUES.......................................................... 13.4 WORKPLACE CAMERA SURVEILLANCE - SURVEILLANCE RECORDS ........................................... 13.6
Z ZERO TOLERANCE POLICY - VIOLENCE............................................................................................ 26.5
Security Risk Management Framework
Security Risk Management Policy and Program Responsibilities Security Risk Management in the Planning Process Health Facility Design Standards Health Service Leasing of Property to or from External Parties Security Arrangements for Patients in Custody Security Education and Training Security Continuous Improvement
SECTION 2
Core Security Risk Controls
Access Control Key Control Alarm Systems Lighting Workplace Camera Surveillance Provision of Security Services
SECTION 3
1 2 3 4 5 6 7 8
9 10 11 12 13 14
Security Risk Controls in Priority Areas
Security in the Clinical Environment Security of Staff Working in the Community Security in Rural and Remote Health Services Security in Pharmacies Security in Car Parks Security of Property Security of Information Security of Medical Gases Security of Radioactive Substances
15 16 17 18 19 20 21 22 23
SECTION 4
Security Risk Controls in Unplanned Events
Fire Bomb Threat Violence Armed Hold-up Use of Weapons by Security Staff Duress Response Arrangements Effective Incident Management
SECTION 5
24 25 26 27 28 29 30
Security Continuous Improvement Program
Guidelines Assessment Tool Improvement Plan
Appendices Summary of Policy Statements EQuIP Standard 5.1.6
Index
(November 2005)
31 32 33
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities
December 2003
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Published by: Department of Health, NSW 73 Miller Street NORTH SYDNEY NSW 2060 Copies available through: Audit Branch Locked Mail Bag 961 NORTH SYDNEY NSW 2059 Phone: Facsimile:
(02) 9391-9402 (02) 9391-9417
ISBN 0 7347 3628 2 State Health Publication No. (HR) 030288
Security Risk Management Policy and Program (December 2003)
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Introduction Purpose and Scope of Document: The purpose of the NSW Health document ‘Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities’ (The Manual) is to: • •
Outline NSW Health policy on key aspects of personal and property security and Assist Health Services to maintain an effective security program that is based on a structured, on-going risk management process, consultation, appropriate documentation and record keeping and regular monitoring and evaluation.
The Manual reinforces the need for management, staff and their representatives to work together to achieve continuous improvement in security management. This Manual has been developed for use by all NSW Health staff. It will be of particular use to managers with security related accountabilities and other staff participating in security risk assessments and developing strategies to address security hazards. It should also be used by assets management personnel during the procurement process.
Definitions: Security: For the purposes of this Manual, security is the protection of a person from violence, threats and/or intentional harm; the protection of information from unauthorised disclosure and the protection of property from intended damage and theft. NSW Health: For the purposes of this Manual, Health Service refers collectively to all Area Health Services, all statutory health corporations and all affiliated health organisations. This Manual does not apply to the Ambulance Service of NSW which has specific service related security standards. Health Service: For the purposes of this Manual, Health Service refers individually to all Area Health Services, all statutory health corporations and all affiliated health organisations.
Introduction (December 2003)
1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
How the Manual is Arranged: This Manual is made up of a series of chapters and divided into four sections: Section 1 Section 2 Section 3 Section 4
Security Risk Management Framework Core Security Risk Controls Security Risk Controls in Priority Areas Security Risk Controls in Unplanned Events
As a Manual, this document is not intended to be read from cover to cover. However, those responsible for security risk management will need to have an active awareness of the issues covered in this document. Each chapter deals with a key aspect of personal or property security and has the following sections: •
Policy
This section outlines NSW Health policy on the relevant issue. Health Services must comply with the policy outlined in each chapter. Policy is always presented at the start of each chapter. •
Legislative Framework
This section appears in some chapters, where an overview of the relevant legislation is necessary to set the context for further action. •
Guidelines
The guidelines are to assist Health Services, by way of advice and information, regarding the policy statement outlined in the chapter.
EQuIP Standards The Australian Council on Healthcare Standards EQuIP (Evaluation and Quality Improvement Program) standards provide a framework, including an external accreditation process, for quality improvement and safe care and service. Appendix 2, at the end of this Manual, outlines the relevant EQuIP standards. Effective implementation of the policy in each chapter will enable Health Services to meet the relevant EQuIP standards.
Related Documents and Legislation: The following NSW Health documents should be closely consulted when using this Manual: • •
Zero Tolerance Policy and Framework Guidelines (Circular 2003/48) Workplace Health and Safety: A Better Practice Guide (Circular 2004/87).
Introduction (December 2003)
2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Other documents to be considered in conjunction with this Manual include: • • • • • • • • • • • • •
Corporate Governance and Accountability in Health – A Better Practice Reference Guide (Department of Health and Health Services Association of NSW – December 2002) Mental Health for Emergency Departments – A Reference Guide (2002) Management of Adults with Severe Behavioural Disturbances – Guidelines for Clinicians in NSW Health (2002) Working Group for Mental Health Care in Emergency Departments – Final Report and Recommendations Effective Incident Response: A Framework for Prevention and Management in the Health Workplace (Circular 2002/19) Design Series: Health Facility Guideline – Security and Safety (Circular 2003/13) Local Area or facility disaster management plans Reportable Incident Briefs to the NSW Department of Health (Circular 2003/88) NSW Health Policy and Procedures for Injury Management and Return to Work (Circular 2003/75) Australian Standard 4485.1-1997 – Security for Health Care Facilities (Part 1: General Requirements)# Australian Standard 4485.2-1997 - Security for Health Care Facilities (Part 2: Procedures Guide)# Australian Standard 4083-1997 – Planning for Emergencies; Healthcare Facilities WorkCover NSW – Violence in the Workplace Guide (2002).
#EQuIP
standards require the management of security risks with reference to any relevant Australian Standards. In line with this, reference should be made to Australian Standard 4485.1-1997 – Security for Health Care Facilities (Part 1: General Requirements) and Australian Standard 4485.2-1997 – Security for Health Care Facilities (Part 2: Procedures Guide). Legislation to be considered in conjunction with this Manual includes: • • • • • • •
Occupational Health and Safety Act 2000 Occupational Health and Safety Regulation 2001 Security Industry Act 1997 (including Master Licence and Security Organisation Code of Practice) Security Industry Regulation 1998 Weapons Prohibition Regulation 1999 Workplace Surveillance Act 1998 WorkCover Code of Practice – Cash in Transit (2002).
Versions: Previous versions of this Manual, referred to as the ‘Safety and Security Manual: Minimum Standards for Health Care Facilities’ were issued in 1996 and 1998.
Introduction (December 2003)
3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
This version of the Manual now titled ‘Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities’ expands on the requirements for risk management and consultation, in line with the recent changes to occupational health and safety legislation. In addition this version of the Manual focuses on security risks, as safety issues are more effectively dealt with in other Departmental documents. This is a living document, and comments or suggestions are welcomed and should be sent to: Manager, Employee Relations Policy Employee Relations Division NSW Department of Health Locked Mail Bag 961 NORTH SYDNEY NSW 2059
**********
Introduction (December 2003)
4
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
1.
Security Risk Management Policy and Program
Policy: Health Services will have in place a security risk management policy, signed by the chief executive officer, and an effective and appropriately maintained security risk management program developed, in consultation with staff, which ensures that: Ø All reasonably foreseeable security related hazards are identified and assessed Ø Risks associated with these hazards are eliminated where reasonably practicable Ø Where the risk cannot be eliminated, appropriate control strategies, consistent with the hierarchy of controls, are implemented so that risks are reduced to the lowest practicable level Ø Each stage of the risk management process is documented and made available to relevant parties Ø Incidents are reported and investigated and Ø Risk control strategies are monitored and regularly evaluated for effectiveness.
Guidelines: Overview of Security Risk Management: For the purposes of this document security risk management refers to the systematic application of management policies, procedures and practices to the tasks of establishing the context and identifying, assessing, controlling, monitoring and communicating risk. Security risk management encompasses the assessment of all aspects of the clinical and non-clinical environment, including consideration of internal and external risks. The NSW Occupational Health and Safety Act 2000 (the OHS Act) and the Occupational Health and Safety Regulation 2001 (The OHS Regulation) require employers to identify the hazards, assess the risks arising from the hazards in their workplaces and develop strategies to eliminate or control these risks.
Security Risk Management Policy and Program (December 2003)
1-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
This process is referred to as risk management. Risk management consists of four steps: Ø Ø Ø Ø
Step 1 Step 2 Step 3 Step 4
- Hazard Identification - Risk Assessment - Risk Control - Monitoring and Review.
The security risk management process should be undertaken, in consultation with staff, by individuals who have expertise in the areas being assessed. Ideally, a multidisciplinary team of clinical, non-clinical and security experts will undertake the appropriate aspects of the process. In undertaking risk management particular consideration should be given to the requirements of the Security Industry Act 1997 which requires security activities to be undertaken by appropriately licensed security officers. The Act defines security activities in the following way: (a) Acting as a body guard, crowd controller or bouncer (b) Patrolling, protecting, watching or guarding any property (including cash in transit) (c) Installing, maintaining, repairing or servicing security equipment (d) Providing advice in relation to security equipment or security methods or principles (e) An activity, or class of activities, that is connected with security or the protection of persons or property that is prescribed by the regulations (f) Providing training or instruction in relation to any activity referred to in paragraphs (a) to (e) (g) Employing or providing persons to carry on any activity referred to in paragraphs (a) to (f). Consultation as an Essential Part of Risk Management: The OHS Act, and OHS Regulation and Consultation Code of Practice outline consultation requirements in relation to occupational health, safety and welfare and should be referred to when establishing consultative arrangements. The purpose of consultation is to enable staff to contribute to decision making that affects their health, safety and welfare at work. In particular the OHS Act requires employers to consult with their staff on local consultation mechanisms for OHS. Consultation is a pivotal activity at all stages of the risk management process. Staff are most likely to know the risks associated with their work and may be in the best position to suggest effective controls. During the security risk management process consultation should also occur with other appropriate stakeholders such as police and security professionals.
Security Risk Management Policy and Program (December 2003)
1-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Staff involvement in the risk management process will help ensure ownership of, and commitment to any changes to work procedures, practices, equipment or environment directed towards improving personal and property security. Effective consultation involves both staff and unions. Consultation can occur though formal or informal processes and may involve direct or representational participation. Important consultative forum are the Occupational Health and Safety Committee and/or OHS representatives.
Step 1 - Security Hazard Identification: In order to eliminate or control factors that can affect the security of people and property, a structured process for identifying security hazards that exist in the workplace needs to be undertaken. Security hazard identification is the process of identifying all situations, procedures, events or factors in the workplace and during the course of work (including the design of premises and during work related travel) where security hazards could cause physical or psychological injury or illness, the unauthorised disclosure of information or loss of or damage to property. The OHS Regulation 2001 makes specific reference to the requirement that employers take reasonable care to identify hazards arising from the potential for workplace violence. To ensure that all aspects of the work system and environment are considered, security hazard identification should include: Ø Observing tasks being performed Ø Reviewing incident, first aid and workers compensation statistics, incident reports, hazard reports and any other available data Ø Reviewing results of recent security incident investigations Ø Reviewing results of recent duress response operational reviews Ø Consulting with staff in the workplace to determine what they think the hazards are (the needs/issues for casual/agency staff, volunteers and students on placement should be considered) Ø Consulting with other stakeholders as appropriate, including external agencies (eg police) Ø Observing the work area being assessed to see and hear what is happening Ø Formal workplace inspections and security audits Ø Developing scenarios about what could happen in the event of a security incident and Ø Analysing violent incidents and security breaches. In line with the requirements of the OHS Regulation 2001 employers are required to ensure that effective procedures are in place, and implemented, to identify security hazards: Ø Immediately prior to using the premises for the first time as a place of work Ø Before changes to work practices and systems of work are introduced
Security Risk Management Policy and Program (December 2003)
1-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Ø While work is being carried out Ø When new or additional information from an authoritative source relevant to the security of the employees of the employer becomes available.
Step 2 - Security Risk Assessment: Security risk assessment is the process of determining how likely it is that someone could be harmed or property damaged/stolen and how serious the consequences might be. The OHS Regulation 2001 requires employers to assess the risk of harm to the health or safety of staff and any other people at the employer’s place of work (eg patients and visitors). Factors to consider in assessing security risks are: Ø Ø Ø Ø Ø
Extent of exposure to the hazard (frequency and duration) Severity of potential injury/illness or loss associated with the risk Likelihood of injury/illness/loss/damage occurring Number of people/amount of property at risk and Existing control strategies.
The process of assessment involves: Ø Ø Ø Ø
Consulting with staff and their representatives Examining the experience of the workplace or other similar workplaces including a review of incident data and near misses and other information such as prosecution decisions Reviewing relevant guidance material, industry codes of practice and Australian Standards and Reviewing hazard information such as Material Safety Data Sheets or manufacturer’s information.
Attached to this Chapter (Appendix 1.1) is a sample of a simple security risk assessment tool that can be used by Health Services. Health Service Risk Managers should be consulted to identify the tools currently used within the Health Service. Part of the assessment process is the prioritisation of risks for action. A range of tools is available to assist in prioritising risk. Attached to this Chapter (Appendix 1.2) are some examples of risk prioritisation tools. Health Service Risk Managers can provide advice on tools currently being used in the Health Service. The NSW Health Severity Assessment Code (SAC) is a tool designed to assist in the prioritisation of incidents to determine those incidents that require reporting to the Department via a Reportable Incident Brief. All incidents that require reporting must also undergo a root cause analysis, the results of which must be provided to the Department within a defined period of time. Further advice on the SAC can be obtained from your Area Risk Manager or Patient Safety Manager. For further information refer to Departmental Circular 2003/88 (Reportable Incident Briefs to the NSW Department of Health).
Security Risk Management Policy and Program (December 2003)
1-4
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
It is important that security hazards assessed as having a high risk factor are eliminated/controlled immediately. However, low priority hazards that can be cheaply and easily fixed should also be done without delay. Actions should be planned and prioritised to improve workplace security. It should be noted that the OHS Act and Regulation require all risks to be eliminated or effectively controlled.
Step 3 - Security Risk Control: Security risk control is the process of implementing appropriate measures to eliminate or reduce risks to personal and property security. Eliminating the hazard is the most effective way of controlling risk. Where elimination is not possible the OHS Regulation 2001 requires employers to take the following measures in the order presented to minimise security risks to the lowest level reasonably practicable: 1. Substituting the hazard giving rise to the risk with a hazard that gives rise to a lesser risk 2. Isolating the hazard from the person put at risk 3. Minimising the risk by engineering means 4. Minimising the risk by administrative means 5. Using personal protective equipment. Where a single measure is not sufficient for minimising risk to the lowest reasonably practicable level a combination of the above measures is required. Examples of security risk control strategies may include: •
Engineering controls: Ø Minimising security risks by utilising building design principles (Crime Prevention Through Environmental Design - CPTED) Ø Replacing breakable glass panes and mirrors with shatterproof glazing Ø Installing security glass or metal screens to protect staff Ø Installing video intercoms at night entrances Ø Installing door and perimeter alarms and fixed and/or personal duress alarms Ø Introducing technological tracking systems for community health staff Ø Use of calming or non stimulating colour schemes.
•
Administrative controls: Ø Providing training to assist with identifying the early warning signs of violence and defusing the situation before it escalates Ø Developing policies or changing work practices so that two people answer the door at night, staff do not work alone, or in isolation and escorts to car parks are available after dark Ø Developing access and key control procedures Ø Developing treatment and management protocols for violent patients
Security Risk Management Policy and Program (December 2003)
1-5
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Ø Rearranging tasks, activities or staffing to address identified potential times for increases in violence (eg staggering meal times in mental health units) and Ø Applying procedures on harassment, bullying and grievance management. •
Personal protective equipment: Ø Personal protective equipment can be defined as any equipment worn or held by the staff member to protect him/her against one or more health or safety risks in the workplace. This excludes self-defence or deterrent materials (EEC 1989).
Priority Workplaces: Within the health workforce a number of priority areas exist where the likelihood of security incidents occurring may be increased. These areas may include emergency departments, maternity units, individual patient specialling, mental health services, oral health clinics, community health services, drug and alcohol services, pharmacies and car parks. It is essential that the hazards identified in these areas are dealt with as a priority and the effectiveness of risk control strategies is regularly monitored. Information specific to these areas is provided in Part B of this Manual and in particular reference should be made to Chapter 15 (The Clinical Environment).
Step 4 – Monitoring and Review: To ensure that the outcomes from the security risk management process continue to effectively address security issues, monitoring and evaluation of risk control strategies should be undertaken. Security risk monitoring and review involves: Ø Ø
Regularly examining the workplace for new risk factors and taking appropriate action where they are identified and Reviewing existing risk assessments and any measures adopted to control the risk.
The Occupational Health and Safety Regulation 2001 requires employers to review an existing risk assessment and any measures adopted to control the risk whenever: Ø Ø Ø
There is evidence that the risk assessment is no longer valid Injury or illness results from exposure to a hazard to which the risk assessment relates A significant change is proposed in the place of work or in work practices or procedures to which the risk assessment relates.
Security Risk Management Policy and Program (December 2003)
1-6
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities
It is also advisable to periodically review risk assessments and control strategies, to ensure they remain relevant and effective.
Hazard and Incident Reporting, Management and Investigation: Effective hazard and incident reporting, management and investigation provide information to assist with monitoring, reviewing and evaluating Health Service security programs by highlighting new risks and identifying the effectiveness of current control strategies.
Hazard Reporting: As an essential part of a risk management system, all staff should be encouraged to report problems as soon as they notice them using the appropriate local format.
Incident Reporting: All security related incidents should be reported and recorded using the appropriate local format (eg hospital incident form, incident database). Depending on the nature of the incident, it may need to be reported to the Health Service Chief Executive Officer, the Department of Health or external agencies such as the NSW Police, WorkCover NSW, Department of Community Services or the Treasury Managed Fund. Departmental Circular 2003/88 (Reportable Incident Briefs to the NSW Department of Health )outlines NSW Health policy and guidelines on incidents that must be reported to the Department.
Incident Management: All security related incidents need to be efficiently and effectively managed. NSW Health policy and guidelines on effective incident response are outlined in Departmental circular 2002/19 ‘Effective Incident Response: A Framework for Prevention and Management in the Health Workplace’. Additional information on the management of violent incidents is also contained in Chapters 26 (Violence) and 29 (Duress Response Arrangements) and in the Department’s document titled ‘Zero Tolerance: NSW Health Response to Violence in the Public Health System – Policy and Framework Guidelines’ (Circular 2003/48).
Incident Investigation: The most effective way to prevent a recurrence of a security incident is to determine why it happened (ie identify the contributing risk factors) and take
Security Risk Management Policy and Program (December 2003)
1-7
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities
steps to prevent its recurrence (ie eliminate the risk or develop and implement control strategies). Incident investigations should: Ø Ø Ø Ø Ø Ø Ø
Ø Ø
Be carried out promptly Be conducted in a supportive and non judgemental way Focus on identifying the underlying root cause/s and contributing factors Not apportion blame Focus on system breakdowns and identifying control measures to prevent recurrence Be undertaken by managers in consultation with those involved (with the involvement of specialists where required) Canvas all sources of relevant information (eg witnesses, incident reports, relevant work policies and procedures, the working environment, equipment used, level of supervision at the time, relevant training provided and expert advice) Include an operational review if relevant and Result in clear recommendations to senior management to address the causes and where possible to prevent a recurrence.
It is crucial to the success of the investigation process that it results in clearly articulated recommendations to prevent a recurrence, identifies resource implications (if any), identifies who is responsible for the implementation of the recommendations and outlines appropriate time frames.
Injury Management: The loss or disruption that can result when an incident occurs in the workplace can be multiplied when that incident leads to an injury to staff or a patient/visitor. A comprehensive, effective security program should therefore address what needs to happen if an injury occurs. Two key factors that interact to reduce the effect of a workplace injury for the injured staff and the employer are early intervention and early return to work. *
Departmental Circular 2003/75 titled ‘NSW Health Policy and Procedures for Injury Management and Return to Work’ provides policy and guidelines for the management of workplace injuries. Departmental Circular 2004/22 titled “Provision of First Aid Facilities and Personnel” outlines the requirements for the provision of first aid in the workplace.
1(
)
********** Security Risk Management Policy and Program (December 2003)
1-8
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Appendix 1.1 Sample Risk Assessment Tool Following is an example of a simple risk identification and assessment tool*. This tool may be of assistance in helping to identify and assess security risks.
Facility Area/Unit
Criteria
Yes
No
NA
Comments
Lighting External lighting within the ground is adequate and appropriately placed Internal lighting outside normal hours is adequate, especially in accessible areas All lighting is in working order
Landscaping Trees/shrubs close to buildings and pathways and entrances do not provide hiding places or any other hazard
Access Doors are in working order with no faulty locks, latches or hinges Perimeter doors are checked after hours Traffic control – speed signs in place Appropriate and accurate signage in place Security Risk Management Policy and Program (December 2003)
1-9
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Process for identification of staff, patients and visitors in place Pharmacy door/s locked and discreet signage used Theatres, Radiology and Pathology Departments secured after hours All storage areas secured when staff are not present Kitchen – food storage areas, freezers etc secured after hours Offices locked and secured when not in use Intrusion alarms installed and activated Ward/Unit drug cabinets secured when not in immediate use Afternoon & night staff have safe access to/egress from the facility
Key Control There is a process for access to keys during working hours There is a process for access to keys after hours Key registration procedure is in place Location and storage of duplicate keys is monitored Master keying system is in place and under the control of an appropriate officer Incidents involving security keys are recorded and actioned appropriately Procedure for cutting new keys is in place Security Risk Management Policy and Program (December 2003)
1-10
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Cash Handling Processes are in place regarding cash storage Key control system is in place within cash storage areas Banking procedures are in place Counting of cash is done in secure area Transfer of moneys to cash handling outposts monitored Routes for transporting cash are varied
Security Documentation Security register is in place Security instructions available to staff and easily accessed Emergency plans easily accessed by staff A process is in place for reporting security incidents Key registers are in place Security posters and literature appropriately displayed Security patrols conducted by security staff/services
Stores Security of stores is appropriate Access to stores is limited to authorised personnel Record keeping of stores transaction is appropriate
Security Risk Management Policy and Program (December 2003)
1-11
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Emergency Departments Access to emergency department treatment area is limited to appropriate personnel and authorised visitors Waiting areas and treatment areas are separated Adequate sign posting within emergency departments Adequate staffing of emergency departments Drugs and medications are secure Duress alarms are adequate and operational Entrances and waiting areas are monitored Reception areas are secure Triage and consultation rooms are secure and provide escape routes A safe area is available for patients with behavioural disturbances
Operating rooms Access to operating rooms is limited to appropriate personnel Operating rooms can be secured to protect equipment
Wards/Departments Access to wards is controlled outside visiting hours Drugs, medications and valuable assets are secured Staff do not work alone in isolation Security Risk Management Policy and Program (December 2003)
1-12
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Staff living quarters Access to living quarters controlled and monitored Common areas are secure All windows are secured while still allowing for adequate ventilation Internal and external lighting sufficient and appropriate
Vehicles Arrangements in place for staff and visitor parking Parking areas for vehicles have appropriate lighting and security Access to keys/fuel limited to appropriate personnel Maintenance of vehicles and relevant record keeping is appropriate and monitored Driving licences of relevant personnel are regularly reviewed Afternoon and night staff have adequate access to parking close to the facility
Administration Cash and valuables are secure and accessible only to authorised personnel Process is in place for asset security Archive storage facilities are secured when not in use Computers and records are accessed only by authorised personnel Unattended areas are locked Security Risk Management Policy and Program (December 2003)
1-13
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Medical records Access to records and storage areas are by authorised persons only Confidentiality of information is strictly adhered to Precautions are taken against the loss of medical records Appropriate procedures are in place for the transfer of medical records Access outside normal hours is safe (eg staff needing to access medical records after hours are not put at risk by having to traverse unlit or isolated areas alone)
Emergency procedures Disaster plan is in place and is accessible Bomb threat procedures are in place and accessible Fire safety procedures are in p lace and accessible Floor plans are clearly and correctly displayed and up to date Duress response procedure is in place (in facility and car parks and for field staff)
Has the following security equipment been considered? Security surveillance equipment Intrusion alarm systems
Security Risk Management Policy and Program (December 2003)
1-14
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Automatic door locking on perimeter doors Duress alarms, personal and fixed (including sufficient alarm units for all relevant staff and visiting clinicians) Security screens to protect people in vulnerable areas including • All reception areas • Cashier’s desks • Pharmacy • Methadone clinics Baby/paediatric proximity alarms to protect against unauthorised removal of babies and children Proximity alarms for wandering patients with cognitive impairment Procedure documented for people who work alone (eg community workers) Staff who work alone have access to appropriate communication devices (such as duress alarms, mobile phones) Is security equipment periodically inspected/tested to ensure it is available and working? *based on a tool developed by the Southern Health Service.
Security Risk Management Policy and Program (December 2003)
1-15
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Appendix 1.2 Tools for Assessing and Prioritising Risk 1.
WorkCover Hazpac Matrix
1 How severely could it hurt someone or how ill could it make someone Kill or cause permanent disability
Long term illness or serious injury
Medical attention and several days off work First aid needed
2. How likely is it to be that bad Very likely/could happen anytime
Likely/could Unlikely/could Very unlikely/could happen happen but sometime very rarely happen, but probably never will
1
1
2
3
1
2
3
4
2
3
4
5
3
4
5
6
Legend:
1 = Top priority – do something immediately 6 = low priority – do something when possible
Security Risk Management Policy and Program (December 2003)
1-16
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
2.
Matrix from Australian Standard 4360 (Risk Management)
Consequenc e Likelihood
Insignificant 1
Minor 2
Moderate 3
Major 4
Catastrophic 5
H
H
E
E
E
M
H
H
E
E
L
M
H
E
E
L
L
M
H
E
L
L
M
H
H
A (almost certain)
B (likely)
C (moderate)
D (unlikely)
E (rare)
Legend: E: H: M: L:
extreme risk, immediate action required high risk, senior management attention needed moderate risk, management responsibility must be specified low risk, manage by routine procedures
Security Risk Management Policy and Program (December 2003)
1-17
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
3
RISK SCORE CALCULATOR TIE LINE PROBABILITY
RISK SCORE EXPOSURE
POSSIBLE CONSEQUENC
ALMOST CERTAIN QUITE POSSIBLE
NUMEROUS FATALITIES VERY RARE RARE
UNUSUAL BUT POSSIBLE
INFREQUENT
REMOTELY POSSIBLE
CONTINUOUS
OCCASIONAL
CONCEIVALBE (BUT VERY UNLIKELY)
MULTIPLE FATALITIES FATALITY SERIOUS INJURY CASUALTY TREATMENT FIRST AID TREATMENT
PRACTICALLY IMPOSSIBLE
500 CATASTROPHE 400 300 DISASTER VERY SERIOUS
200
SERIOUS
100
IMPORTANT NOTICEABLE
150
80 60 40
VERY HIGH RISK HIGH RISK SUBSTANTIAL RISK
MODERATE RISK
30
20 15 10
MINIMAL RISK
The risk score calculator is intended as a guide for indicating the priority of risk control options. It does not provide specific quantification of risks. How to use the risk score calculator. 1. 2. 3. 4. 5.
Plot the probability of the hazard or risk eventuating Plot the exposure or frequency of the hazard or risk. Draw a line through both plotted points through to a point on the tie line. Plot the possible consequences (always realistic, indicate the worst possible consequences) Draw a line from the tie line through your point on the possible consequence line to the risk score line, this gives you the risk score.
Limitations: this is a comparative tool only to assist in prioritising risks. It does not mean that high severity/low probability risks should be ignored (eg. risk of patient being assaulted or killed by another), or low probability/low severity risks be ignored, especially if control measures can be implemented for low or minimal cost.
Based on the National Safety Council of Australia Risk Score Calculator as published in OHS Alert, V2 Issue 3, March 2001, CCH Australia Limited, Sydney.
Security Risk Management Policy and Program (December 2003)
1-18
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Appendix 1.3 Flow Chart - Risk Management Process. Assessing risks to safety and security in the work environment and in work practices
Document processes Identify potential hazards and contributing factors
Determine the frequency of exposure and how many staff exposed
Determine the likelihood and severity of injury
Calculate the risk and prioritise implementation of control measures
Adequate control measures
Yes Monitor and evaluate Yes
No Identify the gaps in control measures
Recommend / implement suitable controls Security Risk Management Policy and Program (December 2003)
1-19
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management of Health Facilities
2. Responsibilities ______________________________________________________________ The following responsibilities apply to security management within Health Services: The Department of Health is responsible for: Setting statewide policy direction for the security of staff and property and Monitoring policy implementation and effectiveness. Health Service Boards and CEO’s of the Department, area health services and Royal Alexandra Hospital for Children are responsible for: Ensuring effective security programs are maintained and the security policy objectives of NSW Health are met and Ensuring processes are in place that enable compliance with all statutory requirements. Under the NSW Occupational Health and Safety Act 2000, primary responsibility for achieving a violence free workplace for staff, patients and the public rests ultimately with the Board of the Health Service. Health Service Chief Executives are responsible for ensuring: The development and implementation of an effective security program within their Health Service, which is based on a structured, on-going risk management process, consultation, appropriate documentation and record keeping and regular monitoring and evaluation The security policy objectives of NSW Health are met Staff are consulted in the development and implementation of security policies and procedures and when determining and purchasing equipment needs Appropriate legislative and Departmental reporting requirements are met and Compliance with relevant legislation. Facility Managers are responsible for: Identifying individuals responsible for security administration within their facility Ensuring the on-going implementation of an effective security program, which is based on a structured, risk management process, consultation, appropriate documentation and record keeping and regular monitoring and evaluation Reporting all crimes and suspicious activity to police and
Responsibilities (December 2003)
2-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
ü Ensuring the Chief Executive Officer is advised of security related incidents as required under local policy. Service Directors, Department Managers and Team Leaders are responsible for: ü Ensuring correct procedures are being followed in their work areas ü Keeping their staff informed of personal and property security policy and procedures ü Identifying and assessing areas where personal and property security can be improved in consultation with staff ü Identifying training needs for their staff and ensuring training is provided ü Controlling identified risks, in consultation with staff, and alerting senior management where the necessary controls are outside of their authority to implement and ü Reporting security related incidents as required under local policies. Security Officers and Health and Security Assistants are responsible for: ü Responding to security related requests and providing appropriate assistance as necessary ü Identifying security risks within the facility ü Responding to security related requests, in the clinical environment, under the direction of clinicians ü Providing reports to management on security matters ü Providing security recommendations, consistent with their licensing level and allocated role, to management on matters of security within their facility ü Implementing the security directives of management and ü Working within the requirements of legislation, Departmental policy and local protocols. All staff are responsible for: ü Being aware of and following policies and procedures for personal and property security ü Using the security equipment provided, as trained (eg: duress alarms) ü Advising management of areas where there is a potential personal or property security problem and reporting suspicious activity ü Participating in consultation and training on personal and property security matters and ü Not knowingly placing themselves or others at unnecessary risk.
**********
Responsibilities (December 2003)
2-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
3. Security Risk Management in the Planning Process Policy: Health Services must ensure that security issues are considered and addressed, using a risk management approach, in all formal and informal planning processes, including the development of: • • • • • • •
Strategic plans Business plans Service development plans Disaster/emergency plans Project Definition Plans (as part of Facility planning) Procurement Processes, including processes for procuring services, premises, equipment, furniture, fixtures and fittings and OHS improvement and management plans.
Guidelines: Planning is a process of making decisions that impact on the future. It requires managers to look ahead, consider the impact of change and make decisions on the direction or conduct of the entity. Good decisions are made if a manager is able to foresee the full impact of decisions; that is how they will affect the organisation as a whole, not just a small component. An organisational culture that is focussed on security can be strengthened by ensuring all decisions are made after an analysis of the impact of the decision on personal and property security. Incorporating security considerations into the formal planning process is an effective method to ensure security issues are included in the decision making process. Planning takes place at all levels of the organisation. Integrating the consideration of security issues into every planning process in a Health Service ensures that there is an active acknowledgment of security risks prior to the commencement of a new direction or project. Decisions made during the planning process will therefore take into account the security risks as well as other success factors. Therefore the consideration of security issues should be included in all levels of planning. This may mean security issues are reviewed in strategic plans, business plans, service development plans and building/refurbishment plans as well as
Security Risk Management in the Planning Process (December 2003)
3-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
forming part of project plans and individual department plans. During the planning process security risks can be addressed and as a result a more secure environment is created when the plan is implemented.
**********
Security Risk Management in the Planning Process (December 2003)
3-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
4.
Health Facility Design Standards
Policy: It is NSW Health policy that the design standards outlined in the Department’s Design Series: Health Facility Guideline - Safety and Security (Circular 2003/13) are incorporated into all new health building designs and redesign/refurbishment of existing facilities to enhance personal and property security.
Guidelines: Crime Prevention through Environmental Design (CPTED): The Department of Health has produced a series of design and technical guidelines to be used in the planning, design and construction of NSW Health facilities. An outcome of the Violence Taskforce was the development of an additional guideline relating to security. Its purpose is to minimise the risk of opportunity for violence and crime through the provision of appropriate facilities, work spaces, building services and systems. The guideline is based on the principles of crime prevention through environmental design (CPTED). CPTED principles fall into four broad categories: territorial reinforcement, surveillance, access control and space management. They apply in particular to the way that buildings and their surroundings are designed. •
Territorial reinforcement draws on the territoriality principle and assumes that people can be encouraged to express feelings of ownership over work areas. For example, if ‘staff only’ areas are provided, staff are more likely to pay more attention to the area and note an intruder. Additionally, if these areas are clearly separated from other areas (eg by signposting or locking) it reduces the likelihood o f others entering the area and does not give intruders an excuse to be there (eg that they were not aware it was a restricted area). This principle also applies to the facility precinct being clearly delineated from the rest of the community by fences, garden borders, signs etc.
•
Physical and symbolic barriers can be used as a form of access control to attract, channel or restrict pedestrian and vehicle movement. They reduce opportunities for crime and increase the effort required to commit crime. By
Health Facility Design Standards (December 2003)
4-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
making it clear where people can and cannot go, it increases the difficulty for criminals to reach potential victims and targets.
•
Surveillance draws on the natural surveillance principle where people feel safe in public areas where they can be seen and interact with others. This principle refers to the way in which working areas of buildings have been designed so that priority areas are overseen and watched by other staff going about their normal business. For example, pathways to car parks can be designed in full view of passers-by and overlooked by offices, wards and walkways.
•
Space management is linked to territorial reinforcement and also draws on the image principle and refers to the impact produced by a building that appears to be well cared for. The belief is that a run down structure with graffiti may attract criminal activity and offenders. For further information on CPTED principles see the NSW Health Zero Tolerance Policy and Framework Guidelines (Circular 2003/48).
**********
Health Facility Design Standards (December 2003)
4-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
5. Health Service Leasing of Property to or from External Parties Policy: Health Services must ensure, in consultation with staff and key stakeholders, that all reasonably foreseeable security risks associated with: • •
Leasing property for use by Health Services or Leasing health facility premises to external organisations
are identified, assessed, eliminated where reasonably practicable or effectively controlled, that the process is appropriately documented and arrangements for security included in leases.
Legislative Framework: The Occupational Health and Safety Act 2000 outlines duties for ‘controllers of work premises’ (section 10) that need to be understood and fulfilled by Health Services when leasing property, either as the leasee or leasor. Specifically section 10(4) of the Act states that ‘… a person who has control of premises, plant or substances includes: (a)
a person who has only limited control of the premises, plant or substances (in which case any duty under this section applies only to the matters over which the person has control) and (b) a person who has, under any contract or lease, an obligation to maintain or repair the premises, plant or substances (in which case any duty under this section applies only to the matters covered by the contract or lease)’.
Guidelines: In some instances, Health Services, as part of providing services to the community, are required to lease premises (eg shopping centres or office blocks for community health teams). Alternatively external organisations may wish to e nter into leasing agreements with health facilities (eg pharmacies, food outlets, banking services in hospital or car parks or hiring out lecture theatres, conference rooms etc).
Health Service Leasing of Property to or from External Parties (December 2003)
5-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
In both the abovementioned scenarios any security related risks should be identified, assessed and controlled to ensure the security of staff, patients and clients of the services and the public is maintained.
Security Risk Management: Chapter 1 of this Manual provides guidance material on the risk management process and these principles apply equally to security issues in leasing arrangements. As part of the risk management process the following issues should be considered by Health Services:
Leasing Premises from External Organisations: Where Health Services intend to lease premises from external organisations the following factors should be considered as part of identifying, assessing and controlling security risks, prior to any lease being finalised: • • • • • • • • • • • •
Geographical location (eg is it isolated) Crime risk of the locality (police can advise) Will field communication technology work (eg reception for mobile phones etc) Proximity of local police services and/or a duress response team Number of staff to be working at the premises The service to be provided from the premises and the likely clientele Security already provided (eg within the shopping centre) and the availability of these arrangements as part of the lease The parking/public transport arrangements, including its proximity to the premises Who is responsible for prompt property maintenance and the hours it is available (eg 24hrs glass repair) What are the current access controls for the property (eg: basic lock-up) Security of approaches (eg well lit, potential hiding places) and If there are no current security arrangements that can be accessed, how will adequate personal and property security be maintained.
Health Services should consider asking the police to carry out a crime risk assessment prior to leasing premises. This will take the crimes history of the locality into account.
When Leasing Premises to External Organisations: Where Health Services are leasing premises to external organisations the following factors should be considered as part of identifying, assessing and controlling security risks, prior to any lease being finalised:
Health Service Leasing of Property to or from External Parties (December 2003)
5-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Nature of the Business: •
The type of business wanting to lease the premises and the likely security issues which may arise from the type of service provided (eg banking/armed robbery, food outlets/large volumes of people).
Placement of the Business: •
•
The most appropriate placement of the business within the facility (eg if a financial business it will need to have an external door for cash delivery and pickup, or if property placement has external access so public do not have to access through health facility) CPTED principles.
Security Arrangements: • •
•
The role of health facility security staff and what they will and will not respond to The security arrangements that must be provided by the leasee business (eg if banking they employ their own security officer). The lease needs to clearly define what security arrangements will or will not be provided by Health Service security staff. The Health Service policies that need to be implemented by the business (eg firearms security).
**********
Health Service Leasing of Property to or from External Parties (December 2003)
5-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
6.
Security Arrangements for Patients in Custody
Policy: As part of the facility security risk management process, Health Services must ensure, in consultation with staff and relevant external Departments (ie Department of Corrective Services, Department of Juvenile Justice and NSW Police Service), that: • • •
All reasonably foreseeable security risks associated with patients in custody are identified and assessed Effective security procedures for eliminating or controlling security risks, which are consistent with the operational controls of the relevant external Departments, are developed and implemented The procedures are appropriately documented and communicated to relevant staff.
Guidelines: The security of patients who are in custody is the responsibility of the Department in whose custody they are held.
Security Risk Management: Chapter 1 of this Manual provides guidance material on the risk management process and these principles apply equally to security risks associated with patients in custody who are attending health facilities. Health Services need to be aware that the Departments of Police, Corrective Services and Juvenile Justice have operational protocols, developed in consultation with the Department of Health regarding the transport and supervision of their inmates/detainees during treatment in a public health facility. Health Service procedures should accommodate these operational requirements. As part of the risk management process the following procedures should be followed by Health Services: •
Ensuring police, corrective services and juvenile justice management and custodial staff are aware of any relevant health facility protocols to be followed when inmate/detainee patients are in the facility
Security Arrangement for Patients In Custody (December 2003)
6-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Ensuring health staff and the relevant staff from Corrections Health Service, Police, Corrective Services, Juvenile Justice and inmate/detainee patients upon admission are aware of relevant health facility protocols
•
Ensuring the implementation of a system so that the appropriate health service staff (eg service manager, security staff) are made aware of the patient admission and any potential risks associated with their admission
•
Ensuring all inquiries from the public and the media regarding the release of any official information are channelled through to the relevant Department
•
Ensuring clinical enquiries from Corrections Health Service medical staff in relation to inmate patients of Corrective Services and Juvenile Justice are answered with due regard to the clinical and statutory responsibilities for the patient’s ongoing care.
Corrective Services Inmate Patients (including Forensic Patients): The following procedural arrangements have been agreed with Department of Corrective Services and should be reflected in local Health Service procedures: •
The number of officers required to guard a prisoner is to be consistent with the inmate's category. Following is a list of inmate categories (which includes forensic patients detained in a correctional centre hospital) and the number of custodial officers required: -
Category A inmates should be accompanied by two or three officers, all armed Category B inmates should be accompanied by two officers, armed Category C1 inmates should be accompanied by two officers, armed Category C2 inmates should be accompanied by one officer, unarmed Category C3 inmates can be left unsupervised Category E1 inmates should be accompanied by two or three officers, armed Category E2 inmates must be accompanied by two officers, armed
Note: The Department of Corrective Services may vary the number of officers according to their operational requirements. The Department of Corrective Services, in consultation with the manager of the health care facility, has the authority to leave inmate patients categorised as C2 and C3 unsupervised. •
Inmates admitted to a health facility for medical treatment are to be given the necessary considerations as extended to any other patient. Personal matters pertaining to the inmate patient are to be treated with strict confidentiality by NSW Health staff and custodial officers.
Security Arrangement for Patients In Custody (December 2003)
6-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Security needs are to be appropriately instituted to ensure that inmate patients’ medical needs are not compromised. Where there is a conflict between security requirements and the inmate patients’ medical needs, clinical staff and custodial staff need to negotiate an appropriate solution.
•
All officers supervising patients are to wear full uniform while on duty in the health facility. Note: There are some circumstances where the governor of a correctional facility will allow officers to wear civilian clothing.
•
Relieving officers are to identify themselves to the nurse in charge. Their identity is to be confirmed with the out-going officer. Health care facility staff responsible for the patient’s care should identify themselves to the attending officer.
•
The name and contact telephone number of the custodial officer's supervisor is to be given to the health facility administration in case of an emergency or any infringement of facility protocol
•
Facility staff are to be informed when the number of custodial officers is reduced or increased
•
Custodial officers are to ensure inmates do not engage in offensive or violent behaviour while at the facility
•
Custodial officers are not to rely on nursing staff to supervise an inmate patient at any time
•
Custodial officers will carry firearms as required by the employing Department's instructions
•
Clinical staff are to be advised before handcuffs are removed if the inmate patient has a history of violence or escape. The handcuffing of an inmate is a decision best made by the Governor of the Correctional Centre in which the inmate is normally held.
•
Inmate patient medical care is to be left to the facility's medical and nursing staff
•
Inmates are not to be left unsupervised or unescorted at any time unless the patient is: -
Receiving medical imaging Giving birth in the delivery suite Undergoing an operation in the operating suite Being barrier nursed, or reversed barrier nursed
Security Arrangement for Patients In Custody (December 2003)
6-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Note: In the above circumstances custodial staff will remain immediately outside of the examination/operating room. If an examination room or radiology unit has more than one exit, escorting officers will not leave an exit unsupervised unless the inmate's condition would prevent escape. •
Female officers are to supervise female inmate patients who are outpatient or inpatient for any obstetric and/or gynaecological matter. Male officers can only attend if female officers are unavailable.
•
Custodial officers are to determine their meal arrangements based on risk assessment (eg one at a time when there are two officers on duty). If officers are not required to be with the inmate, and are on a break, they should have access to the same amenities as facility staff.
•
Access to inmate patients is to be controlled at all times - allowing as few entry and exit points as practicable
•
Approval from the correctional centre Governor needs to be given before an inmate patient can receive visitors. Custodial officers will screen visitors and enforce any restrictions.
•
Visits from legal, welfare and religious persons are to be allowed after verifying their identity with the supervising officers
•
Inmate patients will only make telephone calls out of the facility with the permission of the Governor of the correctional centre
•
Inmate patients will have access to television hire, at their own cost, with the approval of the Governor of the correctional centre
•
Gifts intended for the inmate patient will not be accepted from visitors
•
The nurse in charge is to be advised immediately of problems with visitors. Custodial officers have the right to refuse or terminate visits.
•
Complaints by staff concerning a breach of protocol can be made to the nurse in charge who will then refer the complaint to the Governor of the correctional centre. Inmate patients can also complain to the Patient Advocate (if the facility has one) on issues related to their care and treatment by health service staff.
•
The Chief Executive Officer, Director of Clinical Services, Medical Officers or responsible clinical staff of Corrections Health Service can be contacted at any time for matters relevant to: -
Continuity of medical treatment Transfer of clinical information Information about the clinical services available within the correctional centre
Security Arrangement for Patients In Custody (December 2003)
6-4
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
These staff are to be given the same status as referring clinicians. For further information refer to NSW Corrective Services Procedures Manual sections 6.7 and 6.9, available from the Department of Corrective Services, Roden Cutler House, 24 Campbell Street, Sydney, NSW, 2000. Phone: 9289 1333.
Juvenile Justice Detainee Patients: The following procedural arrangements have been agreed with the Department of Juvenile Justice and should be reflected in local Health Service procedures: •
All detainee patients from Juvenile Justice are to be escorted by Youth Officers. The centre manager of a juvenile justice centre can determine the number of Youth Officers required.
•
The detainee patient should, wherever possible, remain in the vehicle until called, if there is a wait on arrival to an appointment
•
No detainee patient is to be left under the supervision of any person other than an officer of the Department of Juvenile Justice
•
A detainee patient is not to make telephone calls without direct approval of the appropriate officer from the patient's juvenile justice centre
•
Detainee patients admitted to a health facility for medical treatment are to be given the necessary considerations as extended to any other patient. Personal matters pertaining to the detainee patient are to be treated with strict confidentiality by NSW Health staff and Youth Officers.
•
Security needs are to be appropriately instituted to ensure detainee patients’ medical needs and the safety of staff are not compromised
•
Relieving Youth Officers are to identify themselves to the nurse in charge. Their identity is to be confirmed with the off-going Youth Officer. Health care facility staff responsible for the detainee patient’s care should identify themselves to the attending officer.
•
The name and contact telephone number of the Youth Officer's supervisor is to be given to the health facility administration in case of an emergency or any infringement of facility protocol
•
Staff are to be informed when the number of Youth Officers is reduced or increased
•
Youth Officers are to ensure that the inmate does not engage in offensive or violent behaviour while at the facility
Security Arrangement for Patients In Custody (December 2003)
6-5
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Youth Officers are not to rely on nursing staff to supervise a detainee patient regardless of reason or length of time.
•
Clinical staff are to be advised before handcuffs are removed if the detainee patient has a history of violence or escape. The handcuffing of a detainee patient is a decision best made by the centre manager of the juvenile justice centre in which the detainee patient is normally held.
•
Detainee patient medical care is to be left to the facility's medical and nursing staff.
•
Detainee patients are not to be left unsupervised or unescorted at any time unless the patient is: -
Receiving medical imaging Giving birth in the delivery suite Undergoing an operation in the operating suite Being barrier nursed, or reversed barrier nursed
Note: In the abovementioned circumstances Youth Officers will remain immediately outside of the examination/operating room. If an exami nation room or radiology unit has more than one exit, Youth Officers will not leave an exit unsupervised unless the detainee’s condition would prevent escape. •
Female Youth Officers are to supervise female detainee patients who are outpatient or in-patient for any obstetric and/or gynaecological matter. Male Youth Officers can only attend if female Youth Officers are unavailable.
•
Youth Officers are to eat their meals in the detainee patient’s room, one at a time when there are two officers on duty. If Youth Officers are not required to be with the detainee, and are on a break, they should have access to the same amenities as facility staff.
•
Access to detainee patients is to be controlled at all times - allowing as few entry and exit points as practicable
•
Approval from the centre manager of the juvenile justice centre needs to be given before a detainee patient can receive visitors. Youth Officers will screen visitors and enforce any restrictions.
•
Visits from legal, welfare and religious persons are to be allowed after verifying their identity with the Youth Officers
•
Detainee patients are to have access to television hire, at their own cost, with the approval of the centre manager of the juvenile justice centre
•
Gifts intended for the detainee patient will not be accepted
Security Arrangement for Patients In Custody (December 2003)
6-6
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
The nurse in charge is to be advised immediately of problems with visitors. Security staff will then be contacted straight away. Youth Officers have the right to refuse or terminate visits.
•
Complaints by staff concerning a breach of protocol can be made to the nurse in charge. Detainee patients can also complain to the Patient Advocate (if the facility has one) on issues related to their care and treatment by health service staff.
•
The Chief Executive Officer, Director of Clinical Services, Medical Officers or responsible clinical staff of Corrections Health Service can be contacted at any time for matters relevant to: -
Continuity of medical treatment Transfer of clinical information Information about the clinical services available within the detention centre
These staff are to be given the same status as referring clinicians. For further information contact the Department of Juvenile Justice, 477 Pitt Street, Sydney NSW 2000. Phone: 9219 9400. Patients in the Custody of Police: Introduction: Where a person has been arrested, detained or taken into police custody, and requires hospitalisation, treatment or mandatory testing, the police role is to provide personnel to guard the person at a security level that is appropriate to the prisoner and the circumstances. The prisoner is entitled to treatment as a patient of the admitting hospital. Each Local Area Command (LAC) has Standing Operating Procedures (SOPs) for the hospitals in their area and these will guide the police response. Some LACs provide police on rotating shifts so that not all police undertaking guard duty for the duration of the admission will be from the same LAC, nor necessarily from the LAC responsible for the arrest. The following general principles should be contained in local SOPs. Arresting Police: It is the responsibility of the LAC to which the arresting police are attached to provide the initial guards and possibly the subsequent shift. Arresting police will complete a prisoner information sheet or similar document possibly including the relevant COPS entry. This information will be passed to the senior officer performing guard duty at each oncoming shift. Information that is relevant will include:
Security Arrangement for Patients In Custody (December 2003)
6-7
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
• The nature of the offence • The circumstances of the arrest • The potential of the patient to be violent, aggressive (including to police) or to attempt escape • The possibility of outside interference with the prisoner • Particulars of the prisoner, including relevant criminal history • Other relevant material. This information is confidential and for police use only. However, health staff should be advised of any potential risks relating to the admission or hospital stay. Once the initial shift has been completed, the ongoing guards will be provided on a rotating roster by selected LACs as agreed in the local SOPs or protocol. If the prisoner is transferred to another hospital the current shift will complete the guard for that shift and ensure a transfer to the new LAC. Bedside Courts: As soon as practicable after Police refuse bail for a person admitted to hospital, arrangements will be made by a senior officer at the arresting LAC to attend the hospital with a local court magistrate or clerk of the court, to convene a ‘bedside court’ to determine bail. Once bail has been granted or an agreement entered into, it will no longer be necessary for police to be in attendance at the hospital. Persons Refused Bail: If the prisoner is bail refused or cannot meet the bail conditions, the Police guard will remain until the prisoner is transferred to a prison hospital. Police Guard: The police will: • • • • • • • • •
Have two police officers performing guard duty at all times (this may be varied in exceptional circumstances eg if the patient is ventilated) Not leave a probationary constable alone as a guard Allow only immediate family and/or a legal representative as visitors Allow no more than two visitors at a time (this may be revised at the request of the treating doctor with the approval of the officer in charge of the matter) Not allow visitors physical contact with the prisoner Keep the prisoner in full view at all times Inspect and restrict gifts if necessary Not accept gifts on behalf of the patient Be in full uniform (unless in permanent plain clothes) with full appointments.
Any questions relating to visitors or the manner of the guard should be directed to the officer in charge of the matter or the LAC custody manager. Questioning of the
Security Arrangement for Patients In Custody (December 2003)
6-8
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
prisoner should only occur with the consent of the medical superintendent or designate. Police questions relating to medical treatment will be directed to the senior nursing or medical staff. Police will not perform nursing duties of any kind. Police on guard do not have the discretion to release or leave the prisoner or change the g uard arrangements without prior approval from the officer in charge except in exceptional circumstances. Medical procedures that take the prisoner from the ward such as surgery or birth must be first approved by the officer in charge of the matter and police will remain on guard at exits to the procedure room. Spontaneous requests from hospital staff to remove the prisoner from view of the guard will be refused until the circumstances are outlined and approval is obtained. Normal considerations for consent to treatment apply to guarded prisoners with some exceptions including for example: • • • •
Blood sampling in cases related to the provision of the Traffic Act Medical examinations and blood sampling for evidence under the Crimes Act Medical examinations under the Children and Young Persons (Care and Protection) Act Court orders made under the Crimes (Forensic Procedures) Act.
In cases where a prisoner is treated at the hospital and not admitted, they will be returned to the Police Station in police custody. Restraints: Prisoners who are requiring restraints such as handcuffs should be so detained in a manner that does not interfere with the provision of medical treatment. Removal of restraints to allow for additional treatment is at the guarding officer’s discretion and will only occur when two officers are present. Supervision: Supervisors (Duty Officers, Mobile Supervisors etc) may visit the hospital while the prisoner is being guarded. Relevant daily documentation, such as a daily guard record sheet, should be completed by all police. Any changes to the guarding arrangements should be documented, approved by a supervisor and communicated to the medical superintendent or designate. Police requirements will be directed to the supervisor. In cases involving current prisoners of the Department of Corrective Services, or Court cells etc, local Protocols and SOPs will apply. Mental Health Patients in the Custody of Police: The Memorandum of Understanding between NSW Police and NSW Health, and the associated flowcharts, outline relevant security considerations in relation to people who may have a mental illness and who are in the custody of the police.
Security Arrangement for Patients In Custody (December 2003)
6-9
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Firearms Security: Departmental Circular 2002/5 (Firearms Security) outlines NSW Health policy for the security of firearms in health facilities and should be read in conjunction with the Memorandum of Understanding between NSW Police and NSW Health (circular 98/119). In summary the decision to remove a firearm is to be made by the individual police officer at the time, taking into account all the facts presented by the particular circumstances. The Commissioner of Police has given authority for police officers to remove and place a firearm in a hospital or health facility safe only in the following circumstances: • •
The police officer believes that this is the safest course of action and The safe conforms with the type that has been approved by the Commissioner. For this purpose the minimum standard has been approved as a single locking unit of a type that is used in non-24 hour police premises. It is to be a locked steel safe that cannot be easily penetrated and be bolted to the structure of the premises.
Forensic Patients Arriving from a Mental Health Facility: In some circumstances forensic patients, not being held in correctional centres, are admitted to hospital or require medical attention in a health care facility removed from their mental health facility. In these instances a risk assessment of the patient will be undertaken by the staff at the mental health facility prior to transporting the patient to a health care facility. The risk assessment will involve consideration of the likelihood of the patient engaging in challenging behaviour while at the health care facility. Information on the risk assessment and any particular security requirements will be provided to the health care facility by the centre they are coming from. Where it is determined that there is a risk that the patient may engage in challenging behaviour, a mental health care worker, or other appropriate persons, should accompany the individual during the course of their treatment.
**********
Security Arrangement for Patients In Custody (December 2003)
6-10
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
7.
Security Education and Training
Policy: Health Services must ensure that: •
• •
All staff are provided with appropriate security related education and training, including violence prevention and management training, consistent with legislative requirements as part of the Health Service security risk management program Education and training are appropriate to the role of the staff member and targeted to the level and type of security risk that may be encountered in the course of their work and Details of security related education and training conducted within the Health Service are documented and maintained.
Legislative Framework: Under the Occupational Health and Safety Act 2000 and the OHS Regulation 2001, employers are required to provide information, instruction, training and supervision necessary to ensure the health and safety of staff. The Occupational Health and Safety Regulation 2001 requires employers to: •
Ensure that each new staff member receives induction training that covers the following: -
-
-
•
Arrangements at the place of work for the management of occupational health and safety, including arrangements for reporting hazards to management Health and safety procedures at the place of work relevant to the staff member, including the use and maintenance of risk control measures How staff members can access any health and safety information that the employer is required by the OHS Regulation to make available to staff members Any other matter that the OHS Regulation specifies should be the subject of induction training that is relevant to the place of work concerned having regard to the competence, experience and age of the new staff member.
Ensure that any person who may be exposed to a risk to health and safety at the employer’s place of work:
Security Education and Training (December 2003)
7-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Is informed of the risk Is provided with any information, instruction and training necessary to ensure the person’s health and safety.
Provide persons who have responsibilities with respect to the following under the OHS Regulation with all available information necessary to enable them to fulfil those responsibilities: -
Identifying hazards Assessing risks arising from those hazards Eliminating or controlling those risks Monitoring or reviewing risk control measures Providing information.
These legislative requirements apply in relation to risks associated with workplace security issues.
Guidelines: The provision of appropriate, well designed education and training in association with other risk management strategies can assist with effectively controlling security risks. Identifying Security Related Education and Training Needs for All Staff: Conducting training needs analysis, as part of an on-going security program, provides a starting point for ensuring that education and training strategies address the actual security related learning/skill needs of the individual and meet the goals of the organisation. When identifying and assessing security related training needs the following elements should be considered: • • • • • • • • •
Position held (eg manager, staff, contractor) Type of work done Security risks associated with that work Work location Access to and availability of other staff Experience in the position Previous training Nature, frequency, severity and duration of exposure to security risks Linkages with related local policies and procedures (eg duress response, reporting requirements).
The training needs of groups such as casual/agency staff, volunteers and students on placement also need to be considered. Effective education and training can be provided on the job or off-site or through the use of information technology. In providing education and training the most effective
Security Education and Training (December 2003)
7-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
method of delivery should be considered based on the needs of the target audience. Education and training activities should be undertaken during work hours, as far as practicable, and at the Health Service’s expense. Security related education and training acti vities should be delivered by people with the appropriate qualifications. The identified education and training needs may include topics such as: • • • • • • • • • • • • • • •
General security awareness Product/equipment safe use Identifying and reporting hazards Policies for the minimisation of bullying and harassment Use and maintenance of duress alarms Duress/emergency response procedures Theories of violent behaviour Principles of crisis communication and verbal de-escalation Negotiation skills Grievance handling Management of challenging behaviours in patients Evasion techniques, use of restraints and associated legal implications Types of restraint and associated legal implications Investigative techniques and Post incident staff support, counselling and rehabilitation services provided by the facility.
When Should Security Related Education and Training be Provided? Relevant security education and training should be provided: • • • • • •
At induction On arrival at a new work area (eg ward induction) During the course of employment (on-going refresher training) When there are changes to work practices or procedures When new activities are introduced to the work area and When incident investigations identify new hazards and new controls are introduced.
Competency-based Training and Recognition of Prior Learning (RPL): As outlined in the Department’s document ‘Workforce Learning and Development Strategy for NSW Health’ (circular 97/120), education and training activities that are designed on the basis of competencies are more relevant to the workplace and therefore their impact on performance is more readily assessed.
Security Education and Training (December 2003)
7-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Health Service Resources: Facility managers should consult with Health Service learning and development personnel prior to commencing a training needs analysis and when developing security related education and training strategies. ‘A Safer Place to Work: Preventing and Managing Violent Behaviour in the Health Workplace’ – NSW Health Training Program: Departmental Circular 2003/50 (A Safer Place to Work: Preventing and Managing Violent Behaviour in the Health Workplace) constitutes the minimum standard for workplace violence prevention education in NSW Health. Evasive Self-Defence Training: Health Services may determine, via the risk assessment process, that evasive selfdefence training is necessary for particular group/s of staff. Evasive self-defence training should complement other risk control strategies and should only be considered after all other practical violence prevention strategies have been implemented. Such a decision should only be made after the following considerations: • •
Have all other possible risk control strategies aimed at preventing violence occurring, and protecting the target group been implemented? Does the level of risk faced by the target group warrant provision of evasive self-defence training (eg do the risks faced by the group outweigh the risks associated with providing evasive self-defence training?).
Evasive self-defence training should be developed and delivered by experts, and be targeted to the needs of the group being trained. Where the decision is made to provide evasive self-defence training, the training should: • • • • • • •
Emphasise retreat, escape and self-protection Cover legal issues associated with evasive self-defence including the concept of reasonable force Be developed and delivered by appropriately experienced and accredited experts Provide techniques that are relevant to the tasks of the target group, the risks faced by the group and the environment in which it operates Include the need for, and provision of regular practice Consider the physical characteristics of the target group, and those of the perpetrators of violence where possible Include the dangers and precautions when using evasive self-defence.
Security Education and Training (December 2003)
7-4
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Specialist Training: Security Staff: The Security Industry Act 1997 requires that staff engaged in security duties must be licensed. The completion of a number of predetermined competencies (equivalent to a Certificate II in Security Guarding) is a requirement for licensing. In addition to the training undertaken by a person as part of the requirements for licensing, Health Services, to assist staff in fulfilling their roles effectively, should ensure that effective skills in managing conflict, de-escalating potentially violent situations and the appropriate application of restraint techniques is provided. Health Services should consider the on-going training needs of security staff as part of the security risk management process. OHS Practitioners/Risk Managers: In addition to the education and training activities provided to staff, OHS practitioners and risk managers should be provided with specific education and training activities. In particular OHS practitioners should be provided with education and training in the process for identifying, assessing and controlling security hazards and risks. Staff with specific OHS functions such as First Aid Officers, Fire Wardens, Return to Work Co-ordinators, OHS committee members etc should be provided with education and training as required by legislation. Duress Response: Staff who form part of a predetermined duress response will require specific training to enable them to undertake this role effectively. This training may include: • • • • •
The process for duress response Assessing a scene Verbal de-escalation Negotiation skills Evasive self-defence, physical restraint techniques, use of mechanical and other restraints where appropriate and associated legal implications.
Evaluation of Security Related Education and Training Activities: To ensure the effectiveness of education and training activities, both as a control measure and in meeting organisational goals, evaluation should be undertaken.
Security Education and Training (December 2003)
7-5
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Health Services should consider evaluating specific activities and the effectiveness of the education and training program against pre-determined performance indicators. The performance indicators developed by Health Services may cover areas such as: • • •
Awareness of staff about Health Service security related policies and practices Changes to number of incidents occurring and Changes to the number of hazards being reported.
**********
Security Education and Training (December 2003)
7-6
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
8. Security Continuous Improvement ______________________________________________________________
Policy: As part of the continuous improvement process, Health Services must evaluate all aspects of their security management program and ensure that evaluation outcomes are used in the on-going development of this program. For the purposes of this policy a security survey is defined as a process that evaluates the implementation of a security management program and effectiveness of that program against a pre-determined set of criteria. As a minimum, health care facilities are required to: 1. Undertake an annual internal security survey using the NSW Health Security Improvement Assessment Tool, provided in Chapters 31, 32 and 33, ensuring that at least one member of the survey team holds a security licence 2. Ensure that, as a minimum, all Elements identified as mandatory are included in the annual survey 3. Ensure that the results of the annual survey, as contained in the Health Facility Report (coversheet, summary sheet and score sheet), are readily available for forwarding electronically to the Department, should the results be required 4. Undergo an external security survey every five years **** 5. Ensure that results of the annual and external security surveys are forwarded to Health Service Internal Audit Units, which must review the results and where warranted, include an audit of the services or facilities in their audit plans.
Guidelines: **** It is desirable that Health Services continue to use external security experts to conduct the mandatory five yearly external security survey. Health Services may wish to consider making the Tool available for use by external security services when they are engaged to conduct the survey. Where there are significant difficulties in using external security experts to conduct the mandatory external five yearly security survey, the external survey may also be conducted by appropriately qualified staff from another Health Service.
Security Continuous Improvement (February 2005)
8-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Measuring and Evaluating Performance as Part of Continuous Improvement: Implementing a security management program does not in itself guarantee success. To ensure continuous improvement, Health Services need to measure existing performance against a set of pre-determined indicators, evaluate progress and feed the outcomes of this process back into the planning and development of the security management program. Conducting an annual security survey using the Security Improvement Assessment Tool will assist with this process. However, ongoing measurement, evaluation and monitoring of the security program is also necessary, to ensure that problems can be identified and addressed as they occur. In particular, whenever there is a security incident, part of the investigation process should ensure that relevant findings are fed back into the security program to prevent a recurrence and ensure continuous improvement. Developing Performance Indicators: Developing performance indicators can be an effective way to monitor the overall program or particular components of the security program. The indicators themselves may change over time with the on-going development and improvement of the program. A number of sources of information can be used to develop performance indicators and these may include: • • • • • •
Hazard and incident reports Duress response records OHS committee meeting minutes Results of security audits, surveys and inspections Workers compensation data Workplace grievance records and staff turnover in priority areas.
When using existing information sources to develop performance indicators, consideration should be given to the reliability and accuracy of the information being used, whether base line data is available and any other factors that may impact on the information to be collected. Some examples of security related performance indicators include: • • • • • •
Increase in awareness of security responsibilities among staff Increased/improved staff perception of their personal safety Number of reported thefts, assaults and property damage Number of times police assistance is required Number of security incident reports Reduction in certain type of injury (eg assaults, psychological injury where violence was the precipitator)
Security Continuous Improvement (February 2005)
8-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
• •
Percentage of staff trained in violence prevention and management Percentage of managers trained in the security risk management process.
This information can be used to look at the effectiveness of security risk control measures at the ward, division, facility and/or Area level.
************
Security Continuous Improvement (February 2005)
8-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
9.
Access Control
Policy: As part of the facility security risk management process, Health Services must ensure, in consultation with staff and key stakeholders, that all reasonably foreseeable security risks associated with access to workplaces are identified, assessed, eliminated where reasonably practicable or effectively controlled. Health Services must ensure that this process is appropriately documented and effective access control procedures, including the implementation of staff identification systems, are developed and implemented.
Guidelines: In general effective access control involves: • Appropriate securing of perimeters, including doors and windows • Appropriately controlling access to the land on which the facility is situated (eg fences, roads, traffic and pedestrian access and flow) • Providing safe access and egress, especially after hours and during emergencies • Controlling access to vulnerable areas • Clear signage and • Instituting staff identification systems that allow members of the organisation to be identified. Access control systems are: • Secure enough to resist attempts to breach the system • Able to effectively differentiate between those who have authorised access and those who have not • Reliable (ie there are no weak links in the system), regularly maintained and tested • Inclusive of a back up system or process for providing access in the event of failure.
Security Risk Management: The type and level of access controls required for Health Service campuses, buildings and units within those buildings will depend on the risk of unauthorised entry, including break and enter, and the risks to people and property such unauthorised entry may pose. Access Control (November 2005)
9-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Factors that may impact on the risk of unauthorised entry include the nature of items stored on the premises eg sensitive or highly confidential information, drugs, cash, electronic equipment etc and work carried out/services provided by the premises eg methadone dispensing, cash handling, drug and alcohol, emergency and mental health services etc. Therefore, a risk management approach, as outlined in Chapter 1 of this Manual, needs to be implemented when determining the nature and level of access controls to be put in place. For more detailed information on security risk controls in specified high risk areas, see Section 2 of the Security Manual, ‘Security Risk Controls in Priority Areas’. In relation to access, the following risk control strategies should be considered by Health Services. Design Issues: •
Applying the principles of Crime Prevention Through Environmental Design - CPTED (as outlined in Chapter 4 of this Manual) where appropriate, to manage risks associated with access control.
Doors: •
•
Ensuring perimeter doors are locked and access restricted to one or the minimum necessary points in the building (especially at night) depending on the risk present. Perimeter doors should meet the following building design standards: - Be fitted with a quality single cylinder lockset that complies with fire regulations (refer to Australian Standard AS 4145.21993/Amat 1-1996 Locksets – Mechanical locksets for doors in buildings) - Have a metal frame or have a strip of metal securely mounted to the frame from the top to the bottom of the lock-side, with allowance for the lock tongue to be inserted - Have protected hinge pins in order to resist removal. This can be done by either replacing the existing hinges with fixed pin, security butt hinges or having dog bolts installed to prevent pins being removed. - Have entry alarms or warning buzzers fitted to doors that need to remain unlocked or open or to indicate that someone has entered the area - Have alarms fitted to doors that are normally externally locked to signal when the doors are chocked open or fail to close properly Ensuring fire isolated exit doors meet the requirements of the Building Code of Australia
Access Control (November 2005)
9-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
•
Ensuring after hours public entry points are appropriately access controlled and fitted with video/CCTV intercoms to allow screening of members of the public presenting at the door Ensuring glazing in doors and panels beside doors is resistant to breakage and does not shatter on impact.
Windows: Perimeter windows: • Minimising entry through perimeter windows through the use of appropriate options such as: - Reinforcing windows to resist unauthorised entry - Using heavy gauge glass bricks or laminated glass panels (in areas which require natural light but no ventilation) that are securely mounted in the frame - Permanently closing unused windows by fixing bolts or screws - Fitting key operated locks to all other windows - Applying film to glass to resist breakage or fit safety glass as per design guidelines. Signs: •
Signs are the first line of defence against intruders because they define those areas where persons are allowed to enter. Signs need to conform with the requirements in Sign Posting in Health Care Facilities, available from the Better Health Centre.
Video Intercom Systems: To allow staff to identify and communicate with persons at the entry doors to the premises, Health Services should consider installing a video/CCTV intercom system where it is seen to improve the security of staff. The features of the system should be advised by the risk assessment process and may include: • Camera and intercom points located outside the entrance • One or more monitoring and intercom points located in the building to enable staff to see and speak to persons at the entrance • Entry doors fitted with locks that can be opened electronically from the monitoring point within the building. Staff should be cautious in allowing entry in to the building particularly after hours. The need to escort the person seeking entry to their destination needs to be considered. Personnel and Contractor ID Systems: Identity cards may contain any or all of the following features, bearing in mind integration of existing systems and the outcomes of the risk assessment process:
Access Control (November 2005)
9-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
•
• • • • • • • •
A personal identification device (access card) similar to a credit card, which provides information needed to justify entry. Such cards operate with a range of technologies (barcode, magnetic strip, proximity and smart card). Access is achieved by swiping the card through or touching an access reader. This can be combined with a PIN (personal identification number) for high security areas. Name, position, title and photograph of the holder ***. Expiry date (may be displayed on the card or be electronically embedded) Serial or unique number (this could be the employee number) Identification of the issuing healthcare facility or area health service Numerical or colour coding (for allowing access to specific areas or distinguishing between categories of staff) Counter measures against forgery A return address and Emergency, OHS or infection control information.
*** The level of detail visible on an access/identification card may be influenced by a number of factors including: • The right of a client to be able to identify a staff member • The benefit of clients being able to relate to a person rather than a role • The type of health care being delivered and potential risks for those delivering the care. For example, in some higher risk areas it may be appropriate that only first names are visible on the identification card eg surnames could be neatly covered with opaque tape. However, care must be taken to ensure that patients and others are always able to identify individual staff members. In a work area where only first names are used, if more than one person has the same first name, there needs to be some distinguishing feature eg a last name initial, and/or variations on the first name eg ‘Sue’ and ‘Susan’ so that staff members can be individually identified within the work environment. Administration of an Identification/Electronic Access Control System: The following should be considered in the administration of an identification/electronic access control system: • A security department, human resource department or others as best determined by the Health Service, should issue identification cards. The issuing department should hold the records and arrange updating and reissue or replacements as necessary. • All documentation and equipment for identification systems should be securely stored by means that prevents unauthorised access • Clearance procedures on termination need to include the return of the staff identification card. It may be necessary to recover the permanent identification card and issue a temporary card valid until the final day of employment only, when it should be returned.
Access Control (November 2005)
9-4
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
• •
•
•
•
Access rights to the electronic access control system may be assigned separately to the production of the identification card (ie human resources may produce the card and the security department may enter the card in the access system) The access rights assigned to an identification card should be programmed for a predetermined period Identification cards should be examined on expiry of the access rights to determine if reissue is necessary or further access time should be added. Examination of the card should consider whether the photograph is still a good likeness and if any details have changed since the issue of the card. Any lost or stolen identification card should be immediately reported to the issuing authority. The issuing authority should take steps to remove the card from the access system either temporarily or permanently. Management and employee associations should encourage staff to wear identification. When it is not practical to wear the identification in areas such as operating theatre suites, the identification card should be carried on the person. Where practicable, temporary passes should be issued to newly appointed staff (until a permanent card can be issued), authorised visitors and contractors.
************
Access Control (November 2005)
9-5
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
10. Key Control Policy: As part of the facility security risk management process, Health Services must ensure, in consultation with staff and key stakeholders, that all reasonably foreseeable security risks associated with key control are identified, assessed, eliminated where reasonable practicable or effectively controlled. Health Services must ensure that the process is appropriately documented and effective key control procedures are developed and implemented.
Guidelines: Health Services should develop procedures, in consultation with staff and other stakeholders, to effectively manage key control. The aim of these procedures is to protect people and assets and minimise the likelihood of incidents related to theft and assault. Types of Keys: Keys can be divided into two categories: •
Security keys which give access to: -
Pharmacies, drug safes and cabinets Safes and other security containers Containers that hold security keys Specialist areas where for clinical/legal reasons patient movement around the facility/area is restricted - Major important or sensitive assets •
General administration keys, which give access to support services and domestic assets.
Security Risk Management: Chapter 1 of this Manual provides guidance material on the risk management process and these principles apply equally to key control. As part of this process, the following risk control strategies should be considered by Health Services:
Key Control (December 2003)
10-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Managing Administrative and Security Keys: •
Considering who in the facility will have the delegated authority to hold custody of and control the issue of keys. Delegated authority should be in writing.
•
Controlling the movement of keys using: - Key Authority Cards. Where all personnel authorised to draw and return keys should have their name printed and their specimen signature recorded. Note: a key authority card may be produced for each lock or produced for each staff member as they sign for keys. - Key and Security Premises Books. Where all keys issued are recorded in a Key and Security of Premises Book. All entries in the book should be in ink with alterations initialled and pages numbered. Completed books should be retained for a period of not less than twelve months from the date of the last entry and should identify keys issued on a daily or temporary basis. Management should consider the introduction of electronic systems to manage and track key issue.
•
Ensuring that anyone taking a key is entitled to do so, by referring to the relevant Key Authority Card. The number of keys issued for any one lock should be kept to a practicable minimum.
•
Ensuring that the custodian, on a regular basis, should: - Physically check the keys on hand against the Key and Security of Premises Book to ensure all keys are accounted for - Report any outstanding keys to the appropriate supervisor
•
Ensuring that staff are advised that keys should not be worn around the neck (as this is a possible strangulation risk or could be used by a violent person to draw the staff member closer). If keys must be worn around the neck a breakaway lanyard should be used.
•
Ensuring staff are advised not to leave keys lying around in view
•
Ensuring that: - Where practicable spot checks are conducted at intervals not exceeding six months - A stocktake is conducted at least annually and results recorded
Key Control (December 2003)
10-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Ensuring that authority to draw keys is kept up to date by deleting from key authority cards the names of personnel who: - Have ceased employment. Note: return of keys must be included in the termination clearance process - No longer require access to the area to which the key gives access
•
Ensuring keys not on issue are stored in a locked container which should be: - Located when possible out of sight of unauthorised persons - Bolted or recessed into an internal wall or floor
•
Ensuring, at the time of installation of locks, that the keys are given to the custodian who will ensure: - The correct numbers of keys have been received - A key authority card is raised for each lock (where this system is used) - That the keys received work in the locks fitted and - That one original key is retained and stored appropriately
•
Ensuring all keys for the same lock are individually numbered to indicate the lock they fit and the actual key number for that lock
•
Ensuring the loss, or suspected loss or compromise of a general administrative key is reported to the issuing officer
•
Taking immediate action to replace compromised locks
•
Cutting of additional or replacement keys should only be: - Authorised by the nominated officer - Cut by an authorised locksmith who is contracted by the facility. Note: cutting of security keys must only be done by a person licensed under the Security Industry Act 1997
•
Destroying keys that are no longer required. Details of the destruction should be entered on the appropriate key control card
•
Ensuring key cutting codes and key blanks used by facilities which have their own key cutting/duplication capability are protected at all times.
**********
Key Control (December 2003)
10-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
11. Alarm Systems Policy: As part of the facility security risk management process, Health Services must establish their requirements for alarm systems (eg duress and intruder alarms) to ensure that staff members, patients, and Health Service assets are secure. A regular review of all alarm systems must occur as part of the risk management process.
Guidelines: Security Risk Management: Chapter 1 of this Manual provides guidance material on the risk management process and these principles can be applied when determining the types of alarm systems to be installed. In assessing the requirement for alarms, Health Services should consider the following issues: • • • • • • • • • • • •
Potential for violence against staff The type of work being carried out by staff Working in isolation Cash handling Goods and equipment stored in the area Level of external security risks Level of internal security risks Exits that may be left open by staff or patients The security needs of ‘at risk’ patients such as wandering elderly patients in wards, or children at risk of unauthorised removal from the facility Potential for use of emergency exits (eg fire escapes) by thieves to remove assets Potential for break in via doors and/or windows to remove assets and Potential for break into and theft of vehicles.
In assessing the requirement for alarms Health Services should consult with staff working in relevant areas such as: -
Mental health services Emergency departments Pharmacy and other drug storage areas Women’s health and maternity units Youth health units
Alarm Systems (December 2003)
11-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
-
Sexual assault units Cash handling and storage areas Isolated facilities/units Car parks and grounds Vehicles (eg ambulances) Alcohol and other drugs services Aged care wards/dementia units/brain injury units/rehabilitation units Community services.
The purpose of consultation with staff is to: - Assist with identifying, assessing and controlling risks associated with violence - Assist with identifying, assessing and controlling risks associated with patient security (eg wandering patients, infant kidnap etc) and building/perimeter security - Determine the alarm type, location and features - Develop protocols for use of alarms and response procedures - Identify training and education requirements. In identifying appropriate alarm systems Health Services should ensure that, where appropriate: •
The alarm system complements any other protective measures taken by the facility
•
The alarm system features and configuration are appropriate to the identified needs a nd possible risk
When tendering for alarm systems, Health Services should ensure that: • • • • •
All relevant requirements in Departmental guidelines and guidelines issued by the NSW State Contracts Control Board are met Expert advice is sought when preparing the necessary specifications and system design Benchmark criteria is included to ensure the system operates correctly under a range of conditions with minimal false activation Staff training in the operation of the system is included and all operating manuals are supplied and Ongoing maintenance of the system and the use of maintenance contracts is considered.
Note: Security companies and security consultants must be licensed under the Security Industry Act 1997.
Duress Alarms: A duress alarm is a signal for assistance sent by a person(s) who is under attack or threatened by the situation they face.
Alarm Systems (December 2003)
11-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Modern duress alarm systems use a combination of electromechanical, electronic, radio frequency and digital devices to send and receive the signals. The advantage of these types of duress alarm systems is that they may be designed to identify the person and the exact location of the person requiring assistance. The expertise of independent technicians or consultants is required to prepare the necessary specifications and system design when implementing duress alarm systems. The type and level of sophistication of duress alarms should be advised by the risk assessment process. Installing a Duress Alarm: When installing a duress alarm identify the characteristics required of the duress alarm by considering the following: • • •
Fixed alarms, with duress buttons strategically located throughout the health care facility Mobile duress alarms worn by staff members within the health care facility Mobile duress alarms worn b y staff members who regularly work outside the health care facility.
Fixed alarms may be used in well defined areas where there is no or little opportunity for an aggressor to get between a staff member and the alarm button, and the person works from a static position (eg where staff are behind a screen such as a pharmacy distribution window or behind a counter). Fixed alarms may not be appropriate for areas accessible to patients and the public (eg corridors, as mischievous tampering with alarms may occur). Mobile duress alarms may be used where the staff member is mobile in the course of their work in areas such as wards or emergency departments where there is a risk of being confronted by aggressive behaviour. Mobile duress alarms should be worn attached to the clothing (eg clipped to a pocket). They should not be worn around the neck. Mobile duress alarms for use within a facility and the immediate area should comply with all relevant Australian and regulatory requirements including Austel approvals, AS2201 and AS3000 as an absolute minimum especially in relation to installation, servicing and wiring of all equipment and systems. The risk assessment of the area to be serviced by the mobile duress alarm informs the sorts of features necessary for that particular system. The most effective mobile duress alarms have the following features: •
Be dual activated (ie have two activation mechanisms, those being activation by pushing a single button using one finger and activation by the staff member falling down/not moving - but allowing reasonable movement)
Alarm Systems (December 2003)
11-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
When activated, automatically alert the duress response team regardless of where their members may be located (for more information on duress response arrangements refer to Chapter 29 of this Manual)
•
Alert other staff in the work area/facility that a colleague requires assistance, to ensure that assistance is activated and to ensure that another staff member does not accidentally walk in on a duress situation thus putting themselves at risk The alert should be by: - Notifying a central processing unit, where a visual display identifies the location of the staff member who has activated the duress (it should display the layout of the facility and identify the room or area of the duress activation) and - Providing the alert (including location) on an alphanumeric pager carried by the response staff, and - Providing a visual or audible alert eg. strobe light or passive siren located so as to alert the response team and not the aggressor
•
Have suitable battery functions, such as: -
A low power indicator (easily distinguishable) Minimum 24 hour battery life without replacement or recharge Water resistant Able to operate between temperature ranges of 0 to 45 centigrade
•
Be able to interface with other local communication systems (eg paging systems)
•
Be able to cover all working and amenity areas for the specific location including meal rooms, toilet facilities, stairwells, storerooms and external staff amenities (eg car parking)
•
Provide integrity of communication a nd a system which is not prone to interference or false alarm
•
Include the installation of a fixed back up system
•
Provide accurate information on the location of a staff member to within 5 metres inside health care facilities and to within 10 metres outside of health care facilities
•
Allow a minimum of 10 users to be identified. The system should have enough capacity to identify the maximum number of employees present at one time (including visitors or casual staff) and, in mental health facilities, visitors who may be in the ward or unit (including visiting magistrates, health care professionals, maintenance contractors etc) plus spare units in case of malfunction.
Alarm Systems (December 2003)
11-4
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Include off the shelf quality tested equipment rather than customised equipment or software
•
Be of current technology and part of a system that can be easily added to or subtracted from if needs change (eg staff leave or join, without needing to install a new range or design of equipment)
•
Be of self-testing capacity, with each self-test carried out at intervals of one hour or less
•
Be small, light, water and vandal resistant, of robust build and able to withstand every day operational rigours including dropping the device or splashing the device etc
•
Include a “warning indication” if the user is out of range, communications or battery failure
•
Be capable of transmitting a duress signal to other staff members within five (5) seconds of activation with a reliability factor of no less than 98% for indoor situations and within 30 seconds for an outdoor alarm
•
Be guaranteed by the supplier of the duress system (ie all equipment and systems will be supported for a period of no less than five (5) years from the date of service and the supplier needs to provide “urgent and routine” servicing and replacement of all parts during that period)
•
Be user friendly and simple to use.
Where the risk assessment process identifies gaps in the existing duress alarm system and the cost of replacement is significant, other risk control strategies should be implemented to complement the existing system. Duress Alarms should not: •
Activate a loud noise in the immediate area of the point of danger (the audible alarm may cause secondary reaction by assailant or create undesirable reactions among other patients or visitors)
•
Rely on a form of transmission or communications or any other device that could interfere with the functioning of critical medical equipment
•
Be susceptible to tampering or activation by patients or visitors.
Training: Suppliers of any alarm system should, as part of any contract, provide training for staff in the use of the equipment.
Alarm Systems (December 2003)
11-5
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
A duress alarm is only the means of signalling that someone needs assistance. The response to that signal is the important part of the duress process (Refer to Chapter 29 of this Manual).
Intruder Alarms: Health Services should ensure that the relevant requirements from the Australian Cabling Regulations and the following Australian Standards and International Electro-Technical Commission standards are incorporated into all aspects of commissioning, installing, activating and maintaining intruder alarms: • • • • • • • • • • •
Intruder alarm systems – Systems installed in client’s premises (AS 2201.1 – 1998) Intruder alarm systems – Monitoring centres (AS 2201.2 – 2001) Intruder alarm systems – Detection devices for internal use (AS2201.3 – 1991) Intruder alarms systems – Wire-free systems installed in client’s premises (AS 2201.4 – 1990) Intruder alarm systems – Alarm transmission systems (AS 2201.5 – 1992) Alarms systems. Part 2: Requirements for intruder alarm systems. Section Two: Requirements for detectors – General (IEC 60839-2-2 Ed. 1.0b) Alarm systems. Part 2: Requirements for intruder alarm systems. Section Two: Requirements for infra-red beam interruption detectors in buildings (IEC 608392-3 Ed 1.0b) Alarm systems. Part 2: Requirements for intruder alarm systems. Section Four: Ultrasonic Doppler detectors for use in buildings (IEC 60839-2-4 Ed 1.0b) Alarm systems. Part 2: Requirements for intruder alarm systems. Section Five: Microwave Doppler detectors for use in buildings (IEC 60839-2-5 Ed 1.0b) Alarm systems. Part 2: Requirements for intruder alarm systems. Section Six: Passive infra-red detectors for use in buildings (IEC 60839-2-6 Ed 1.0b) Alarm systems. Part 2: Requirements for intruder alarm systems. Section Seven: Passive glass-break detectors for use in buildings (IEC 60839-2-7 Ed 1.0b).
***********
Alarm Systems (December 2003)
11-6
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
12. Lighting Policy: As part of the facility security risk management process, Health Services must ensure, in consultation with staff and key stakeholders, that internal and external lighting is sufficient to eliminate, where reasonably practicable, or control security related risks and meet the relevant Australian Standards.
Guidelines: Security lighting is internal and external lighting that is used to improve security in the vicinity of the light. The external lighting system recommended for health facilities uses luminaries of the High-Pressure Sodium (HPS) type.
Security Risk Management: Chapter 1 of this Manual provides guidance material on the risk management process and these principles apply equally to lighting related security risks. As part of this process, Health Services should consider the following: •
Ensuring external security lighting is in vandal resistant containers and mounted to restrict tampering (eg too high up to be readily broken)
•
Ensuring posts for security lights are designed in such a way that they do not provide a ‘ladder’ or foothold to allow access to the light fitting
•
Ensuring security and other staff are provided with a system for reporting malfunctioning lights
•
Ensuring malfunctioning lights are replaced immediately
•
Ensuring security lights can be automatically activated and deactivated at pre-set times (times need to be seasonally adjusted)
•
Ensuring security lights are connected to an electrical circuit separate to that of the main facility
•
Ensuring some internal lighting remains on during the night
•
Locating and styling lights so as to gain the maximum benefit and coverage
Lighting (December 2003)
12-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Providing lights bright enough to ensure a safe entry to and safe exit from the workplace (including footpaths/accessways), and providing acceptable levels of light in car parks. Lighting should avoid creation of dark spots and be sufficiently bright to deter crime and to provide sufficient illumination to prevent slips, trips and falls and allow facial recognition. Where the facility does not have dedicated on-site parking, consultation on street lighting should occur with local councils.
•
Ensuring lighting used meets Australian standards AS1680 series, AS1158 series (including 1158.3.1), AS4485.1 and AS2890 where applicable
•
Determining the needs of areas requiring special lighting treatment (eg entrance foyers, emergency departments, staff entry and exit points, pharmacies and car parks)
•
Ensuring a back up generator is available, where practicable, to ensure continuity of electrical supply for security lighting
•
Consulting with neighbours who may be affected by security lighting.
***********
Lighting (December 2003)
12-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
13.
Workplace Camera Surveillance
_______________________________________________________________
Policy: Health Services must ensure, in consultation with staff and key stakeholders, that where workplace camera surveillance is used as part of the facility security risk management program, effective procedures are developed and implemented that are consistent with relevant legislation. When implementing this policy, Health Services should review the Workplace Surveillance Act and Regulation in detail, to ensure that all relevant requirements are met. Note: Where a Health Service is considering the use of covert camera surveillance, the Health Service Chief Executive (or delegate) must seek the approval of the Director-General prior to applying for a ‘covert surveillance authority’.
Definitions: Camera Surveillance, which may be overt or covert, relates to surveillance activities undertaken using video or camera equipment. Overt camera surveillance involves the use of unconcealed surveillance equipment, signposted to draw attention to the fact that an individual is under observation. Covert camera surveillance involves the use of hidden or concealed surveillance equipment to record an individual’s activities, without their knowledge or agreement.
Legislative Framework: Workplace Surveillance Act 2005 The Workplace Surveillance Act 2005 replaces the Workplace Video Surveillance Act 1998, and commenced on 7 October 2005. The 2005 Act has much broader coverage, in that it applies to camera surveillance, computer surveillance and tracking surveillance of staff. The Act regulates the use of both overt and covert surveillance and the use and disclosure of the records obtained from surveillance.
Workplace Camera Surveillance (November 2005)
13-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Workplace Surveillance Regulation 2005 The Workplace Surveillance Regulation 2005 also commenced on 7 October 2005 and prescribes actions in relation to ‘covert surveillance authorities’. Listening Devices Act 1984 When conducting workplace camera surveillance, if the camera is used to record private conversations, the camera surveillance will also be regulated by the Listening Devices Act 1984. Privacy legislation Personal information collected by surveillance will be protected by either the Privacy and Personal Information Protection Act 1998 or, where information relating to a person’s health or the health services provided to them is collected, the Health Records and Information Privacy Act 2002. These laws set out principles that govern the collection, storage, use and disclosure of personal information. The NSW Health Privacy Manual (PD2005_593) directs Health Services on all aspects of information privacy management and confidentiality issues.
Guidelines: Within Health Services there are potentially three types of camera surveillance that may occur: • Overt camera surveillance to observe staff • Overt camera surveillance in relation to personal or property security • Covert camera surveillance of suspected unlawful activity.
Overt camera surveillance: Risk Assessment As identified in previous chapters of this Manual, Health Services should undertake a risk assessment to identify security risks, and determine and implement appropriate controls to eliminate or minimise the risks. As camera surveillance is considered to be a risk control strategy that is toward the lower end of the hierarchy of risk controls eg an administrative control, Health Services must ensure that, as far as practicable, all other appropriate risk control strategies higher up the hierarchy are put in place to control security risks. For further information on security and violence risk management see Chapters 1 and 26 of this Manual, and NSW Health policy directives PD2005_315 Zero Tolerance Response to Violence and PD2005_409 Workplace Health and Safety: Policy and Better Practice Guide.
Workplace Camera Surveillance (November 2005)
13-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Notification Requirements Section 10 of the Workplace Surveillance Act 2005 provides clear direction on the requirements for notifying employees where an employer wishes to undertake overt workplace camera surveillance. The use of cameras to undertake workplace surveillance will be lawful under the Workplace Surveillance Act 2005 only if all of the following conditions are met: • Employees have been notified, in writing, at least 14 days before the cameras are used. New starters must be advised prior to commencing work (Section 10) • The cameras are clearly visible to people in the area that is under surveillance (Section 11) • Signs notifying people that they may be under camera surveillance are clearly visible at each entrance to the area under surveillance (Section 11). Section 14 of the Workplace Surveillance Act 2005 allows for an exemption from the employee notification requirements where the surveillance: • Is conducted with the agreement of the employee or a body representing a substantial number of employees at the particular workplace eg a union or representative body, for a purpose other than surveillance of staff (eg security purposes) and • Is carried out in accordance with that agreement. Failure to meet all the requirements for overt surveillance will constitute covert surveillance, which is in breach of the Act in the absence of a covert surveillance authority (see Covert camera surveillance page 13-7).
General Issues for Overt Camera Surveillance: Security related workplace camera surveillance Objectives of camera surveillance In the security context, camera surveillance is generally used to achieve the following objectives: • To deter security incidents eg theft, vandalism, violence etc • To gather information that may be used in evidence if a crime is committed within view of the camera (assuming the camera is recording) • To allow a security incident to be viewed as it is occurring, and an appropriate response to be raised. Regardless of the reasons for the installation, having a clearly displayed camera in a particular area can create an expectation from staff and others that a duress response will be automatically triggered if a violent incident occurs within view of the camera. As a result, this may affect the response of the individual to the situation eg not retreat as they are expecting assistance.
Workplace Camera Surveillance (November 2005)
13-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Because of this potential, the following questions should be given serious consideration when determining if, and where, to use overt camera surveillance: • What is the primary purpose of the camera surveillance ie does the area have a history of vandalism because it is isolated after hours or the premises is largely unused; is it an area of opportunistic theft such as a retail outlet on Health Service property; is there a history of violence in the area? • What expectations might the presence of the camera reasonably create in those using the area? • What level of monitoring is necessary, and what is the availability of appropriately licensed and trained staff to undertake the monitoring? • What information should be contained in the notification signage? If a camera is placed in an area with a history of violent incidents, or it is reasonably foreseeable that there may be future violent incidents in the area, it should not be assumed that the presence of the camera and signage will deter violence in all instances. Such instances may include where the perpetrator: • Is under the influence of alcohol or other drugs • Is suffering from a medical condition that may predispose the sufferer to violence • Has a significant history of violence • Is suffering from a particular mental illness. Monitoring of camera surveillance In the situations listed above, the camera will only achieve its objectives if it is being constantly monitored, and an appropriate response activated in the event of a violent incident. Therefore, where camera surveillance is being used in areas identified as being at increased risk of violence, continuously monitoring the camera via an appropriately staffed control centre will be necessary. An appropriate duress response plan must also be in place that can be promptly activated if it appears that a significant violent incident is imminent (see Chapter 29 of this Manual). Staffing issues Health Services should ensure that employees involved in relevant surveillance activities are appropriately licensed and trained, as required by security industry legislation (see Chapter 14 of this Manual). Because continuous monitoring is labour intensive, and, as advised earlier, camera surveillance is considered to be an administrative risk control strategy, as far as possible all other appropriate risk control strategies higher up the hierarchy eg engineering controls should be put in place to control violence risks.
Workplace Camera Surveillance (November 2005)
13-4
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Placement of cameras Where a security risk assessment results in the decision to use overt camera surveillance in a particular location, effective placement of the camera within this location is critical to the success of a surveillance strategy aimed at controlling security risks. An assessment that considers the following should be undertaken to determine the best placement: • Lighting levels, including shadowing, minimum lux levels, type and height including varying lighting levels in open areas as opposed to under awnings etc and obstructions to fields of view • Landscaping, including type and growth rate of trees and vegetation • Pedestrian and vehicular thoroughfares, including analysis of the amount of pedestrian and vehicular access throughout each day • The recommended height of equipment above ground to deter potential vandalism and damage caused by vehicular traffic (while noting that position height of cameras needs to allow adequate identification of persons) • The view from the recommended camera height, taking into account building structures and awnings • Direction of the sun, including sunrise and sunset ‘blooming’ and the possible effect on the cameras • Whether cameras need to be attached to private or public property, and if in the case of a private property, whether such approval is likely to be granted by owners • Whether private premises would come within the view of the cameras • The accessibility of equipment for maintenance purposes including any safety issues for staff undertaking the maintenance • Possibility of accompanying lighting intruding upon the surrounding area • Access to power supply • Cabling routes and distances • Availability of existing cables and conduits and • Trenching and reinstatement costs. Related procedures Health Services should also develop effective procedures for: • Ensuring camera surveillance equipment remains appropriately placed, and continues to be pointed in the necessary direction • Maintenance and testing of the equipment - a maintenance log is recommended • Undertaking regular risk assessments to ensure that the introduction of camera surveillance has not created new or different security risks eg moved potential illegal activity from the area now under surveillance to other surrounding areas, or created expectations in relation to a duress response that may be unrealistic or unable to be met.
Workplace Camera Surveillance (November 2005)
13-5
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Use and disclosure of surveillance records The Workplace Surveillance Act 2005 (Section 18) requires that any record made as a result of surveillance not be used or disclosed unless the disclosure is: • For a legitimate purpose related to the employment of staff or the legitimate business activities of the Health Service; or • To a member or officer of a law enforcement agency (eg Police) for use in connection with the detection, investigation or prosecution of an offence or • For a purpose that is directly or indirectly related to the taking of civil or criminal proceedings; or • Reasonably believed to be necessary to avert an imminent threat of serious violence or of substantial damage to property. While Health Services are not obliged by law to provide surveillance records without a warrant, Section 316 of the Crimes Act 1900 does require Health Services to consider whether information they have will be of ‘material assistance’ to securing the apprehension or conviction of an offender who has committed a serious offence ie one which carries a term of imprisonment of five years or more. Where the Health Service may knowingly have such information, failure to provide this information to police could lead to a conviction unless there is a ‘reasonable excuse’ for this failure. As it is in the public interest to assist law enforcement agencies to pursue their law enforcement and public protection activities, Health Services should assess requests for surveillance records in the absence of a warrant on a case by case basis. In deciding whether to provide surveillance records Health Services need to balance this need with their own obligations of confidentiality to their patients and the often sensitive nature of health information. Factors that should be considered prior to disclosing surveillance records without a warrant include: • The seriousness of the alleged offence • The degree of evidence available that suggests the surveillance record contains information that will assist with law enforcement • Whether significant personal information relating to third parties will be disclosed, especially if this information is of a sensitive nature eg if the camera is near the entrance to a methadone clinic or an STD clinic • How well sign posted the camera surveillance is ie will staff and visitors to the area have a reasonable expectation that they will be captured in surveillance records? • Any industrial arrangements as the surveillance records may also include footage of staff. Health Services should develop clear protocols for determining in each instance whether such records should be provided to other parties, and identify who within the Health Service has the authority to approve the release of those records.
Workplace Camera Surveillance (November 2005)
13-6
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
For more information on the disclosure of personal information to law enforcement agencies refer to the following sections of the NSW Health Privacy Manual (Policy Directive PD2005_593) • Section 11.2.7 – Law enforcement agencies, including police • Section 11.3.4 – Reporting ‘serious criminal offences’.
Prohibited surveillance: It is prohibited under the Workplace Surveillance Act 2005 to carry out any surveillance of an employee in any change room, toilet facility or shower or other bathing facility at work.
Covert camera surveillance: In seeking the approval of the Director-General to apply for a covert surveillance authority, the Health Service will need to submit a written request addressing the following: • Why covert surveillance is required • The actions taken to date to investigate and/or manage the situation • Other options considered by the Health Service to resolve or manage the situation and why they were not taken or were not successful. Where the Director-General has granted approval for the Health Service to apply for a covert surveillance authority, all relevant requirements of the Workplace Surveillance Act 2005 must be observed. These requirements include the following: • Surveillance must be used only to detect whether a staff member is engaged in an unlawful activity in the workplace (Section 20) • Surveillance must not be used for the purpose of monitoring the staff member’s work performance (Section 20) • Surveillance must not occur in any change room, toilet facility, shower or other bathing facility (Section 20) • The Health Service must obtain a covert surveillance authority from a Magistrate, approving the covert surveillance (Section 23) • A surveillance supervisor designated by the Magistrate must oversee the surveillance (Section 27) • The surveillance activity must meet any conditions prescribed by the surveillance authority (Section 29) • The covert surveillance authority remains in force for the period specified in the authority, which will not exceed 30 days (Section 29). Following the covert surveillance, employers have a number of further obligations under the Act, as outlined below: • The Health Service must ensure that any recordings within their control are protected against loss, unauthorised access or use (Section 36) • The Health Service must only use or disclose the surveillance records for a relevant purpose (Section 37)
Workplace Camera Surveillance (November 2005)
13-7
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
• •
The Health Service also has a duty to report back in writing to the Magistrate issuing the authority, within 30 days of its expiry, the results of the surveillance (Section 35) If the Health Service proposes to take any action against a staff member as a result of the covert surveillance, then that Health Service must provide the staff member or the staff member’s lawyer with access to the recording within a reasonable period after access is requested (Section 29).
************
Workplace Camera Surveillance (November 2005)
13-8
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
14.
Provision of Security Services
Policy: As part of the facility security risk management process, Health Services must ensure, in consultation with staff and key stakeholders, that appropriate security services are available to respond effectively to security related issues. Health Services, following the risk assessment process, are required to establish and document minimum standards for security services in each facility. Special Constables: As part of the facility security risk management process, Health Services must ensure that all practical violence risk control strategies are implemented prior to supporting an application for Special Constable status. The risk management process must be documented and may from time to time be reviewed by the Department of Health or other external agencies. The Department of Health does not support the creation of Special Constables in Health Services as a key security risk control strategy. (Note: Refer to Chapter 28 of this Manual for policy on the use of weapons by security staff.)
Guidelines: Security Services Risk Management: Each Health Service should determine the level of need for security, the type of security services required and the coverage to be provided. As part of the risk management process, Health Services should consider a number of issues that impact on determining an appropriate level of security including: •
The type of work being performed (eg emergency, alcohol and other drugs or mental health areas that may require access to 24/7 security)
Provision of Security Services (December 2003)
14-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
• • • • • • • •
The likely clientele using the service The number of staff on duty at any one time The size and layout of the facility The nature of incidents that have occurred previously The geographical location of the area being assessed (eg is it isolated?) The crime risk of the locality (police can advise) Proximity of local police services The current security controls in place and their effectiveness in reducing risk (eg access control measures).
It would be expected that in priority areas such as emergency departments the risk assessment process would highlight the need to have access to appropriate security services on a 24/7 basis. Access to appropriate security services is not limited to the posting of security officers on site and may include, for example, arrangements for immediate response from patrolling officers. In mental health facilities, the risk assessment may result in a similar outcome. However, the balance between security and the therapeutic environment may vary between facilities and as a result it is critical that management and staff of mental health facilities constructively decide on the way in which security services are to be provided and mental health emergencies are to be managed. The provision of effective security services may be achieved through engagement of security officers, health and security assistants, contractors, on-call patrols, other appropriately licensed parties or a combination of these arrangements.
Role of Security Services: The duties of security staff will vary according to the type, location, size and local circumstances of the health workplace. However, in broad terms they are generally responsible for assisting with the security of staff, patients, visitors and assets of the health workplace. The security role should never be confused with that of a police officer. Although security staff may assist police, the primary role of each service is different. The security officer/health and security assistant roles are health service specific roles with a strong emphasis on prevention and assisting in the management of incidents. Security staff should not place themselves at unnecessary risk in carrying out their duties, regardless of their occupational role. In practice there may be times when the duty of care to patients or others may require intervention but at no time should the duty of care override a staff member’s right to safety. For more information refer to Chapter 26 of this Manual and the Department’s Zero Tolerance Policy and Framework Guidelines (Circular 2003/48).
Provision of Security Services (December 2003)
14-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Attached to this Chapter (at Appendix 14.1) is detailed information on the scope of duties that may be undertaken by security staff in Health Services.
Using Force in the Execution of Duty: Security staff may be required to use physical force in the course of their duties. Physical force should be limited to: • • •
Assisting with the restraint of a patient at the direction or request of an appropriate staff member (eg nurse, medical officer etc) Evasive self defence as is necessary to protect themselves, with due regard to the concept of “reasonable force’' and The minimum force necessary to protect staff while observing their own safety.
Health Services, through education and training strategies, need to ensure security staff understand the concept of “reasonable force” and are aware that their actions may be scrutinised by a court of law. Evasive Self-Defence: The law recognises that an individual may protect themselves or another person from a threat of attack or injury. The protection afforded by the law is limited to situations where: • •
The person believes the action is necessary to defend themselves or another person or The action is necessary to prevent or terminate unlawful deprivation of their liberty or the liberty of another person.
In order to be lawful the conduct must be a reasonable response in the circumstances as he or she perceives them, and there must be some reasonable proportion between the threat perceived and his or her response to it. The purpose of evasive self-defence is to assist staff to escape from a violent situation when retreat is blocked, when all other non-physical strategies are inappropriate or have failed and the staff member is under attack or attack is imminent. When properly used, it may minimise the risk of injury and minimise the potential trauma. In these circumstances the behaviour of staff should be defensive rather than aggressive, controlling rather than punitive and with no more force than is necessary in the given situation. The degree of force used must be proportionate to the degree of potential harm faced and must not be applied for longer than is reasonably required to control that risk.
Provision of Security Services (December 2003)
14-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Restraints: Restraints are human or mechanical actions that restrict a person’s freedom of movement. The term ‘chemical restraint’ is sometimes used to refer to the use of medication to sedate and control behaviour. Physical Restraint: Sometimes it is necessary for patients to be restrained to protect them from hurting themselves or others. It is expected that this would be for brief periods of time. At all times the principle of reasonable force is to be adhered to. Security staff are to work under the direction of a clinician when using restraint on patients. However there may be occasions where security staff may need to act without the direct instruction of clinical staff. Such situations would be rare and would be limited to acute emergency situations where: • •
There are no clinicians in the immediate vicinity at that particular moment, and where failure to act immediately will clearly result in injury or trauma or Clinical staff are unable to issue instructions (eg they are injured or incapacitated).
Mechanical Restraints: Non-metallic, soft or leather restraints supplied by a medical appliance company are the only acceptable mechanical restraints to be used by security officers or others when directed by a clinician to restrain a patient in this way. Metal handcuffs are not to be used on patients. As with physical restraint, the principle of reasonable force must be exercised at all times when using mechanical restraints. Chemical Restraint: Guidelines on the use of chemical restraint are contained in the document titled ‘Management of Adults with Severe Behavioural Disturbance – Guidelines for Clinicians in NSW (May 2002)’.
Searching Patients and Visitors: To ensure the security of staff, patients and other visitors to health facilities, there may be circumstances where the searching of patients and visitors is considered an important risk control strategy.
Provision of Security Services (December 2003)
14-4
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
However, the power to search an individual is restricted to narrow circumstances allowed under criminal law and the Mental Health Act which are strictly regulated, or when the individual consents. Without clear lawful authority, any search initiated without consent would be a trespass upon the person and therefore unlawful. Where, after an assessment of risks (including the legal context), a health facility determines the need for procedures to search for weapons and other dangerous objects, Health Services should consider the following points. Under the Inclosed Lands Protection Act 1901 a Health Service, as occupier of its premises, has the right to determine who may enter its premises, and is entitled to impose conditions of entry. These conditions may include the following: • • •
Prohibited weapons, illegal drugs or alcohol are not to be brought into the facility The Health Service reserves the right to search persons if there is a reasonable suspicion that a person has brought such weapons or drugs into the facility A person who refuses to be searched when requested will be escorted from the premises.
Any procedure should therefore ensure that persons entering Health Service premises are aware of these conditions. The situation is somewhat different in relation to persons involuntarily detained under the Mental Health Act, which provides for the involuntary detention of persons suffering from a mental illness that place themselves or others at risk of serious harm. The objects of the Act include facilitating treatment and care, and section 31 (2) specifically allows a detained person to be given such treatment as the medical superintendent 'thinks fit'. This combination of provisions would authorise searching of involuntary patients where the search was directed towards care and/or treatment, or prevention of harm to the patient or others and there is a reason to believe that the search is necessary. Introducing related policies would require clearly articulated procedures, comprehensive staff training and appropriate back up. Retention and Restoration of Weapons or Implements On occasion people may present to health service facilities carrying weapons or implements that give rise to security fears for staff. This can occur, in particular, in emergency departments where the fact that treatment has been sought in an emergency situation means people have not necessarily had an opportunity to organise their affairs and properly secure or remove weapons or implements.
Provision of Security Services (December 2003)
14-5
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
There are many weapons that are listed as prohibited in Schedule 1 of the Weapons Prohibition Act 1998. However a weapon or implement may not be prohibited but still give rise to concerns for security should a person retain it in their possession while on health service premises. Circumstances may arise where a person may have a permit to carry a weapon or their occupation has been exempted from the Weapons Prohibition Act 1998 however this does not entitle them to retain a weapon on health service property if it causes staff to fear for their security (refer to Chapter 6 – ‘Security Arrangements for Patients in Custody’ for information relating to firearms security for police). Health Services must have procedures in place to manage issues associated with the retention of weapons. When developing these procedures, the following risk control strategies should be considered by Health Services: •
People who hand custody of a weapon or implement to health service staff should, where practicable, be offered a receipt for their property
•
All weapons and implements should be placed in a plastic bag, to protect any forensic evidence. Staff handling weapons and implements should wear gloves.
•
Should the weapon or implement fall into the category of a prohibited weapon, as defined by the Prohibited Weapons Act 1998, or carrying the weapon is against the law (eg juvenile with a knife), the police should be contacted and advised of the nature of the weapon and circumstances of retention. Security officers should fill out an incident report/or equivalent describing all details. This weapon should then be placed immediately into a designated safe until collected by police (refer to section below on Storage and Disposal of Weapons).
•
If the weapon or implement does not fall into the category of a prohibited weapon but there are concerns regarding the nature of the weapon or implement (large knives, screwdrivers, slide hammers etc), the police should be contacted and advised of the nature of the weapon or implement and the circumstances of retention. Security officers should fill out an incident report/or equivalent describing all details. This weapon or implement should then be placed immediately into a designated safe until collected by police (refer to section below on Storage and Disposal of Weapons).
Provision of Security Services (December 2003)
14-6
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Should the person have lawful rights to that weapon or implement and it is necessary to return it to them on their departure from health service premises then the usual practices for managing patient’s valuables should apply including: -
-
Locking the weapon or implement into a safe and entering the details into a valuables book/or equivalent, including the name and address of the owner. The owner should be advised that they have a period to claim the weapon after which time it will be destroyed. When returning the weapon or implement to the owner ensuring the item is signed for in the valuables book/or equivalent.
Storage and Disposal of Weapons or Implements: Health Services must have procedures in place for storing weapons or implements awaiting collection by the lawful owner or by police. The procedures must reflect the relevant requirements of the Evidence Act 1995. When developing these procedures, the following risk control strategies should be considered by Health Services: •
The weapon or implement should be placed into a designated safe which should be located in the Security Department (or other appropriate area) where access is restricted to security personnel only
•
The designated safe should be key operated. Security staff should have access to the safe to ensure that weapons or implements are secured immediately.
•
The safe should be emptied by a nominated senior staff member (eg: Area Security Manager) on a daily basis and the contents of the safe transferred to another safe which can be accessed by this senior staff member only. Weapons or implements are to be kept in this safe pending collection by the lawful owner, police or disposal.
•
Where a weapon or implement has not been collected by the lawful owner, and the required timeframe for keeping property has expired, arrangements should be made by the Health Service for its disposal.
Provision of Security Services (December 2003)
14-7
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Licensing Requirements for Security Staff (including Health and Security Assistants): Security staff employed in Health Services need to be licensed to carry out those duties generally covered under a Class 1 (A), (B) or (C) security industry licence. Health Services need to ensure that security staff are appropriately licensed for the duties they are required to undertake. Types of Licenses: • • •
Class 1A - authorises the licencee to patrol, guard, watch or protect property (including the guarding of cash in transit) or to carry on such other activities as may be prescribed by the regulations Class 1B - authorises the licencee to act as a bodyguard Class 1C - authorises the licencee to act as a crowd controller or bouncer.
To qualify for the issue of a class 1 (A), (B) or (C) security industry licence, units of the National Security Industry Competency Standards must be completed. Applicants must also have an appropriately accredited, WorkCover approved senior first aid training certificate. Master Security Licence: Employers of people undertaking security activities are required, under the Security Industry Act 1997, to hold a Master Security Licence. The holder of a Master Security Licence is not authorised to carry out security related duties themselves unless they also hold an appropriate security licence. The holder of a Master Security Licence is required, as a condition of their Licence, to hold membership of an approved Industry Organisation. The Security Industry Registry website provides details of approved Industry Organisations (www.police.nsw.gov.au/sir).
Pre-employment Screening of Security Staff: Departmental circular 2003/71 provides guidelines on the processes for undertaking pre-employment screening of applicants for security related positions. Pre-employment screening processes are designed to assist Health Services to identify the capabilities and deficiencies of applicants for security-related positions and therefore enhance the merit-based recruitment process. Used in conjunction with responses to selection criteria, a structured interview and reference checks these pre-employment screening tests help gauge the person who will ‘best fit’ a defined security role.
Provision of Security Services (December 2003)
14-8
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Appendix 14.1 Scope of Duties Security Staff (including Health and Security Assistants): Security staff, while working to a routine of duties to be performed, need to be capable of prioritising their duties in a range of different circumstances. Examples of the core duties of security staff may include, but not be limited to: •
Incident Response: responding to incidents triggered by duress alarms, burglar alarms, calls for assistance etc. Security staff trained in aggression minimisation and management may be called upon to support staff in attempts to de-escalate or calm others and if necessary take control of the situation. Under the direction of clinical staff, security staff may assist with the restraint of patients.
•
Emergency Response: providing an emergency response to a range of issues such as fire and disasters (internal and external) Security staff are generally best placed to provide a first aid response until the local management emergency response is implemented or external emergency agencies arrive.
•
Escorts: providing a range of escorts. This may include escorting staff to car parks, particularly during the non-daylight hours and escorting cashier staff when money is transported or coin collection is undertaken (where the security officer is are appropriately licensed to do so).
•
Client Services: providing directions and advice to others. Security staff, by the nature of their position, are generally perceived as “safe people”. As such they should be approachable and prepared to assist visitors, patients as well as staff. Assisting others is an important task as it gives the security staff information and feedback on what is happening on the site while projecting a positive image of the health care facility.
•
Locking/unlocking buildings/rooms: locking or unlocking various buildings or rooms within a health care facility. Locking/unlocking is undertaken to ensure staff, patient, visitor and asset security.
•
Patrolling: undertaking patrols to ensure secure areas remain secure and to provide a visible presence of security staff to act as a deterrent to criminal or antisocial behaviour
Provision of Security Services (December 2003)
14-9
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Parking control: controlling parking on the health care facility campus including providing direction to drivers or the issuing of infringement tickets
•
Reports and Investigations: reporting and/or investigating security incidents that occur at the health care facility. Security staff need to take accurate notes as a legal record of events.
•
Key control: operating or managing the health care facility key control process or system
•
Access control: operating or managing the heath care facility access control process or system
•
Identification: operating or managing the health care facility identification production and distribution system
•
Helicopter landings/departures: providing emergency services and crowd/traffic control during a helicopter landing and departure at a health care facility to ensure the security of persons in and around any helicopter.
While the role of security staff will be reasonably consistent, the range of duties will vary in line with the type of health facility, its staff and the community.
**********
Provision of Security Services (December 2003)
14-10
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
15.
Security in the Clinical Environment
Policy: As part of the facility security risk management process, Health Services must ensure, in consultation with staff and key stakeholders, that all reasonably foreseeable security risks associated with the clinical environment are identified, assessed, eliminated where reasonably practicable or effectively controlled. Health Services must ensure that the process is appropriately documented. Note: In implementing the requirements of this Chapter the following documents should also be consulted: • • • •
Memorandum of Understanding between NSW Police and NSW Health, and the accompanying flowcharts Mental Health For Emergency Departments (red book – May 2002) Management of Adults with Severe Behavioural Disturbance: Guidelines for Clinicians (green book – May 2002) and Guidelines on the Management of Challenging Behaviour in Residential Aged Care Facilities in NSW (Department of Health - August 2000)
Note: For issues relating to staff working in the community refer to Chapter 16 of this Manual.
Guidelines: Health Services should develop procedures, in consultation with staff and other stakeholders, to effectively manage security risks in clinical environments. The aim of these procedures is to protect people and assets and minimise the likelihood of incidents related to robbery, abduction and violence. Additionally, clinical protocols should be implemented to manage aggression arising from a patient’s medical or psychiatric condition. Priority Areas: Within the clinical environment a number of areas exist where the likelihood of security incidents occurring may be increased. These areas may include emergency departments, maternity units, admissions areas, mental health services, drug and alcohol services including methadone dispensing clinics, brain injury units, aged care/dementia units and during individual patients specials (IPS).
Security in the Clinical Environment (December 2003)
15-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Security Risk Management: Chapter 1 of this Manual provides guidance material on the risk management process and these principles apply equally to identifying and controlling risks in the clinical environment. The following risk control strategies should be considered by Health Services: Building Design: •
Ensuring, where possible, that waiting areas: -
Are comfortable, decorated in muted colours and spacious Have a clear path to commonly used fittings and facilities (eg phones, water and snack dispensers, toilets etc) Have adequate signage, seating, ventilation and temperature control Have furnishings that cannot be moved and/or used as weapons Are well maintained (eg water and snack dispensers, lighting, phones are in working order and clean and tidy etc)
•
Ensuring the design of desks, counters and screens are determined by their purpose and the degree of risk associated with the tasks and work area
•
Ensuring interview rooms are designed to: -
-
Include two doors (staff members should sit close to one of the doors, with furniture between them and the client and no obstruction blocking their exit, doors should open outward to facilitate quick exit of staff) Have controlled access (but still allow for escape) Include duress alarms Include safety glass windows so staff can be seen while retaining client privacy
•
Ensuring that waiting areas and common space in mental health units are sufficiently large to give people ‘space’ and avoid the stress of overcrowding
•
Avoiding the creation of isolated work areas when designing facilities (eg do not isolate work areas that are 24 hours by separating them with work areas that are only occupied in the day time or Monday to Friday)
•
Positioning the nurses’ station to allow for an unobstructed view of the entries/exits to a ward.
Security in the Clinical Environment (December 2003)
15-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Access Control: •
Implementing a system for securing and answering the access doors
•
Providing a secure means of delivering a service after hours (eg dispensing fit packs to patients)
• Ensuring departments/units/wards and staff only areas are appropriately signposted to ensure ease of access and reduce the likelihood of people using being lost as an excuse for trespass. This includes consideration of the use of multi-language and/or international symbol signage. •
Assessing the need to install: -
Video surveillance at entrances, including ambulance bay doors and in clinical areas (eg nurseries) Intercoms at entrances Duress alarms (refer to Chapter 11 of this Manual for more information on alarm systems).
Patient Liaison and Management: •
Developing procedures for limiting the number of patient support people/visitors in treatment areas
•
Developing procedures for communicating with and monitoring waiting patients and waiting family members (eg Clinical Initiative Nurse)
•
Developing appropriate criteria and protocols for admission, assessment and transfer of patients particularly first assessment of patients and seeking and assessing any relevant risk information from services transferring, or the provision of information to services receiving the transferred patient
•
Developing, in consultation with staff, guidelines on patient triage, assessment and treatment/management protocols to reduce risks of aggression of medical origin (eg clinical guidelines/protocols for the diagnosis and management of mental illness, dementia, effects of alcohol and other drugs, delirium, brain injury etc) and making these readily available to staff
•
Implementing clinical and non-clinical protocols for preventing and managing violent behaviour
•
Documenting and analysing violent incidents
•
Conducting operational debriefings after an incident to ensure protocols were followed, equipment worked properly and that these were adequate to manage the event
Security in the Clinical Environment (December 2003)
15-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Establishing a well designed, well staffed, secure therapeutic environment which is compatible with clinical care objectives
•
Implementing a patient alert system (For further information refer to Departmental document titled Zero Tolerance: NSW Health Response to Violence in the Public Health System – Policy and Framework Guidelines)
•
Developing communication strategies for ensuring that patients and visitors are aware of their behavioural responsibilities and the consequences of not meeting those responsibilities
•
Developing processes for providing information and explanations to patients and those waiting (eg information on delays in procedures and timing to assist in reducing the risk of violence).
Security Services: •
Implementing a system of security patrols/response which includes assessing the need for the allocation of security staff to priority areas and/or at higher risk times.
Staffing Issues: •
Ensuring sufficient staffing levels to provide prompt clinical care, particularly during peak activity cycles to reduce the risk of violence from frustration, pain and/or boredom
• Ensuring adequate staff levels to allow the early recognition of potential for aggression, to deter violence and to provide for a response in duress situations. Education and Training: •
Ensuring that training is provided for all relevant staff, including security staff, in: -
Minimisation and management of aggression Duress response Emergency response procedures (eg fire, bomb, abduction)
(refer to Chapter 7 of this Manual for more information on security related education and training). Staff Awareness: •
Ensuring relevant staff are aware of their responsibility to: -
Comply with all established security procedures Implement work practices Report workplace hazards
Security in the Clinical Environment (December 2003)
15-4
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Participate in appropriate training in the minimisation and management of aggression and duress response Report all viole nt incidents as per local protocols Assist others if it is safe to do so and Behave appropriately towards patients and other staff and provide patients and their family members with adequate information
Recommending appropriate dress codes (eg avoiding dangling jewellery or clothing that could be grabbed during an attack and ensuring that identification tag necklaces are of the breakaway kind to avoid injury if grabbed by an assailant).
Searching Patients and Visitors: To ensure the security of staff, patients and other visitors to health facilities, there may be circumstances where the searching of patients and visitors is considered an important risk control strategy. However, the power to search an individual is restricted to narrow circumstances allowed under criminal law and the Mental Health Act which are strictly regulated, or when the individual consents. Without clear lawful authority, any search initiated without consent would be a trespass upon the person and therefore unlawful. Where, after an assessment of risks (including the legal context), a health facility determines the need for procedures to search for weapons and other dangerous objects, Health Services should consider the following points. Under the Inclosed Lands Protection Act 1901 a Health Service, as occupier of its premises, has the right to determine who may enter its premises, and is entitled to impose conditions of entry. These conditions may include the following: • • •
Prohibited weapons, illegal drugs or alcohol are not to be brought into the facility The Health Service reserves the right to search persons if there is a reasonable suspicion that a person has brought such weapons or drugs into the facility A person who refuses to be searched when requested will be escorted from the premises.
Any procedure should therefore ensure that persons entering Health Service premises are aware of these conditions. The situation is somewhat different in relation to persons involuntarily detained under the Mental Health Act, which provides for the involuntary detention of persons suffering from a mental illness that place themselves or others at risk of serious harm. The objects of the Act include facilitating treatment and care, and section 31 (2) specifically allows a detained person to be given such treatment as the medical superintendent 'thinks fit'.
Security in the Clinical Environment (December 2003)
15-5
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
This combination of provisions would authorise searching of involuntary patients where the search was directed towards care and/or treatment, or prevention of harm to the patient or others and there is a reason to believe that the search is necessary. Introducing related policies would require clearly articulated procedures, comprehensive staff training and appropriate back up. Responding to Violence: To appropriately response to viole nce, Health Services should consider: •
Ensuring that staff are aware of and equipped to utilise options for responding to violence, theft and robbery (for more information refer to the Department’s document titled ‘Zero Tolerance: NSW Health Response to Violence in the Public Health System – Policy and Framework Guidelines)
•
Ensuring the implementation of a system for responding to duress incidents/alarms (refer to Chapter 29 of this Manual for more information)
•
Ensuring agreement is reached with other external emergency services regarding the management of violent situations (eg hostage situations)
•
Identifying and installing appropriate duress alarm technology and implementing protocols for their use and maintenance (refer to Chapter 11 of this Manual for more information)
•
Ensuring appropriate patient triage, assessment and treatment/management procedures are developed and implemented to reduce the risks of violence of medical origin
•
Implementing post-incident protocols, including immediate response, treatment of physical injuries and support for affected staff and patients (for more information refer to Departmental circular 2002/19).
Patient Restraint: Sometimes it is necessary for patients to be restrained to protect them from hurting themselves or others. Under the direction of clinical staff, security staff may assist with the restraint of patients. However there may be occasions where security staff may need to act without the direct instruction of clinical staff. Such situations would be rare a nd would be limited to acute emergency situations where: •
There are no clinicians in the immediate vicinity at that particular moment, and where failure to act immediately will clearly result in injury or trauma or
Security in the Clinical Environment (December 2003)
15-6
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Clinical staff are unable to issue instructions (eg they are injured or incapacitated).
It is expected that this would be for brief periods of time only and at all times the principle of reasonable force is to be adhered to. Non-metallic, soft or leather restraints supplied by a medical appliance company are the only acceptable mechanical restraints to be used by security officers or others when directed by a clinician to restrain a patient in this way. Residential aged care facilities should provide restraint free environments to their residents wherever possible. The use of restraints should only be as a last resort to prevent harm to the individual, other residents and staff and to optimise the resident’s health status. Physical or chemical restraint, in residential aged care facilities, may be used only after: • • • • • •
Thorough documented assessment of the resident and whether there is a need for physical or chemical restraint Consultation with family members, any appointed guardian, relevant health professionals and others on the need for and type of physical or chemical restraint Other less restrictive alternatives have been tried and have failed Adequate written recording on the resident’s file of the circumstances and considerations that led to the decision to use physical or chemical restraint The consent of the person has been obtained, if they have the capacity to give it Where the resident does not have the capacity to consent, authority has been obtained, as appropriate, from the person’s guardian or ‘person responsible’ or the Guardianship Tribunal as required by law.
Restraints can be temporarily used if the aged resident displays atypical behaviour which is likely to result in self-harm or harm to others and immediate action is necessary to protect the person or others and the appropriate approvals cannot be sought due to the urgency of the situation. The restraints used should not cause the person harm, agitation or distress or reduce their dignity or increase their risk of falling and the activity is to be documented. Patients with Particular Security Needs: In some circumstances patients who may be considered to be ‘at risk’ from outside threats of violence or kidnapping (eg children from non-custodial parents) may seek treatment or be admitted to a health care facility. Alternatively a patient may have particular security needs as a result of their medical or psychiatric condition (eg protection of a hypomanic woman from sexual exploitation). Where an individual identifies themselves, or is identified by another party to have a particular security need, Health Services should undertake a risk assessment to address any issues relating to security and a formal security plan developed.
Security in the Clinical Environment (December 2003)
15-7
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
In controlling security risks consideration should be given to: • • • • • • •
Whether the individual is a child or an adult The advice of local police (where applicable) The ward in which the individual is to be placed (busy or quiet, near security personnel etc) Where the patient is situated in the ward (away from doors, in own room etc) Special arrangements for duress calls Briefing security personnel and other relevant staff regarding any special procedures Implementing a static patrol in a ward (this option may be indicated in some circumstances especially if staffing levels on the ward are low).
In relation to the general security of children, reference should be made to Departmental Circular 96/74 ‘Guidelines for Protocol Development for the Security of Children in Hospital’. For security issues related to newborns, Health Services may consider the followi ng additional strategies as specified in Australian Standard 4485.2 – 1997 (Security for Health Care Facilities, Part 2: Procedures Guide): • • • • • • • • • • • •
Taking footprints of each newborn Taking a clear, high-quality, head and shoulder, colour photograph of the newborn Maintaining a full written description of the newborn, which should be kept with the footprint and photograph and entered as part of the newborn’s medical record Ensuring all hospital personnel (including senior management) wear conspicuous ID cards in the nursery and other newborn areas Using a distinctive code or second ID card for those authorised to handle newborns Ensuring that anyone transporting the newborn outside the mother’s room wears the appropriate identification Ensuring that the newborns are always supervised by either the mother or health care personnel Ensuring the identification of the person taking the newborn home from the hospital is sighted and the child’s band is matched with that of the parent Ensuring newborns are taken to mother one at a time rather than in a group Marking newborn T-shirts or gowns at the throat and the newborn’s blankets in all four corners with the hospital name and logo Instructing hospital personnel to ask visitors the name of the patient they are visiting Ensuring that the mother’s or the newborn’s name is not visible to visitors.
Security in the Clinical Environment (December 2003)
15-8
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Health care facilities should encourage the parent/s to actively participate in the newborn and infant security program, which is best achieved through admissions orientation and awareness programs. Related NSW Health and Other Resources: • • • • • • • • •
Zero Tolerance: NSW Health Response to Violence in the Public Health System – Policy and Framework Guidelines (Circular 2003/48) Memorandum of Understanding between NSW Health and NSW Police Management of Adults with Severe Behavioural Disturbance: Guidelines for Clinicians’ (green book) – May 2002 Mental Health For Emergency Departments’ (red book) – May 2002 Guidelines on the Management of Challenging Behaviour in Residential Aged Care Facilities in NSW – August 2000 Patient Restraints (Circular 93/77 – under review) Policies on Seclusion Practices, the Use of Restraint and the Use of IV sedation in Psychiatric In-Patient Facilities (Circular 94/127 – under review) Guidelines for the Promotion of Sexual Safety in Mental Health Services (Circular 2004/8) Guidelines for Protocol Development for the Security of Children in Hospital (Circular 96/74).
1(
)
************** _________________________________________________________________________ Security in the Clinical Environment (December 2003)
15-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
16. Security of Staff Working in the Community Policy: As part of the facility security risk management process, Health Services must ensure, in consultation with staff and key stakeholders, that all reasonably foreseeable security risks associated with staff working in the community are identified, assessed, eliminated where reasonably practicable or effectively controlled. Health Services must ensure that the process is appropriately documented and that at all times staff working in the community have access to appropriate field equipment (eg torches) and communication devices.
Guidelines: Risk Management in Community Health Services: Working in the community usually encompasses work that is carried out in patients’ or clients’ homes, on the street or elsewhere outside of Health Service control, within community health centres and public venues such as schools or community halls and in mobile units (eg community health and community mental health staff, home nursing staff, environmental health officers, hospital outreach workers, early childhood nurses, Aboriginal health workers). NSW Health staff working in the community face a particular set of risks associated with working in environments not under the control of the employer. Community health workers often work alone or in isolation, away from access to rapid support from other health care workers or even emergency services such as police. This makes them more vulnerable to the risk of violence. Chapter 1 of this Manual provides guidance material on the risk management process and these principles apply equally to security risks for staff working in the community. All community health staff should have access to local policies and procedures, developed in consultation with relevant staff and their representatives to assure, as far as possible, their security when working in the community. These policies and procedures should be communicated and implemented by Health Services and should cover: •
Obtaining relevant client information from the referring clinician/service
Security of Staff Working in the Community (December 2003)
16-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
• • • • • • •
Local risk assessment and management measures Injury prevention initiatives Staff training requirements Emergency procedures including local arrangements for security assistance from police Local reporting procedures Appropriate support for staff in the event of an incident Commitment to cultivating good relations with local police and other local services.
Staff should also have access to good quality information regarding contacts and locations, so they can do their job effectively and safely. It is also important that patients and other clients have information about staff and the purpose of visits, so they know what to expect.
Working in the Community (away from base): Health Services should consider the following risk management strategies: Preparing for Community Visits: •
Ensuring adequate information is provided to staff prior to a community visit, including: -
-
-
-
•
As much information as possible about the patient/client/business (particularly prior to the first visit) including any history of violent behaviour or sexual harassment Relevant information about other members of the household, likely visitors and attitude of neighbours Information about the geographical location of the premises (eg is it in a high crime area, geographically isolated, have reduced accessibility to/availability of police) Specific information about the premises (is there security access, stairs, external lighting, hiding places, are the premises modern, in good repair, is phone connected etc) or any other known dangers or concerns from other workers Releva nt information from other resources (eg point of referral, inpatient facilities, relevant patient/client records, other staff, local GPs and local police)
Developing a system where other staff who may have provided a service or inspected the premises in the past are consulted and these issues are documented (eg in-patient medical records). Under the Privacy and Personal Information Protection Act 1998 (PPIPA), disclosure of personal information is permissible provided it is necessary ‘to prevent or lessen a serious and imminent threat to the life or health of the individual to whom the information relates or another person’.
Security of Staff Working in the Community (December 2003)
16-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Implementing a system for file flagging/alerts to highlight a history of aggressive behaviour or other risks. Any patient alert system needs to incorporate the requirements of the PPIPA, as outlined above. For further information on file flagging refer to Zero Tolerance Policy and Framework Guidelines (Circular 2003/48).
•
Advising staff to speak to the patient/client by phone prior to appointments, particularly first appointments, to confirm the appointment and clarify the purpose of the visit, as this can also provide insights, including establishing if there are likely to be any visitors
•
Arranging for patients or clients to be seen at clinics where other staff are present, rather than at home if there is a potential for, or history of, violence
•
Arranging for another member of staff or police to be present with the staff member during the visit if there is a potential for, or history of, violence or the situation is unknown
•
Providing appropriate communication devices, remote duress alarms, vehicle security and tracking devices
•
Providing staff training (eg in related policies and procedures, back to base communication, use and maintenance of security equipment provided, verbal deescalation and defusion, evasive self-defence, negotiation and conflict resolution)
•
Providing a driver or taxi, if appropriate, to areas where cars may be vandalised or staff have to go through unsafe areas to make a visit and ensuring that a return fare is booked for when the visit is finalised so the staff member can leave the area safely
•
Providing staff working in the evening and at night with an appropriate torch (such as a halogen mag light) and spot lights on the side of vehicles
•
Where there is a risk of violence and other risk control strategies have failed to control the risks or resolve the issues, arranging for senior management to write to the household indicating that visits will not be made to that address and that alternative arrangements will need to be made
•
Developing and implementing procedures for transfer of relevant clinical and risk information on a client when the client changes services
•
Developing and implementing incident reporting procedures
•
Providing appropriate support for staff in the event of an incident
•
Cultivating good ongoing relations with local police and other emergency services
Security of Staff Working in the Community (December 2003)
16-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Developing response plans or procedures for addressing and responding to security incidents during home visits, or when agreed reporting to base protocols with the community health worker are not maintained
•
Developing procedures for after hours/weekend security.
Prior to Leaving Base: •
Establishing a system where prior to commencing community based activities, the health care worker completes a movement sheet or similar so the base knows: -
-
The name, address and telephone number of the clients being visited The expected times of appointments The expected length of appointments Any alterations to the schedule of visits or changes in daily routine (where the staff member does not know these in advance they should be communicated to base as they occur) and The proposed route and map references.
During Community Visits: •
Providing staff with well maintained vehicles and communication devices
•
Ensuring staff are made aware of the general security precautions attached (Appendix 16.1) to this Chapter and the Working in the Community Checklist (Appendix 16.2).
At the Conclusion of Community Visits: •
Ensuring local procedures are developed and implemented to address requirements for communicating with base when visits are completed, or at other agreed times (eg end of shift)
•
Providing appropriate support to staff who cancel or end a visit as a result of a perceived or real threat to their health, safety or welfare.
After Hours Visits in the Community: Health care workers who are required to visit clients in the community outside normal business hours can be particularly vulnerable. Generally speaking no client should be registered with the after hours community service prior to being visited and assessed by staff during business hours, unless all of the following conditions are met: • •
Two staff members attend or police are present Staff carry a mobile p hone/effective communication device
Security of Staff Working in the Community (December 2003)
16-4
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
• •
•
A monitoring system is in place to identify that staff have returned to base or proceeded home Reliable information has been received that provides details on whether: - The person needs to be seen after hours - The patient has a history of violence - The patient is currently being violent - The patient has access to a weapon - The patient has any known violent family members or associates Duress response arrangements are in place.
Where a clinical need for a first visit after hours has been identified the manager, in consultation with the relevant staff members, should be satisfied that the visit can be undertaken safely. In assessing whether a visit can occur safely the manager, in consultation with the relevant staff member, should: • •
Be advised of the full clinical diagnosis by the treating Medical Officer Obtain all identified relevant information.
Where staff arrive at a site and the person is intoxicated or suffering withdrawal or there are signs of agitation, disorientation or aggressiveness, the police are to be called or arrangements made for the person to be seen in an emergency department or police station or alternative safe venue. Clients and/or carers should be given instructions to ensure that the house is illuminated and easily identified, access gates are unlocked and animals have been restrained when they are expecting the service.
Working in Isolated Clinics and Community Health Centres: Isolated sites can include clinics situated in school buildings (which are unattended at weekends, after hours and school holidays) and early childhood centres situated in community premises. Health Services should consider the following risk management strategies: •
Ensuring two staff members are rostered on simultaneously
•
Ensuring clinic premises are secure, appropriately located and have a means of communication. In some circumstances it may be appropriate to also provide security services (where premises are leased from other agencies refer to Chapter 5 of this Manual fo r more information).
•
Ensuring emergency and evacuation procedures are developed and communicated to staff (including pre programming emergency numbers into phones, if possible)
Security of Staff Working in the Community (December 2003)
16-5
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Ensuring all major emergency telephone numbers are prominently displayed and an effective contact network is established within the local community prior to the staff member working at the site
•
Ensuring that doors are locked when clinics are not in session and that the doors are locked when staff are working alone out of clinic ho urs
•
Establishing a system for people seeking entry to identify themselves without the staff member having to open the door (eg installation of an intercom system)
•
Ensuring that all door and window locks are in good working order and maintenance problems are responded to and resolved promptly
•
Ensuring that blinds are placed on windows and staff close blinds after hours to reduce the likelihood of break-ins
•
Ensuring the visibility of computers, equipment etc is limited by placing them away from windows and doors
•
Establishing a system where the health care worker completes a movement sheet which establishes arrival and departure times, routes taken and any foreseeable difficulties with travel to and from the clinic
•
Establishing a system where a staff member leaving an isolated workplace advises another staff member of destination, purpose and anticipated return. This will include procedures for what to do in the event of an incident or if the staff member does not check in by the advised time.
•
Displaying signage (eg that indicates that ‘no drugs or money are stored on these premises’ and that ‘these premises are protected by alarm’) that can act as a deterrent to would be thieves
•
Ensure a duress response is planned, tested regularly and activated when the staff member requires it.
When Confronted with Violent or Potentially Violent Behaviour: Under no circumstances should any NSW Health staff member working in the community knowingly place themselves or another person at risk. If a client, carer or member of a household or site being visited makes physical or verbal threats, staff members should retreat and/or seek further assistance.
Security of Staff Working in the Community (December 2003)
16-6
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Where the staff member is unable to retreat as their exit is blocked and all other nonphysical strategies have failed, evasive self-defence may be necessary. Evasive self-defence involves manoeuvres designed to free the individual to enable them to retreat. In such circumstances staff should always use their telephone/radio/duress alarm to call for assistance. Staff should not hesitate to request police assistance. They should contact police on 000 rather than ringing a local police station, and they should explain to the police the urgency of the issue so that an appropriate response can be formulated. When contacting police to arrange a police escort, the relevant police station should be contacted directly, or if unsure about the relevant police station, contact the Police Assistance Line on 131 444 (this is a 24 hour service). If potentially aggressive animals a re not restrained the visit should not proceed until the animal is restrained. It is most important that all security incidents are reported as per local reporting protocols as soon as possible after the event, and, if relevant, be documented on the client’s file.
Evasive Self-Defence: The law recognises that an individual may protect themselves or another person from a threat of attack or injury. The protection afforded by the law is limited to situations where: • •
The person believes the action is necessary to defend themselves or another person or To prevent or terminate unlawful deprivation of their liberty or the liberty of another person.
In order to be lawful the conduct must be a reasonable response in the circumstances as he or she perceives them, and there must be some reasonable proportion between the threat perceived and his or her response to it. The purpose of evasive self-defence is to assist staff to escape from a violent situation when retreat is blocked, when all other non-physical strategies are inappropriate or have failed and the staff member is under attack or attack is imminent. When properly used, it may minimize the risk of injury and minimize the potential trauma. In these circumstances the behaviour of staff should be defensive rather than aggressive, controlling rather than punitive and with no more force than is necessary in the given situation. The degree of force used must be
Security of Staff Working in the Community (December 2003)
16-7
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
proportionate to the degree of potential harm faced and must not be applied for longer than is reasonably required to control that risk.
Field Communication Technology: Staff working in the community need to have access to suitable communication devices (perhaps more than one). The devices should be selected to give as complete communication coverage in the event of an emergency as possible. Suitable devices can include mobile telephones, satellite telephones, two-way radios, long-range duress alarms, duress beacons and tracking devices that can provide the location of the person. When providing communication devices the following elements should be addressed in local procedures and in training of staff: • • • • •
How to communicate with designated support systems (eg base, other staff, police) The limitations of the equipment Testing, maintaining and operating communication systems Effective and efficient methods of communicating problems Initiating a duress alarm.
**********
Security of Staff Working in the Community (December 2003)
16-8
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Appendix 16.1 General Security Precautions for Staff Working in the Community Staff working in the community should: • • • • • • • • • • • • • • • • • • • • •
•
Lock their vehicle while driving through areas identified as potentially dangerous Conceal all bags, drugs and equipment when first entering the car so that nothing is visible while travelling, and staff are not seen to be hiding them as they park or prior to leaving the car for the visit Drive to the nearest police, fire or petrol station or a pre-determined ‘safe’ venue if they suspect they are being followed Assess the situation as they approach and not enter a location if they have doubts about their security Remain aware of the environment and potential escape routes in case problems arise Make an excuse not to enter the premises if the person answering the door gives cause for concern eg if they are drunk, if the patient is not in, or if a potentially dangerous relative is present Show identity badges Follow the occupant when entering the premises Avoid walking in deserted places, or taking short cuts through secluded alleys or vacant lots Walk in the centre of footpaths away from buildings Observe windows and doorways for loiterers Walk around, rather than through groups of people Not enter areas of unrest, or where there appears to be trouble in the neighbourhood Check lighting and stairwells when entering a building where no lift is available Look before entering a lift and not enter if concerned Stay near to the door and control panel in lifts and be observant of other passengers Not search for clients by unnecessarily knocking on doors Not remain in the parked car for a prolonged period either before or after making the visit Ensuring any correspondence for a client is pushed firmly under the door or placed in their letterbox Determine whether the client is at home prior to entering the premises if an unfamiliar person opens the door Immediately leave if firearms or other weapons are seen (the presence of weapons should be noted in the client’s file and communicated to police and management). Staff should not return to these premises until the matter is resolved. Cross the street and walk in the opposite direction or into an open business if there is suspicion of being followed by a car
Security of Staff Working in the Community (December 2003)
16-9
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
• • • • •
Treat clients and visitors courteously at all times Park in a well lit area as close to the patient’s home as possible Park in a way to allow exit (ie do not allow car to be blocked in) Ensure animals are restrained If in doubt, take a second person/security/police with you.
Security of Staff Working in the Community (December 2003)
16-10
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Appendix 16.2 Working in the Community Checklist: This tool has been developed to assist with the safety requirements of staff making community visits to patients/clients. It should be consistently used as a personal safety selfmonitoring procedure. This checklist depends on access to mobile phones or radios and availability of a base contact at all hours. Health Services may wish to develop this checklist to become service specific. 1.
Before First Visit 1.1
¨
Has client history been obtained? Are there any issues which affect security?
1.2
¨
Has client been contacted and advised that animals must be restrained If in doubt, ie history of aggressive behaviour, psychiatric illness, arrange for two people to attend visit or relocate the visit to a safer environment if possible.
2.
3.
4.
Before leaving base 2.1
¨
Has Movement Sheet, or similar approved visit record, been completed and left with Base (or if off-site, call Base and give information)
2.2
¨
Take torch, duress alarm, pager and mobile phone or radio as issued
On route 3.1
¨
Are car doors locked
3.2
¨
Is parking available in a well lit area as close as possible to the client’s home
3.3
¨
Where possible, avoid walking in deserted places
During visit 4.1
¨
If there is any doubt about entering the premises, don’t do so
4.2
¨
Position yourself in such a way to enable a quick exit if necessary
4.3
¨
Report immediately to base if you require security backup. Do not hesitate to call the police or base if you see the need.
4.4
¨
Report any incident of concern to your supervisor and complete an Incident Form
4.5
¨
Leave the premises if you feel threatened in any way
Security of Staff Working in the Community (December 2003)
16-11
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
5.
After hours/weekend visits In addition to 1-4 above, after hours visits (1700-0700) must not be made unless 5.1
¨
The client has already been assessed OR two staff attend OR police are in attendance Note: If in doubt, ie history of aggressive behaviour, psychiatric illness, relocate the visit to a safer environment if possible.
6.
5.2
¨
Carry a duress alarm, torch, pager and mobile phone or radio as issued
5.3
¨
Contact base before and after visit in accordance with local policy
Follow-up 6.1
¨
Ensure the receiving health care provider is advised of any risks associated with the patients behaviour (where patients are being transferred)
**********
Security of Staff Working in the Community (December 2003)
16-12
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
17.
Security in Rural and Remote Health Services
Policy: As part of the facility risk management process, Health Services must consider the factors specific to rural and remote workplaces when ensuring, in consultation with staff and key stakeholders, that all reasonably foreseeable security risks are identified, assessed, eliminated where reasonably practicable or effectively controlled and the process appropriately documented. Where staff residences are provided they must be included in the facility risk management process.
Guidelines: Security Risk Management in Rural and Remote Health Services: The risk management process, as outlined in Chapter 1 of this Manual, should be used to identify, assess and control risk in rural and remote workplaces. However, health care workers in rural and remote areas face unique challenges. When undertaking risk management in rural and remote workplaces, Health Services need to consider issues that may impact on the implementation of risk management activities. Challenges that may influence the types of risk management activities considered by Health Services include: • • • • • • • •
High staff turnover leading to reduced continuity of knowledge Reduced access to police and emergency services Delayed response times for emergency services and othe r referral agencies Complications and time delays associated with organising transport of victims or perpetrators out of the community Small populations, close community ties and lack of anonymity Conflict between reporting requirements and cultural sensitivities Communication difficulties (eg no mobile phone coverage etc) Co-location of residence and clinic, therefore increasing the risk of violence for staff
Security in Rural and Remote Health Services (December 2003)
17-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Staff working in isolation from colleagues and support systems.
An important element in effectively controlling risk in rural and remote workplaces involves being prepared. Preparedness requires gathering information that is relevant to the local service and region, developing local policies and procedures that will work in a particular situation, providing suitable premises and equipment and setting up support systems. In particular potential local social controls that could be used to overcome some of the challenges associated with effective risk management activities in rural and remote areas need to be recognised. For example, the role of the local community can be pivotal in preventing and reducing incidents of violence. Remote health services can work in partnership with other community organisations and businesses to: • • • • •
Combine resources (eg security patrols) Create a safety net for those affected by occupational violence (eg refuge, counselling, legal aid) Educate the community about violence, the law and the consequences of being violent Encourage, support and initiate community activities to address the causes of violence Encourage perpetrators to take personal responsibility for their actions as a starting point for overcoming violent tendencies.
Specific activities could include: • • • • • •
Family interventions in prison Drug and alcohol programs Anger management groups Support groups for those who want to stop violence Crime prevention programs and other police linked activities Support and encouragement for other similar community elicited activities.
Other risk control strategies that need to be considered by rural and remote health services include: • •
Providing staff with access to information and training on aggression minimisation and management (including evasive manoeuvres) Providing staff with access to counselling services for a range of family and work-related issues which may include: -
-
Engaging an EAP person who co-ordinates both internal counselling and external referrals. An even greater sensitivity to client confidentiality and appropriate referral is required within small communities, and/or Providing a toll free telephone counselling/crisis line.
Security in Rural and Remote Health Services (December 2003)
17-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
(refer to Departmental circular 2000/42, Policy Framework and Better Practice Guidelines for the Development of Employee Assistance Programs – under review) • • • • • • • • •
Applying CPTED principles for any building being designed, altered or extended, including staff residences attached to clinics (refer to Chapter 4 of this Manual) Signposting restricted/staff only areas Providing access control procedures and systems (refer to Chapter 9 of this Manual) Installing effective duress and intruder alarms (refer to Chapter 11 of this Manual) Ensuring vehicles are well maintained, suited to the terrain and equipped with communication devices Providing good perimeter security and definition of boundaries Ensuring a response occurs if a duress call is made or an alarm is triggered Ensuring time out and relief for staff affected by violence and Establishing and supporting a peer support network for staff.
Field Communication Technology: Staff working in rural and remote health services need to have access to suitable communication devices (perhaps more than one). The devices should give as complete a communication coverage as possible, in the event of an emergency. Suitable devices can include mobile telephones, satellite telephones, two-way radios, long range duress alarms and GPS duress beacons that can provide the location of the person. GPS duress beacons, in particular, should be considered by rural and remote health services due to their ability to assist in locating a staff member who has had an accident, a mechanical breakdown or is experiencing some other misfortune or injury. When providing communication devices the following elements should be addressed in local procedures and in training of staff: • • • • • •
Communicating with designated support systems (eg base, other staff, emergency services) The limitations of the equipment Testing, maintaining and operating communication systems Effective and efficient methods of communicating problems Initiating duress alarms and Responding to duress alarms where this is a designated part of the staff member’s role.
Security in Rural and Remote Health Services (December 2003)
17-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Related NSW Health or Other Resources: •
When It’s Right in Front of You – Assisting Health Care Workers to Manage the Effects of Violence in Rural and Re mote Australia (National Health and Medical Research Council – August 2002).
**********
Security in Rural and Remote Health Services (December 2003)
17-4
18. Security in Pharmacies Policy: As part of the facility security risk management process, Health Services must ensure, in consultation with staff, key stakeholders and appropriate advisory bodies, that all reasonably foreseeable security risks associated with pharmacy areas are identified, assessed, eliminated where reasonably practicable or effectively controlled. Health Services must ensure that the process is appropriately documented and effective procedures are developed and implemented.
Guidelines: The pharmacy is an area requiring high security. Health Services should develop procedures, in consultation with staff and other stakeholders, to effectively manage pharmacy security risks. The aim of these procedures is to protect people and assets, prevent and detect drug diversion and minimise the likelihood of incidents related to robbery and assault occurring in pharmacy areas. *
This chapter should be read in conjunction with section 4 of Departmental Circular 2001/64, Policy on the Handling of Medication in New South Wales Public Hospitals, which includes advice on security related matters in hospital pharmacy departments.
Security Risk Management: Chapter 1 of this Manual provides guidance material on the risk management process and these principles apply equally to pharmacy related security risks. As part of the risk management process for the pharmacy area, the following risk control strategies should be considered by Health Services: •
Constructing walls, floor and ceilings of the pharmacy out of solid material, with as few windows as possible
•
Extending walls, where practicable, to the underside of the floor slab above to prevent any intrusion over the wall 2(6/05)
Pharmacy Security (June 2005)
18-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Reinforcing windows on the perimeter walls to prevent entry. Existing windows may be reinforced by adhering a shatter resistant film or by replacing the glass with laminated glass.
•
Incorporating laminated glass windows into the design of the front of the pharmacy to enable staff to carry out transfer operations with safety, while maintaining communication with staff and patients
•
Designing a two door entry approach (ie one door for the public and hospital staff to enter to access front glass transaction windows and a separate door for the entry of pharmacy staff to the pharmacy)
•
Incorporating provision for closing off open areas at the front of the pharmacy when closed, (eg by a locked door from the corridor or locked shutter doors)
•
Fitting doors to the pharmacy with quality single cylinder dead locks to comply with fire regulations. Where practicable locks are to be key code or card operated externally and fitted with either a turn snib or handle internally to enable occupants to escape in emergencies
•
Ensuring doors are kept closed and locked to restrict entry
•
Installing an intruder alarm system that meets Australian Standard AS 2201 and incorporates a duress alarm/s to enable staff to activate the alarm in the event of an emergency and •
Restricting access to the pharmacy to authorised staff only and controlling this by: -
•
Fitting single cylinder key, code or card operated dead locks to perimeter doors Having a restricted keying system fitted to the locks in order to prevent duplication of keys Strictly regulating the issue of keys, codes or cards at all times, including provision for after hours access Keeping doors closed and locked to restrict entry Installing closed circuit television monitors at access doors to screen entry of personnel and record any access to the pharmacy after hours
Ensuring, where the risk assessment warrants it, that mobile staff have personal duress alarms.
Pharmacy Security (June 2005)
18-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Further information: •
For further information on Circular 2001/64, Policy on the Handling of Medication in New South Wales Public Hospitals, contact: The Duty Officer Pharmaceutical Services Branch NSW Health Department PO Box 103 GLADESVILLE NSW 1675 Telephone: (02) 9879 3214 Facsimile: (02) 9859 5165
**********
Pharmacy Security (June 2005)
18-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
19. Security in Car Parks Policy: As part of the facility risk management process, Health Services must ensure, in consultation with staff and key stakeholders that: • • • •
All reasonably foreseeable security risks associated with car parks are identified, assessed, eliminated where reasonably practicable or effectively controlled The process is appropriately documented Effective car park security procedures are developed and implemented and Designated car spaces for afternoon and night shift staff are allocated where practicable and warranted by the risk assessment.
Guidelines: Health Services should develop procedures, in consultation with staff and other stakeholders, to effectively manage car park related security risks. The aim of these procedures is to protect people and assets and minimise the likelihood of incidents related to robbery and assault occurring in car parks.
Security Risk Management: Chapter 1 of this Manual provides guidance material on the risk management process and these principles apply equally to security risks in car parks. As part of this process, the following risk control strategies should be considered by Health Services: •
Providing, where practicable, afternoon and night shift staff with designated, controlled parking spaces as close as possible to the facility in a well lit, easily observed area connected to the facility by well lit paths
•
Ensuring entry to designated staff parking areas in dual purpose car parks is controlled by gates in the afternoon and night (eg boom gate could be left up in the morning and put down about 1-2 hours before afternoon shift commences so they are operated by staff pass cards). Exit boom gates should operate automatically (ie after a certain time a card is needed to enter but exit can occur any time).
•
Ensuring vehicle entry to car parks is by automated gates or doors, via camera and intercom, or by passing through an entry/exit gate staffed by security personnel
Security in Carparks (December 2003)
19-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Requiring security staff to undertake high profile patrolling in car parks associated with the facility
•
Requiring security staff to undertake random audits on vehicles in a car park (eg door unlocked, window down, valuables exposed etc) and secure the vehicle if possible
•
Displaying signs in car parks reinforcing theft awareness (eg park smarter, lock it or lose it)
•
Displaying signs that advise that regular patrols are undertaken and CCTV monitoring is in place
•
Providing security escorts for staff at the conclusion of afternoon and night shifts. This would include designating a mustering spot for staff to assemble.
•
Ensuring landscaping is done in a way to provide minimal protection for intruders
•
Ensuring single and multi storey car parks have: -
Good lighting (refer to AS 1158.3.1 and Chapter 12 of this Manual) Emergency telephone or intercoms direct to security staff or switchboard Landscaping which leaves the area open and does not intrude on line of sight As few dark corners and support columns in the design as possible Flexibility to close some entrances and exits during low traffic periods Approved locks on exits intended for emergency exit only Frequent patrols by security staff
•
Restricting the parking of delivery vehicles to a parking dock
•
Ensuring facility vehicles are parked in a secure overnight car park with good lighting and regular security patrols. A fe nced compound or lock-up garage is preferable.
•
Ensuring all facility vehicle keys are held by the designated custodian when the vehicle is not in use, and taken by the driver when the vehicle is required
•
Providing security for bicycles and motorcycles (ie lockers or storage areas, a stationary rack that secures the frame and both wheels without a chain, or a stationary object the user can lock the frame and wheels to with their own cable chain and lock)
Security in Carparks (December 2003)
19-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
In addition to control strategies implemented by Health Services to reduce risk associated with theft or aggression, staff should be advised to: •
Comply with security systems established in their local workplace for their protection
•
Use security escort services or travel in groups to the car park when working at night
•
Meet at designated mustering spots
•
Park in well lit areas close to the facility when working at night (if possible, using car spaces located near the workplace specifically allocated to afternoon/night shift workers) or moving the vehicle closer during break
•
Report any suspicious activity
•
Not confront any potential assailants or persons seen attempting to break into a vehicle
•
Not leave valuable or attractive items on view in the vehicle, including small amounts of change scattered in consoles
•
Not load valuable or attractive items into the vehicle in public areas, if the vehicle is to remain parked
•
Not leave important papers, driver’s licence or registration papers in vehicles
•
Avoid parking in isolated or dark places and try to park under a street light or in a well lit area. Consider if there will be sufficient light when returning to vehicles after shifts.
•
Activate/use any alarms or other protection devices where they are fitted to the vehicle or car park
•
Close all windows, lock all doors and take the keys when leaving the vehicle
•
Carry keys in hands when approaching vehicle as this will avoid having to stand and search for keys on arrival at vehicle
•
Do not unlock central locking systems or alarm systems until you are close to the vehicle.
********
Security in Carparks (December 2003)
19-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
20. Security of Property Policy: As part of the facility security risk management process, Health Services must ensure, in consultation with staff and key stakeholders, that all reasonably foreseeable security risks associated with the potential for theft are identified, assessed, eliminated where reasonable practicable or effectively controlled. Health Services must ensure that the process is appropriately documented and effective security procedures are developed and implemented to minimise theft.
Guidelines: Through the process of risk management Health Services should develop and implement procedures to prevent and deter theft. Health Services should be aware that the potential risk of theft exists from visitors, patients, opportunistic passers-by as well as from planned crimes. Every case of theft needs to be reported to the police and no arrangements should be entered into to accept settlement on condition that the Health Service refrains from instituting legal proceedings. Corrupt conduct is to be reported to the Independent Commission Against Corruption. For more information refer to Policy Directive PD2005_173 (Reporting Possible Corrupt Conduct to the Independent Commission Against Corruption).
Security Risk Management: Chapter 1 of this Manual provides guidance material on the risk management process and these principles apply equally to theft related security risks. As part of this process, Health Services should consider the following risk control strategies: • Developing policy relating to theft and the reporting of theft to police and ensuring that patients, staff and visitors are aware of this policy • Keeping a register of health care facility property • Keeping a register of property theft to assist with identifying problem areas or patterns of behaviour • Keeping assets registers up-to-date and providing full descriptions of each item, including serial numbers • Identifying all assets with a unique physical marking, such as an engraving or a bar code
Security of Property (November 2005)
20-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
• • • • • • •
Storing attractive portable items (calculator, cameras, tape recorders etc) separately in a locked area. Only designated staff should have access Investigating all theft Enforcing an effective key control program (for more information refer to Chapter 10 of this Manual) CCTV monitoring of priority areas Installation of alarm systems (refer to Chapter 11 of this Manual for more information) Ensuring effective perimeter and internal access control (refer to Chapter 9 of this Manual for more information) Ensuring CPTED principle are applied when designing/refurbishing facilities.
Specific Areas for Attention: The following risk control strategies, covering specific areas for attention, should be considered by Health Services: Engineering/Maintenance: • • • • • •
Ensuring access control to areas where tools or equipment are stored Branding or stencilling all tools or equipment to show ownership Keeping a written record of tools or equipment on loan from one section to another Ensuring staff are made accountable for the equipment allocated to them Ensuring that vehicles are parked away from storage areas to reduce opportunities to steal items Conducting regular checks of inventory.
Transport: • • • • •
Ensuring petrol pumps are only operated by authorised staff. The petrol pumps should be locked when not in use Regularly monitoring the vehicle running petrol sheets purchase details and comparing them to distance travelled Where practicable ensuring that vehicles are securely garaged or parked in compounds Ensuring each facility has in place a policy regarding the use of, and access to, facility owned vehicles Conducting frequent and random inspections which include attention to: - Complete and current compilation of vehicle running sheets - Replacement of original parts, accessories or tyres
Security of Property (November 2005)
20-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Inspecting and recording details of each vehicle’s condition, including an inventory of all accessories fitted before the vehicle is sent to the dealer or auction for disposal.
Laundry: •
• • • • • • • •
• • •
Checking delivery weights (quantities) against delivery dockets (generally this will be done by the facility Linen Supply Personnel). A signed copy in the Linen Supply Area should be used to check against amounts and quantities charged for. Checking account delivery amounts and quantities against Linen Service records for correctness Ensuring linen is not left unaccompanied on trolleys in areas with public access Restricting access to the linen supply area to facility linen supply personnel only Ensuring that vehicles are parked in areas away from the linen supply area Ensuring that staff are not allowed to take bags into the linen supply area Conducting spot checks of linen levels held against stock records Limiting access to linen stock rooms in wards and facility areas, and ensure that these have minimum stock levels Undertaking spot checks of facility areas which have been allocated linen to look for: - Excess stock, above the agreed imprest levels - Shortage of stock Ensuring that soiled linen bags are not left outside wards or in easily accessible positions. Keeping records of the quantity of soiled linen bags picked up from each facility area Displaying posters relating to the theft of linen and the consequences. These should be placed in strategic areas where they are visible to external persons and facility staff.
Catering: • • • •
Regularly reviewing work areas and levels of stores held, querying large stocks Checking supplies ordered against menu cycle to determine if quantities ordered are comparative with the menu cycle Checking comparable deliveries for quantity, quality and delivery dockets signed. Deliveries should be immediately moved to secure storage areas. Ensuring that fridges and store areas are locked at all times and only opened to take supplies necessary for the meal that is to be cooked. Ideally the store should then be locked.
Security of Property (November 2005)
20-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
• • • •
• • •
•
• • • • •
•
Note: Keys must be kept in a locked cabinet and are the responsibility of the Catering Officer. Establishing a conflict of interest policy, stating no staff can use the facility purchasing power for personal use Ensuring that no personal bags are left in the kitchen work area Restricting the amount of food retained in the kitchen to minimum quantities Ensuring that external doors are locked at all times, with only one exit point that is visible to the Catering Officer. Fire Exit doors should only be able to be opened from the inside, and should have a buzzer alarm that activates when opened. Ensuring that windows are screened to prevent goods being passed outside Ordering commercial sizes of items to limit theft. Packaged quantities should not be of such a size that they pose a manual handling risk to staff. Not allowing utensils or equipment to be borrowed by kitchen staff. The facility name should be stencilled or marked on portable items (eg knives and food trays). Not allowing leftover food to be taken home. This can cause over-cooking to create a surplus and encourages taking more than just leftovers. Ensuring additional meals that may be diverted for non-patient consumption are not provided as part of the meal run. Preventing unauthorised access to the kitchen. Persons are not allowed in the kitchen area unless accompanied by a senior kitchen officer. Ensuring that all stores and fridges are locked when maintenance work is being carried out Regularly checking trolleys used to transport food from the kitchen for food or other goods that should not be there Ensuring that stocks of food held in wards are kept to a minimum Checking the return of cutlery, plates and food trays from wards against what was issued. Food equipment should not be left lying around or reserves of cutlery maintained in ward areas. Ensuring vending machines are in high traffic/populated areas to create a passive surveillance situation.
Stores: • •
• • •
Ensuring staff are aware of stock control procedures for incoming and outgoing goods Conducting stock takes of consumable stores and check all items listed in the assets register - both quarterly and when there is a change of management Keeping stock levels to workable minimums Checking invoices against the stock card to ensure goods received are marked on records, and requisitions for store goods against stock cards Ensuring that all goods received are signed for and compared against orders in the Goods Inwards books
Security of Property (November 2005)
20-4
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
• •
• • • • • • •
• •
• • • •
• • •
Ensuring that goods being delivered to facility areas are not left in accessible places and vehicles are not left unattended. Goods received should be immediately located in a secure area. Ensuring that goods to be delivered to facility areas are receipted/signed for with copies of signed paperwork kept with facility and stores area Checking altered requisitions for accuracy before acceptance. Internal requisitions that have been altered should not be acceptable under any circumstances. If there are sufficient staff, ensuring that there is a separate stock controller, who maintains all stock level records Where possible, ensuring that goods are ordered and issued as complete packages, ensuring broken packages stand out Conducting physical checks to look for broken packages or seals, and to ensure that bottom packages of large stocks have not been tampered with Preventing stores staff from carrying bags into the store area Locating, as far as practical, stores away from public areas and change and lunch room areas Preventing access by employees from other stores, if store areas are specialised Ensuring that products such as detergents are issued in commercial sizes to restrict theft, though packages should not be so large as to create a manual handling risk to staff Ensuring that vehicles are parked in an area away from the store Restricting entry/exit to the store to only one door. The Supply Officer needs to be able to see the door from his/her office. Fire exit doors must only be able to be opened from the inside and have an alarm that activates when opened. Ensuring that only authorised persons are allowed in store areas Examining garbage removal devices to ensure stock articles are not being transported out of the store area Locking away items such as batteries Ensuring that stocks held in areas are securely stored and not easily accessible to patients and unauthorised staff. Where possible, ward stores need to be locked and accessible only to the nurse or unit manager or their delegate. Regularly review imprest system to ensure stock levels are appropriate Ensuring stores returned dockets are used and signed by the ward area if goods are returned from areas to the store Conducting regular checks of areas to ensure there are no hidden stores.
Administration: • •
Securing administration areas to prevent access to unauthorised persons Ensuring that the administration area is not left unoccupied during work hours or securing the area if it is to be left unoccupied
Security of Property (November 2005)
20-5
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
•
Keeping records containing sensitive information secured at all times. They should only be made available to authorised persons (Refer to Chapter 21 for additional information). Storing office consumables in a lockable area and nominating one member of the administrative staff to issue stationery requirements.
Mail Deliveries: • • •
•
• •
• •
Ensuring receptacles for mail are clearly labelled and cannot be accessed or opened by unauthorised staff Ensuring deliveries of mail are made in a restricted, defined area Keeping registered mail/couriered packages separate from other incoming mail and establishing procedures for receiving and promptly securing registered mail/couriered packages Ensuring that incoming mail (including registered mail/courier packages) are kept in a secure location to prevent loss and unauthorised access until they can be delivered to the addressee Limiting the access of staff to the mail areas or using a sign-in access card system Keeping the area for receiving incoming/outgoing mail separate from other operational areas including using a counter to separate the mail area from other working areas Ensuring all work areas are visible to supervisors Eliminating desk drawers and similar places of concealment.
Chapter 25 of this Manual provides information for identifying and handling suspicious items, including mail. Cash Handling: •
Ensuring cash handling, receipting and banking practices are consistent with the document entitled ‘Accounting Manual for Public Health Organisations’.
Patients' Property: •
Telling patients before admission, that: - Large sums of money, items of significant value, monetary or otherwise, should not be brought into the facility and that the facility will not accept any liability for their safekeeping - The facility will not be liable for any loss if money or valuables are brought in by a patient and accepted for safekeeping (if accepted for safekeeping the valuables will be placed in an envelope, which is then sealed and endorsed in a manner to identify the patient. The patient will be given a receipt, a copy of which is attached to the envelope which will then be placed in a safe)
Security of Property (November 2005)
20-6
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
-
Monies and valuables are kept in the ward by the patient at his/her risk
Note: Where money is placed into the Patients’ Trust Account the details should be entered into the Patients’ Valuables Register. •
• • • •
Ensuring that random checks are made of the Patient's Valuables Register against the envelopes held in the safe and against the Patient's Trust Account ledger, to ensure monies and valuables are secure Note: This may be subject to a patients’ authority if the patient has explicitly indicated no-one is to have access to items held on their behalf. Making random checks on withdrawal authorities to verify the balances of monies held and that all valuables are accounted for Providing a means of securing individual wardrobe lockers or closets for clothing (if lockers are provided) Ensuring that patients mark items that will be laundered by the facility with their name Issuing receipts if a facility accepts patients’ clothing for safekeeping. A cloakroom should be used to store the clothing and must be kept locked.
Staff Property: • • • •
Discouraging staff from bringing large sums of money, personal documents or belongings into the workplace Wherever possible, ensuring that staff are paid by cheque or direct deposits to guard against theft Ensuring that staff are provided with a lockable storage area (eg locker or cupboard) for safe keeping of their property Ensuring car parks have good lighting to deter theft and vandalism.
Searching Persons and their Property: The power to search an individual is restricted to narrow circumstances allowed under criminal law, which are strictly regulated, or when the individual consents. Without clear lawful authority, any search initiated without consent would be a trespass upon the person and therefore unlawful. If a person is suspected of being in possession of stolen property and refuses to be searched the police should be called. Where possible the person suspected of theft should be kept under observation pending the arrival of the police. See Chapter 14 of this Manual for further information on searching patients and visitors. Related NSW Health and Other Resources: •
Policy Directive PD2005_206 (Policy on the Handling of Medication in New South Wales Public Hospitals)
Security of Property (November 2005)
20-7
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
• •
Policy Directive PD2005_173 (Reporting Possible Corrupt Conduct to the Independent Commission Against Corruption) Accounting Manual for Public Health Organisations (1996).
************
Security of Property (November 2005)
20-8
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
21. Security of Information Policy: As part of the facility security risk management process, Health Services must ensure that all reasonably foreseeable security risks associated with the protection of official information and material (including electronic information*) from unauthorised disclosure are identified, assessed, eliminated where reasonably practicable or effectively controlled. Health Services must ensure that the risk management process is undertaken in consultation with staff and key stakeholders, is appropriately documented and effective plans and procedures developed and implemented which reflect relevant legislation, information security standards and Government policy. *‘Electronic information’ is defined in PD 2005_314 as information that is electronically created, processed, held, maintained and transmitted by NSW Health. It also refers to information held for, or on behalf of, other government agencies and private entities.
Guidelines: The types and levels of security required for official information and material will depend on a number of factors including the requirements of legislation, Government and NSW Health policy and the risks associated with unauthorised disclosure or misuse.
Security Risk Management: Chapter 1 of this Manual provides guidance material on the risk management process and these principles apply equally to information security. In addition to meeting the requirements of legislation and policy, Health Services should consider, as part of the risk management process, the following strategies: • Ensuring that an information security plan is developed, documented and implemented which outlines risk control strategies arising from the risk assessment process • Providing training to staff on information systems and the controls in place to manage security information risks and • Monitoring and reviewing risk controls to ensure they remain effective in reducing risk.
Security of Information (November 2005)
21-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Legislative and Policy Environment: Security of Electronic Information: ‘PD2005_314 – Electronic Information Security Policy’ affirms the NSW Health commitment to the provision of appropriate levels of security across all of its information systems. This policy is based on a number of key principles, as outlined below: • NSW Health’s major objective is the provision of health care services underlined by the overall welfare of the people it treats • The implementation of information security controls must not impact on the timely provisions of those services • All personal health information will be securely managed and that privacy and confidentiality will be preserved. The community must be confident NSW Health observes this principle • All other critical and sensitive information will also be securely managed and privacy and confidentiality maintained • All staff have a responsibility for the security and maintenance of critical and sensitive information including personal health information • All other information will be classified for the purposes of determining the level of security required • Providing information security education and developing awareness for all people dealing with electronic information as an integral part of maintaining adequate protection over that information and • The release of information will comply with relevant and current State and Federal legislation. The key requirements of information security, as outlined in PD2005_314, are: • Ensuring appropriate availability of information and services • Allowing secure access to information services • Preventing loss of integrity of information and transactions • Ensuring authenticity of all relevant parties • Ensuring confidentiality of information and transactions • Ensuring an audit log of significant events and • Ensuring fraud prevention. The NSW Premier’s Department Circular 2001/46 - Security of Electronic Information enforces the duty which government has in safeguarding its vast information assets. In recognition of this, Cabinet has directed that all agencies (including Health Services) undertake specific measures. These include, but are not limited to: • Implementation of information security management policies and plans: Health Services should set a clear direction and demonstrate their support for, and commitment to, information security through the issue of a formally agreed and documented security policy
Security of Information (November 2005)
21-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
•
•
Assignment of information security responsibility to a nominated officer: Having a nominated person take overall responsibility for the development and implementation of information security measures provides for a coordinated approach Ensuring that all staff understand their responsibilities for information security: Because the use of electronic information occurs at all levels of staff and across all business areas, effective security requires accountability and the explicit assignment of responsibility to all providers and users of information and Having IT systems certified to the national information security management standard AS/NZS 7799 Part 2:2003 (Specification for Information Security Management Systems).
Security of Personal Health Information: Health Privacy Principle 5, established under the Health Records and Information Privacy Act 2002, requires personal health information to have appropriate security safeguards to prevent unauthorised use, disclosure, loss or other misuse. ‘Appropriate’ will be defined by the circumstances in which the information is stored and used. The NSW Health Privacy Manual (PD2005_593) provides guidance material to assist Health Services to comply with the security requirements established in the Health Records and Information Privacy Act 2002. As public sector agencies, health services are also subject to the requirements of the State Records Act 1998. That Act has extensive provisions as to the minimum length of time public records should be retained. Health services should therefore refer to the General Disposal Authority (GDA 17) Public health services: Patient/Client Records, issued by State Records NSW in determining how long to retain clinical and client/patient records. Security of Incident Information: In 2003 the NSW Safety Improvement Program commenced implementation across all Health Services. The key objective of the Program is to ensure a coordinated approach to the management of all incidents that occur in the NSW health system. Effective management includes the identification, reporting, review or investigation, analysis of and appropriate action and feedback on all incidents. Given the sensitive nature of some of the information collected as a result of the NSW Safety Improvement Program, particularly in relation to root cause analysis (which is subject to a statutory privilege), it is important that all related information is appropriately secured in line with the requirements of legislation and Government and NSW Health policy for the security of personal health information and confidential and sensitive information.
Security of Information (November 2005)
21-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Labelling Information: There is an obvious need to protect sensitive official information from unauthorised access. Accordingly, all Health Services should use ‘labels’ to mark such information, whether it be in electronic, paper or other format. Consistency in labelling will ensure that confidentiality and consistent controls are implemented for sensitive information within a Health Service and across NSW Health. There are three levels of labelling. These are, in ascending order of sensitivity: • • •
X -IN-CONFIDENCE (where X may be ‘CABINET, COMMERCIAL, CLIENT, PERSONNEL or some other term selected by the Health Service as appropriate to their needs) PROTECTED HIGHLY PROTECTED
The absence of a sensitivity label means that official information continues to be handled in accordance with existing Health Service practices, including compliance with the Freedom Of Information Act 1989. The Premier’s Department Circular 2002/69 (Guide to Labelling Sensitive Information) provides standards for the preparation, handling, removal, auditing, copying, storage, disposal and transmission of sensitive information and should be utilised by Health Services when developing local procedures. Further Reference: NSW Health Policy: • PD2005_314 – Electronic Information Security Policy • PD2005_127: Principles for Creation, Management, Storage and Disposal of Health Care Records • PD2005_593 – NSW Health Privacy Manual • PD2005_404 – NSW Incident Information Management System (IIMS) Policy • PD2005_608 – Patient Safety and Clinical Quality Program • NSW Patients Matters Manual. Other Policy: • Premier’s Department Circular 2001/46 – Security of Electronic Information • Premier’s Department Circular 2003/02 - Electronic Information Security: Business Continuity Planning • Premier’s Department Circular 2002/69 – Guide to labelling Sensitive Information
Security of Information (November 2005)
21-4
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
• • •
Information Security Guideline Part 1- Risk Management (Office of Information Technology – June 2002) Information Security Guideline Part 2 – Examples of Threats and Vulnerabilities (Office of Information Technology – June 2002) General Disposal Authority No.17 : Public health services: Patient/Client records (available from State Records NSW at http://www.records.nsw.gov.au)
Standards: • ISO/IEC AS/NZS 17799:2001 – Information technology: Code of practice for information security management • AS/NZ – HB231:2000 – Information Security Risk Management Legislation: • Privacy and Personal Information Protection Act 1998 • Freedom of Information Act 1989 • NSW State Records Act 1998 • State Records Regulation 1999 (NSW) • Children and Young Person (Care and Protection) Act 1998 • Health Records and Information Privacy Act 2002 • Health Care Complaints Act 1993 • Public Finance and Audit Act 1983 • NSW Electronic Transactions Act 2000 • Electronic Transactions Regulation 2001
**********
Security of Information (November 2005)
21-5
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
22. Security of Medical Gases Policy: As part of the facility security risk management process, Health Services must ensure, in consultation with staff, key stakeholders and appropriate advisory bodies, that all reasonably foreseeable security risks associated with storing medical gases are identified, assessed, eliminated where reasonably practicable or effectively controlled. Health Services must ensure that the process is appropriately documented and effective procedures are developed and implemented.
Guidelines: Health Services should develop procedures, in consultation with staff and other stakeholders, to effectively manage security risks associated with storing medical gases. The aim of these procedures is to protect people and minimise the likelihood of incidents related to theft, tampering and damage occurring. Local procedures need to reflect the relevant elements of: • • • • • •
Australian Standard 4332 (The Storage and Handling of Gases in Cylinders) The Dangerous Goods Act 1975 The Dangerous Goods (General) Regulation 1999 The Occupational Health and Safety Regulation 2001 (Chapters 2 & 6) Departmental circular 82/345 (Security of Medical Gas Cylinders) and Departmental circular 80/241 (Safe Practice in the Handling of Compressed Medical Gas Cylinders).
Security Risk Management: Chapter 1 of this Manual provides guidance material on the risk management process and these principles apply equally to security risks associated with storing medical gases. As part of this process, the following risk control strategies should be considered by Health Services: •
Ensuring access to any storage areas is restricted by use of doors, barriers and signs. Sources are to be secured against unauthorised removal, tampering, vandalism and misuse.
•
Ensuring appropriate access control procedures are developed and implemented
Security of Medical Gases (December 2003)
22-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Documenting the location of medical gases both in the bulk storage facility and at the ward level
•
Ensuring records are kept for medical gases used for fieldwork. They should include: -
•
Who is using the source and who is responsible for it Where has the source been taken How is it stored/secured Date and time of issue Date and time of return Any unusual circumstances
Ensuring procedures are implemented for reporting theft, tampering and damage to medical gases.
**********
Security of Medical Gases (December 2003)
22-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
23. Security of Radioactive Substances Policy: As part of the facility security risk management process, Health Services must ensure, in consultation with staff, key stakeholders and appropriate advisory bodies, that all reasonably foreseeable security risks associated with radioactive substances are identified, assessed, eliminated where reasonably practicable or effectively controlled. Health Services must ensure that the process is appropriately documented and effective procedures are developed and implemented.
Guidelines: Health Services should develop procedures, in consultation with staff and other stakeholders, to effectively manage security risks associated with storing radioactive substances. The aim of these procedures is to protect people and minimise the likelihood of incidents related to theft, vandalism and misuse occurring. Issues relating to radiation safety are prescribed in the Radiation Control Act 1990 and the Radiation Control Regulation 2003.
Security Risk Management: Chapter 1 of this Manual provides guidance material on the risk management process and these principles apply equally to security risks associated with storing radioactive substances. As part of this process, the following risk control strategies should be considered by Health Services: •
Ensuring stores (including waste stores) are properly marked with approved warning signs, and regulations regarding their use are posted at access points
•
Ensuring access to any storage areas is restricted by use of doors, locks, barriers and signs. Sources are secured against unauthorised removal and tampering
•
Ensuring access control procedures are developed and implemented
•
Maintaining records of the location of radioactive substances and irradiating apparatus
Security of Radioactive Substances (December 2003)
23-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Ensuring records are kept of all radioactive substances discharged from the premises which include the following information: -
•
The type of radioactive substances discharged The estimate of the total activity of the radioactive substances discharged The manner in which the radioactive substances were discharged The date on which the radioactive substances were discharged
Ensuring any loss or theft of radioactive material, as required by the Radiation Control Regulation 1993, is reported to: -
The officer responsible for radiation safety The Director-General of the Department of Health within three days after the person becomes aware of the loss or theft The Chief Executive Officer or Facility Manager Police and Radiation Control Section, Environment Protection Authority
As much information as possible about the source should be given. Note: In emergency situations involving suspected or actual damage, spillage, loss or theft of radioactive substances the Radiation Control Section of the Environment Protection Authority should be contacted •
Ensuring, where a local radiation safety manual is prepared, the manual includes a section on the security of radioisotopes used and/or stored in those facilities. All radioisotopes used or stored within a facility and their subsequent disposal must be recorded in a register. No unauthorised access to radioisotopes is to be permitted.
Security during Transportation of Radioactive Substances: •
Only authorised persons undertake the escort of radioactive substances when being transported within an organisation
•
When radioactive substances are transported by road, the transport needs to be in accordance with the legal requirements as per Section 23 of the Radiation Control Regulation 1993 and the Safe Transport of Radioactive Material Code of Practice – 2001 (Australian Radiation Protection and Nuclear Safety Agency).
**********
Security of Radioactive Substances (December 2003)
23-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
24.
Fire Security
Policy: As part of the facility security risk management process, Health Services must ensure, in consultation with staff, key stakeholders and appropriate advisory bodies, that all reasonably foreseeable security risks associated with fire are identified, assessed, eliminated where reasonably practicable or effectively controlled. Health Services must ensure that the process is appropriately documented and effective fire security procedures are developed and implemented.
Guidelines: Health Services should develop procedures, in consultation with staff and other stakeholders, to manage fire related security risks. The aim of these procedures is to protect assets and people, minimise the risk of fire hazards and the spread of fire and smoke. Local procedures should incorporate any risk control strategies identified from the risk management process undertaken in each workplace. These procedures need to be consistent with local fire safety procedures, including emergency evacuation procedures. The requirements of the relevant Australian Standards, Building Codes and guidelines specified by fire authorities will also need to be reflected in these procedures.
Security Risk Management: Chapter 1 of this Manual provides guidance material on the risk management process and the principles apply equally to fire related security situations. However there will be particular activities necessary to ensure that the security risks associated with fire are effectively controlled. An internal fire emergency brings with it a range of security considerations including: • • •
The possibility of the fire being a diversionary tactic for criminal activity Theft or looting of other parts of the facility during a fire and Securing any (evacuated) patients in custody, scheduled patients, patients with cognitive deficits and (unaccompanied) children and babies.
Fire Security (December 2003)
24-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Other issues to be considered are: • • • • • •
Accounting for staff, patients and other occupants of the building or facility in a safe area away from the risks of the fire Securing (evacuated) patients who may be confused and inclined to wander and who could be injured as a result Isolating the fire scene until the police and the fire brigade assume control of the site Controlling crowds and traffic until the police can assist Ensuring the Fire Brigade is directed to the fire by the quickest route and Operating any Emergency Warning and Intercommunication System (EWIS) or other emergency communication equipment.
What to do in the Event of a Fire: Health Services should develop local procedures that outline what to do in the event of a fire. These procedures should reflect the following elements: • • • • • •
Details on who should be contacted in the event of a fire and when this contact should occur The role of health service staff and emergency services A nominated emergency co-ordinator and delegates (in the absence of the coordinator) Guidelines on the use of fire equipment The evacuation process (including priority for the removal of patients) and Details on assembly points.
Departmental Circular 2003/87 (Guidelines for Fire Safety in Health Care Facilities) provides detailed information on fire safety management, statutory requirements, fire protection, fire safety emergency response procedures, training and evacuation and advisory services.
Managing Post Incident Issues: Departmental Circular 2002/19 titled ‘Effective Incident Response: A Framework for Prevention and Management in the Health Workplace’ outlines a framework to assist with managing post incident issues such as incident reporting, dealing with media, incident investigation and supporting those who were involved in the incident. Departmental Circular 2003/75 titled ‘NSW Health Policy and Procedures for Injury Management and Return to Work’ provides policy and guidelines for the management of workplace injuries.
**********
Fire Security (December 2003)
24-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
25. Bomb Threat Policy: As part of the facility security risk management process, Health Services must ensure, in consultation with staff, key stakeholders and appropriate advisory bodies, that all reasonably foreseeable security risks associated with receiving bomb threats are identified, assessed, eliminated (where reasonably practicable) or effectively controlled. Health Services must ensure that the process is appropriately documented and effective bomb threat emergency procedures are developed and implemented.
Guidelines: Health Services need to develop local procedures for assessing and managing potential threats and security issues that may arise from a threat. Local procedures should incorporate the relevant outcomes of the risk management processes undertaken in the workplace. The aim of the procedures is to protect lives and assets and minimise business disruption.
Security Risk Management: Chapter 1 of this Manual provides guidance material on the risk management process and the principles apply equally to potential situations associated with a threat. However there will be particular activities necessary to ensure that risks associated with threats are effectively controlled. A bomb threat brings with it a range of security considerations including: • • • •
The possibility of the bomb threat being a diversionary tactic for criminal activity Securing (evacuated) patients who may be confused and inclined to wander and who could be injured as a result Theft or looting of an evacuated facility Securing any (evacuated) patients in custody, scheduled patients, patients with cognitive deficits and (unaccompanied) children and babies.
Health Services need to develop local procedures that outline what should be done to assist in preventing devices being brought into the workplace and in the event of a bomb threat.
Bomb Threat (December 2003)
25-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Security and Housekeeping: The following activities may assist with preventing devicess being brought into the workplace: • • • • • • •
Fitting good quality door fittings, locks and alarms to deter after hours penetration of the workplace (refer to Chapters 9 and 11 of this Manual for more information) Restricting or minimising entry/exit points (refer to Chapter 11 of this Manual for more information) Considering the installation of surveillance equipment (closed circuit television monitors) Introducing visitor registration and identification procedures (refer to Chapter 9 of this Manual for more information) Instituting a lock-up or security check procedure at the close of business each day/night. Daily open-up procedures should complement close of business procedures. Conducting internal physical security inspections and surveys Utilising the services of professional advisory bodies such as police, security professionals etc to assist with assessing the threat to the workplace.
Housekeeping: Good housekeeping complements security. Regular disposal of rubbish has several highly desirable benefits: • • •
The number of potential target areas is reduced Searchers are not distracted unnecessarily by extraneous objects Hygienic/sanitary conditions encourage thorough searching.
Locking surplus office accommodation, cupboards and similar furniture reduces sites for caches of potentially dangerous items and the opportunity for hiding lethal explosive or incendiary devices.
What to do if there is a Bomb Threat: Health Services should develop local procedures that outline what to do in the event of a bomb threat. These procedures should reflect the following elements: • • • • •
Details on who should be contacted in the event of a bomb threat and when this contact should occur The role of health service staff and emergency services A nominated emergency co-ordinator and their delegates (in the absence of the co-ordinator) Guidelines on the use of safety equipment The evacuation process (including priority for the removal of patients and multiple evacuation routes) and
Bomb Threat (December 2003)
25-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Information on assembly points (including procedures for searching prior to evacuation).
Samples of a Bomb Threat Checklist (Appendix 25.1) and a Bomb Threat Procedure (Appendix 25.2) are attached to this Chapter. In developing local procedure Health Services should ensure that provision is made for evacuation and assembly point routes to be searched to ensure staff, patients and visitors are not unnecessarily exposed to danger during evacuation. Procedures for Identifying and Handling Suspicious Items (including Mail): During the risk management process special attention should be given to those areas where: • • •
Mail opening and sorting are carried out The public has direct access Suspicious items could be introduced unnoticed.
Health Services should ensure that procedures for handling suspicious items encompass the identification of screening areas, criteria for identifying suspect items, and emergency responses where suspicious items are identified. Screening Areas: Health Services should establish a screening point for all mail, that is, a central processing point for all mail for the workplace. At which point in the process mail passes through this central area, between arrival and delivery to the relevant officer, will vary according to the size and function of the workplace. The visual/manual screening process should serve to identify as ‘clear’ the majority of mail items processed through the screening point. When a suspect item is detected through the initial screening, the area should be cleared of staff and a call made for assistance, in line with local procedures. Identifying Suspicious Items: Suspicious items may display a combination of the following characteristics: -
Excessive securing material Excessive weight Protruding wires or tin foil Oily stains and discolourations Visual distractions Excessive postage Proper names and title not, or incorrectly, used An address which is handwritten or poorly typed Restrictive markings eg CONFIDENTIAL
Bomb Threat (December 2003)
25-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
-
Common words misspelt Either unusual or foreign origin No sender address Does not fit with the usual type of mail received by the facility Lopsided or unevenly weighted or in a stiff or rigid envelope.
Responding when an Item is Assessed as Suspicious: If an item is considered suspect, local procedures should include the following steps to ensure the security of staff: • • • • • • • • •
•
Contact the emergency co-ordinator Confirm that the item has come through the postal system. An item that has come through the postal system usually does not have the same degree of sophistication as a device that has been placed or delivered by a courier. Check with the addressee if he/she is expecting the item. If a return address is on the article, check with the originator. Isolate the article. Place the suspect item in a safe isolation area (if safe to do so). Consider whether evacuation is necessary. Evacuation should always be considered in the event of a potential bomb threat. The area to be evacuated is related to the size of the item and the degree of the threat. Obtain as much information as possible (without handling the suspect item) in relation to dimensions, balance, stains, history or threats, type or construction of the package and its exact location to pass on to the emergency co-ordinator Under no circumstance should any attempt be made to open the item, as it is generally this action that will cause the device to activate The suspect item should not be immersed in water as this may cause it to activate Suspect items should not be placed in confined spaces such as filing cabinets or cupboards as this will only increase the blast effect if it detonates. Where possible the item should be placed in an area where the gases produced by an explosion can be vented, for example near an open window (but not near a window where people are passing by and may be injured by the blast). Suspect items should not be carried or transported through congested areas and this could expose others to unnecessary hazards.
Managing Post Incident Issues: Departmental circular 2002/19 titled ‘Effective Incident Response: A Framework for Prevention and Management in the Health Workplace’ outlines a framework for managing post-incident issues such as incident reporting, dealing with media, incident investigation and supporting those who were involved in the incident.
Bomb Threat (December 2003)
25-4
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Departmental circular 2003/75 titled ‘NSW Health Policy and Procedures for Injury Management and Return to Work’ provides policy and guidelines for the management of workplace injuries. Related NSW Health and Other Resources: •
Bombs: Defusing the Threat (Australian Bomb Data Centre – 2001)
Further Information: For further information contact: Australian Bomb Data Centre GPO Box 361 CANBERRA ACT 2601 Telephone: 02-628 70750 Fax: 02-628 70770 Email: [email protected]
**************
Bomb Threat (December 2003)
25-5
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Appendix 25.1 A Sample Bomb Threat Checklist TIME CALL TAKEN: BOMB THREAT CHECK LIST
CALLER’S VOICE
QUESTIONS TO ASK
Accent (specify):
(Place a copy of this checklist under your telephone)
Any impediment (specify): Voice (loud, soft etc): Speech (fast, slow etc):
QUESTIONS TO ASK 1. When is the bomb going to explode?
Diction (clear, muffled etc): Manner (calm, emotional etc):
2. Where did you put the bomb?
Did you recognise the voice? If so, who do you think it was?
3. When did you put it there?
Was the caller familiar with the area? THREAT LANGUAGE Well spoken: Incoherent:
4. What does the bomb look like?
Irrational: Taped: Message read by caller: Abusive: Other:
5. What kind of bomb is it? 6. What will make the bomb explode? 7. Did you place the bomb?
BACKGROUND NOISES Street noises: House noises:
8. Why did you place the bomb?
Aircraft: Voices: Music:
9. What is your name?
Machinery: Other: Local call:
Bomb Threat (December 2003)
25-6
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
10. Where are you? 11. What is your address?
Long distance: STD: OTHER Gender of caller: Estimated age: CALL FINISHED
EXACT WORDING OF THREAT
Date: Time: Duration of call:
ACTION
Number called: RECIPIENT
Report call immediately to:
Name:
Phone number:
Telephone number: Signature:
REMEMBER KEEP CALM – DON’T HANG UP EVEN AFTER THE CALLER HAS HUNG UP
Bomb Threat (December 2003)
25-7
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Appendix 25.2 Sample Bomb Threat Procedure In the event of a bomb threat: •
If a bomb threat is received by telephone, staff should: -
•
Remain calm, control emotions and not shout Complete the Bomb Threat Checklist Try to keep the caller talking as long as possible Try to raise the alarm to ensure appropriate action is commenced as soon as possible DO NOT HANG UP THE PHONE, even after the caller has hung up (it can make it easier to trace the caller) Contact the emergency co-ordinator or supervisor and inform them: - That a bomb threat has been received - Of their name, telephone number and location - Details of the threat.
The emergency co-ordinator should: -
-
•
Call the police and tell them: - That a bomb threat has been made or a suspicious item located - Their name, address, telephone number of the facility - The exact location of the suspicious object or the details of the threat Arrange for a staff member to be at the appropriate facility entrance to guide the police to the suspicious item by the quickest route. Once a suspicious item is found the senior police officer is responsible for managing the situation. Co-ordinate the evacuation by selecting the evacuation route and searching the evacuation and assembly point routes prior to the evacuation. If a suspicious item is located staff should:
-
Remain calm, control emotions and not shout DO NOT TOUCH THE OBJECT OR COVER IT Evacuate the immediate area and post sentries Contact the emergency co-ordinator or supervisor and inform them: - That a suspicious item has been found - Their name, department and telephone number - The exact location of the item - The description of the item
WARNING: DO NOT USE RADIO TRANSCEIVERS, CORDLESS PHONES OR MOBILE TELEPHONES NEAR THE OBJECT.
Bomb Threat (December 2003)
25-8
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities
26. Violence Policy: As part of the facility security risk management process, Health Services must ensure, in consultation with staff and key stakeholders, that all reasonably foreseeable risks associated with violence towards staff, patients or visitors by another individual are identified, assessed, eliminated (where reasonably practicable) or effectively controlled and that the process is appropriately documented. Note: Attention is drawn to the agreement between the NSW Nurses’ Association and NSW Health that in isolated facilities/units a minimum of two nurses must be rostered on each shift. If a second nurse is not available on a shift then a security officer should be hired or other appropriate personnel be in attendance. This agreement occurred in 1996 and was reflected in the 1996 and 1998 versions of the Security Manual which also stated that similar attention should be paid to the needs of community health workers who attend patients in isolated circumstances or in locations without ready access to support. For the purposes of this Chapter, violence is defined as any incident in which an individual is abused, threatened or assaulted and includes verbal, physical or psychological abuse, threats or other intimidating behaviours, intentional physical attacks, aggravated assault, threats with an offensive weapon, sexual harassment and sexual assault.
Guidelines: Corporate Governance and Accountability in Health: The Corporate Governance and Accountability in Health Better Practice Reference Guide, developed by the Department and the Health Services Association of NSW, states that under the NSW Occupational Health and Safety Act 2000 primary responsibility for achieving a violence free workplace for staff, patients and the public rests ultimately with the CE of DoH area health service and Royal Alexandra Hospital for Children. The Better Practice Reference Guide suggests that Boards consider the following important strategies in mitigating violent behaviour: •
OHS in the design of new facilities and upgrades
Violence (December 2003)
26-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
• • •
Appropriate communication systems, duress alarm systems and protocols particularly for staff working in the community or at isolated sites Duress alarm systems for staff working in priority areas such as emergency departments, mental health units and drug and alcohol clinics Restricting patient access through the use of key/electronic access to areas that hold cash, drugs or equipment.
Violence Risk Management: Chapter 1 of this Manual provides guidance material on the risk management process and these principles apply equally to managing and preventing violence in the workplace. As part of this process, the following risk control strategies should be considered by Health Services: •
Vehicle and Car Park Security: Ø Ensuring there is adequate lighting in car parks and around facilities Ø Providing security escorts for staff leaving the facility after dark Ø Aligning, where possible, the start and end of shifts with main public transport timetables Ø Implementing procedures for reporting poorly lit or dark areas of the facility, for both parking vehicles and walking Ø Advising staff to leave and arrive at work with colleagues where possible Ø Providing a mustering area at the facility for staff to gather, if there is time between the shift ending and buses and trains arriving Ø Ensuring that staff know of and use allocated after hours access/exit points Ø Instructing staff to lock all vehicle doors while driving through dangerous areas.
•
Movement at Work: Ø Ensuring all appropriate entry doors and windows are, where possible, locked Ø Ensuring staff are aware of their responsibility to wear personal identification at all times Ø Making sure staff are aware that all personal belongings are to be locked away and providing facilities to ensure this can happen Ø Ensuring offices, filing cabinets and desk drawers are locked when unattended Ø Making sure staff know to look for early warning signs of possible violence (eg anger or agitation, pacing back and forth, withdrawal when approached, tensed muscles, raised voices) Ø Ensuring staff know to contact security staff or police if suspicious person(s) are seen.
Violence (December 2003)
26-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Ensuring Safe Movement of Staff at Night: Ø Where practicable locating a secure car park as near as possible to the facility Ø Ensuring surrounds to car parks and living quarters are well lit, and monitored by security services if possible - areas where a person could hide should be eliminated as far as possible Ø Providing security escorts, at the end of afternoon and night shifts, to staff when going to their vehicles or living quarters Ø Developing procedures to ensure that staff do not move through or go to isolated parts of the facility alone, or open the door (at night) alone.
•
Transporting Cash Securely: Ø Ensuring that the relevant requirements of the Approved Industry Code of Practice for Cash in Transit are implemented.
•
Providing Secure Staff Accommodation: Ø Limiting access to staff accommodation by key or card control access system Ø Ensuring surrounds are well lit, and that there are no areas where a person could hide Ø Ensuring windows, doors and locks can be properly secured while still allowing for adequate ventilation.
What to do when Confronted with Violent Behaviour: It is important that all staff are aware that a range of options exists when faced with violent individuals. These responses will depend on a number of factors including the nature and severity of the event, whether it is a patient, visitor or intruder and the skills, experience and confidence of the staff member/s involved. This may include immediately triggering a duress response (as defined in Chapter 29 of this Manual). When confronted with violent behaviour, immediate and short-term options available to staff include the following. Note that these are presented in no particular order and that more than one strategy can be used, depending on the circumstances: • • • • • •
Issuing a verbal warning Seeking support from other staff Requesting that the aggressor leave Requesting review by a clinician Using verbal de-escalation and distraction techniques Retreating
Violence (December 2003)
26-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
• • • • •
Utilising NSW Health security and/or clinical restraint policies as appropriate Utilising NSW Health sedation policies as appropriate Initiating internal emergency response in line with local protocols eg security, duress response team etc (refer to Chapter 29 - Duress Response Arrangements) Initiating external emergency response in line with local protocols eg external security services, police Providing police with the necessary info rmation to charge perpetrators.
If a staff member feels unsafe at any time they should call for back-up and/or retreat, if appropriate. At all times the key priority is to prevent injury (to staff and others). When considering options the following points should always be kept in mind: • • • • •
The possibility of an underlying clinical condition contributing to the violent behaviour must always be a consideration, therefore assessment by a clinician at the earliest opportunity should be considered When confronted with violent behaviour it is important to remain calm and assess the level of threat as this will allow decisions to be made as to the most appropriate action Regardless of action taken, de-escalation and containment should always be the primary considerations At all times the key priority is to prevent injury (to yourself and those around you) Be aware of the potential for violence, recognise contributing factors/warning signs, stay calm, initiate early, appropriate action.
In some cases violent behaviour is not a one-off incident but reflects a pattern of behaviour for an individual. In these instances longer term options to manage repeated violent behaviour include: • • • • • • • • •
Formal patient management plans Written warnings Conditional patient treatment agreements Exclusion of visits Conditional visiting rights Patient alerts in conjunction with support management plan Recognition of inability to treat in certain circumstances Taking out an AVO to protect staff Having charges laid.
The ‘Zero Tolerance Policy and Framework Guidelines’ (Circular 2003/48) provides more detailed information on all of the above options. If faced with an armed hold -up situation the priorities are: •
Safety of self and
Violence (December 2003)
26-4
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Safety of others.
Chapter 27 (Armed Hold-up) provides more detailed information on what to do if faced with an armed hold-up situation.
NSW Health Zero Tolerance Policy to Violence: NSW Health has adopted a policy of zero tolerance to all forms of violence in the health workplace. The zero tolerance response means that all violent incidents need to be promptly, appropriately and consistently managed to prevent escalation and to minimise their impact on staff, patients and visitors. For further information please see the NSW Health document titled ‘Zero Tolerance Policy and Framework Guidelines’ (Departmental Circular 2003/48).
Managing Post Incident Issues: Departmental Circular 2002/19 titled ‘Effective Incident Response: A Framework for Prevention and Management in the Health Workplace’ outlines a framework for managing post-incident issues such as incident reporting, dealing with media, incident investigation and supporting those who were involved in the incident. Departmental Circular 2003/75 titled ‘NSW Health Policy and Procedures for Injury Management a nd Return to Work’ provides policy and guidelines for the management of workplace injuries.
**********
Violence (December 2003)
26-5
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
27. Armed Hold-Up Policy: As part of the facility security risk management process, Health Services must ensure, in consultation with staff and key stakeholders, that all reasonably foreseeable risks associated with armed hold -up are identified, assessed, eliminated where reasonably practicable or effectively controlled. Health Services must ensure that the process is appropriately documented and effective armed hold-up response procedures are developed and implemented.
Guidelines: Health Services should develop local procedures, in conjunction with the risk management process, to deal with a potential or actual armed hold-up. The aim of these procedures is to protect lives and prevent disruption to the running of a facility. In the context of this Chapter armed hold -up includes threats or implied threats (for the purpose of stealing money, drugs or other property) that involve any equipment or material that may be utilised as a weapon.
Security Risk Management: Chapter 1 of this Manual provides guidance material on the risk management process and the principles apply equally to potential situations associated with armed hold up. Issues to be addressed during the risk management process should include: •
• • •
Assessing vulnerable areas within the Health Service, such as pharmacies and cashiers’ counters to determine if: - The location of such facilities is secure - Cash and accountable drugs are kept to a minimum within these areas and - The routes and times are varied when cash is conveyed to and from the facility (Refer to Chapter 5 of this Manual for more information on identifying security issues when leasing out or leasing premises) Ensuring the training provided to staff in armed hold-up procedures is appropriate Ensuring the adequacy of alarm systems and physical barriers and Reviewing security system controls.
Armed Hold-up (December 2003)
27-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
What to do in the Event of an Armed Hold-up: Health Services should develop local procedures that outline what to do during an armed hold-up and immediately following an armed hold-up. These procedures should reflect the following elements: • • • • • • •
Details on who should be contacted in the event of an armed hold-up and when this contact should occur The role of health service staff and emergency services A nominated emergency co-ordinator and delegates (in the absence of the coordinator) The evacuation process (including priority for the removal of patients) Survival strategies for staff during an armed hold -up Isolating the site and Preserving the site following the incident.
A sample procedure has been included (Appendix 27.1) to this Chapter for the information of Health Services.
Managing Post Incident Issues: Departmental circular 2002/19 titled ‘Effective Incident Response: A Framework for Prevention and Management in the Health Workplace’ outlines a framework for managing post-incident issues such as incident reporting, dealing with media, incident investigation and supporting those who were involved in the incident. Departmental circular 2003/75 titled ‘NSW Health Policy and Procedures for Injury Management and Return to Work’ provides policy and guidelines for the management of workplace injuries.
**********
Armed Hold-up (December 2003)
27-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Appendix 27.1 Sample Procedure What to do in the Event of an Armed Hold-up: During an armed hold-up and immediately following an armed hold-up the following actions should be taken: •
During an armed hold-up staff should: -
Co-operate with the perpetrator’s instructions Assume and behave as if the weapon is real or loaded Remain calm, control emotions, avoid eye contact and make no sudden movements Not attack the perpetrator or touch anything they may have handled Note the perpetrator’s clothing and any other distinguishing features Not challenge the perpetrator Attempt to stay facing the person Activate any alarm if safe to do so.
During an armed hold-up the protection of life is most important. Staff should not knowingly place themselves or anyone else at unnecessary risk. •
After an armed hold-up the manager, or other delegated person of the affected area should: -
•
Close the area where the robbery took place and advise people not to touch anything at the scene Ask all witnesses to wait for the police to arrive or ask for their name, address and telephone number if they insist on leaving Ensure witnesses do not discuss the robbery until interviewed by the police Ensure that the emergency department is alerted and advised of the number of people requiring treatment Ensure all witnesses are offered counselling. Witnesses who are staff of the Health Service can access their EAP or other post incident support services. Ensure media issues are appropriately managed and arrange an area where a press conference can be held if necessary Advise unauthorised staff not to speak to the media Ensure the names of injured people are not given to the media until relatives have been notified.
After an armed hold-up staff should: -
Look after staff and others directly involved or a ffected by the hold-up Advise the manager/supervisor of the incident
Armed Hold-up (December 2003)
27-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
-
Activate any alarms, if safe to do so, if not previously activated Dial 000 and ask for the police or contact the nominated emergency coordinator at the facility and tell them: -
•
What the Emergency Co-ordinator should do: -
•
Ask the facility switchboard to advise senior staff on duty of the incident and to stand-by in case of injury Arrange to evacuate surrounding area if the hold-up is still in progress and post sentries to stop unsuspecting people walking into a dangerous situation Co-ordinate the scene until the police arrive Ensure a return to normal working practices as soon as possible
What security staff should do during and after an armed hold-up: -
•
The name, address and telephone number of the facility The exact location of the robbery and the number of intruders What the intruders looked like What vehicles were used if known What weapons were used
Observe from a safe distance, remain unobtrusive and where necessary evacuate the surrounding areas and post sentries to stop unsuspecting people walking into a dangerous situation Do not place themselves, or anyone else, at risk Keep onlookers away from the scene Sounds the alarm if it is safe to do so.
What the switchboard operator should do during and after an armed hold -up -
-
-
Ask anyone reporting a hold -up - His/her name - Location of the incident - If the incident is still in progress (if the incident is in progress police are to be advised on 000 immediately and other details gathered after) - If there are any injuries - The number of perpetrators, descriptions, direction and means of escape If the police have not been contacted dial 000 and ask for police. Tell them all the details that have been gathered from the person reporting the hold-up Report the hold-up to the emergency co-ordinator or the most senior staff member if the emergency co-ordinator is not on duty Be the communication link between management, on-site staff and police.
*********
Armed Hold-up (December 2003)
27-4
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
28. Use of Weapons By Security Staff Policy: For the purposes of this Chapter weapons are defined as batons or handcuffs only. Schedule 1 of the Weapons Prohibition Act 1998 includes batons and handcuffs in its definition of weapons and as such there are legal implications for their use and misuse. No other weapons, as defined by the Weapons Prohibition Act 1998 will be considered for issue to security staff in Health Services. The Department of Health does not support the issuing of weapons to security staff as a key security risk control s trategy. As part of the facility security risk management process, Health Services must ensure that all practical violence risk control strategies are implemented prior to considering issuing security staff with weapons. Health Services must take into consideration that issuing weapons to security staff has its own set of risks that also need to be identified, assessed, eliminated where reasonably practicable or controlled. These risks may include: • • •
The potential for weapons to be taken and used against staff, patients or visitors The potential for injury to staff who may use the weapons and the potential for injury to those the weapons are used against The potential for legal action over the use and misuse of weapons.
Note: Handcuffs are not to be used on patients. The risk management process must be documented and may from time to time be reviewed by the Department of Health or other external agencies.
Legislative Framework: Weapons Prohibition Regulation 1999: Schedule 1 of the Weapons Prohibition Regulation 1999 states that persons employed to carry on a security activity, as defined by the relevant sections of the Security Industry Act 1997, and who hold a class 1A or class 2D licence are exempt from the requirement, under the NSW Weapons Prohibition Act 1998, to have a permit to possess an extendable or telescopic baton and/or handcuffs. Use of Weapons by Security Staff (December 2003)
28-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
This exemption applies only where the person is acting in the course of employment (or in the course of carrying out business) and only if the Commissioner for Police is satisfied that the person is trained in the use of these prohibited weapons. Therefore, in order to fulfil their legislative responsibilities Health Services are required to: • •
Ensure staff issued with weapons are licensed security officers as per the requirements of the NSW Security Industry Act 1997 Ensure specialist training is provided to security officers prior to the issuing of weapons, as per the requirements of the NSW Weapons Prohibition Regulations 1999.
Only training provided by a person who holds a prohibited weapons instructor’s permit will meet this condition of the Prohibited Weapons Regulation 1999. Recognition of prior learning (RPL) certification can be accepted only where the security officer has evidence of initial training (eg certificate issued by the training provider). It should be noted that the Australasian Police Ministers’ Council has agreed that capsicum spray will not be authorised for personnel other than Police, Corrective Services and the Military. Occupational Health and Safety Act 2000 and Occupational Health and Safety Regulation 2001: The NSW Occupational Health and Safety Regulation 2001 requires employers to identify hazards, assess the risks arising from the hazards in their workplaces and develop strategies to eliminate or control these risks. The Occupational Health and Safety Regulation 2001 requires employers to take the following measures, in the order presented, to minimise security risks to the lowest level reasonably practicable, where these risks cannot be eliminated: 1. 2. 3. 4. 5.
Substituting the hazard giving rise to the risk with a hazard that gives rise to a lesser risk Isolating the hazard from the person put at risk Minimising the risk by engineering means (eg building design) Minimising the risk by administrative means (eg adopting safe working practices or providing appropriate training, instruction or information) Using personal protective equipment.
If no single measure will sufficiently minimise risk, a combination of the above measures is required.
Use of Weapons by Security Staff (December 2003)
28-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
WorkCover NSW has provided the following advice on the definition of personal protective equipment as outlined in the EEC Directive (89/656): ‘PPE is any equipment worn or held by the employee to protect him/her against one or more health or safety risks at the workplace, including all complementary equipment or accessories that can contribute to this purpose. This definition excludes: • • • • • • • •
Normal workwear and uniforms Equipment of first aid and rescue services PPE for military and police use PPE used in road vehicles (e.g. safety belts in cars) Sports equipment Self-defence or deterrent materials Portable risk and nuisance factors Detection and warning devices.’
Guidelines: Local procedures which aim to minimise harm and ensure staff are acting within the law are to be developed. The following points should be included in local procedures: • • • •
The use of weapons is a last resort action, after all other avenues to resolve the situation have been exhausted Batons are to be used in a defensive role only Handcuffs are only to be used to restrain detainees while waiting for the police to arrive to make an arrest. The handcuffed person must be handed over to the police as soon as possible. Handcuffs are not to be used on patients. In all cases, no more force than is reasonably necessary is to be used.
Health Services need to ensure that procedures governing the use of weapons include instructions on application and use, with emphasis on safety and caution and legal responsibilities for the staff member who has been issued the weapon. Documentation: Incidents involving the use of weapons should be recorded in detail and a procedural debriefing carried out. A register listing the weapons training undertaken by each security staff member should be kept.
Use of Weapons by Security Staff (December 2003)
28-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Serial numbers or permanent markings should be affixed to all weapons to allow regular checks against inventory. All losses of weapons are to be reported to police. Contracted Security: Contracts with external security providers should include arrangements that ensure that local Health Service procedures on the use of security equipment, particularly weapons, are met.
**********
Use of Weapons by Security Staff (December 2003)
28-4
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
29. Duress Response Arrangements Policy: As part of the facility security risk management process, Health Services must ensure that appropriate arrangements for providing an appropriate, timely and effective response to both clinical and other duress situations (including response to duress alarms) are developed and implemented in consultation with staff and key stakeholders.
Guidelines: Despite all efforts to minimise the likelihood of incidents occurring in NSW Health workplaces, unexpected and unusual incidents that require a duress response, including threatened or actual violence, may occur. It is important that all staff are aware that there is a range of options available when faced with violent individuals. These responses will depend on a number of factors including the nature and severity of the event, whether it is a patient, visitor or intruder, and the skills, experience and confidence of the staff member/s involved. One response available to all staff is the triggering of a duress response. All staff, including those working in institutional and community (including domestic) settings, should feel assured that i n the event of triggering a duress alarm or seeking urgent assistance in a threatening situation, an appropriate response will be initiated. Staff should also be assured that it is better to trigger an alarm/seek assistance early as this can prevent escalation. Acceptance by managers that staff are entitled to call for assistance in duress situations is an underpinning principle of the Department’s Zero Tolerance Policy and Framework Guidelines (Circular 2003/48). Early recognition of an incident and adequate and appropriate response can minimise the risk of injury to staff, patients and others and prevent escalation. This chapter should be considered in conjunction with Chapter 26 (Violence) and Chapter 27 (Armed Hold-up) of this Manual.
Duress Response Arrangements (December 2003)
29-1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
What is a Duress Response? The aims of a duress response are to: • • •
Get sufficient numbers of skilled personnel to a situation as soon as possible in order to contain the incident and maximise the chances of a good outcome Minimise the risk of injury and Demonstrate support for staff and others in duress situations.
The nature of the duress response will vary from facility to facility depending on local issues such as the nature of the facility, or unit within the facility, availability of staff to respond and access to external services such as police or private security firms. A ‘clinical duress response’ is taken to mean a formalised urgent response by health staff to a clinical situation in which the safety of a staff member, patient or others is threatened by the behaviour of a patient where the behaviour is a result of the patient’s medical condition. A clinical duress response is similar to a cardiac arrest response. The aim is to get sufficient numbers of skilled personnel to the patient as soon as possible in order to maximise the chances of a good outcome. Other duress responses are utilised where there are threats such as robbery or assaults by individuals, where there is no clinical situation, and would largely involve a security response rather than a clinical response. The following characteristics are features of an effective duress response: • • • • • • • • • • • • •
Requires one call or alarm trigger Call or trigger is early rather than later in the event Staff are aware of protocols for getting assistance Response is as fast as possible Response is standardised as far as possible to reduce confusion Response is sufficient to meet local needs and where necessary includes consideration of contingency plans while awaiting response Team members are well trained in the response procedure including their roles Each team has a delegated leader and an agreed assembly point All shifts are covered and processes are in place to cover unexpected staff shortages (eg due to sick leave) Links with local protocols, where appropriate, for retreat, restraint, sedation and additional back up Incorporates post incident management and support processes Includes operational review and debriefing Is regularly evaluated and updated as necessary.
As described in Australian Standard 4083 –1997 Health Services should refer to the call to initiate a duress response as ‘code black’.
Duress Response Arrangements (December 2003)
29-2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Chapter 1 of this Manual provides guidance material on the risk management process and the principles apply equally to identifying and managing potential situations that may require a duress response.
Duress Response Teams: An integral part of an effective duress response is the establishment of a duress response team. It is recognised that not all services/facilities may have the internal resources to mount a comprehe nsive duress team approach. However, a duress response team ensures that a response is initiated in an adequate, timely, organised and effective way; comprehensive investigation occurs; staff support is offered; and a review of the incident occurs. In mental health facilities, or facilities with mental health units, the duress response should involve sufficient numbers of people to provide for the safe management and restraint, if necessary, of the patient in accordance with the guidelines in the Departmental document titled ‘Management of Adults with Severe Behavioural Disturbance – May 2002’. Training of staff is a crucial component of ensuring the effective implementation of the duress response plan.
Planning, Implementing and Reviewing a Duress Response: The Occupational Health and Safety Regulation 2001 requires employers to consult with staff when making decisions affecting their health, safety and welfare at work. Risk control strategies include the planning, implementation and review of duress response procedures. Key stakeholders, that should be consulted, may include senior management, risk managers, staff representatives, human resource personnel, security staff, OH&S Committee representatives, health unions, representatives of priority areas such as mental health and emergency departments, community staff, and other stakeholders such as local police and ambulance. Procedures developed need to be realistic and achievable in the workplace, provide the best possible response time and include consideration of contingencies such as the simultaneous occurrence of more than one duress situation. Attached to this chapter (Appendix 29.1) are some model duress response plans. The following values should underpin the development of a duress response: • • • • •
Safety of patients, staff and others Appropriate, adequate, timely and effective response Respect and dignity of staff and patients (although safety is the priority) Empathy and recognition of the experiences of all involved Offer of support and care as needed
Duress Response Arrangements (December 2003)
29-3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
•
Support for rapid and effective treatment and rehabilitation as indicated.
Health Service or facility emergency procedures (eg fire, bomb threat, medical emergency etc) should be compatible with duress response plans. When developing a duress response plan: • • • • • • •
Ensure a duress response plan exists for all public health care workplaces and community services (ie within the organisation and outside of the organisation where health work is carried out) Consult with staff on the development and review of duress response plans Respect the rights of staff to call for a duress response if and when they identify a need Encourage calling for a duress response/back-up early in the event, preferably before escalation Ensure a preventative and risk management culture exists Provide adequate and appropriate personal protective equipment, escape routes and safe havens Ensure staff and response team partners (eg other government, non government and/or community respondents) attend relevant training.
The duress response plan should clearly state the responsibilities of staff. These may include: • • • • • • •
Implementing early notification of a potential duress incident Using personal protective equipment, safe havens and escape routes, as provided Attending training in aggression minimisation/de-escalation and duress response management where provided Assuming any delegated role and responsibilities in the command, control and coordination of a duress response Documenting involvement in the duress incident in accordance with local policy and procedures Assisting with formal operational review and debriefing of a duress incident and Assisting with implementing any preventive measures identified through evaluation strategies.
Within a duress response procedure communication protocols should: •
• •
Determine, through the risk assessment process, communication strategies and devices which best suit the local needs and contexts in which staff work (eg fixed or personal duress alarms, mobile telephones, radios, remote geographic positioning d uress beacons etc) Be clear for all staff in all workplaces and services and Consider using strategies and devices used by other emergency service providers responding to emergency situations if appropriate.
Duress Response Arrangements (December 2003)
29-4
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Managing Post Incident Issues: Departmental circular 2002/19 titled ‘Effective Incident Response: A Framework for Prevention and Management in the Health Workplace’ outlines a framework for managing post-incident issues such as incident reporting, dealing with media, incident investigation and supporting those who were involved in the incident. Departmental circular 2003/75 titled ‘NSW Health Policy and Procedures for Injury Management and Return to Work’ provides policy and guidelines for the management of workplace injuries.
**********
Duress Response Arrangements (December 2003)
29-5
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Appendix 29.1 Model Duress Response Procedures for a Medium/Large Facility: The following is a model of a duress response for a medium/large facility where staff are available to respond to a duress alarm 24 hours a day, 7days a week. This model is intended as a guide as the duress response procedures developed and implemented in a facility need to reflect the risk identified through the risk management process. •
Capacity to identify a situation / incident which requires a duress response: Ø There are clear protocols for staff calling a duress response Ø The duress response is triggered early before things get out of hand Ø There is a culture of no blame for staff members who feel threatened and call for a duress response.
•
Simple and clear communication: Ø There is a one call or alarm trigger from the person calling for a duress response to initiate the duress response – through a duress alarm, or telephone to a central coordinating person Ø Once a duress call is made, responding members attend quickly Ø Redundancy is built in (eg if the paging system is down or there are 2 simultaneous alarms) Ø There are simple ways of obtaining back up if needed - From facility resources - From external agencies such as police.
•
There is a team response: Ø There are sufficient numbers of personnel responding to meet needs Ø Team is multidisciplinary (Medical / Nursing / Security / others) Ø There is a designated leader who is identified prior to any response (this should be a clinical person for clinical duress incidents) Ø There is an agreed assembly point to enable a better co-ordination of response and avoid responding team members entering unsafe areas on their own.
•
During the response: Ø There is an immediate assessment of the situation by the team leader is this situation appropriate for intervention by the team? The duress response team may decide not to intervene and call the police (eg hostage situation or incidents involving weapons) and then the role of the team may be to keep others away from the area
Duress Response Arrangements (December 2003)
29-6
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Ø There are protocols and training for likely events such as - De-escalation - Sedation - Restraint - Retreat - Securing the scene - Crowd control - Back up / hand over to security agencies Ø There is clear documentation of the response and intervention Ø Data is kept on every duress response. •
After the response: Ø There is a review of the duress response by the manager of the duress response team Ø There is an investigation of the incident Ø Staff involved in the response, or affected by the incident, are offered support Ø Recommendations from the investigation are implemented.
Each Health Service will need to develop context specific plans based on risk assessment which takes into account their procedures, physical facilities, staffing and clientele.
Smaller Facility Duress Response: In circumstances such as smaller health facilities, community outreach and home visits, a more flexible and dynamic approach to staff safety and duress response is required. However, even in these circumstances, staff still need to have access to an appropriate emergency response. The following model is intended as a guide only as the duress response procedures developed and implemented need to reflect the risk identified through the risk management process. •
Dynamic safety measures include: Ø Mobile communication devices: mobile duress alarms, mobile phones and/or tracking devices in cars Ø Response to alarms Ø Regular and repeated risk assessments by staff - if it feels unsafe, do not proceed Ø Systems which track staff movements. For example let colleagues know of your whereabouts, itinerary and expected return; scheduled check ins with base; protocols for responding to failure to keep schedule (eg informing police).
Duress Response Arrangements (December 2003)
29-7
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Ø Use of two staff or an additional security officer rather than lone workers Ø Establish a rrangements with local business to share security resources (eg security patrols) Ø Regular liaison with the local police / emergency services, with police being the lead agency Ø Thorough staff training in early recognition of potential situations and deescalation techniques •
Review of effectiveness of each response call to identify areas of improvement.
*********
Duress Response Arrangements (December 2003)
29-8
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
30. Effective Incident Management Policy: Health Services must ensure that the policy outlined in Departmental circular 2002/19 titled ‘Effective Incident Response: A Framework for the Prevention and Management in the Health Workplace’ (or subsequent revised policy) is implemented.
Guidelines: The purpose of Departmental Circular 2002/19 is to assist health care facilities to minimise the potential for incidents to occur and to develop a planned response to such incidents if and when they occur. The document provides guidelines for planning incident prevention and management protocols or procedures, and guidelines on the essential components of incident management. The policy, within this document, focuses on the impact of incidents on staff and provides a framework to assist staff to deal with their experience. All relevant requirements for a culturally sensitive response, gender equity and occupational health and safety should be encompassed. This chapter should be read in conjunction with Chapter 29 (Duress Response Procedures).
**********
Effective Incident Management (December 2003)
30-1
SECURITY CONTINUOUS IMPROVEMENT PROGRAM
Chapter 31: Part One - Guidelines Chapter 32: Part Two - Assessment Tool Chapter 33: Part Three - Improvement Plan
TABLE OF CONTENTS
Executive Summary Conducting the Survey: A Process Overview
PART ONE (Chapter 31)
GUIDELINES FOR CONDUCTING A SECURITY SURVEY USING THE NSW HEALTH SECURITY IMPROVEMENT TOOL
1.0
Introduction to the NSW Health Security Continuous Improvement Program
2.0
Purpose and Scope of the Improvement Plan
3.0
Status of the Tool
3.1
Annual Internal Security Survey
3.2
Five Yearly External Security Survey
4.0
Target Group for Using the Tool to Conduct Security Surveys
5.0
Overview of the Improvement Program
5.1
Part One: The Guidelines
5.2
Part Two: The Tool 5.2.1 Health Facility Report 5.2.2 Detailed Indicative Evidence Guidelines 5.2.3 The Assessment Tool
5.3
Part Three: The Security Improvement Plan
6.0
Interpreting the Assessment Tool
6.1
Sections
6.2
Elements 6.2.1 Determining Which Elements to Survey 6.2.2 Mandatory Elements
6.3
Standards
6.4
Indicative Evidence
6.5
Scoring and Interpreting Results
6.6
Comments and Recommendations
7.0
How to Use the Tool
7.1
Preparing to Conduct a Security Survey
7.2
Conducting the Security Survey
7.3
Reporting Survey Results
7.4
Departmental Reporting Requirements
PART TWO
NSW HEALTH SECURITY IMPROVEMENT TOOL
(Chapter 32)
Health Facility Report Health Facility Report Coversheet Health Facility Summary Sheet Health Facility Score Sheet
Detailed Indicative Evidence Guidelines What is Indicative Evidence? Sources of Evidence – what to look for and how to use it Using Verbal Information Using Documentary Information Using Observation Common Forms of Indicative Evidence
Section One
Security Risk Management Framework
1.1
Security Risk Management Policy and Program
1.2
Security Risk Management Responsibilities
1.3
Security Risk Management in the Planning Process
1.4
Health Service Leasing of Property to/from External Parties
1.5
Security Arrangements for Patients in Custody
1.6
Security Education and Training
1.7
Security Continuous Improvement
Section Two
Core Security Risk Controls
2.1
Access Control
2.2
Key Control
2.3
Alarm Systems
2.4
Lighting
2.5
Provision of Security Services
2.6
Duress Response Arrangements
Section Three
Security Risk Controls in Priority Areas
3.1
The Clinical Environment
3.2
Security of Staff Working in the Community
3.3
Rural and Remote Health Services
3.4
Security in Pharmacies
Section Three
Security Risk Controls in Priority Areas (continued)
3.5
Security in Car Parks
3.6
Security of Property
3.7
Security of Information
3.8
Security of Medical Gases
3.9
Security of Radioactive Substances
Section Four
Security Risk Controls in Unplanned Events
4.1
Fire Security
4.2
Bomb Threat
4.3
Violence
4.4
Armed Hold-up
PART THREE
SECURITY IMPROVEMENT PLAN
(Chapter 33)
EXECUTIVE SUMMARY NSW Health is committed to the ongoing elimination and control of security risks to patients, staff, visitors and property. Its principal policy documents in this area are NSW Health circular 2003/92 and supporting publication Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities December 2003 (the Security Manual). The Security Manual forms the platform on which the Security Continuous Improvement Program sits. The Security Continuous Improvement Program consists of Guidelines for using the Security Improvement Tool to conduct a security survey, the survey Tool itself and a template for the resulting Security Improvement Plan. The program should be implemented in close consultation with the Security Manual. The purpose of the Program is to assist public health organisations: • Keep staff, patients and visitors safe, and keep property secure • Meet the relevant NSW OHS legislative requirements, and NSW Health policy requirements contained in the Security Manual • Measure essential aspects of their security risk management program for feedback to appropriate levels of management • Identify areas of the local security risk management program requiring improvement • Ensure local security risk management continuous improvement through the development and implementation of an improvement plan. The Security Improvement Tool and support materials will assist public health organisations to measure implementation of key aspects of the Security Manual and develop an Improvement Plan to address identified shortcomings and to drive continuous improvement. The Tool is to be used to conduct the annual internal security survey required in Chapter 8 of the NSW Health Security Manual. The Security Improvement Plan should be prepared as soon as possible after completion of the security survey, and in consultation with key facility contacts and other relevant stakeholders. Once the Improvement Plan has been drafted, it should be forwarded to the relevant manager/s for further discussion if appropriate, in preparation for final approval via local approval protocols, and implementation.
********************
Part One - Guidelines for Conducting a Security Survey Using the NSW Health Security Improvement Tool
31-1
CONDUCTING A SECURITY SURVEY – A PROCESS OVERVIEW
Public Health Organisation/Facility •
Identify survey team leader and team members, at least one of whom must hold a security licence (Section 4.0).
Team Leader, Security Survey •
Ensure that all team members read all the materials, including the Guidelines which explain the process, and are familiar with the Tool and the Security Manual.
Security Survey Team Preparation • • • • • • •
Read the Guidelines (Part 1 Guidelines – Chapter 31), and have a good working knowledge of the Security Manual, the Tool (Part 2 – Chapter 32) and the Indicative Evidence (Part 2 – Chapter 32) Meet with the relevant senior executive/s to explain the survey, and provide a copy of the Executive Summary (Part 1 – Chapter 31) Determine which Elements are to be included in the survey (Section 6.2.1) ensuring all Mandatory Elements are included as a minimum (Section 6.2.2) Identify which physical parts of the facility are to be surveyed Make arrangements to visit the facility, interview staff and view documentation Take copies of the Tool, Guidelines and Health Facility Report Have access to the Security Manual.
Conducting the Security Survey • • •
Inspect the facility, review the documentation and interview key staff Record observations and agree on the standard to be assigned for each element Record results on the Score Summary Sheet and complete the Health Facility Report (Part 2).
Reporting Results • •
Complete the Security Improvement Plan (Part 3 – Chapter 33) in consultation with key facility contacts (Part 1; 5.3) Submit a copy of the Improvement Plan (Part 3 – Chapter 33), Health Facility Report (Part 2 – Chapter 32) and the Executive Summary (Part 1 – Chapter 31) to appropriate management, following local protocols.
Team Leader, Security Survey •
Ensure that a copy of the Health Facility Report, completed survey and Improvement Plan is retained in an appropriate place.
Public Health Organisation / Facility • •
Ensure that an electronic copy of the Health Facility Report is readily available should the Department require a copy Implement the Security Improvement Plan.
Part One - Guidelines for Conducting a Security Survey Using the NSW Health Security Improvement Tool
31-2
PART ONE GUIDELINES FOR CONDUCTING A SECURITY SURVEY USING THE NSW HEALTH SECURITY IMPROVEMENT TOOL
1.0
Introduction to the NSW Health Security Continuous Improvement Program (Improvement Program)
NSW Health is committed to the ongoing elimination and control of security risks to patients, staff, visitors and property. Its principal policy documents in this area are NSW Health circular 2003/92 and supporting publication Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities December 2003 (the Security Manual). The purpose of the Security Manual is to: • Outline NSW Health policy on key aspects of personal and property security • Provide detailed guidelines to assist public health organisations develop local security risk management programs and procedures • Assist public health organisations meet the relevant EQuIP criteria for security • Assist public health organisations maintain an effective security program that is based on a structured, on-going risk management process, consultation, appropriate documentation and record keeping and regular monitoring and evaluation and • Assist public health organisations to meet their legislative obligations. The chapters of the Security Manual can be located on the NSW Health website at www.health.nsw.gov.au/audit/manuals/protecting_people_property.pdf The Security Manual forms the platform on which the Improvement Program sits. The Security Improvement Tool, associated Guidelines and Security Improvement Plan, as outlined in this document, are linked to, and flow from the Security Manual. They will assist public health organisations to regularly measure implementation of key aspects of the Security Manual, identify areas requiring improvement and plan for implementation of those improvements. The remainder of Part 1 provides detailed guidelines on the Security Continuous Improvement Program and its implementation by public health organisations.
2.0
Purpose and Scope of the Improvement Program
As suggested above, the Improvement Program was developed to support and complement the Security Manual. The purpose of the Improvement Program is to assist public health organisations to: • Keep staff, patients and visitors safe, and keep property secure • Meet the relevant NSW OHS legislative requirements, and NSW Health policy requirements contained in the Security Manual • Measure essential aspects of their security risk management program for feedback to appropriate levels of management • Identify areas of the local security risk management program requiring improvement • Ensure local security risk management continuous improvement through the development of an improvement plan. Part One - Guidelines for Conducting a Security Survey Using the NSW Health Security Improvement Tool
31-3
The Security Continuous Improvement Program is provided in three parts: Part One (Chapter 31)
Part Two
Guidelines for Conducting a Security Survey Using the NSW Health Security Improvement Tool (the Guidelines) Security Improvement Assessment Tool (the Tool)
(Chapter 32)
Part Three
Security Improvement Plan (Improvement Plan).
(Chapter 33)
The Guidelines include detailed information for those using the Tool to conduct a security survey and develop a Security Improvement Plan. Therefore users must be familiar with the Guidelines and the Security Manual prior to conducting a security survey. The Tool provides public health organisations with a mechanism for assessing their security risk management program against the requirements of the Security Manual. The Improvement Plan will flow from an analysis of the results of the security survey, and allows public health organisations to systematically plan and implement improvements to the local security risk management program.
3.0
Status of the Tool
3.1
Annual Internal Security Survey
The Tool must be used to conduct the annual internal security survey as required in Chapter 8 of the Security Manual. Use of the Tool aims to promote consistency in the way security systems are assessed, allow for benchmarking and allow the Department to access consistent information on health system security performance as required.
3.2
Five Yearly External Security Survey
Public health organisations may wish to consider making the Tool available for use by external security services when they are engaged to conduct the five yearly external survey. Having someone independent of the Area using the Tool to conduct the survey may provide some informative insights on the status of the security risk management system and on how the Tool is being used by internal assessors. It may also constitute a useful quality assurance mechanism.
4.0
Target Group for Using the Tool to Conduct Security Surveys
The Tool has been developed for use by NSW Health staff with a good working knowledge of risk management principles and their application in security risk management. Therefore, the intended users of the Tool include security staff, risk management staff, OHS staff and OHS Profilers. When the Tool is being used to conduct the annual security survey, at least two people from the target group should undertake the survey, where possible. In all cases, at least one assessor must hold a security licence eg security officer, security manager or health and security assistant. Other relevant personnel may also wish Part One - Guidelines for Conducting a Security Survey Using the NSW Health Security Improvement Tool
31-4
to take part in some or all of the survey eg facility manager, Area representative, unit manager etc. Depending on resources, the assessment team should be structured to maximize opportunities for surveying the facility with ‘fresh eyes’. It is desirable that public health organisations continue to use external security experts to conduct the five year external security survey. However, where this poses significant difficulties eg lack of available external security experts in some rural areas, the external survey may also be conducted by such individuals or groups suggested in the previous paragraph, provided they are from another Area, as advised in Chapter 8 of the Security Manual.
5.0
Overview of the Improvement Program
5.1
Part One: The Guidelines (Chapter 31)
Part 1 of the Program consists of The Guidelines (1.0 to 7.0) and includes an Executive Summary and detailed information for those using the Tool. Assessors will need to be familiar with all of Part 1, and have a good working knowledge of the Security Manual prior to using the Tool to conduct the security survey.
5.2
Part Two: The Tool (Chapter 32)
Part Two consists of the Health Facility Report, Detailed Indicative Evidence Guidelines and the Assessment Tool itself.
5.2.1 Health Facility Report The Tool begins with the Health Facility Report, which forms a template for recording relevant information associated with conducting the survey. The Health Facility Report includes the following: • Health Facility Coversheet (Coversheet) • Health Facility Summary Sheet (Summary Sheet) • Health Facility Score Sheet (Score Sheet). The Coversheet includes facility details, survey score, date the survey took place and facility contact officer details. The Summary Sheet includes the public health organisation and facility name, assessor name/s and titles, date survey was conducted, and parts of the facility physically visited during the survey. The Score Sheet includes the score achieved for each Element, the score and percentage for each Section and the facility’s total score and percentage for both a full survey and a Mandatory Elements only survey. A copy of the completed Health Facility Report should accompany the Security Improvement Plan when it is presented to management.
5.2.2 Detailed Indicative Evidence Guidelines The indicative evidence guidelines provide detailed information on accessing and using Indicative Evidence, as listed in the Indicative Evidence column of the Tool itself, to determine what Standard to allocate against the particular Element being assessed. Part One - Guidelines for Conducting a Security Survey Using the NSW Health Security Improvement Tool
31-5
The Detailed Indicative Evidence Guidelines must be closely consulted and well understood by assessors prior to their commencing a security survey.
5.2.3 The Assessment Tool The assessment part of the Tool is designed to focus on the following aspects of each key component of the security risk management program as outlined in the Security Manual: • • •
Determining the existence of appropriate systems and procedures Assessing the level of employee involvement in, and awareness of these systems and procedures Ascertaining the degree to which these systems and procedures are implemented in the workplace.
The structure and layout of the Tool are similar to that of the NSW Health OHS Profile, as this approach is well known to Chief Executives, Executive Directors and OHS Profilers, is relatively simple to use and provides a mechanism for identifying areas requiring improvement. The Tool’s content follows that of the Security Manual, with some slight variations, as follows: • • •
The Tool incorporates the requirements of chapters 3 and 4 of the Security Manual into a single element (1.3 Security Risk Management in the Planning Process) The Tool incorporates the requirements of chapters 14 and 28 of the Security Manual into a single element (2.6 Provision of Security Services) The Tool does not include standards or indicative evidence for Chapter 30 Effective Incident Management.
The Tool consists of four Sections that reflect the four main sections of the Security Manual. Each Section in the Tool is divided into a number of Elements, with each Element reflecting the corresponding chapter from the Manual. Four possible levels of performance, or Standards, are outlined for each Element, ranging from minimal performance to best practice. Examples to support each Standard are cited in the Indicative Evidence column to assist the assessor in allocating the correct standard of performance for that Element. Each Element includes a scoring system, and a ‘Standards Achieved and Notes’ column which can be completed by the assessor as each Element is assessed.
5.3
Part Three: The Security Improvement Plan (Chapter 33)
The Improvement Plan should be developed as soon as possible after the completion of the security survey, in consultation with the key facility contacts for the survey and other relevant stakeholders. It is crucial to the successful implementation of the Improvement Plan that all those with a key role to play in its implementation are consulted during its development. For example, if the security survey indicates that the emergency department duress alarm system is inadequate, and the associated duress response is not well organised, then relevant personnel in the emergency department, including management, should be consulted and some in principle agreement reached on proposed recommendations to remedy the situation. This will then pave the way for the formal approval process once the Improvement Plan is completed. Part One - Guidelines for Conducting a Security Survey Using the NSW Health Security Improvement Tool
31-6
The Improvement Plan template lists all Elements. The assessor should list and prioritise recommended improvement strategies against the appropriate Element to address significant gaps in security risk management identified via the survey. The Improvement Plan also includes headings for responsibility (to identify those with responsibility for the implementation of the various recommendations), timeframes for implementing each strategy and resource implications. The target audience for the Improvement Plan will depend on the scope of the proposed improvements and the type and amount of resources required to implement the Plan, and may include unit managers, the facility manager and/or Area Chief Executive. In the example given above, the senior management position in the emergency department would certainly be included in the formal approval process for the Improvement Plan. The approval and implementation process for the Improvement Plan will need to be consistent with local policies, procedures and practices. The important point is that the information in the Plan should be used in the most appropriate manner to ensure that serious gaps in security risk management are dealt with promptly, and that other deficiencies are identified for improvement in forward planning. Public health organisations may choose to follow the same process they use for developing and implementing local Numerical Profile OHS Improvement Plans.
6.0
Interpreting the Assessment Tool
6.1
Sections
The four sections in the Tool, reflecting the four relevant sections of the Security Manual, are: • Section 1 Security Risk Management Framework • Section 2 Core Security Risk Controls • Section 3 Security Risk Controls in Priority Areas • Section 4 Security Risk Controls in Unplanned Events.
6.2
Elements
Each Section is sub-divided into a number of key Elements, ranging from 4 to 9, depending on the section. There is a total of 26 Elements in the Tool. Each Element describes the particular policy from the Security Manual to be surveyed.
6.2.1 Determining Which Elements to Survey Depending on the public health organisation, some Elements in the Tool may not be applicable eg there may be no radioactive substances associated with the facility and therefore the related Element does not need to be completed. However, good judgment should be used when determining what Elements, if any, may not need to form part of the survey. For example, a metropolitan facility may assume that there are no rural or remote facilities, when in fact there may be a community health service on the grounds, whose location is quite removed from the main building. The important points to consider in this instance are the security risks associated with the location of the service, its access to an emergency response and the timeliness of that response.
Part One - Guidelines for Conducting a Security Survey Using the NSW Health Security Improvement Tool
31-7
Similarly, while a facility might not have a car park, it should not automatically dismiss this Element, as, where evening and night staff are required to park off site, this may in fact actually increase security risks. After careful assessment, where it is determined that an Element is not relevant, a note of ‘not applicable’ should be inserted next to the particular Element on the Score Sheet.
6.2.2 Mandatory Elements When public health organsiations are conducting the annual survey, all Elements of the Tool relevant to the facility should be assessed, particularly when the results of the survey are being used to support EQuIP accreditation requirements. As a minimum, however, the following 20 Elements must be assessed each year: • Section One: Elements 1.1, 1.2, 1.3, 1.4, 1.5, 1.6, 1.7 • Section Two: Elements 2.1, 2.2, 2.3, 2.4, 2.5, 2.6 • Section Three: Elements 3.1, 3.2, 3.3, 3.4, 3.5 • Section Four: Elements 4.3, 4.4 The Department may vary these mandatory Elements from time to time.
6.3
Standards
The rating mechanism used to measure performance is called a Standard. After each Element is assessed, the assessor assigns one of the four possible Standards, A, B, C or D, to the Element. This rating system is used consistently for all Elements, and all Standards are assigned a pre-determined score. Standard D
Minimum / Nil
Signifies little or no activity against the element
Standard C
Some
Signifies that there is some risk management activity ie some consultation has occurred, some risk assessment and risk control activities have taken place, but there is still a significant amount that needs to be done to reach minimal compliance with the relevant policy in the Security Manual.
Standard B
Reasonabl e
Signifies a reasonable level of risk management activity ie appropriate consultation has occurred, significant risk assessment and risk control activities have taken place and there is compliance with most, though not all, aspects of the relevant policy in the Security Manual. Some but not all control strategies are implemented, and review of control strategies may have occurred to some degree.
Standard A
High
Signifies a high level of risk management activity, training and consultation with staff and their representatives, a high level of commitment to OHS from all levels of the organisation, all significant security risks have been assessed and as far as practicable, all relevant risk controls have been implemented. There is compliance with all aspects of the relevant policy in the Security Manual. There is a continuous improvement mechanism in place that would include regular monitoring, review and a feedback loop into the system. Standard A signifies excellence/best practice.
Part One - Guidelines for Conducting a Security Survey Using the NSW Health Security Improvement Tool
31-8
6.4
Indicative Evidence
Indicative Evidence is evidence that will help determine how well the public health organisation performs against the particular Element. The evidence listed in the Indicative Evidence part of the Tool gives suggestions for the kind of information that can be sought by assessors to assist them to determine the relevant Standard. There are three main ways of collecting evidence: verbal information, documentary information and observation. Each of these methods will need to be used against each Element, to be sure that the correct Standard is applied. Each method will provide a slightly different perspective on the Element being assessed, and will help the assessor get a clearer picture of what is happening in relation to the particular Element. The nature of the evidence that will provide this information will vary from facility to facility and even within the facility. The Indicative Evidence list does not include all of the evidence that could show performance against each Standard. Equally, assessors do not need to check on every suggested item under Indicative Evidence. The knowledge, skills, expertise and experience of the assessor, as well as his or her familiarity with the area being assessed, will determine the range and depth of Indicative Evidence reviewed, before allocating the Standard. Assessors will need to keep this in mind when reviewing evidence, to ensure that the Indicative Evidence does not become the de facto Standard.
6.5
Scoring and Interpreting Results
The Tool has a maximum possible score of 780 points ie the sum of all the A scores, with each of the four Sections worth a total of 210, 180, 270 and 120 respectively. Where Elements are not applicable, assessors should omit the score and the total score available is reduced by the amount of that Element's A Standard ie 30. For example, during a particular survey, Element 3.3 is considered to be not applicable. The maximum score for 3.3 is 30 points, therefore this must be subtracted from the possible total for the entire survey ie 780 minus 30, which results in the new possible total becoming 750. As a Standard is allocated against each Element it can be recorded in the Standard Achieved and Notes section of the Tool. At the conclusion of the survey the scores for all Elements completed are then transferred to the Health Facility Score Sheet. The score for each Section, and the final score must then be aggregated, and expressed as a percentage. For example, if the maximum possible score for a particular Section is 210, and the actual score is 120, then to obtain the percentage score for the Section, the actual score (120) is divided by the maximum score (210), and then multiplied by 100 to convert to a percentage, resulting in a score of 57.1% for that particular Section. If the maximum possible score for the survey is 750, and the actual score is 540, then to obtain the percentage score, the actual score (540) is divided by the maximum possible score (750), and then multiplied by 100. This results in a score of 72%.
Part One - Guidelines for Conducting a Security Survey Using the NSW Health Security Improvement Tool
31-9
Similarly, the scores for the mandatory Elements should also be noted in the Mandatory Elements columns in the Health Facility Score Sheet, and the corresponding calculations completed ie scores totalled and converted to a percentage. Because all facilities are required, as a minimum, to conduct the survey of all applicable mandatory Elements, this provides an opportunity for some comparative analysis and benchmarking across facilities. The percentage result for the total survey represents the facility’s progress towards achievement of best practice in security risk management. Assessors need to determine Standards on a hard but fair basis. There is no ‘passmark’. Accordingly, if all aspects of a Standard (not to be confused with all the suggested Indicative Evidence) are not met, then the next Standard and score down must be assigned. For example, if all aspects of a B Standard are not met, then the C Standard and score should be assigned. Lower scores do not necessarily indicate that additional security risk management activities are not being performed, but perhaps that security risk management policies, procedures and practices are not fully implemented, are not documented, or not well communicated to or understood by relevant staff. As much of the information obtained by the assessors is through discussions with local staff, it is possible that information that is incomplete, incorrect or not up to date could be obtained. Therefore, assessors should ensure that they seek a variety of information sources.
6.6
Comments Column
Assessors can use this part of the Tool as they are conducting the security survey, to record their comments that support the Standard they have assigned and any particular areas that require special mention. For example, obvious control strategies that are missing can be quickly jotted down. These notes will form the basis for developing the associated Security Improvement Plan.
7.0
How to use the Tool
7.1
Preparing to Conduct a Security Survey
•
• •
Determine who will conduct the survey (see section 4.0). For example, a team approach using OHS, risk, security and clinical staff may result in a more comprehensive assessment. At least one of the assessors must be the holder of a security licence eg security manager, security officer, health and security assistant. Inclusion of one officer who conducted the last security survey will provide some continuity to the process. Depending on resources, the assessment team should be structured to maximise opportunities for surveying the facility with ‘fresh eyes’. Identify which Elements in the four Sections, if any, will not be included in the survey if they are deemed inappropriate. For example, there may be no radioactive substances. Ensure that the assessors have a good working knowledge of the guidelines for conducting the security survey and the indicative evidence guidelines, as well as the relevant chapters of the Security Manual and their associated Sections in the Tool.
Part One - Guidelines for Conducting a Security Survey Using the NSW Health Security Improvement Tool
31-10
•
• • • • • • •
• •
7.2 •
• • • • • •
• •
Determine in advance, as far as possible, which parts of the facility (eg emergency department, car parks, pharmacy, mental health, community health etc) are applicable to which Elements and plan to address all possible Elements when physically in those areas. It is not necessary that all Sections of the Tool be completed at the one time. For example, it may be easier to plan the facility survey over a defined period of time eg a week, around the availability of those concerned. Determine who will need to be interviewed as part of the survey. Meet with the relevant senior executive/s to explain the survey. The Executive Summary at the beginning of the Guidelines may be useful information to provide at this time. Make arrangements in advance to access the facility, meet with the appropriate personnel for interviews, review documentation and make visual observations. Review the guidelines for conducting the survey (Part One of the document) and the Detailed Indicative Evidence Guidelines. Ensure that sufficient time is allocated for the completion of the survey. Be aware of the results and recommendations arising from the heath facility’s last Security Improvement Plan if relevant, and the results of any associated survey conducted by the public health organisation’s Internal Audit Unit. The report from any crime risk assessment survey conducted by Police may also be relevant and should be consulted if possible. Have a copy of the Guidelines and the Tool, including the Health Facility Report. Depending on the knowledge, skills and experience of the assessor/s, access to relevant sections of the Security Manual may also be useful. Complete the relevant sections of the Health Facility Report ie name of facility to be surveyed, name of assessors etc (see first section of the Tool for template).
Conducting the Security Survey If working as part of an assessment team, determine and agree on protocols for conducting the security survey and identify who will record the findings. Team members will have valuable input to make from their own operational perspective and area of expertise. Review the area of the facility being assessed against the relevant Element, using the Indicative Evidence as a guide. Gather relevant information, talk to staff, supervisors, managers and OHS Committee members, ask questions, view policies, procedures and other relevant documentation, take notes. When asking questions, listen and confirm responses. This is not the time to be debating with managers. Determine and agree the Standard to be assigned for each Element and record in the Standard Achieved and Notes column. Complete the Comments column as each Element is completed, while observations/suggestions/recommendations for improvement are still fresh. It may also be useful at this time to ‘walk through’ each Element of a particular Section with the manager or supervisor of the area being assessed, explaining why a particular Standard has been allocated, with the aim of getting consensus on the allocated Standard. At this time it is important to reinforce the positive aspects of the area’s performance. Complete all Elements of the Tool that are relevant to the facility. When the survey is concluded, complete the Score Sheet by circling the allocated score for each Element, totalling the score for each Section, calculating the percentage for each Section, then totalling the health facility’s overall score and percentage (see 6.5).
Part One - Guidelines for Conducting a Security Survey Using the NSW Health Security Improvement Tool
31-11
• • •
Assessors may choose to do this as they are conducting the survey, or at the end of the survey. For any Elements not completed, note them as “not applicable” on the Score Sheet. Using a similar method, complete the Mandatory Elements section of the Score Sheet. Complete any outstanding sections of the Health Facility Report.
7.3 • •
• •
Reporting Survey Results Draft the Improvement Plan in consultation with all key stakeholders (see section 5.3). Submit the Improvement Plan for approval using the appropriate local approval protocols. A copy of the completed Health Facility Report should also be included, and a copy of the Executive Summary of the Security Improvement Program, if appropriate. A full copy of the Health Facility Report, completed Survey and Improvement Plan should be retained in an appropriate place. It is recommended that the Plan be submitted within four weeks of the survey being conducted. All relevant managers should be included in the sign off as part of the approval process.
7.4
Departmental Reporting Requirements
The Health Facility Report (coversheet, summary sheet and score sheet) must be readily available for forwarding electronically to the Department, should the results be required.
8.0
Related Documents and Legislation
The following NSW Health documents should be closely consulted when using this Tool • Zero Tolerance Policy and Framework Guidelines (Circular 2003/48) • NSW Health Workplace Health and Safety: Policy and Better Practice Guide (Circular 2004/87).
8.1 • • • • • • • • • •
Other documents to be considered in conjunction with this Tool Corporate Governance and Accountability in Health – A Better Practice Reference Guide (Department of Health and Health Services Association of NSW – December 2002) Mental Health for Emergency Departments – A Reference Guide (2002) Management of Adults with Severe Behavioural Disturbances – Guidelines for Clinicians in NSW Health (2002) Working Group for Mental Health Care in Emergency Departments – Final Report and Recommendations Effective Incident Response: A Framework for Prevention and Management in the Health Workplace (Circular 2002/19) Design Series: Health Facility Guideline – Security and Safety (Circular 2003/13) Local Area or facility disaster management plans Reportable Incident Briefs to the NSW Department of Health (Circular 2003/88) NSW Health Policy and Procedures for Injury Management and Return to Work (Circular 2003/75) # Australian Standard 4485.1-1997 – Security for Health Care Facilities (Part 1: General Requirements)
Part One - Guidelines for Conducting a Security Survey Using the NSW Health Security Improvement Tool
31-12
8.1 • • •
Other documents to be considered in conjunction with this Tool (continued) # Australian Standard 4485.2-1997 - Security for Health Care Facilities (Part 2: Procedures Guide) Australian Standard 4083-1997 – Planning for Emergencies; Healthcare Facilities WorkCover NSW – Violence in the Workplace Guide (2002).
# EQuIP standards require the management of security risks with reference to any relevant Australian Standards. In line with this, reference should be made to Australian Standard 4485.1-1997 – Security for Health Care Facilities (Part 1: General Requirements) and Australian Standard 4485.2-1997 – Security for Health Care Facilities (Part 2: Procedures Guide).
8.2 • • • • • •
Legislation to be considered in conjunction with this Tool Occupational Health and Safety Act 2000 Occupational Health and Safety Regulation 2001 Security Industry Act 1997 (including Master Licence and Security Organisation Code of Practice) Security Industry Regulation 1998 Weapons Prohibition Regulation 1999 Workplace Surveillance Act 1998.
Part One - Guidelines for Conducting a Security Survey Using the NSW Health Security Improvement Tool
31-13
Part Two
Security Improvement Assessment Tool
Health Facility Report Detailed Indicative Evidence Guidelines The Tool
Security Continuous Improvement Program Health Facility Report
Health Facility Coversheet Area Health Service: ____________________ Facility: ______________________________ Score:
%
Date: ___/____/ 20___ Full Report Or Mandatory Elements Only Report (Please tick appropriate option) Facility contact officer:_________________ Phone number:_____________________
Security Risk Management Health Facility Summary Sheet Area Health Service: Facility: Address/Location: Date of Survey: Survey Conducted by: Name 1:
Tel:
Signature:
Tel:
Signature:
Tel:
Signature:
Title: Name 2: Title: Name 3: Title: Principal Facility Contacts: Name: 1.
Title/Phone:
2. 3. 4. 5. 6. 7. 8. Parts of facility physically visited during survey (eg ED, Mental Health, Outpatients etc):
NSW Health Security Improvement Tool – Part 2 – Score Sheets
Page 32–3
HEALTH FACILITY SCORE SHEET
ALL ELEMENTS (Insert N/A for “Not Applicable” beside those elements that have not been included in the survey)
STANDARD ACHIEVED
ELEMENT
(Please circle the score)
1. SECURITY RISK MANAGEMENT FRAMEWORK D (nil)
C (some)
B (reasonable)
A (high)
1.1 Security Risk Management Policy and Program
Mandatory
0
10
20
30
1.2 Security Risk Management Responsibilities
Mandatory
0
10
20
30
1.3 Security Risk Management in the Planning Process
Mandatory
0
10
20
30
1.4 Health Service Leasing of Property to or From External Parties
Mandatory
0
10
20
30
1.5 Security Arrangements for Patients in Custody
Mandatory
0
10
20
30
1.6 Security Education and Training
Mandatory
0
10
20
30
1.7 Security Continuous Improvement FACILITY RESULTS ALL ELEMENTS, SECTION 1
Mandatory
0
10
20
30
Facility’s score:
[Total maximum score for section 1 is 210]
out of a possible
Facility’s %:
2. CORE SECURITY RISK CONTROLS 2.1 Access Control
Mandatory
0
10
20
30
2.2 Key Control
Mandatory
0
10
20
30
2.3 Alarm Systems
Mandatory
0
10
20
30
2.4 Lighting
Mandatory
0
10
20
30
2.5 Provision of Security Services
Mandatory
0
10
20
30
2.6 Duress Response Arrangements FACILITY RESULTS ALL ELEMENTS, SECTION 2
Mandatory
0
10
20
30
Facility’s score:
[Total maximum score for section 2 is 180]
out of a possible
Facility’s %:
3. SECURITY RISK CONTROLS IN PRIORITY AREAS 3.1 The Clinical Environment
Mandatory
0
10
20
30
3.2 Security of Staff Working in the Community
Mandatory
0
10
20
30
3.3 Rural and Remote Health Services
Mandatory
0
10
20
30
3.4 Security in Pharmacies
Mandatory
0
10
20
30
3.5 Security in Car Parks
Mandatory
0
10
20
30
3.6 Security of Property
0
10
20
30
3.7 Security of Information
0
10
20
30
3.8 Security of Medical Gases
0
10
20
30
3.9 Security of Radioactive Substances FACILITY RESULTS ALL ELEMENTS, SECTION 3
0
10
20
30
Facility’s score:
[Total maximum score for section 3 is 270]
Facility’s %:
out of a possible
4. SECURITY RISK CONTROLS IN UNPLANNED EVENTS 4.1 Fire Security
0
10
20
30
4.2 Bomb Threat
0
10
20
30
4.3 Violence
Mandatory
0
10
20
30
4.4 Armed Hold-Up FACILITY RESULTS ALL ELEMENTS, SECTION 4
Mandatory
0
10
20
30
Facility’s score:
[Total maximum score for section 4 is 120] ALL ELEMENTS TOTAL score
out of a possible
Facility’s %: out of a possible
NSW Health Security Improvement Tool – Part 2 – Score Sheets
TOTAL PERCENTAGE
%
Page 32–4
HEALTH FACILITY SCORE SHEET
MANDATORY ELEMENTS ONLY STANDARD ACHIEVED
ELEMENT
(Please circle the score)
1. SECURITY RISK MANAGEMENT FRAMEWORK D (nil)
C (some)
B (reasonable)
A (high)
1.1 Security Risk Management Policy and Program
0
10
20
30
1.2 Security Risk Management Responsibilities
0
10
20
30
1.3 Security Risk Management in the Planning Process
0
10
20
30
1.4 Health Service Leasing of Property to or From External Parties
0
10
20
30
1.5 Security Arrangements for Patients in Custody
0
10
20
30
1.6 Security Education and Training
0
10
20
30
1.7 Security Continuous Improvement FACILITY RESULTS ALL ELEMENTS, SECTION 1
0
10
20
30
Facility’s score:
[Total maximum score for section 1 is 210]
Facility’s %:
out of a possible
2. CORE SECURITY RISK CONTROLS 2.1 Access Control
0
10
20
30
2.2 Key Control
0
10
20
30
2.3 Alarm Systems
0
10
20
30
2.4 Lighting
0
10
20
30
2.5 Provision of Security Services
0
10
20
30
2.6 Duress Response Arrangements FACILITY RESULTS ALL ELEMENTS, SECTION 2
0
10
20
30
Facility’s score:
[Total maximum score for section 2 is 180]
Facility’s %:
out of a possible
3. SECURITY RISK CONTROLS IN PRIORITY AREAS 3.1 The Clinical Environment
0
10
20
30
3.2 Security of Staff Working in the Community
0
10
20
30
3.3 Rural and Remote Health Services
0
10
20
30
3.4 Security in Pharmacies
0
10
20
30
3.5 Security in Car Parks FACILITY RESULTS ALL ELEMENTS, SECTION 3
0
10
20
30
Facility’s score:
[Total maximum score for section 3 is 150]
Facility’s %:
out of a possible
4. SECURITY RISK CONTROLS IN UNPLANNED EVENTS 4.3 Violence
0
10
20
30
4.4 Armed Hold-Up FACILITY RESULTS ALL ELEMENTS, SECTION 4
0
10
20
30
Facility’s score:
[Total maximum score for section 4 is 60]
Facility’s %:
MANDATORY ELEMENTS TOTAL score
out of a possible
NSW Health Security Improvement Tool – Part 2 – Score Sheets
out of a possible
TOTAL PERCENTAGE:
%
Page 32–5
Detailed Indicative Evidence Guidelines 1.0
What is Indicative Evidence?
Indicative Evidence means evidence that helps to determine how well the public health organisation performs against a given Element. The evidence listed in this part of the Tool gives suggestions for the kind of information that can be sought by assessors to assist them determine the relevant Standard. It does not list all of the evidence that could show performance against each Standard. Equally, assessors do not need to check on every suggested item under Indicative Evidence. The knowledge, skills, expertise and experience of the assessor, as well as his or her familiarity with the area being assessed, will determine the range and depth of Indicative Evidence reviewed, before allocating the Standard. It is critical that assessors keep an improvement focus when conducting the survey. That is, the important work is not in determining a score, but helping the facility identify areas where it works well and areas that are in need of improvement. It is relatively easy to apply a score, indeed this can be done in a superficial manner, but in order to take an improvement focus assessors must examine the facility closely and use all their skills, experiences and senses to determine where the gaps are, and how the facility might best deal with them.
2.0
Sources of Evidence – what to look for and how to use it
In assessing each Element, the assessor should look for evidence that the Standard is or is not met. The nature of the evidence will vary from facility to facility and between different departments within the facility. There are three main ways of collecting evidence: verbal information, documentary information and observation. Assessors should use each of these methods for each Element to ensure that the correct Standard is applied. Each method gives a slightly different perspective on the Element being assessed and will assist in generating a clearer idea about what is happening. Documentary evidence may lead assessors to ask questions about particular issues, or may verify verbal information that the assessor has heard. Seeing how the facility works (observation) will help verify what the assessor has heard, too. If contradictions are found, assessors may need to dig deeper and find out more to verify findings. This process of using different sources of information to build a picture is called triangulation and is critical to being able to make a fair and verifiable assessment. There is no substitute for getting inside the detail and seeing, feeling and hearing how it operates from different perspectives. This is relatively easy if assessors are not familiar with the facility – they are able to ask what might seem to be ‘silly questions’ because they are not expected to know the answer. It’s more difficult when assessors know the facility or the people in the facility know the assessor. In this case, people will answer assessor’s questions differently than they would a stranger’s. In selecting how the assessment will be conducted, assessors should ask themselves what should this facility look, sound and act like when this Standard is applied.
NSW Health Security Improvement Tool – Part 2 – Indicative Evidence
Page 32– 6
For example, consider pharmacy security: • What would an assessor expect an ‘A’ standard secure pharmacy to look like in the facility being assessed? • What access controls would expect to be found? • How do cleaners, maintenance staff and so on gain access without compromising security? • How would the assessor expect drugs to be delivered, stored, dispensed and disposed of? • What paperwork would the assessor expect and how would it help or hinder security? • What would the building be like? • What features of the building would help or hinder security? And so on... The Indicative Evidence in the Tool can be used to help form a picture in the assessor’s mind. Starting with a mental picture of what the ‘A’ Standard pharmacy should look like will open the assessor’s mind to what makes a lower scoring version as well as to variations that could meet the ‘A’ Standard in ways not imagined. The onus is on the assessor to have an image in mind, and to give the facility a chance to demonstrate that image or convince the assessor that what they have in place meets or betters the Standard.
3.0
Using verbal information
Structured interviews are formal interview of people using pre-determined questions. These types of interviews can be done only when it is clear what needs to be asked. Semi structured interviews use a combination of prepared questions and open discussion to probe further and allow the interviewee room to express ideas and opinions. Group interviews are good for focusing on a particular topic if it is possible, as people’s ideas and thoughts bounce off others and more information may be obtained than from a series of private interviews. Group interviews are difficult to arrange in some areas, but are an efficient use of time and can yield excellent results. Private interviews may need to be conducted if the topic is confidential or if interviewees request it. Informal discussions can give ‘off the cuff’ information that can be very revealing; these include conversations that assessors may have while walking around the facility, over a cup of tea or in the corridor. Assessors need to be alert at these times. If assessors hear a series of ‘stories’ in these circumstances, they should not be discounted or discarded as ‘gossip’, on the other hand, they should not be used indiscriminately. In informal talk people will tell their view of the world; their stories can reveal the soft underbelly as well as reinforce how well a facility operates. If the information is pertinent to the assessment, assessors should seek verification by looking at other sources of information, for example documentary evidence, or view first hand if the assessor has heard that a physical aspect of the building works well or doesn’t work well. Assessors should choose to talk to people at all levels in the facility who are affected by the Element under consideration. In the pharmacy for example, the assessor would talk with the following people: chief pharmacist, other pharmacy staff, medical and nursing staff from areas that use the pharmacy frequently as well as infrequently, cleaning staff, security staff, property staff and users if appropriate. NSW Health Security Improvement Tool – Part 2 – Indicative Evidence
Page 32– 7
4.0
Using documentary information
Minutes of meetings can reveal a lot about what and how things happen in an organisation, especially when compared with verbal information. For example, if the minutes of the OHS committee have recurring discussion about a particular hazard that is not dealt with for a considerable period of time, or if management representatives are not listed as being present at meetings, assessor may be led to form an opinion about how resources are managed and the level of commitment to security. Similarly, the nature of other documents can reveal how the facility formally operates. It is not simply enough to know that the documents exist; assessors will need to trawl through them to build a picture of how the facility works. Examples of documents that can expect to be examined in the course of a full assessment include: • Minutes • Leasing contracts • Hazard and incident reports • Checklists • Training contents • Attendance lists for induction and other training • Risk assessments • Work plans and timetables for implementing control measures • Security improvement plans • Budget allocations • Policies, procedures and protocols etc. These documents can be read on a superficial level to get an overview and they allow the assessor to follow a particular story through from beginning to end. For example, if a staff member says that they wrote up a security breach in the pharmacy as a hazard report but that it ‘went nowhere’, the assessor might choose to use that as an example in their document examination. The assessor could find the specific hazard report and follow it through the system to see what happened to it. This process will give information about how the system operates in practice (with real people in mind) and where the strong and weak points are. The assessor will be able to form questions to ask those people involved in the case and determine its nature. It may be revealed as an example of general inaction or failure of systems in the area or it may have been an outrider, perhaps something that had been dealt with but communicated poorly.
5.0
Using observation
Walking through the facility can give a very strong sense of how the facility works, especially when putting on various ‘hats’. Assessors will want to physically verify that the various security risk management processes and controls work in action. Examples include: • Are alarm systems installed and operating? Are staff duress alarm systems installed where they are needed and are they working? Do the associated procedures work in practice or do people take different action (and is that more or less sensible)? • Potential drug theft from the pharmacy: are doors locked, access denied as appropriate and other security arrangements in place? • Imagining being a first-time visitor trying to find your way through the facility: is the correct signage in place and does it make sense? Are assessors inadvertently led into what should be secure areas? NSW Health Security Improvement Tool – Part 2 – Indicative Evidence
Page 32– 8
During a walk-through, assessors will have informal conversations with people that can give insight into the operation of the facility; for example, hearing about the level of consultation that has been undertaken. Assessors should go to areas of the facility that are most affected by the Element being assessed. For example, assessors may learn about how pharmacy security operates at the point of service by sitting in the pharmacy waiting area for a while and simply observing how business is conducted.
6.0
Common forms of indicative evidence
In order to reduce the length of the Tool, common forms of indicative evidence are listed in the chart on the following pages and are not repeated under each Element of the Tool. Where there are forms of evidence that are specific to a particular Element, these are mentioned in the Indicative Evidence column within the body of the Tool. Assessors are NOT restricted to the use of these forms of indicative evidence, neither should they demand that each of these forms of evidence is available in order to be able to assess at a particular Standard. Assessors should look for these common forms of evidence, as well as be alert to other indicators of achievement or lack of achievement. Assessors may be faced with quite innovative approaches to achieving the Standards. Assessors must ask themselves “Does this do what it says it will do in order to fulfill the standard?” and “Can it do this reliably?” The chart on the following pages, which lists the common forms of indicative evidence (documentary, verbal and observation), will assist assessors in determining what forms of evidence lead to a particular A, B, C or D Standard.
NSW Health Security Improvement Tool – Part 2 – Indicative Evidence
Page 32– 9
Standard D Signifies little or no activity against the element. You can expect to find little or no evidence of achievement of the standard. You can expect that evidence of work towards the standard will be scanty, uncoordinated and patchy.
Standard C Signifies that there is some risk management activity ie some consultation has occurred, some risk assessment and risk control activities have taken place, but there is still a significant amount that needs to be done to reach minimal compliance with the relevant policy in the Security Manual. Standard C
Documentary Evidence
•
The policy for the element outlines a risk management approach to controlling the risks associated with the element and was developed in consultation with key staff and stakeholders.
•
The policy for the element identifies responsibilities of supervisors and staff.
•
Sight evidence that the requirements for the element and procedures for managing the risks associated with the element were established using a risk management approach, in consultation with key staff and stakeholders.
•
Sight written procedure that identifies responsibilities of supervisors & staff.
•
View documents recording any relevant risk assessments and/or recommended control measures.
•
Policy documents about the element are on display at Reception, Staff Canteen and OHS Noticeboard, or other places where they can be readily seen by staff, supervisors and managers.
•
Program materials, procedures and/or plans about the element are written and are readily available to be viewed by all staff, supervisors and managers. ‘Readily available’ will mean different things in different contexts. In addition to sighting the materials, assessors must ask staff about this.
•
Documentary evidence can help verify that the requirements for the element and the management of the risks arising from the element are not fully implemented or are flawed. Look for evidence that the policy may not be implemented in some departments, or some aspects of the policy may not have been implemented at all. For example, although this is a limited list: o
Memo from management about the allocation of resources to the element and evidence that it has been actioned.
o
In minutes of the Security Risk Management Committee (if one exists) or OHS Committee meetings.
o
Sight documented cases of security risk management, including identification and assessment of hazards and control of risks, have been conducted in consultation with employees, but not fully implemented.
NSW Health Security Improvement Tool – Part 2 – Indicative Evidence
Page 32– 10
Standard C continued….
Documentary Evidence
o
Sight evidence that not all risks are identified, or that not all identified risks are controlled.
o
Sight incident reports, registers or other documents that may indicate that there may be identified lapses in some areas, or some aspects of the policy or procedure may not have been implemented. Seek documentary evidence that control measures have not been implemented.
Standard C
Verbal Evidence
•
Interview staff, supervisors and managers to determine their awareness and understanding of the policy and procedures and their specific responsibilities.
•
Interview staff representatives to determine the level of consultation used to develop the policy and procedures.
•
Interviews with staff, supervisors and managers may provide evidence that the requirements for the element and the management of the risks arising from the element are not fully implemented or are flawed. For example, this might be evident in following ways (although this is a limited list): o
Awareness by supervisors and/or staff about the commitment of resources to deal with specific issues concerning the element,
o
Where the risk cannot be eliminated, ask people how appropriate control strategies, consistent with the hierarchy of controls, are implemented so that risks are reduced to the lowest practicable level.
o
Evidence that security-related hazards are controlled in consultation with staff and supervisors.
o
Evidence that not all risks are identified, or that not all identified risks are controlled.
o
Listen for evidence that the policy may not be implemented in some departments, or some aspects of the policy may not have been implemented at all. There may be identified lapses in some areas, or some aspects of the procedure may not have been implemented.
o
Evidence that control measures have not been implemented.
Standard C
Observation Evidence
•
Sight evidence that the procedures are readily available for staff, supervisors and managers to read.
•
Observation in the area may provide evidence that the policy, program, procedures and/or plans for the element and the management of the risks arising from the element are not fully implemented or are flawed. For example, this might be evident in following ways (although this is limited): o
Where the risk cannot be eliminated, observe on-site where appropriate control strategies, consistent with the hierarchy of controls, are implemented so that risks are reduced to the lowest practicable level.
NSW Health Security Improvement Tool – Part 2 – Indicative Evidence
Page 32– 11
Standard C continued…
Observation Evidence
o
Sight evidence that not all risks are identified, or that not all identified risks are controlled.
o
Look for on-site evidence that the policy may not be implemented in some departments, or some aspects of the policy may not have been implemented at all. For example, some forms of lighting or access control that are needed may not have been installed throughout the facility, or they may have been installed in some areas but not others.
Standard B Standard B builds on Standard C and should indicate that there is compliance with good practice for the standard. You should consider some of the same types of indicative evidence (some of these are repeated below) but be looking for superior performance, such as completion of control plans, follow up of identified hazards, high levels of consultation and communication with staff, supervisors and managers and therefore, high levels of understanding about the element amongst these people. These are types of features that differentiate Standard B performance from Standard C. Standard B signifies a reasonable level of risk management activity ie appropriate consultation has occurred, significant risk assessment and risk control activities have taken place and there is compliance with most, though not all, aspects of the relevant policy in the Security Manual. Some but not all control strategies are implemented, and review of control strategies may have occurred to some degree. Standard B
Documentary Evidence
In addition to the Standard C Documentary Evidence: •
•
Documentary evidence can help verify that the requirements for the element and the management of the risks arising from the element are fully implemented. Look for evidence that the policy is implemented in all departments and that all aspects of the policy have been implemented. For example, this might be evident in the following ways (although this is a limited list): o
Sight documented cases of security risk management, including identification and assessment of hazards and control of risks, having been conducted in consultation with employees and fully implemented.
o
Sight documentary evidence that risks are identified and controlled.
o
Sight incident reports, registers or other documents that indicate how thoroughly the policy or procedure has been implemented.
Sight evidence of expenditure on the element based on the facility’s business plan.
NSW Health Security Improvement Tool – Part 2 – Indicative Evidence
Page 32– 12
Standard B
Verbal Evidence
In addition to the Standard C Verbal Evidence:
•
•
Sight evidence of a satisfactory system to ensure dissemination of the procedures throughout the facility to staff, supervisors and managers.
•
Staff and stakeholders can discuss the process of determining the arrangements for the element. In particular, they are aware of the risk management approach and the section and appendices on the element in the latest version of the Security Manual. Key stakeholders may include: senior management, risk managers, staff representatives, human resource personnel, security staff, OH&S Committee representatives, health unions, representatives of priority areas such as mental health and emergency departments, community staff, and other stakeholders such as local police and ambulance. This evidence can be obtained through interviews with staff, management and external stakeholders if appropriate.
Interviews with staff, supervisors and managers may provide evidence that the requirements for the element and the management of the risks arising from the element are fully implemented. For example, this might be evident in following ways (although this is a limited list): o
Evidence that risks are identified and controlled.
o
Listen for evidence that the policy is fully implemented in all areas.
Standard B
Observation Evidence
In addition to the Standard C Observation Evidence: •
In determining the requirements for the element, the issues outlined in the section on the element in the latest version of the Security Manual have been considered.
•
Observation in the area may provide evidence that the policy, program, procedures and/or plans for the element and the management of the risks arising from the element are fully implemented. For example, this might be evident in following ways (although this is a limited list): o
Sight evidence that risks are identified and controlled.
o
Look for on-site evidence that the policy is fully implemented in all areas. For example, look for evidence of consistent application of control measures (where this is appropriate).
NSW Health Security Improvement Tool – Part 2 – Indicative Evidence
Page 32– 13
Standard A Standard A builds on Standard B and indicates best practice for the standard. To be assessed at Standard A, all of Standard B should be in place, therefore the Standard B types of indicative evidence are not repeated below. Instead, Standard A requirements are the ‘cream’ on Standard B performance and you will be looking for some features that indicate a commitment to continuous improvement and practices that put this commitment into effect. These are features that differentiate Standard A performance from Standard B. Standard A signifies a high level of risk management activity ie in consultation with staff and their representatives, all significant security risks have been assessed and as far as practicable, all relevant risk controls have been implemented. There is compliance with all aspects of the relevant policy in the Security Manual. There is a continuous improvement mechanism in place that would include regular monitoring, review and a feedback loop into the system. Standard A signifies excellence/best practice. Standard A
Documentary Evidence
In addition to the Standard B Documentary Evidence: •
Sight documentary evidence of review of the element within the last three years (eg committee minutes).
Standard A
Verbal Evidence
In addition to the Standard B Verbal Evidence: •
Interviews with staff, supervisors and managers may provide evidence of review of the element within the last three years.
•
Interview staff, supervisors and managers to determine their level of involvement in the review process.
Standard A
Observation Evidence
In addition to the Standard B Observation Evidence: •
On-site observation may provide evidence that the element is reviewed as part of refurbishment of the workplace, changes in systems, changes in work organisation and changes in the community or external environment (including legislative change) that may impact on the element. (For example, duress response arrangements may be reviewed as part of refurbishment of the workplace, changes in security systems, changes in work organisation and changes in the community that may impact on the need for and nature of duress response arrangements.)
NSW Health Security Improvement Tool – Part 2 – Indicative Evidence
Page 32– 14
SECURITY IMPROVEMENT ASSESSMENT TOOL SECTION 1. SECURITY RISK MANAGEMENT FRAMEWORK TABLE OF CONTENTS 1.1 Security Risk Management Policy and Program 1.2 Security Risk Management Responsibilities 1.3 Security Risk Management in the Planning Process 1.4 Health Service Leasing of Property to or from External Parties 1.5 Security Arrangements for Patients in Custody 1.6 Security Education and Training 1.7 Security Continuous Improvement
Part Two – Security Improvement Tool – Section 1 – Security Risk Management Framework
Page 32-15
SECTION
Security Risk Management Framework
ELEMENT
1.1 Security Risk Management Policy and Program Standards
There is a minimal or no statement of policy or formal program for Security Risk Management. C. There is a written policy and formal program for Security Risk Management that is available in the workplace and is endorsed by the facility’s current management but they are not fully implemented. Some security related hazards are identified, assessed and attempts have been made to control these risks. B. There is a written Security Risk Management Policy: λ That is signed by the Chief Executive. λ That is developed and implemented in consultation with staff and in accordance with the Security Manual. λ That is given to managers, supervisors and all staff. λ That states management’s responsibilities and commitment to the provision of the necessary resources to enable the policy to be implemented. λ That states the responsibilities of supervisors and staff in the implementation of the policy. λ Where managers and supervisors are aware of their policy and statutory responsibilities for security risk management. The policy is accompanied by a formal program: λ That has been developed consultatively. λ That has been documented in accordance with the Security Manual. λ That has been distributed to all departments/divisions of the facility. λ That incorporates a risk management approach: λ Where security-related hazards are identified, assessed and controlled λ Where staff and stakeholders (including patients and visitors) are consulted in accordance with the Security Manual.
Indicative Evidence
MANDATORY Standard Achieved And Notes
D.
Look for common forms of indicative evidence.
1. 2.
3.
4.
Look for common forms of indicative evidence and also: Sight evidence that the public (patients and visitors) is engaged in the management of security. This may be through the display of security messages, the inclusion of security in patient information brochures and in the display of a code of conduct for all persons at the facility. Sight evidence of chief executive/senior management and staff involvement in the development of the security risk management program. Sight documentary evidence of consultation (eg through minutes of meetings) and assess quality of that consultation through interviews with management, supervisors and staff. Sight evidence that appropriate expertise is used in specialist areas, eg planning to install a duress alarm system.
Part Two – Security Improvement Tool – Section 1 – Security Risk Management Framework
Page 32-16
SECTION
Security Risk Management Framework
ELEMENT
1.1 Security Risk Management Policy and Program Standards
Indicative Evidence
MANDATORY Standard Achieved and Notes
B (continued) λ
A.
Where risks cannot be eliminated, the hierarchy of controls is used to find control strategies so that risks are reduced to the lowest practicable level λ Where risk control strategies are monitored and evaluated for effectiveness λ Where each stage of the risk management process is documented and made available to relevant parties. λ Where incidents are reported and investigated. In addition to B, the Policy statement is reviewed as required and is dated within the last three years. Management is held accountable for security risk management in accordance with Policy. Managers systematically ensure that all levels in the facility understand and implement the security risk management program. A system is in place for monitoring legislative changes and initiating actions to achieve compliance.
1. 2.
3.
Look for common forms of indicative evidence and also: Sight evidence that a system for compliance measurement and monitoring, and informing appropriate managers, employees, contractors, students and volunteers where applicable, of new/amended legislation and policy. Managers’ reports on remedial measures made after incidents, progress towards achievement of objectives and other security risk management activities to management meetings. λ Evidence of compliance is monitored, for example by λ Performance appraisals, λ Action plans in place, λ Business plans λ Minutes of management or various consultative meetings
COMMENTS
Part Two – Security Improvement Tool – Section 1 – Security Risk Management Framework
Page 32-17
SECTION
Security Risk Management Framework
ELEMENT
1.2 Security Risk Management Responsibilities Standards
D. C. B.
A.
There is little or no understanding of responsibilities for security management in the facility. Security risk management responsibilities are written down but are not fully understood. Security risk management responsibilities, as described in the Security Manual, are incorporated into the security risk management policy and program. All personnel at the facility are aware of their responsibilities and the responsibilities of others with respect to security risk management. In addition to B, managers systematically ensure that all levels in the facility understand their security risk management responsibilities. A system is in place for monitoring legislative changes to responsibilities and ensuring these are disseminated as appropriate and incorporated into policy and program.
Indicative Evidence
MANDATORY Standard Achieved and Notes
Look for common forms of evidence. Look for common forms of evidence.
1.
Sight evidence of consultation on security with employees and the community (eg via a security committee or security as an agenda item on community committees).
COMMENTS
Part Two – Security Improvement Tool – Section 1 – Security Risk Management Framework
Page 32-18
SECTION ELEMENT
Security Risk Management Framework 1.3 Security Risk Management in the Planning Process Standards
D. C.
MANDATORY
Little or no consideration is given to security risk management in the facility planning activities. Security risk management occurs in some planning activities but not consistently across the facility.
Indicative Evidence
1.
2.
3.
Standard Achieved and Notes
Interviews with management and staff indicate that security risk management decisions are sometimes made following an analysis of the impact of the decision on personal and property security. Sight evidence of plans that incorporate security risk management or evidence that security risk management has been addressed in the planning process (eg minutes of planning meetings, refurbishments etc). Sight evidence that planning for security risk management has not been implemented fully across the facility. λ
Examples of some departments where security risk management has not been included in planning processes.
λ
B.
Security risk management is considered in all formal and informal planning processes in consultation with employees, including the development of: 1. Strategic plans 2. Business plans 3. Service development plans 4. Disaster/emergency plans 5. Project Definitions Plans (as part of Facility Planning) 6. Procurement process, including processes for procuring services, premises, equipment, furniture, fixtures and fittings and 7. OHS improvement and management plans.
1.
Examples of the need to re-fit a recently constructed or renovated facility to control a security risk would provide this evidence. For example, examine documentation or interview management, supervisors and staff. Ask: Was security risk management left out of the original plans? Was it in the original plans but then cut out deliberately to keep to budget, with the intention of re-fitting later? If so, is there evidence that the facility has budgeted for the necessary re-fitting of security items? Sight evidence of plans that incorporate security risk management or evidence that security risk management has been addressed in consultation with employees in the planning process for strategic plans, business plans, service development plans, disaster/emergency plans, Project Definitions Plans (as part of Facility Planning), procurement process, including processes for procuring services, premises, equipment, furniture, fixtures and fittings and OHS improvement and management plans.
Part Two – Security Improvement Tool – Section 1 – Security Risk Management Framework
Page 32-19
SECTION
Security Risk Management Framework
ELEMENT
1.3 Security Risk Management in the Planning Process Standards
B. (continued)
Indicative Evidence 2.
3.
4.
5.
A.
In addition to B, security risks are considered and addressed in consultation with employees during the planning process ensuring that a more secure environment is achieved once the plan is implemented. The effectiveness of planning and design controls is evaluated.
1.
2. 3.
4.
MANDATORY Standard Achieved and Notes
Sight evidence that consideration has been given to security risk management in the design of new or modified workplaces in consultation with employees. λ Minutes planning meetings, examination of building/refurbishment plans, or minutes of OHS Committee meetings are examples of sources of this evidence. Sight evidence that that the Crime Prevention Through Environmental Design (CPTED) guidelines and the relevant sections of the Security Manual are incorporated into building/refurbishment plans. Look for representation of people with security risk management expertise on committees that plan new and/or modified workplaces. Sight documentation and interview members of such committees to determine the level of involvement of such experts. Interviews with management and staff indicate decisions are made following an analysis of the impact of the decision on personal and property security. Sight examples where security risks have been addressed during the planning process such that concerns have been addressed and controlled eg, improvements in design, implementation of procedures, purchase of equipment etc. Sight evidence that hazards are identified and risks controlled during the design phase and prior to occupancy of premises. Sight evidence that security risks are considered prior to making changes to staffing, work practices, procedures, systems of work, or operational policies (eg isolated workers). Sight evidence that the effectiveness of planning and design controls is evaluated.
COMMENTS
Part Two – Security Improvement Tool – Section 1 – Security Risk Management Framework
Page 32-20
SECTION
Security Risk Management Framework
ELEMENT
1.4 Health Service Leasing of Property to or from External Parties Standards
D. C.
B.
There is little or no evidence that security issues are considered in leasing arrangements. Informal procedural arrangements for dealing with the security risks associated with leasing to or from external parties are developed but are not fully implemented
Formal policy and procedures for dealing with the security risks associated with leasing to or from external parties are developed in consultation with staff and key stakeholders, all reasonably foreseeable security risks associated with: λ λ
Leasing property for use by Health Services or
Leasing health facility premises to external organisations are identified, assessed and eliminated where reasonably practicable, or effectively controlled in accordance with Policy. The process is appropriately documented and arrangements for security are included in leases.
Indicative Evidence
1. 2.
1. 2.
3.
MANDATORY Standard Achieved and Notes
Sight evidence of procedures for dealing with security risks associated with leasing to or from external parties. Sight evidence that in at least one case of leasing to or from external parties the security risk management issues have been addressed in the leasing arrangements, and that risk controls have been implemented in consultation with staff and the external parties. Look for common forms of indicative evidence and also: Sight evidence that that Crime Prevention Through Environmental Design (CPTED) guidelines and the relevant sections of the Security Manual are incorporated when leasing property to or from external parties. Sight evidence that the risks associated with leasing premises from external parties, as outlined in the Security Manual, have been identified, assessed and controlled. Evidence may include (but is not limited to) the management of security risks associated with: λ Geographic location λ Local crime risk λ The capacity of communications technology to work at the site, sight evidence that checks have been made λ Proximity of local police services and/or a duress response team λ The number of people to be working at the premises λ The service to be provided from the premises and the likely clientele λ Security already provided at the premises (eg within a shopping centre) and the availability of these arrangements as part of the lease λ Parking and public transport arrangements λ The provision and availability of property maintenance (eg who is responsible for glass repair and is it available 24hrs a day?)
Part Two – Security Improvement Tool – Section 1 – Security Risk Management Framework
Page 32-21
SECTION ELEMENT
Security Risk Management Framework
MANDATORY
1.4 Health Service Leasing of Property to or from External Parties Standards
Indicative Evidence
Standard Achieved and Notes
λ λ
B. (continued)
4.
Access controls (eg what is the practice for basic lock-up?) Security of approaches (eg lighting, gardens, potential hiding places). Sight evidence that in negotiating leases to external parties security risks have been identified, assessed and controlled in accordance with the Security Manual. Evidence may include (but is not limited to) the management of security risks associated with: λ
The nature of the business (eg type of customers, likelihood of armed robbery of banking services, control of large numbers of people at food outlets)
λ
The placement of the business (eg the need for external delivery doors for cash delivery to a banking facility, restriction or prevention of access to the premises via the health facility)
λ
A.
In addition to B, policy and procedures are reviewed at least every three years in consultation with staff. As a result, policy and procedures are modified as appropriate. Evaluation of the effectiveness of risk controls is built into the security risk management process and there is feedback to enable modification of risk controls as well as policy and procedures where appropriate.
Any security arrangements made by or with the external party (eg clear definition of security arrangements provided by the lessee and/or the health facility and the limits of those arrangements; any health service policies that need to be implemented by the lessee, such as firearms security) 5. Sight evidence that police crime risk assessments have been carried out before the finalisation of leases to or from external parties. 6. Examine leases to ensure that security risk management is incorporated explicitly, including clauses to cover identified risks and responsibility for building maintenance. 7. Interview staff engaged in lease negotiation and lessees to evaluate the effectiveness of the incorporation of security risk management in the process. Look for common forms of indicative evidence.
Part Two – Security Improvement Tool – Section 1 – Security Risk Management Framework
Page 32-22
SECTION ELEMENT
Security Risk Management Framework
MANDATORY
1.4 Health Service Leasing of Property to or from External Parties
COMMENTS
Part Two – Security Improvement Tool – Section 1 – Security Risk Management Framework
Page 32-23
SECTION
Security Risk Management Framework
ELEMENT
1.5 Security Arrangements for Patients in Custody Standards
D.
C.
Security risks associated with patients in custody not considered. There are no procedures or formal rules that incorporate the operational procedures of other Departments. Staff are aware of the existence of informal local arrangements for the management of patients in custody, but these arrangements are not always implemented or activated.
Indicative Evidence
1. 2.
3.
B.
Security risks associated with patients in custody are managed, as part of the facility security risk management process, in consultation with staff and relevant external Departments (eg Department of Corrective Services, Department of Juvenile Justice and NSW Police Service). In particular:
1. 2.
3.
λ
All reasonably foreseeable security risks associated with all patients in custody are identified and assessed
λ
Effective security procedures for controlling security risks, which are consistent with the operational controls of the relevant external Departments, are developed and implemented
4.
λ
The procedures are appropriately documented and communicated to relevant staff.
5.
6.
Look for common forms of indicative evidence and also: Sight evidence, or ascertain through interview, that staff are aware of the existence of local procedures for patients in custody and the Patients in Custody and the Risk Management sections of the Security Manual. Following receipt of notification that a patient in custody is to be admitted to the facility, staff briefings are held or copies of agreed protocols are circulated or made readily available. Look for common forms of indicative evidence and also: Sight evidence that the Health facility’s procedures accommodate the local operational requirements of the Departments of Police, Corrective Services and Juvenile Justice. Sight evidence or establish through interview that police, corrective services and juvenile justice management and custodial staff are made aware of relevant health facility protocols. Following receipt of notification that a patient in custody is to be treated in/ or admitted to the facility, staff briefings are held or copies of agreed protocols are circulated or made readily available. Sight evidence that there are processes to ensure that appropriate personnel are made aware of an inmate/detainee admission and that public and media enquiries are managed in accordance with policy and that other enquiries are answered with due regard to the clinical and statutory responsibilities for the patient’s ongoing care. Sight evidence that Security Manual policy is practiced with respect to the management of inmates/detainees of Correctional Services, Juvenile Justice or Police.
Part Two – Security Improvement Tool – Section 1 – Security Risk Management Framework
MANDATORY Standard Achieved and Notes
20
Page 32-24
SECTION ELEMENT
Security Risk Management Framework
Standards A.
MANDATORY
1.5 Security Arrangements for Patients in Custody
In addition to B, policy and procedures for the management of patients in custody are reviewed at least every three years, in consultation with staff and relevant government departments.
Indicative Evidence
Standard Achieved and Notes
Look for common forms of indicative evidence.
Evaluation of the effectiveness of risk controls is built into the risk management process and there is feedback to enable modification of policy, procedures and risk controls.
COMMENTS
Part Two – Security Improvement Tool – Section 1 – Security Risk Management Framework
Page 32-25
SECTION
Security Risk Management Framework
ELEMENT
1.6 Security Education and Training Standards
D.
C.
Management and staff have received little or no education and training about their statutory obligations with respect to security risk management. Management is aware of the existence of the Education and Training and the Risk Management sections of the Security Manual, but they are not fully implemented. That is, neither the assessment nor delivery of the training and education needs of supervisors and staff with respect to security risk management is complete.
Indicative Evidence
1.
2.
3.
4. 5.
B.
In addition to C, managers have been instructed on the application of policy and procedures as outlined in the Security Manual, and in particular they ensure that: λ
λ
λ
All staff are provided with appropriate security related education and training, including violence prevention and management training, consistent with legislative requirements as part of the Health Service security risk management program Education and training are appropriate to the role of the staff member and targeted to the level and type of security risk that may be encountered in the course of their work and Details of security related education and training conducted within the Health Service are documented and maintained.
1.
2.
3. 4.
MANDATORY Standard Achieved and Notes
Sight evidence, or ascertain through interview, that management is aware of the existence of the Education and Training and the Risk Management sections of the Security Manual. Sight evidence of some work towards completing a training needs analysis for security risk management. The work may have just commenced, or be in the process of completion. In any case it should have been developed and conducted in consultation with Health Service learning and development personnel. Sight evidence that some education and training for management, supervisors and staff in security risk management and aggression minimisation has been delivered but that this is not yet complete. Sight evidence that education and training are provided at induction. Sight evidence through interview and/or examination of records, that appropriately qualified people have conducted all education or training. Sight evidence, through interview or by the examination of documentation, including training records, that education and training are provided in compliance with the Occupational Health and Safety Act 2000 and the OHS Regulation 2001. This will include induction training, training about specific risks and training in hazard management. Sight evidence that a complete training needs analysis is conducted at least two-yearly and is developed and conducted in consultation with Health Service learning and relevant development personnel. Sight evidence that education and training records are maintained and are kept up to date. Sight evidence that education and training is provided at appropriate stages of work, including (but not limited to): λ At induction λ On arrival at a new work area (eg induction onto a ward)
Part Two – Security Improvement Tool – Section 1 – Security Risk Management Framework
Page 32-26
B.
λ As on-going refresher training during the course of
(continued)
employment λ When there are changes to work practices or procedures λ When new activities are introduced to the work area λ When incident investigations identify new hazards and new
controls are introduced. Sight evidence that staff at risk of violence (eg security, mental health, emergency department, drug and alcohol) are being provided with violence prevention and management training in line with the NSW Health circular 2003/50 NSW Health Training Program – A Safer Place to Work: Preventing and Managing Violent Behaviour in the Health Workplace. 6. Sight evidence that training in duress response/restraint techniques and procedures is given to appropriate people. 7. Sight evidence that evaluation of the effectiveness of education and training is conducted against appropriate, pre-determined performance indicators. Indicators might include (but are not limited to): λ Awareness about health service security related policies and practices λ Changes in the number of incidents occurring λ Changes in the number of hazards being reported Look for common forms of indicative evidence. 5.
A.
In addition to B, management of security education and training forms part of the security risk management process of the facility. These processes (policy and procedures) are reviewed at least every three years, in consultation with staff. Evaluation of the effectiveness of education and training to the control of risk is built into the risk management process and there is feedback to enable modification of education and training systems to appropriately skill staff and reduce risk. Changes in work practices generate formal discussion about changes in associated security risk management education and training and this is fed back into the education and training and security risk management processes of the facility on an ongoing basis.
COMMENTS
Part Two – Security Improvement Tool – Section 1 – Security Risk Management Framework
Page 32-27
SECTION
Security Risk Management Framework
ELEMENT
1.7 Security Continuous Improvement Standards
D.
There is little or no evaluation of the security risk management program. A process for evaluating the security risk management program is in place but is not fully implemented. Security improvement plans exist but are not fully implemented.
C.
Indicative Evidence
1.
2. B.
As part of the continuous improvement process, the health care facility evaluates all aspects of their security management program and ensures that evaluation outcomes are used in the on-going development of the security risk management program.
1.
As a minimum, the health care facility: Undertakes an internal security survey on an annual basis (defined as a process that evaluates the implementation of a security management program and effectiveness of that program against a pre-determined set of criteria) o Undergoes an external security survey every five years. (This survey can be undertaken by appropriately qualified staff from another Health Service).
o
Note: The use of this Security Improvement Tool will satisfy the requirement to undertake a survey on an annual and five-yearly basis, as outlined in the Security Manual.
MANDATORY Standard Achieved and Notes
Sight evidence that there are performance indicators for some aspects of the security risk management program and that these aspects are monitored against those criteria. Sight evidence that security improvement plans are at least partially implemented. Interview management and staff to ascertain that performance criteria are established in a consultative manner and that consideration is given to the reliability and validity of the information used, as well as to base line data when available. Performance indicators may be linked to program outcomes or components of the program and may change with time as the program is developed, implemented and improved. Performance indicators may be derived from various sources, including but not limited to: λ
Hazard and incident reports
λ
Duress response records
λ
OHS committee meeting minutes
λ
Results of security audits, surveys and inspections
λ
Workers compensation data
λ
2. 3.
4.
Workplace grievance records and staff turnover in priority areas. Examples of security-related performance indicators can be found in the Security Manual Sight evidence that a security survey is conducted annually, that an improvement plan is developed based on the outcome of the survey and that there is action towards implementation of the improvement plan. Sight evidence that an external survey of security is conducted every five years, that an improvement plan is developed based on the outcome of the survey and that there is action towards implementation of the improvement plan.
Part Two – Security Improvement Tool – Section 1 – Security Risk Management Framework
Page 32-28
SECTION
Security Risk Management Framework
ELEMENT
1.7 Security Continuous Improvement Standards
A.
In addition to B, the security assessment systematically feeds into a process of continuous improvement such that findings/recommendations of the assessment are fed back into the planning and development of the security risk management program, and changes implemented and evaluated for effectiveness.
Indicative Evidence 1. 2. 3.
MANDATORY Standard Achieved and Notes
Sight security improvement plan for all surveys. Sight evidence that the security improvement plan has been implemented. Sight evidence that the actions in the improvement plan have been evaluated for effectiveness and to ensure that no new risks have been introduced.
COMMENTS
Part Two – Security Improvement Tool – Section 1 – Security Risk Management Framework
Page 32-29
SECURITY IMPROVEMENT ASSESSMENT TOOL SECTION 2. CORE SECURITY RISK CONTROLS TABLE OF CONTENTS 2.1 2.2 2.3 2.4 2.5 2.6
Access Control Key Control Alarm Systems Lighting Provision of Security Services Duress Response Arrangements
Part Two – Security Improvement Tool – Section 2 – Core Security Risk Controls
Page 32–30
SECTION
Security Risk Management Framework
ELEMENT
2.1 Access Control Standards
D. C.
B.
There is no statement of policy for Access Control to the facility. There is a written policy and procedure for Access Control that is available in the workplace and is endorsed by the facility’s current management but is not fully implemented. The Access Control policy and procedures have been developed: λ In conjunction with key staff and stakeholders, and λ In accordance with the guidelines in the latest version of the Security Manual. The Access Control policies and procedures are documented and implemented. The consultation process has included the identification, assessment and elimination (where reasonably practicable) or effective control of security risks associated with access to workplaces. The Access Control policy and procedures include: λ Securing perimeters λ Controlling access to the land on which the facility is placed λ Providing safe access and egress, especially after hours and during emergencies λ Controlling access to vulnerable areas λ Clear signage λ Staff identification systems.
Indicative Evidence
MANDATORY Standard Achieved and Notes
Look for common forms of indicative evidence.
1. 2.
Look for common forms of indicative evidence and also: Interview staff about their knowledge and understanding of their access control responsibilities, including staff identification systems, according to the policy and procedures. 3. Sight evidence through talking to staff and stakeholders (for example stories about breaches or thwarted breaches of the system) that the access control system: λ Is secure enough to resist attempts to breach the system λ Can effectively differentiate between those who have authorized access and those who have not (eg fictitious cards?; numbers of cards = numbers of staff) λ Is reliable (can weak links be found?) λ Is regularly maintained and tested λ Includes an alternative system or process for providing access in the event of failure. 4. Review security surveys of high risk areas such as pharmacy, medical records, emergency departments, drug and alcohol.
Part Two – Security Improvement Tool – Section 2 – Core Security Risk Controls
Page 32–31
SECTION
Core Security Risk Controls
ELEMENT
2.1 Access Control Standards
A.
In addition to B, the Access Control policy and procedures are reviewed every three years or more frequently where there are changes in the workplace or in systems that impact on access control.
Indicative Evidence
MANDATORY Standard Achieved and Notes
Look for common forms of indicative evidence.
COMMENTS
Part Two – Security Improvement Tool – Section 2 – Core Security Risk Controls
Page 32–32
SECTION
Core Security Risk Controls
ELEMENT
2.2 Key Control Standards
Indicative Evidence
D.
There is little or no key control in evidence and little or no evidence that this is considered as part of the facility security risk management process.
C.
There is a written policy for Key Control that is available in the workplace and is endorsed by the facility’s current management but is not fully implemented.
Look for common forms of indicative evidence.
B.
The Key Control policy and procedures have been developed:
1. 2.
λ
in conjunction with key staff and stakeholders, and
λ
in accordance with the guidelines in the latest version of the Security Manual. The Key Control policies and procedures are documented and implemented. The consultation process has included the identification, assessment and elimination (where reasonably practicable) or effective control of security risks, such as theft and assault, associated with poor key control.
3.
4. The Key Control policy and procedures include the management of Security Keys that give access to: λ
Pharmacies, drug safes and cabinets λ Safes and other security containers λ Containers that hold security keys λ Specialist areas where for clinical/legal reasons patient movement around the facility is restricted λ Major important or sensitive assets and General Administration Keys which give access to support services and domestic assets.
MANDATORY Standard Achieved and Notes
Look for common forms of indicative evidence and also: Interview managers and supervisors (from across the facility) about their knowledge and understanding of their key control responsibilities, including security keys and general administration keys, according to the policy and procedures. Sight evidence that they know how to use the keys that they have access to. Interview staff about their knowledge and understanding of their key control responsibilities, including security keys and general administration keys, according to the policy and procedures. Sight evidence that the key control system can minimise the likelihood of theft and assault through talking to staff and stakeholders (for example stories about breaches or thwarted breaches of the system) and through sighting documentation that shows that the key control system: λ Is secure enough to resist attempts to breach the system λ Can effectively differentiate between those who have written delegation to hold and issue keys and those who have not λ Is reliable (can weak links be found?) λ Is regularly maintained and tested λ Includes a back-up system or process for providing access in the event of failure.
Part Two – Security Improvement Tool – Section 2 – Core Security Risk Controls
Page 32–33
SECTION
Core Security Risk Controls
ELEMENT
2.2 Key Control Standards
A.
In addition to B, the Key Control policy and procedures are reviewed every three years or more frequently when there are changes in the workplace or in systems that impact on key control.
Indicative Evidence
MANDATORY Standard Achieved and Notes
Look for common forms of indicative evidence.
COMMENTS
Part Two – Security Improvement Tool – Section 2 – Core Security Risk Controls
Page 32–34
SECTION
Core Security Risk Controls
ELEMENT
2.3 Alarm Systems Standards
D.
C.
B,
There is little or no evidence that the requirements for alarm systems have been established or that these are considered as part of the facility security risk management process. The requirements for alarm systems are determined and those systems are reviewed, but these processes are not fully implemented. The requirements for alarm systems (eg duress and intruder alarms) have been developed: λ In consultation with key staff and stakeholders, and
Indicative Evidence
MANDATORY Standard Achieved and Notes
Look for common forms of indicative evidence.
1. 2.
λ
In accordance with the guidelines in the latest version of the Security Manual so as to ensure that staff members, patients and assets are secure. As part of the risk management process, a regular review of all alarms systems occurs.
3.
Look for common forms of indicative evidence and also: In determining the requirements for alarms, the following risks have been assessed: λ Potential for violence against staff λ The type of work being carried out by staff λ Working in isolation λ Cash handling λ Goods and equipment stored in the area λ Level of external security risks λ Level of internal security risks λ Exits that may be left open by staff or patients λ The security needs of ‘at risk’ patients such as wandering elderly patients in wards, or children at risk of unauthorised removal from the facility λ Potential for use of emergency exits (eg fire escapes) by thieves to remove assets λ Potential for break in via doors and/or windows to remove assets and λ Potential for break into and theft of vehicles. Interview managers and supervisors (from across the facility) about their knowledge and understanding of their responsibilities concerning alarm systems. Sight evidence that they know how to use the alarm systems.
Part Two – Security Improvement Tool – Section 2 – Core Security Risk Controls
Page 32–35
SECTION
Core Security Risk Controls
ELEMENT
2.3 Alarm Systems Standards
B.
(continued)
Indicative Evidence 4.
5. 6.
MANDATORY Standard Achieved and Notes
Interview staff about their knowledge and understanding of their responsibilities with respect to alarm systems. Sight evidence that they know how to use the alarm systems. Evidence of expenditure for alarm systems based on the facility’s business plan. Sight evidence that the alarm system can minimise the likelihood of theft and assault through talking to staff and stakeholders (for example stories about breaches or thwarted breaches of the system) and through sighting documentation that shows that the alarm system: λ Complements any other protective measures taken by the facility λ
A.
In addition to B, the requirements for alarm systems are reviewed every three years or more frequently where there are changes in the workplace or in systems that impact on the effective functioning of alarms.
7. 1. 2.
3.
Features and configuration are appropriate to the identified needs and possible risk. Sight evidence of regular testing and maintenance of alarms. Evidence of review of the requirements for alarm systems within the last three years. Evidence that staff are involved in the review process. This can be obtained through documentation (eg committee minutes) and/or interviews with staff involved in the process. Evidence that the requirements for alarm systems are reviewed as part of refurbishment of the workplace, changes in security systems and changes in work organisation that may impact on the effective functioning of alarms.
COMMENTS
Part Two – Security Improvement Tool – Section 2 – Core Security Risk Controls
Page 32–36
SECTION
Core Security Risk Controls
ELEMENT
2.4 Lighting Standards
D.
C. B.
There is little or no evidence that the requirements for lighting have been established or that these are considered as part of the facility security risk management process. The requirements for lighting are determined and those systems are reviewed, but these processes are not fully implemented. The requirements for lighting have been developed: λ
in consultation with key staff and stakeholders, and
Indicative Evidence
A.
In addition to B, the requirements for lighting are reviewed every three years or more frequently where there are changes in the workplace or in systems that impact on the security provided by lighting.
Standard Achieved and Notes
Look for common forms of indicative evidence. 1. 2.
λ
in accordance with the guidelines in the latest version of the Security Manual. so as to ensure that internal and external lighting is sufficient to eliminate, where reasonably practicable, or control security risks related to poor lighting, and meet the relevant Australian Standards.
MANDATORY
3. 4.
5. 1. 2.
3.
Look for common forms of indicative evidence. The external lighting system used is that recommended for health facilities and uses luminaries of the High-Pressure Sodium (HPS) type in order to improve security in the vicinity of the light. Evidence of expenditure for lighting based on the facility’s business plan. Sight evidence that the selected lighting can improve security through talking to staff (including the Facilities Manager) and stakeholders (for example stories about breaches or thwarted breaches of security where lighting played a role). Sight evidence of regular testing and maintenance of lighting. Evidence of review of the requirements for lighting within the last three years. Evidence that staff are involved in the review process. This can be obtained through documentation (eg committee minutes) and/or interviews with staff involved in the process. Evidence that the requirements for lighting are reviewed as part of refurbishment of the workplace, changes in security systems and changes in work organisation that may impact on the security provided by lighting.
COMMENTS
Part Two – Security Improvement Tool – Section 2 – Core Security Risk Controls
Page 32–37
Core Security Risk Controls
SECTION
MANDATORY
2.5 Provision of Security Services
ELEMENT Standards
There is little or no evidence that the requirements for security services within each facility have been determined using a risk management approach. C. The requirements for security services within each facility have been determined using a risk management approach and in consultation with key staff and stakeholders, and some security services have been made available. Where security staff have been issued with batons or handcuffs, the associated risk assessment clearly identifies that this is a necessary risk control strategy, even after all other appropriate risk control strategies have been implemented. There are written procedures for managing the risks associated with the use of weapons by security staff that are available in the workplace and were developed in consultation with staff and key stakeholders using a risk management approach, but they are not fully implemented. B. In addition to C, the requirements for security services and for managing the risks associated with the use of weapons by security staff (where applicable) have been developed: λ In consultation with key staff and stakeholders, and
Indicative Evidence
Standard Achieved and Notes
D.
λ
In accordance with the guidelines and appendices in the latest version of the Security Manual so as to ensure that appropriate security services are provided to be able to respond effectively to security-related issues. Minimum standards for the provision of security services in the facility and the procedures for managing the risks associated with the use of weapons by security staff (where applicable) are documented and implemented.
Look for common forms of indicative evidence. Note: The Department of Health does not support the issue of batons and/or handcuffs as a key risk control strategy, and all other appropriate risk control strategies higher up the hierarchy of risk controls should be given priority for implementation, prior to considering the necessity of batons or handcuffs. Chapter 14 of the Security Manual must be closely consulted when assessing this Element.
1. 2.
Look for common forms of indicative evidence Sight evidence that in determining the requirements for security services, the following issues have been considered: λ The type of work being performed (eg emergency, alcohol and other drugs or mental health areas that may require access to 24/7 security) λ
The likely clientele using the service
λ
The number of staff on duty at any one time
λ
The size and layout of the facility
λ
The nature of incidents that have occurred previously
λ
The geographical location of the area being assessed (eg is it isolated?).
Part Two – Security Improvement Tool – Section 2 – Core Security Risk Controls
Page 32–38
Core Security Risk Controls
SECTION
Standards B.
MANDATORY
2.5 Provision of Security Services
ELEMENT
Indicative Evidence
(continued) The procedures take into account: λ
The need to implement all practical violence risk control strategies prior to considering issuing security staff with weapons
λ
The potential for weapons to be taken and used against staff, patients or visitors
λ
The potential for injury to staff who may use the weapons and those who the weapons are used against
λ
The potential for legal action over the use and misuse of weapons
λ
The legislative framework, including the Weapons Prohibition Regulation 1999 and the Security Industry Act 1997
λ
Managing post-incident issues.
λ
The crime risk of the locality (police can advise)
λ
Proximity of local police services
Standard Achieved and Notes
λ
3.
The current security controls in place and their effectiveness in reducing risk (eg access control measures). Sight evidence that the procedures for the use of weapons by security staff (where applicable) include the following: λ Instructions on application and use (eg the use of weapons is a last resort action, after all other avenues to resolve the situation have been exhausted) and should only be used defensively λ
Clear guidelines that ensure staff are acting within the law and that minimise harm
λ
Recording the use of weapons in detail
λ
Carrying out procedural debriefing following the use of weapons
λ
Providing specialist training prior to the issuing of weapons and the maintenance of a weapons training register
λ
4. 5. 6.
7.
Maintenance of a weapons inventory, including permanent identification of weapons. Sight appropriate licences and first aid accreditation of security staff. Sight evidence that current pre-employment guidelines are implemented when selecting people for security-related positions. Interview managers and supervisors (from across the facility) to determine their knowledge and understanding of the role of and their responsibilities towards security services and the use of weapons by security staff, including arrangements in contracts with external security providers. Interview staff (including security staff) about their knowledge and understanding of the role of and their responsibilities with respect to security services. This should provide the assessor with information about the nature of policy and procedures, their dissemination to staff and the level of appropriate training.
Part Two – Security Improvement Tool – Section 2 – Core Security Risk Controls
Page 32–39
Core Security Risk Controls
SECTION
Standards B.
MANDATORY
2.5 Provision of Security Services
ELEMENT
Indicative Evidence
(continued)
Standard Achieved and Notes
In particular, determine that: λ
The emphasis of security services is on prevention – see chapter 26 of the Security Manual and the NSW Health Zero Tolerance to Violence Policy and Guidelines (circular 2003/48)
λ
Security staff are aware of the differences between security service roles and police roles
λ
In the management of incidents physical force should be limited to assistance with restraint, evasive self-defence, defensive not aggressive responses and the minimum of force within the constraints of the law
λ
The use of physical and mechanical restraints is always in accordance with Chapter 14 of the Security Manual
λ
The use of chemical restraints is always in accordance with the guideline ‘Management of Adults with Severe Behavioural Disturbance – Guidelines for Clinicians in NSW (May 2002)’
λ
Searching of patients and visitors is within legal and policy guidelines (see the Mental Health Act and Chapter 14 of the Security Manual) both in voluntary and involuntary situations
λ
8.
9.
The retention, restoration, storage and disposal of weapons is carried out in accordance with Chapters 6 and 14 of the Security Manual the Prohibited Weapons Act 1998 and the Evidence Act 1995. Sight evidence that the selected security services can improve security through talking to staff and stakeholders (for example stories about breaches or thwarted breaches of security where security services played a role). Sight evidence that evaluation of the effectiveness of security services is conducted against appropriate, pre-determined performance indicators. Indicators might include (but are not limited to): λ Awareness about health service security related policies and practices
Part Two – Security Improvement Tool – Section 2 – Core Security Risk Controls
Page 32–40
Core Security Risk Controls
SECTION
Standards B.
MANDATORY
2.5 Provision of Security Services
ELEMENT
(continued)
Indicative Evidence λ
Standard Achieved and Notes
Changes in the number of incidents occurring
λ
A.
In addition to B, the requirements for security services and the procedures for managing the risks associated with the use of weapons by security staff (where applicable) are reviewed every three years. This may be more frequent where there are changes in the workplace or in systems, legislation, policy, or guidelines that impact on these areas, or where an incident in the workplace suggests that the current processes may be inadequate.
Qualitative analysis of the management of incidents by security services. 10. If the security risk management process has been reviewed by the Department of Health or other external agency, sight the results of these reviews for evidence of compliance with the Security Manual. Examples of implementation of suggested action from these reviews will also reveal information. 11. Sight evidence that strategies for controlling risks associated with the use of weapons by security staff are included in the repertoire of action, including ensuring that the staff issued with weapons are licensed security officers and that they receive specialised training. 1. Evidence of review of the requirements for security services, the need for batons and handcuffs and managing risks associated with the use of batons and handcuffs by security staff within the last three years. 2. Evidence that staff are involved in the review process. This can be obtained through documentation (eg committee minutes) and/or interviews with staff involved in the process. 3. Evidence that the requirements and procedures for security services are reviewed as part of refurbishment of the workplace, changes in security systems, changes in work organisation and changes in the community that may impact on the need for security services or on the use of weapons by security staff.
COMMENTS
Part Two – Security Improvement Tool – Section 2 – Core Security Risk Controls
Page 32–41
Core Security Risk Controls
SECTION
MANDATORY
2.6 Duress Response Arrangements
ELEMENT Standards
There is little or no evidence that duress response arrangements have been established or that these are considered as part of the facility security risk management process. C. Duress response arrangements are determined using a risk management approach, but these processes are not fully implemented. B. As part of the facility security risk management process, there are appropriate, timely and effective response arrangements for both clinical and other duress situations (including response to duress alarms) that have been developed and implemented:
Indicative Evidence
Standard Achieved and Notes
D.
Look for common forms of indicative evidence.
1. 2.
λ
In consultation with key staff and stakeholders, and λ In accordance with the relevant guidelines and appendices in the latest version of the Security Manual. Staff are aware of the options available to them when faced with a violent individual, that consider: λ the nature and severity of the event, λ whether it is a patient, visitor or intruder, and λ the skills, experience and confidence of the staff member/s involved. Where appropriate a duress response team is established. It consists of enough people to provide appropriate response depending on the nature of the facility, and the members are trained. Staff understand that they can expect an appropriate response to a duress alarm or when seeking urgent assistance in a threatening situation. Management accepts that staff are entitled to call for assistance in duress situations in accordance with the Department’s Zero Tolerance Policy and Framework Guidelines (Circular 2003/48).
3.
Look for common forms of indicative evidence and also: There is evidence that in planning, implementing and reviewing duress response arrangements, the following issues have been considered: λ Safety of patients, staff and others λ Ensuring that the response is appropriate, adequate, timely and effective λ Respect and dignity of staff and patients (although safety is the priority) λ Empathy and recognition of the experiences of all involved λ Offer of support and care as needed λ Support for rapid and effective treatment and rehabilitation as indicated λ Compatibility with the facility’s emergency procedures (eg fire, bomb threat, medical emergency etc) with duress response plans. Staff are aware that there is a range of options available to them when faced with a violent individual, including triggering a duress alarm. These will vary from facility to facility. Interviews with staff and management should elicit knowledge about the features of an effective duress response: λ Requires one call or alarm trigger λ Call or trigger is early rather than later in the event λ Staff are aware of protocols for getting assistance λ Response is as fast as possible λ Response is standardised as far as possible to reduce confusion
Part Two – Security Improvement Tool – Section 2 – Core Security Risk Controls
Page 32–42
SECTION
Core Security Risk Controls
ELEMENT
2.6 Duress Response Arrangements Standards
B.
(continued) Staff and management understand that early recognition of an incident and adequate and appropriate response can minimise the risk of injury to staff, patients and others and prevent escalation. Staff understand the difference between a clinical and non-clinical duress alarm. Staff understand how to manage post-incident issues.
A.
In addition to B, duress response arrangements are reviewed every three years or more frequently where there are changes in the workplace or in systems that impact on the need for duress response arrangements.
MANDATORY Indicative Evidence
Standard Achieved and Notes
λ
Response is sufficient to meet local needs and where necessary includes consideration of contingency plans while awaiting response λ Team members are well trained in the response procedure including their roles λ Each team has a delegated leader and an agreed assembly point λ All shifts are covered and processes are in place to cover unexpected staff shortages (eg due to sick leave) λ Links with local protocols, where appropriate, for retreat, restraint, sedation and additional back up λ Incorporates post incident management and support processes λ Includes operational review and debriefing λ Is regularly evaluated and updated as necessary. 4. Sight evidence that duress response plans/procedures are realistic and achievable in the workplace, provide the best possible response time and include consideration of contingencies such as the simultaneous occurrence of more than one duress situation. Assessors should refer to Appendix 29.1 for examples of model duress response plans. 5. Sight evidence that the duress response communication protocols are in accordance with the relevant chapter of the Security Manual Look for common forms of indicative evidence.
COMMENTS
Part Two – Security Improvement Tool – Section 2 – Core Security Risk Controls
Page 32–43
SECURITY IMPROVEMENT ASSESSMENT TOOL SECTION 3. SECURITY RISK CONTROLS IN PRIORITY AREAS TABLE OF CONTENTS
3.1 The Clinical Environment 3.2 Security of Staff Working in the Community 3.3 Rural and Remote Health Services 3.4 Security in Pharmaciess 3.5 Security in Car Parks 3.6 Security of Property 3.7 Security of Information 3.8 Security of Medical Gases 3.9 Security of Radioactive Substances
Part Two – Security Improvement Tool – Section Three – Security Risk Control in Priority Areas
Page 32–44
SECTION
Security Risk Controls in Priority Areas
ELEMENT
3.1 The Clinical Environment Standards
D.
C.
B.
There is little or no evidence that managing security in the clinical environment has been considered as part of the facility security risk management process. There is a written procedure for managing security in the clinical environment that is available in the workplace and was developed in consultation with staff and key stakeholders using a risk management approach, but it is not fully implemented. In addition to C, procedures for managing security in the clinical environment have been developed: λ
Indicative Evidence
Standard Achieved and Notes
Look for common forms of indicative evidence.
1. 2.
In consultation with staff and key stakeholders, and
λ
In accordance with the guidelines in the latest version of the Security Manual and relevant legislation. The procedures for managing security in the clinical environment are documented and implemented. The consultation process has included the identification, assessment and elimination (where reasonably practicable) or effective control of security risks associated with the clinical environment to minimise the likelihood of incidents related to robbery, abduction and violence. Clinical and operational protocols have been developed consultatively and are implemented to manage aggression arising from a patient’s medical or psychiatric condition.
MANDATORY
3.
4.
Look for common forms of indicative evidence and also: Sight evidence that the following documents have been consulted in the preparation of procedures for Security in the Clinical Environment: λ Memorandum of Understanding between NSW Police and NSW Health, and the accompanying flowcharts λ Mental Health For Emergency Departments (red book – May 2002) λ Management of Adults with Severe Behavioural Disturbance: Guidelines for Clinicians (green book – May 2002) and λ Guidelines on the Management of Challenging Behaviour in Residential Aged Care Facilities in NSW (Department of Health - August 2000) Sight evidence through talking to staff and stakeholders that risks have been identified, assessed and controlled in priority areas within the facility, including: λ emergency departments, maternity units, admissions areas, mental health services, drug and alcohol services including methadone dispensing clinics, brain injury units, aged care/dementia units and during individual patient specials (IPS). Sight evidence that strategies for controlling security in the clinical environment are included in the repertoire of action. These may include: λ Building design, access control, patient liaison and management, the provision of security services, the management of staffing issues, the provision of education and training, staff awareness, searching patients and visitors, appropriate responses to violence, patient restraint, the identification of patients with particular security needs.
Part Two – Security Improvement Tool – Section Three – Security Risk Control in Priority Areas
Page 32–45
SECTION
Security Risk Controls in Priority Areas
ELEMENT
3.1 The Clinical Environment Standards
A
In addition to B, the procedures for managing security in the clinical environment are reviewed every three years or more frequently where there are changes in the workplace or in systems, legislation, policy, or guidelines that impact on this area, or where an incident in the workplace suggests that the current processes may be inadequate.
Indicative Evidence
MANDATORY Standard Achieved and Notes
Look for common forms of indicative evidence.
COMMENTS
Part Two – Security Improvement Tool – Section Three – Security Risk Control in Priority Areas
Page 32–46
SECTION
Security Risk Controls in Priority Areas
ELEMENT
3.2 Security of Staff Working in the Community Standards
D. C.
B.
Indicative Evidence
There are minimal or no procedure for managing the security of staff working in the community. There are written procedures for managing the security of staff working in the community that are available in the workplace. They are developed in consultation with staff and key stakeholders using a risk management approach, but they are not fully implemented.
1. 2.
In addition to C, procedures for managing the security of staff working in the community have been developed:
1. 2.
λ
In consultation with staff (especially staff who work in the community) and key stakeholders, and
λ
In accordance with the guidelines in the latest version of the Security Manual and relevant legislation. The procedures for managing the security of staff working in the community are documented and implemented. The consultation process has included the identification, assessment and elimination (where reasonably practicable) or effective control of security risks associated with working in the community. The procedures acknowledge that community workers work in environments that are not under the immediate control of the employer. They may work in isolation, away from ready access to security providers and they are therefore vulnerable to the risk of violence. At all times staff working in the community have access to appropriate field equipment (eg torches) and communication devices.
3. 4.
5.
MANDATORY Standard Achieved and Notes
Look for common forms of indicative evidence and also: Seek evidence (documentary or through interviews with staff – particularly those who work in the community, supervisors and managers) that the procedures are at least partially implemented. Look for common forms of indicative evidence, but also consider: λ Evidence that aggression minimisation training has been provided. λ That staff working in the community have access to appropriate field equipment (eg torches) and communication devices. Look for common forms of indicative evidence and also: Sight evidence that the procedures cover: λ Obtaining relevant client information from the referring clinician/service λ Local risk assessment and management measures λ Injury prevention initiatives λ Crimes Prevention Liaison λ Staff training requirements λ Emergency procedures and local arrangements for security assistance from police λ Local reporting procedures λ Appropriate support for staff in the event of an incident λ Commitment to cultivating good relations with local police and other local services. Obtain evidence, through talking to community workers, that they have good quality information about contacts and locations. If possible obtain evidence from community-based patients or other clients that they are informed about community staff and the purpose of their visits. Obtain evidence through interview that community workers know what to do when confronted with aggressive, violent or potentially violent behaviour.
Part Two – Security Improvement Tool – Section Three – Security Risk Control in Priority Areas
Page 32–47
SECTION
Security Risk Controls in Priority Areas
ELEMENT
3.2 Security of Staff Working in the Community Standards
Indicative Evidence
B. (continued)
6.
A.
1. 2.
In addition to B, the procedures for managing the security of staff working in the community are reviewed every three years or more frequently where there are changes in the workplace or in systems, legislation, policy, or guidelines that impact on this area, or where an incident in the workplace suggests that the current processes may be inadequate.
MANDATORY Standard Achieved and Notes
Sight evidence that strategies for controlling security risks to staff working in the community include (but are not limited to): λ Effective preparation for community visits, arranging for security support during visits, ceasing visits to particular households, effective handover of information about risky situations, cultivating good relations with local police, comprehensive administrative protocols so that the whereabouts of community workers is known, use of checklists in the Security Manual, providing well-maintained vehicles and equipment, testing of duress alarms and other equipment, 24/7 availability of a base contact, training in the use of communications and duress equipment and strict control of after hours visits, providing aggression minimisation training as well as regular refresher/update courses, use of security/police escort for high risk situations. Look for common forms of indicative evidence and also: Evidence that the local police and crimes prevention team are involved in the review process as a means of building partnerships and fostering sharing of information.
COMMENTS
Part Two – Security Improvement Tool – Section Three – Security Risk Control in Priority Areas
Page 32–48
SECTION
Security Risk Controls in Priority Areas
ELEMENT
3.3 Rural and Remote Health Services Standards
D.
C.
There are minimal or no procedures for managing security in rural and remote facilities. Alternative: The rural or remote health service has no procedure for managing the security risks specifically associated with being rural or remote. Procedures for managing reasonably foreseeable security risks in rural and remote facilities, including staff residences, are developed in consultation with staff and key stakeholders using a risk management approach, but these processes are not fully implemented.
Indicative Evidence
1. 2.
MANDATORY Standard Achieved and Notes
Look for common forms of indicative evidence and also: Seek evidence (documentary or through interviews with staff, supervisors and managers) that the procedures are partially implemented. For example, this might be evident in the following ways: λ
B.
In addition to C, procedures for managing security in rural and remote facilities, including staff residences, have been developed: λ λ
In consultation with staff and key stakeholders, and
In accordance with the guidelines in the latest version of the Security Manual and relevant legislation. The procedures for managing security risks in rural and remote facilities, including staff residences, are documented and implemented. The consultation process has included the identification, assessment and elimination (where reasonably practicable) or effective control of security risks associated with rural and remote facilities.
1. 2.
Memo from management about the allocation of resources to manage security in rural and remote facilities, including staff residences, and evidence that it has been actioned. This includes resource allocation to training (eg aggression minimisation, the use of equipment) and the provision of adequate equipment, vehicles and accommodation. Look for common forms of indicative evidence and also: Sight evidence that the procedures include consideration of the issues that potentially face rural and remote facilities, including: λ High staff turnover leading to reduced continuity of knowledge λ Reduced access to police and emergency services λ Delayed response times for emergency services and other referral agencies λ Complications and time delays associated with organising transport of victims or perpetrators out of the community λ Small populations, close community ties and lack of anonymity λ Conflict between reporting requirements and cultural sensitivities
Part Two – Security Improvement Tool – Section Three – Security Risk Control in Priority Areas
Page 32–49
SECTION
Security Risk Controls in Priority Areas
ELEMENT
3.3 Rural and Remote Health Services Standards
Indicative Evidence
MANDATORY Standard Achieved and Notes
λ
B. (continued)
Communication difficulties (eg no mobile phone coverage etc) Co-location of residence and clinic, therefore increasing the risk of violence for staff λ Staff working in isolation from colleagues and support systems. Obtain evidence (written or oral) that there is a high level of preparedness in the facility, including: gathering information relevant to the local service and region, developing local policies and procedures that will work in a particular situation, providing suitable premises and equipment and setting up support systems such as partnerships with local emergency services and businesses. If possible obtain evidence from community-based people that partnerships have been developed to improve security. Sight evidence that staff are equipped with effective field communication technology or procedures that give as complete a communication coverage as possible, in the event of an emergency, such as: mobile telephones, satellite telephones, twoway radios, long range duress alarms and GPS duress beacons that can provide the location of the person. Sight evidence that there has been appropriate training in procedures, the use of equipment and aggression minimisation. λ
3.
4. 5.
6. A.
In addition to B, the procedures for managing security in rural and remote facilities, including staff residences, are reviewed every three years or more frequently where there are changes in the workplace or in systems, legislation, policy, or guidelines that impact on this area, or where an incident in the workplace suggests that the current processes may be inadequate.
Part Two – Security Improvement Tool – Section Three – Security Risk Control in Priority Areas
Page 32–50
SECTION
Security Risk Controls in Priority Areas
ELEMENT
3.3 Rural and Remote Health Services
MANDATORY
COMMENTS
Part Two – Security Improvement Tool – Section Three – Security Risk Control in Priority Areas
Page 32–51
SECTION
Security Risk Controls in Priority Areas
ELEMENT
3.4 Security in Pharmacies Standards
D.
C.
B.
There is little or no evidence that the requirements for pharmacy security have been established or that these are considered as part of the facility security risk management process. The requirements for pharmacy security are determined in consultation with staff and key stakeholders using a risk management approach, but these processes are not fully implemented. In addition to C, procedures for the management of pharmacy security are developed: λ In consultation with key staff and stakeholders, and λ In accordance with the guidelines in the latest version of the Security Manual and relevant legislation such that all reasonably foreseeable security risks associated with pharmacy areas are identified, assessed, eliminated where reasonably practicable or effectively controlled in order to protect people and assets, prevent and detect drug diversion and minimise the likelihood of incidents related to robbery and assault occurring in pharmacy areas. The procedures are appropriately documented and implemented.
A.
Note: Section 4 of Departmental Circular 2001/64, Policy on the Handling of Medication in New South Wales Public Hospitals, includes advice on security related matters in hospital pharmacy departments. In addition to B, the requirements for pharmacy security are reviewed every three years or more frequently where there are changes in the workplace or in systems, legislation, policy, or guidelines that impact on this area, or where an incident in the workplace suggests that the current processes may be inadequate.
Indicative Evidence
1.
Look for common forms of indicative evidence.
1. 2.
Look for common forms of indicative evidence and also: In determining the requirements for security in pharmacies, the issues outlined in the section on pharmacy security in the latest version of the Security Manual have been considered. These cover: λ Building design or modification λ Key control mechanisms λ Access control systems, including staff ID and duress alarms λ Drug security in accordance with Section 4 of Departmental Circular 2001/64. Sight evidence of regular testing and maintenance of pharmacy security systems.
3.
MANDATORY Standard Achieved and Notes
Look for common forms of indicative evidence.
Part Two – Security Improvement Tool – Section Three – Security Risk Control in Priority Areas
Page 32–52
SECTION
Security Risk Controls in Priority Areas
ELEMENT
3.4 Security in Pharmacies
MANDATORY
COMMENTS
Part Two – Security Improvement Tool – Section Three – Security Risk Control in Priority Areas
Page 32–53
SECTION
Security Risk Controls in Priority Areas
ELEMENT
3.5 Security in Car Parks Standards
There is little or no evidence that the requirements for car park security have been established or that these are considered as part of the facility security risk management process. C. The requirements for car park security are determined in consultation with staff and key stakeholders using a risk management approach, but these processes are not fully implemented. B. In addition to C, procedures for the management of car park security are developed: λ In consultation with key staff and stakeholders (including the public, local Police and Crimes Prevention Team), and λ In accordance with the guidelines in the latest version of the Security Manual and relevant legislation such that all reasonably foreseeable security risks associated with car parks are identified, assessed, eliminated where reasonably practicable or effectively controlled in order to protect people and assets and minimise the likelihood of incidents related to robbery and assault occurring in car parks. Designated car spaces for afternoon and night shift staff are allocated where practicable and warranted by the risk assessment. The procedures are appropriately documented and implemented. A. In addition to B, the requirements for car park security are reviewed every three years or more frequently where there are changes in the workplace or in systems, legislation, policy, or guidelines that impact on this area, or where an incident in the workplace suggests that the current processes may be inadequate.
Indicative Evidence
MANDATORY Standard Achieved and Notes
D.
1.
Look for common forms of indicative evidence and also:
1. 2.
Look for common forms of indicative evidence and also: In determining the requirements for security in car parks, the issues outlined in the section on car park security in the latest version of the Security Manual have been considered. These cover: λ Car park design for controlled access and egress and to improve security λ Use of designated parking for workers and delivery vehicles λ Secure access between the car park and the facility λ Use of security staff as patrols and escorts λ Signage λ Lighting λ Monitoring via CCTV λ Garaging of facility vehicles
Look for common forms of indicative evidence.
COMMENTS
Part Two – Security Improvement Tool – Section Three – Security Risk Control in Priority Areas
Page 32–54
SECTION
Security Risk Controls in Priority Areas
ELEMENT
3.6 Security of Property Standards
D.
C.
B.
There is little or no evidence that the requirements for the security of property have been established or that these are considered as part of the facility security risk management process. The requirements for the security of property are determined in consultation with staff and key stakeholders using a risk management approach, but these processes are not fully implemented. In addition to C, policies and procedures to prevent and deter theft are developed: λ In consultation with key staff and stakeholders, and λ In accordance with the guidelines and appendices in the latest version of the Security Manual and relevant legislation such that all reasonably foreseeable security risks that may lead to theft are identified, assessed, eliminated where reasonably practicable or effectively controlled in order to protect people and assets. The policy and procedures identify that the potential risk of theft exists from visitors, patients, and opportunistic passers-by as well as from planned crimes. Every case of theft is reported to the police and no arrangements are entered into to accept settlement on condition that the facility refrains from instituting legal proceedings [see note below]. The policy and procedures are appropriately documented and effective security procedures implemented. Note: For more information refer to Departmental circular 2000/41, Reporting Possible Corrupt Conduct to the Independent Commission Against Corruption.
Indicative Evidence
1. 2.
1. 2.
Standard Achieved and Notes
Look for common forms of indicative evidence and also: Awareness by supervisors and/or staff about the commitment of resources to deal with specific issues concerning the security of property, for example in orientation programs and in information pamphlets for patients. Look for common forms of indicative evidence and also: There is evidence that in determining the requirements for the security of property, the following risk control strategies have been considered: λ Developing policy relating to theft and the reporting of theft to police and ensuring that patients, staff and visitors are aware of this policy λ Cash handling, receipting and banking practices are consistent with the “Accounting Manual for Public Health Organisations”. λ Keeping a register of health facility property, including serial numbers where appropriate λ Keeping a register of property theft to assist with identifying problem areas or patterns of behaviour λ Keeping assets registers up-to-date and providing full descriptions of each item, including serial numbers λ Identifying all assets with a unique physical marking, eg engraving or barcode λ Storing attractive portable items (calculators, cameras, tape recorders, lap tops etc) separately in a locked area. Only designated staff should have access to them λ Investigating all theft λ Enforcing an effective key control program (refer to Chapter 10 of the Security Manual)
Part Two – Security Improvement Tool – Section Three – Security Risk Control in Priority Areas
Page 32–55
SECTION
Security Risk Controls in Priority Areas
ELEMENT
3.6 Security of Property Standards
Indicative Evidence
Standard Achieved and Notes
λ
B. (continued)
CCTV monitoring of priority areas Installation of alarm systems (refer to Chapter 11 of the Security Manual) λ Ensuring effective perimeter and internal access control (refer to Chapter 9 of the Security Manual) λ Ensuring CPTED principle are applied when designing/refurbishing facilities. λ Installation of locks on change rooms (eg in imaging facilities), provision of secure change rooms and lockers for staff, lockable cupboards or drawers for office staff, written and verbal advice to patients and staff about bringing personal property and valuables into the hospital, signage in car parks warning against leaving valuables in vehicles. Sight evidence that cases of theft have been reported to the police. Sight evidence of a collaborative relationship with local police and local crimes team. Sight evidence that specific areas that need attention have been considered as high risk and are dealt with accordingly including: engineering/maintenance areas (tools and vehicles), transport (petrol and vehicles), laundry (linen), catering (food stores, utensils), stores (stock, attractive items), administration (sensitive information), cash handling (money), patients’ property, staff property. λ
3. 4. 5.
Part Two – Security Improvement Tool – Section Three – Security Risk Control in Priority Areas
Page 32–56
SECTION
Security Risk Controls in Priority Areas
ELEMENT
3.6 Security of Property Standards
A.
In addition to B, the requirements for the security of property are reviewed every three years or more frequently where there are changes in the workplace or in systems, legislation, policy, or guidelines that impact on this area, or where an incident in the workplace suggests that the current processes may be inadequate.
Indicative Evidence 1. 2.
Standard Achieved and Notes
Look for common forms of indicative evidence and also: Sight evidence that evaluation of the effectiveness of the security of property is conducted against appropriate, pre-determined performance indicators. Indicators might include (but are not limited to): λ Awareness about facility security related policies and practices λ Changes in the number of incidents occurring λ Qualitative analysis of the management of incidents by security services.
COMMENTS
Part Two – Security Improvement Tool – Section Three – Security Risk Control in Priority Areas
Page 32–57
SECTION
Security Risk Controls in Priority Areas
ELEMENT
3.7 Security of Information Standards
D.
C.
B.
There is little or no evidence that the requirements for information security have been established or that these are considered as part of the facility security risk management process. The requirements for the security of information (including personnel, patient and other official information) are determined in consultation with key staff and stakeholders using a risk management approach, but these processes are not fully implemented. In addition to C, policies and procedures to protect the security of information are developed: λ In consultation with key staff and stakeholders, and λ In accordance with relevant legislation, information security standards and the guidelines and appendices in the latest version of the Security Manual and relevant legislation and guidelines such that all reasonably foreseeable security risks associated with the protection of official information and material (including electronic information) from unauthorised disclosure are identified, assessed, eliminated where reasonably practicable or effectively controlled in order to protect people and assets. The policy and procedures prevent the disclosure of information that would prejudice or be harmful to the interests of the facility, its staff or its patients. The policy and procedures are appropriately documented and effective security procedures implemented.
Notes: Electronic information means information that is created, processed, held, maintained and transmitted by NSW Health and information held for, or on behalf of, other government agencies and private entities.
Indicative Evidence
1.
Look for common forms of indicative evidence.
1. 2.
Look for common forms of indicative evidence and also: Sight evidence that in determining the requirements for the security of information, the following key principles have been considered, and are reflected in the development and implementation of policies and procedures: λ NSW Health’s major objective is the provision of health care services underlined by the overall welfare of the people it treats λ The implementation of information security controls is not to impact on the timely provision of those services λ All personal health information will be securely managed and privacy and confidentiality will be preserved λ All other critical and sensitive information will also be securely managed and privacy and confidentiality maintained λ All staff have a responsibility for the security and maintenance of critical and sensitive information including personal health information λ All other information (such as personnel records, minutes, reports of investigations) will be classified for the purposes of determining the level of security required, λ Providing information security education and developing awareness for all people dealing with electronic information as an integral part of maintaining adequate protection over that information and
Part Two – Security Improvement Tool – Section Three – Security Risk Control in Priority Areas
Standard Achieved and Notes
Page 32–58
SECTION
Security Risk Controls in Priority Areas
ELEMENT
3.7 Security of Information Standards
Reference must be made to Departmental circular 2003/47, The NSW Health Electronic Information Security Policy, which outlines NSW Health policy for information security.
Indicative Evidence λ
3.
4.
5. A.
In addition to B, the requirements for the security of information are reviewed every three years or more frequently where there are changes in the workplace or in systems, legislation, policy, or guidelines that impact on this area, or where an incident in the workplace suggests that the current processes may be inadequate.
Standard Achieved and Notes
1.
The release of information will comply with relevant and current State and Federal legislation. Sight evidence that IT systems are certified to the national information security management standard AS/NZS 7799 Part 2:2003 (Specification for Information Security Management Systems). Sight evidence (through documentation and interview) that the responsibility for information security management is assigned to a nominated officer. Sight evidence of effective & appropriate use of labelling to secure information. Look for common forms of indicative evidence.
COMMENTS
Part Two – Security Improvement Tool – Section Three – Security Risk Control in Priority Areas
Page 32–59
SECTION
Security Risk Controls in Priority Areas
ELEMENT
3.8 Security of Medical Gases Standards
D.
C.
B.
There is little or no evidence that the requirements for the security of medical gases have been established or that these are considered as part of the facility security risk management process. The requirements for the security of medical gases are determined in consultation with staff and key stakeholders using a risk management approach, but these processes are not fully implemented. In addition to C, procedures for the secure storage of medical gases are developed: λ
In consultation with key staff and stakeholders, and
λ
In accordance with relevant legislation, Australian Standards and the guidelines in the latest version of the Security Manual and relevant legislation such that all reasonably foreseeable security risks associated with the storage of medical gases are identified, assessed, eliminated where reasonably practicable or effectively controlled in order to protect people and minimise the likelihood of incidents related to theft, tampering and damage. The procedures are appropriately documented and implemented.
Indicative Evidence
Standard Achieved and Notes
Look for common forms of indicative evidence.
1. 2.
Look for common forms of indicative evidence and also: Site evidence that the requirements of the relevant legislation, Australian Standards and guidelines in the latest version of the Security Manual have been incorporated into the facility’s policies and procedures on the secure storage of medical gases and that the following risk control strategies have been considered: λ Access to any storage areas is restricted by use of doors, barriers and signs. Sources should be secured against unauthorised removal, tampering, vandalism and misuse λ Appropriate access control procedures are developed and implemented λ Documenting the location of medical gases both in the bulk storage facility and at the ward level λ Records are kept for medical gases used for fieldwork. They should include: Who is using the source and who is responsible for it Where has the source been taken How is it stored/secured Date and time of issue Date and time of return Any unusual circumstances λ Procedures are implemented for reporting theft, tampering and damage to medical gases.
Part Two – Security Improvement Tool – Section Three – Security Risk Control in Priority Areas
Page 32–60
SECTION
Security Risk Controls in Priority Areas
ELEMENT
3.8 Security of Medical Gases Standards
Indicative Evidence
Standard Achieved and Notes
λ
A.
In addition to B, the requirements for the security of medical gases are reviewed every three years or more frequently where there are changes in the workplace or in systems, legislation, policy, or guidelines that impact on this area, or where an incident in the workplace suggests that the current processes may be inadequate.
1.
That any medical gases that are also classified as dangerous goods are stored in accordance with legislation and that the necessary licences have been obtained and are current. Look for common forms of indicative evidence.
COMMENTS
Part Two – Security Improvement Tool – Section Three – Security Risk Control in Priority Areas
Page 32–61
SECTION
Security Risk Controls in Priority Areas
ELEMENT
3.9 Security of Radioactive Substances Standards
D.
C.
B.
There is little or no evidence that the requirements for the secure management of radioactive substances have been established or that these are considered as part of the facility security risk management process. The requirements for the secure management of radioactive substances are determined in consultation with staff and key stakeholders using a risk management approach, but these processes are not fully implemented. In addition to C, procedures for the secure management of radioactive substances are developed: λ
in consultation with key staff and stakeholders, and
λ
in accordance with the relevant legislation and guidelines in the latest version of the Security Manual and relevant legislation. such that all reasonably foreseeable security risks associated with radioactive substances are identified, assessed, eliminated where reasonably practicable or effectively controlled in order to protect people and minimise the likelihood of incidents related to theft, vandalism and misuse. The procedures are appropriately documented and implemented. Note: In emergency situations involving suspected or actual damage, spillage, loss or theft of radioactive substances the Radiation Control Section of the Environment Protection Authority should be contacted
Indicative Evidence
Standard Achieved and Notes
Look for common forms of indicative evidence.
1. 2.
Look for common forms of indicative evidence and also: Site evidence that the requirements of the relevant legislation and guidelines in the latest version of the Security Manual have been incorporated into the facility’s policies and procedures on the secure management of radioactive substances and that the following risk control strategies have been considered: λ Stores (including waste stores) are properly marked with approved warning signs, and regulations regarding their use are posted at access points λ Access to any storage areas is restricted by use of doors, locks, barriers and signs. Sources are secured against unauthorised removal and tampering λ Access control procedures are developed and implemented λ Maintaining appropriate records of the location, security and discharge of radioactive substances and irradiating apparatus λ Any loss or theft of radioactive material is reported in compliance with legislation. λ Only authorised persons undertake the escort of radioactive substances when being transported within an organisation λ When radioactive substances are transported by road, the transport is in accordance with the legal requirements
Part Two – Security Improvement Tool – Section Three – Security Risk Control in Priority Areas
Page 32–62
SECTION
Security Risk Controls in Priority Areas
ELEMENT
3.9 Security of Radioactive Substances Standards
A.
In addition to B, the requirements for the secure management of radioactive substances are reviewed every three years or more frequently where there are changes in the workplace or in systems, legislation, policy, or guidelines that impact on this area, or where an incident in the workplace suggests that the current processes may be inadequate.
Indicative Evidence
Standard Achieved and Notes
Look for common forms of indicative evidence.
COMMENTS
Part Two – Security Improvement Tool – Section Three – Security Risk Control in Priority Areas
Page 32–63
SECURITY IMPROVEMENT ASSESSMENT TOOL SECTION 4. SECURITY RISK CONTROLS IN UNPLANNED EVENTS TABLE OF CONTENTS 4.1 Fire Security 4.2 Bomb Threat 4.3 Violence 4.4 Armed Hold-up
Part Two – Security Improvement Tool – Section Four – Security Risk Controls in Unplanned Events
Page 32–64
SECTION
Security Risk Controls in Unplanned Events
ELEMENT
4.1 Fire Security Standards
D. C.
B.
There is no evidence that fire security has been considered as part of the facility security risk management process. There are written procedures for managing the security risks associated with fire that are available in the workplace and were developed in consultation with staff and key stakeholders using a risk management approach, but they are not fully implemented. In addition to C, procedures for managing the security risks associated with fire have been developed: λ In conjunction with staff and key stakeholders, and λ In accordance with the guidelines in the latest version of the Security Manual. The procedures for managing the security risks associated with fire are documented and implemented. The consultation process has included the identification, assessment and elimination (where reasonably practicable) or effective control of security risks associated with fire. The procedures take into account: λ The possibility that fire is a diversionary tactic for criminal activity λ The risk of theft or looting during a fire λ The need to secure patients in custody who have been evacuated, scheduled patients, patients with cognitive deficits and unaccompanied children and babies.
Indicative Evidence
1. 2.
1. 2.
3.
4.
Standard Achieved and Notes
Look for common forms of indicative evidence and also: Records that document inspection of fire equipment by registered organisations may give evidence that the procedures are at least partially implemented. Look for common forms of indicative evidence and also: Sight evidence that the following documents have been consulted in the preparation of procedures for managing the security risks associated with fire: λ Guidelines for Fire Safety in Health Care Facilities (Departmental Circular 2003/87) λ Local fire safety procedures, including emergency evacuation procedures λ Australian Standards λ Building Codes λ Guidelines specified by fire authorities. Sight evidence that the following issues are effectively dealt with in the procedures: λ Accounting for staff, patients and other occupants of the building or facility λ Securing evacuated patients who may be confused and inclined to wander λ Isolating the fire scene until the police and fire brigade assume control of the site λ Controlling crowds and traffic until the police can assist λ Ensuring the fire brigade is directed to the fire by the quickest route λ Operating any Emergency Warning and Intercommunication System. Sight evidence that strategies for controlling security risks associated with fire are included in the repertoire of action. These should include:
Part Two – Security Improvement Tool – Section Four – Security Risk Controls in Unplanned Events
Page 32–65
Security Risk Controls in Unplanned Events
SECTION
4.1 Fire Security
ELEMENT Standards B.
(continued)
A.
In addition to B, the procedures for managing the security risks associated with fire are reviewed every three years or more frequently where there are changes in the workplace or in systems, legislation, policy, or guidelines that impact on this area, or where an incident in the workplace suggests that the current processes may be inadequate.
Indicative Evidence
Standard Achieved and Notes
λ
Details on who should be contacted in the event of a fire and when this contact should occur λ The role of facility staff and emergency services λ A nominated emergency coordinator and delegates λ Guidelines on the use of fire equipment λ The evacuation process λ Details on assembly points. Look for common forms of indicative evidence.
COMMENTS
Part Two – Security Improvement Tool – Section Four – Security Risk Controls in Unplanned Events
Page 32–66
Security Risk Controls in Unplanned Events
SECTION
4.2 Bomb Threat
ELEMENT Standards D.
There is no evidence that bomb threat has been considered as part of the facility security risk management process.
C.
There are written procedures for managing the security risks associated with receiving bomb threats that are available in the workplace and were developed in consultation with staff and key stakeholders using a risk management approach, but they are not fully implemented. In addition to C, procedures for managing the security risks associated with receiving bomb threats have been developed:
B.
λ
Indicative Evidence
1.
Look for common forms of indicative evidence.
1. 2.
Look for common forms of indicative evidence and also: Sight evidence that the following issues are effectively dealt with in the procedures: λ The possibility that a bomb threat is a diversionary tactic for criminal activity λ Securing evacuated patients λ The possibility of theft or looting of an evacuated facility λ Effective security and housekeeping to prevent bombs being brought into the workplace Sight evidence that strategies for controlling security risks associated with bomb threats are included in the repertoire of action. These may include: λ Access control (eg locks and alarms, minimising entry/exit points, visitor registration procedures) λ Specific steps to take if there is a bomb threat λ Mail screening procedures, including how to respond if an item is assessed as suspicious.
In conjunction with staff and key stakeholders, and
λ
In accordance with the guidelines in the latest version of the Security Manual. The procedures for managing the security risks associated with bomb threats are documented and implemented. The consultation process has included the identification, assessment and elimination (where reasonably practicable) or effective control of security risks associated with receiving bomb threats. The procedures take into account: λ
Preventing bombs being brought into the workplace, including procedures for identifying and handling suspicious items (including mail)
λ
Steps to take if there is a bomb threat
λ
Managing post-incident issues.
3.
Part Two – Security Improvement Tool – Section Four – Security Risk Controls in Unplanned Events
Standard Achieved and Notes
Page 32–67
Security Risk Controls in Unplanned Events
SECTION
4.2 Bomb Threat
ELEMENT Standards A.
In addition to B, the procedures for managing the security risks associated with receiving bomb threats are reviewed every three years or more frequently where there are changes in the workplace or in systems, legislation, policy, or guidelines that impact on this area, or where an incident in the workplace suggests that the current processes may be inadequate.
Indicative Evidence
Standard Achieved and Notes
Look for common forms of indicative evidence.
COMMENTS
Part Two – Security Improvement Tool – Section Four – Security Risk Controls in Unplanned Events
Page 32–68
SECTION
Security Risk Controls in Unplanned Events
ELEMENT
4.3 Violence Standards
D. C.
B.
There is no evidence that violence has been considered as part of the facility security risk management process. There are written procedures for managing the risks associated with violence that are available in the workplace and were developed in consultation with staff and key stakeholders using a risk management approach, but they are not fully implemented. In addition to C, procedures for managing the risks associated with violence have been developed: λ
Indicative Evidence
1.
Look for common forms of indicative evidence.
1. 2.
Look for common forms of indicative evidence and also: Sight evidence that the following documents have been consulted in the preparation of procedures for managing the risks associated with violence: λ Zero Tolerance Policy and Framework Guidelines (Circular 2003/48) λ Management of Adults with Severe Behavioural Disturbance – May 2002 λ Corporate Governance and Accountability in Health Better Practice Guide λ 1996 Agreement between the NSW Nurses’ Association and NSW Health Sight evidence that the following circumstances are effectively dealt with in the procedures: λ Vehicle and car park security λ Movement at work λ Safe movement of staff at night λ Transporting cash securely λ Providing secure staff accommodation λ What to do when confronted with violent individuals. Check that risk control measures are working effectively and are maintained adequately, eg: λ Alarms λ Locks and access restrictions λ Lighting λ Surveillance equipment.
In conjunction with staff and key stakeholders, and
λ
In accordance with the guidelines in the latest version of the Security Manual. The procedures for managing the risks associated with violence are documented and implemented. The consultation process has included the identification, assessment and elimination (where reasonably practicable) or effective control of risks associated with violence. The procedures take into account: λ
The NSW Health zero tolerance policy to all forms of violence in the health workplace
λ
Designing new facilities and upgrading existing facilities
λ
Communication systems, duress alarm systems and protocols particularly for staff working in the community or in isolated areas
λ
Access restrictions, such as key/electronic access to areas that hold cash, drugs or equipment
λ
Protocols to manage aggression arising from a patient or client’s medical or psychiatric condition
λ
Managing post incident issues.
3.
4.
Part Two – Security Improvement Tool – Section Four – Security Risk Controls in Unplanned Events
MANDATORY Standard Achieved and Notes
Page 32–69
SECTION
Security Risk Controls in Unplanned Events
ELEMENT
4.3 Violence Standards
B.
A.
(continued)
In addition to B, the procedures for managing the risks associated with violence are reviewed every three years or more frequently where there are changes in the workplace or in systems, legislation, policy, or guidelines that impact on this area, or where an incident in the workplace suggests that the current processes may be inadequate.
Indicative Evidence 5.
1. 2.
3.
MANDATORY Standard Achieved and Notes
Sight evidence that strategies for controlling risks associated with violence are included in the repertoire of action. These should include the need for all violent incidents to be promptly, appropriately and consistently managed to prevent escalation and to minimise their impact on staff, patients and visitors. Specific actions could include: λ Issuing a verbal warning λ Seeking support from other staff λ Requesting that the aggressor leave λ Requesting review by a clinician λ Using verbal de-escalation and distraction techniques λ Retreating λ Using sedation or restraint policies λ Initiating internal or external emergency response procedures. Sight evidence of review of the procedures for managing risks associated with violence within the last three years. Sight evidence that staff are involved in the review process. This can be obtained through documentation (eg committee minutes) and/or interviews with staff involved in the process. Sight evidence that the procedures and physical controls are reviewed as part of refurbishment of the workplace, changes in security systems and changes in work organisation that may impact on violence.
COMMENTS
Part Two – Security Improvement Tool – Section Four – Security Risk Controls in Unplanned Events
Page 32–70
SECTION
Security Risk Controls in Unplanned Events
ELEMENT
4.4 Armed Hold-up Standards
D.
There is no evidence that armed hold-up has been considered as part of the facility security risk management process.
C.
There are written procedures for managing the risks associated with armed hold-up that are available in the workplace and were developed in consultation with staff and key stakeholders using a risk management approach, but they are not fully implemented. In addition to C, procedures for managing the risks associated with armed hold-up have been developed:
B.
λ
Indicative Evidence
1. 2.
λ
λ
Designing new facilities and upgrading existing facilities to control for risks of armed hold-up
λ
Vulnerable areas within the health service
λ
Providing training to relevant staff
λ
Ensuring the adequacy of alarm systems and physical barriers
λ
Reviewing security system controls
λ
Managing post incident issues.
Standard Achieved and Notes
Look for common forms of indicative evidence.
In conjunction with staff and key stakeholders, and
In accordance with the guidelines in the latest version of the Security Manual. The procedures for managing the risks associated with armed hold-up are documented and implemented. The consultation process has included the identification, assessment and elimination (where reasonably practicable) or effective control of risks associated with armed hold-up. The procedures take into account:
MANDATORY
3.
4.
Look for common forms of indicative evidence and also: Sight evidence that the following issues are effectively dealt with in the procedures: λ Who to contact in the event of an armed hold-up and when λ The role of facility staff and emergency services λ A nominated emergency coordinator and delegates λ Evacuation processes λ Survival strategies for staff during an armed hold-up λ Isolating the site λ Preserving the site following the incident. Check that risk control measures are working effectively and are maintained adequately, eg: λ Alarms λ Barriers, locks and access restrictions λ Security presence. Sight evidence through talking to staff and stakeholders that risks have been identified, assessed and controlled in priority areas within the facility, including pharmacies and cashiers’ counters, to ensure that: λ The location of such facilities is secure λ Cash and accountable drugs are kept to a minimum λ The routes and times are varied when cash is conveyed to and from the facility. Refer to Chapter 5 of the Security Manual for information on security issues and leased premises.
Part Two – Security Improvement Tool – Section Four – Security Risk Controls in Unplanned Events
Page 32–71
SECTION
Security Risk Controls in Unplanned Events
ELEMENT
4.4 Armed Hold-up Standards
B.
(continued)
A.
In addition to B, the procedures for managing the risks associated with armed hold-up are reviewed every three years or more frequently where there are changes in the workplace or in systems, legislation, policy, or guidelines that impact on this area, or where an incident in the workplace suggests that the current processes may be inadequate.
Indicative Evidence
MANDATORY Standard Achieved and Notes
5.
Sight evidence that training provided to staff in armed hold-up procedures is appropriate. 6. Sight evidence that strategies for controlling risks associated with armed hold-up are included in the repertoire of action, including roles for emergency coordinators, security staff and switchboard operators. Look for common forms of indicative evidence.
COMMENTS
Part Two – Security Improvement Tool – Section Four – Security Risk Controls in Unplanned Events
Page 32–72
PART THREE
Security Improvement Plan
SECURITY IMPROVEMENT PLAN FACILITY/STATION/SERVICE: SECTION 1 ELEMENT
DATE: SECURITY RISK MANAGEMENT FRAMEWORK RECOMMENDATIONS / ACTIONS RESPONSIBILITY TIMEFRAMES
RESOURCES
1.1 Security Risk Management Policy and Program
1.2 Security Risk Management Responsibilities
1.3 Security Risk Management in the Planning Process
Part Three – Security Improvement Tool – Section 1 – Security Improvement Plan
Page 33–1
SECTION 1 ELEMENT
SECURITY RISK MANAGEMENT FRAMEWORK RECOMMENDATIONS / ACTIONS RESPONSIBILITY TIMEFRAMES
RESOURCES
1.4 Health Service Leasing of Property To or From External Parties
1.5 Security Arrangements for Patients in Custody
1.6 Security Education and Training
1.7 Security Continuous Improvement
Part Three – Security Improvement Tool – Section 1 – Security Improvement Plan
Page 33–2
SECTION 2 ELEMENT
CORE SECURITY RISK CONTROLS RECOMMENDATIONS
RESPONSIBILITY / ACTIONS
TIMEFRAMES
RESOURCES
2.1 Access Control
2.2 Key Control
2.3 Alarm Systems
Part Three – Security Improvement Tool – Section 1 – Security Improvement Plan
Page 33–3
SECTION 2 ELEMENT
CORE SECURITY RISK CONTROLS RECOMMENDATIONS / ACTIONS RESPONSIBILITY
TIMEFRAMES
RESOURCES
2.4 Lighting
2.5 Provision of Security Services
2.6 Duress Response Arrangements
Part Three – Security Improvement Tool – Section 1 – Security Improvement Plan
Page 33–4
SECTION 3 ELEMENT
SECURITY RISK CONTROLS IN PRIORITY AREAS RECOMMENDATIONS / ACTIONS RESPONSIBILITY TIMEFRAMES
RESOURCES
3.1 The Clinical Environment
3.2 Security of Staff Working in the Community
3.3 Rural and Remote Health Services
Part Three – Security Improvement Tool – Section 1 – Security Improvement Plan
Page 33–5
SECTION 3 ELEMENT
SECURITY RISK CONTROLS IN PRIORITY AREAS RECOMMENDATIONS TIMEFRAMES RESPONSIBILITY / ACTIONS
RESOURCES
3.4 Security in Pharmacies
3.5 Security in Car Parks
3.6 Security of Property
Part Three – Security Improvement Tool – Section 1 – Security Improvement Plan
Page 33–6
SECTION 3 ELEMENT
SECURITY RISK CONTROLS IN PRIORITY AREAS RECOMMENDATIONS / ACTIONS RESPONSIBILITY TIMEFRAMES
RESOURCES
3.7 Security of Information
3.8 Security of Medical Gases
3.9 Security of Radioactive Substances
Part Three – Security Improvement Tool – Section 1 – Security Improvement Plan
Page 33–7
SECTION 4 ELEMENT
SECURITY RISK CONTROLS IN UNPLANNED INCIDENTS RECOMMENDATIONS TIMEFRAMES RESPONSIBILITY / ACTIONS
RESOURCES
4.1 Fire Security
4.2 Bomb Threat
4.3 Violence
Part Three – Security Improvement Tool – Section 1 – Security Improvement Plan
Page 33–8
SECTION 4 ELEMENT
SECURITY RISK CONTROLS IN UNPLANNED INCIDENTS RECOMMENDATIONS TIMEFRAMES RESPONSIBILITY / ACTIONS
RESOURCES
4.4 Armed Hold-Up
Assessors …………………………………………… Name (Please print) ………………………………………….. Signature
………………… Date
…………………………………………… Name (Please print) ………………………………………….. Signature
………………… Date
…………………………………………… Name (Please print) ………………………………………….. Signature
………………… Date
Part Three – Security Improvement Tool – Section 1 – Security Improvement Plan
Page 33–9
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
Summary of Policy Statements ______________________________________________________________ Following is a consolidation of the policy statements contained in each chapter:
1.
Security Risk Management Policy and Program
Health Services will have in place a security risk management policy, signed by the chief executive officer, and an effective and appropriately maintained security risk management program developed, in consultation with staff, which ensures that: All reasonably foreseeable security related hazards are identified and assessed Risks associated with these hazards are eliminated where reasonably practicable Where the risk cannot be eliminated, appropriate control strategies, consistent with the hierarchy of controls, are implemented so that risks are reduced to the lowest practicable level Each stage of the risk management process is documented and made available to relevant parties Incidents are reported and investigated and Risk control strategies are monitored and regularly evaluated for effectiveness.
2.
Responsibilities
No policy statement for this Chapter
3.
Security Risk Management in the Planning Process
Health Services must ensure that security issues are considered and addressed, using a risk management approach, in all formal and informal planning processes, including the development of: • • • • • •
•
Strategic plans Business plans Service development plans Disaster/emergency plans Project Definition Plans (as part of Facility planning) Procurement Processes, including processes for procuring services, premises, equipment, furniture, fixtures and fittings and OHS improvement and management plans.
4.
Health Facility Design Standards
It is NSW Health policy that the design standards outlined in the Department’s Design Series: Health Facility Guideline - Safety and Security (PD2005_293) are incorporated into all new health building designs and redesign/refurbishment of existing facilities to enhance personal and property security.
___________________________________________________________________ Summary of Policy Statements: November 2005
1
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
5.
Health Service Leasing of Property to or from External Parties
Health Services must ensure, in consultation with staff and key stakeholders, that all reasonably foreseeable security risks associated with: • •
Leasing property for use by Health Services or Leasing health facility premises to external organisations
are identified, assessed, eliminated where reasonably practicable or effectively controlled, that the process is appropriately documented and arrangements for security included in leases.
6.
Security Arrangements for Patients in Custody
As part of the facility security risk management process, Health Services must ensure, in consultation with staff and relevant external Departments (ie Department of Corrective Services, Department of Juvenile Justice and NSW Police Service), that: • • •
7.
All reasonably foreseeable security risks associated with patients in custody are identified and assessed Effective security procedures for eliminating or controlling security risks, which are consistent with the operational controls of the relevant external Departments, are developed and implemented The procedures are appropriately documented and communicated to relevant staff.
Security Education and Training
Health Services must ensure that: • • •
8.
All staff are provided with appropriate security related education and training, including violence prevention and management training, consistent with legislative requirements as part of the Health Service security risk management program Education and training are appropriate to the role of the staff member and targeted to the level and type of security risk that may be encountered in the course of their work and Details of security related education and training conducted within the Health Service are documented and maintained.
Security Continuous Improvement
As part of the continuous improvement process, Health Services must evaluate all aspects of their security management program and ensure that evaluation outcomes are used in the on-going development of this program. For the purposes of this policy a security survey is defined as a process that evaluates the implementation of a security management program and effectiveness of that program against a pre-determined set of criteria. As a minimum, health care facilities are required to: • •
Undertake an annual internal security survey using the NSW Health Security Improvement Assessment Tool, provided in Chapters 31, 32 and 33, ensuring that at least one member of the survey team holds a security licence Ensure that, as a minimum, all Elements identified as mandatory are included in the annual survey
___________________________________________________________________ Summary of Policy Statements: November 2005
2
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
• • •
9.
Ensure that the results of the annual survey, as contained in the Health Facility Report (coversheet, summary sheet and score sheet), are readily available for forwarding electronically to the Department, should the results be required Undergo an external security survey every five years **** Ensure that results of the annual and external security surveys are forwarded to Health Service Internal Audit Units, which must review the results and where warranted, include an audit of the services or facilities in their audit plans.
Access Control
As part of the facility security risk management process, Health Services must ensure, in consultation with staff and key stakeholders, that all reasonably foreseeable security risks associated with access to workplaces are identified, assessed, eliminated where reasonably practicable or effectively controlled. Health Services must ensure that this process is appropriately documented and effective access control procedures, including the implementation of staff identification systems, are developed and implemented.
10.
Key Control
As part of the facility security risk management process, Health Services must ensure, in consultation with staff and key stakeholders, that all reasonably foreseeable security risks associated with key control are identified, assessed, eliminated where reasonable practicable or effectively controlled. Health Services must ensure that the process is appropriately documented and effective key control procedures are developed and implemented.
11.
Alarm Systems
As part of the facility security risk management process, Health Services must establish their requirements for alarm systems (eg duress and intruder alarms) to ensure that staff members, patients, and Health Service assets are secure. A regular review of all alarm systems must occur as part of the risk management process.
12.
Lighting
As part of the facility security risk management process, Health Services must ensure, in consultation with staff and key stakeholders, that internal and external lighting is sufficient to eliminate, where reasonably practicable, or control security related risks and meet the relevant Australian Standards.
13.
Workplace Camera Surveillance
Health Services must ensure, in consultation with staff and key stakeholders, that where workplace camera surveillance is used as part of the facility security risk management program, effective procedures are developed and implemented that are consistent with relevant legislation. When implementing this policy, Health Services should review the Workplace Surveillance Act 2005 and the Workplace Surveillance Regulation 2005 in detail, to ensure that all relevant requirements are met. Note: Where a Health Service is considering the use of covert camera surveillance, the Health Service Chief Executive (or delegate) must seek the approval of the Director-General prior to applying for a ‘covert surveillance authority’.
___________________________________________________________________ Summary of Policy Statements: November 2005
3
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
14.
Provision of Security Services
As part of the facility security risk management process, Health Services must ensure, in consultation with staff and key stakeholders, that appropriate security services are available to respond effectively to security related issues. Health Services, following the risk assessment process, are required to establish and document minimum standards for security services in each facility. Special Constables: As part of the facility security risk management process, Health Services must ensure that all practical violence risk control strategies are implemented prior to supporting an application for Special Constable status. The risk management process must be documented and may from time to time be reviewed by the Department of Health or other external agencies. The Department of Health does not support the creation of Special Constables in Health Services as a key security risk control strategy. (Note: Refer to Chapter 28 of this Manual for policy on the use of weapons by security staff.)
15.
Security in the Clinical Environment
As part of the facility security risk management process, Health Services must ensure, in consultation with staff and key stakeholders, that all reasonably foreseeable security risks associated with the clinical environment are identified, assessed, eliminated where reasonably practicable or effectively controlled. Health Services must ensure that the process is appropriately documented. Note: In implementing the requirements of this Chapter the following documents should also be consulted: • • • •
Memorandum of Understanding between NSW Police and NSW Health, and the accompanying flowcharts Mental Health For Emergency Departments (red book – May 2002) Management of Adults with Severe Behavioural Disturbance: Guidelines for Clinicians (green book – May 2002) and Guidelines on the Management of Challenging Behaviour in Residential Aged Care Facilities in NSW (Department of Health - August 2000)
Note: For issues relating to staff working in the community refer to Chapter 16 of this Manual.
16.
Security of Staff Working in the Community
As part of the facility security risk management process, Health Services must ensure, in consultation with staff and key stakeholders, that all reasonably foreseeable security risks associated with staff working in the community are identified, assessed, eliminated where reasonably practicable or effectively controlled. Health Services must ensure that the process is appropriately documented and that at all times staff working in the community have access to appropriate field equipment (eg torches) and communication devices.
___________________________________________________________________ Summary of Policy Statements: November 2005
4
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
17.
Security in Rural and Remote Health Services
As part of the facility risk management process, Health Services must consider the factors specific to rural and remote workplaces when ensuring, in consultation with staff and key stakeholders, that all reasonably foreseeable security risks are identified, assessed, eliminated where reasonably practicable or effectively controlled and the process appropriately documented. Where staff residences are provided they must be included in the facility risk management process.
18.
Security in Pharmacies
As part of the facility security risk management process, Health Services must ensure, in consultation with staff, key stakeholders and appropriate advisory bodies, that all reasonably foreseeable security risks associated with pharmacy areas are identified, assessed, eliminated where reasonably practicable or effectively controlled. Health Services must ensure that the process is appropriately documented and effective procedures are developed and implemented.
19.
Security in Car Parks
As part of the facility risk management process, Health Services must ensure, in consultation with staff and key stakeholders that: • • •
•
20.
All reasonably foreseeable security risks associated with car parks are identified, assessed, eliminated where reasonably practicable or effectively controlled The process is appropriately documented Effective car park security procedures are developed and implemented and Designated car spaces for afternoon and night shift staff are allocated where practicable and warranted by the risk assessment.
Security of Property
As part of the facility security risk management process, Health Services must ensure, in consultation with staff and key stakeholders, that all reasonably foreseeable security risks associated with the potential for theft are identified, assessed, eliminated where reasonable practicable or effectively controlled. Health Services must ensure that the process is appropriately documented and effective security procedures are developed and implemented to minimise theft.
21.
Security of Information
As part of the facility security risk management process, Health Services must ensure that all reasonably foreseeable security risks associated with the protection of official information and material (including electronic information) from unauthorised disclosure are identified, assessed, eliminated where reasonably practicable or effectively controlled. Health Services must ensure that the risk management process is undertaken in consultation with staff and key stakeholders, is appropriately documented and effective plans and procedures developed and implemented which reflect relevant legislation, information security standards and Government policy.
___________________________________________________________________ Summary of Policy Statements: November 2005
5
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
22.
Security of Medical Gases
As part of the facility security risk management process, Health Services must ensure, in consultation with staff, key stakeholders and appropriate advisory bodies, that all reasonably foreseeable security risks associated with storing medical gases are identified, assessed, eliminated where reasonably practicable or effectively controlled. Health Services must ensure that the process is appropriately documented and effective procedures are developed and implemented.
23.
Security of Radioactive Substances
As part of the facility security risk management process, Health Services must ensure, in consultation with staff, key stakeholders and appropriate advisory bodies, that all reasonably foreseeable security risks associated with radioactive substances are identified, assessed, eliminated where reasonably practicable or effectively controlled. Health Services must ensure that the process is appropriately documented and effective procedures are developed and implemented.
24.
Fire Security
As part of the facility security risk management process, Health Services must ensure, in consultation with staff, key stakeholders and appropriate advisory bodies, that all reasonably foreseeable security risks associated with fire are identified, assessed, eliminated where reasonably practicable or effectively controlled. Health Services must ensure that the process is appropriately documented and effective fire security procedures are developed and implemented.
25.
Bomb Threat
As part of the facility security risk management process, Health Services must ensure, in consultation with staff, key stakeholders and appropriate advisory bodies, that all reasonably foreseeable security risks associated with receiving bomb threats are identified, assessed, eliminated (where reasonably practicable) or effectively controlled. Health Services must ensure that the process is appropriately documented and effective bomb threat emergency procedures are developed and implemented.
26.
Violence
As part of the facility security risk management process, Health Services must ensure, in consultation with staff and key stakeholders, that all reasonably foreseeable risks associated with violence towards staff, patients or visitors by another individual are identified, assessed, eliminated (where reasonably practicable) or effectively controlled and that the process is appropriately documented. Note: Attention is drawn to the agreement between the NSW Nurses’ Association and NSW Health that in isolated facilities/units a minimum of two nurses must be rostered on each shift. If a second nurse is not available on a shift then a security officer should be hired or other appropriate personnel be in attendance. This agreement occurred in 1996 and was reflected in the 1996 and 1998 versions of the Security Manual which also stated that similar attention should be paid to the needs of community health workers who attend patients in isolated circumstances or in locations without ready access to support.
___________________________________________________________________ Summary of Policy Statements: November 2005
6
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities.
For the purposes of this Chapter, violence is defined as any incident in which an individual is abused, threatened or assaulted and includes verbal, physical or psychological abuse, threats or other intimidating behaviours, intentional physical attacks, aggravated assault, threats with an offensive weapon, sexual harassment and sexual assault.
27.
Armed Hold-up
As part of the facility security risk management process, Health Services must ensure, in consultation with staff and key stakeholders, that all reasonably foreseeable risks associated with armed hold-up are identified, assessed, eliminated where reasonably practicable or effectively controlled. Health Services must ensure that the process is appropriately documented and effective armed hold-up response procedures are developed and implemented.
28.
Use of Weapons by Security Staff
For the purposes of this Chapter weapons are defined as batons or handcuffs only. Schedule 1 of the Weapons Prohibition Act 1998 includes batons and handcuffs in its definition of weapons and as such there are legal implications for their use and misuse. No other weapons, as defined by the Weapons Prohibition Act 1998 will be considered for issue to security staff in Health Services. The Department of Health does not support the issuing of weapons to security staff as a key security risk control strategy. As part of the facility security risk management process, Health Services must ensure that all practical violence risk control strategies are implemented prior to considering issuing security staff with weapons. Health Services must take into consideration that issuing weapons to security staff has its own set of risks that also need to be identified, assessed, eliminated where reasonably practicable or controlled. These risks may include: • • •
The potential for weapons to be taken and used against staff, patients or visitors The potential for injury to staff who may use the weapons and the potential for injury to those the weapons are used against The potential for legal action over the use and misuse of weapons.
Note: Handcuffs are not to be used on patients. The risk management process must be documented and may from time to time be reviewed by the Department of Health or other external agencies.
29.
Duress Response Arrangements
As part of the facility security risk management process, Health Services must ensure that appropriate arrangements for providing an appropriate, timely and effective response to both clinical and other duress situations (including response to duress alarms) are developed and implemented in consultation with staff and key stakeholders.
30.
Effective Incident Management
Health Services must ensure that the policy outlined in Departmental policy directive PD2005_234 titled ‘Effective Incident Response: A Framework for the Prevention and Management in the Health Workplace’ (or subsequent revised policy) is implemented.
___________________________________________________________________ Summary of Policy Statements: November 2005
7
Protecting People and Property: NSW Health Policy and Guidelines for Security Risk Management in Health Facilities .
EQuIP Standard: The following table outlines the relevant security related EquIP standard. The effective implementation of the policies outlined in this Manual will ensure that the following EQuIP standards, to the level of MA are met. Standard 5.1 – A systemic risk management program is used to manage services and facilities and ensure that the safety and health or all persons within the organisations are protected. Criterion
5.1.6 Security management supports safe practice and a safe environment. NB: The organisation needs to achieve a rating of MA or higher for this criterion to gain ACHS accreditation
LA – Awareness
SA – Implementation (LA + the following)
MA – Evaluation (SA + the following)
There is an organisation-wide security policy.
There is an organisationwide system to assess security risks, determine priorities and eliminate risks or implement controls.
The system to manage security risks operates with reference to any relevant:
Major security risks are identified. Staff are instructed in, and understand their responsibilities, in security management. External service providers comply with requirements to eliminate or control on-site security risks.
EQuIP Standard (December 2003)
Ø Service planning includes strategies for security management.
Ø Ø
Staff are consulted to enable them to contribute to the decisions that affect organisational and personal security risks in the workplace. Security management plans are co-ordinated with any relevant external authorities.
Ø
Australian Standards state/ territory standards codes of practice industry guidelines.
The security management system is evaluated and improved to ensure it supports safe practice and a safe environment.
EA – Benchmarking (MA + the following) Performance indicators for security management are measured and compared internally and with external systems and improvements made, as required.
OA – Leader (EA + the following) The organisation is recognised as a leader in the development and implementation of systems for the management of security risks.
Index A ACCESS - SAMPLE RISK ASSESSMENT TOOL .................................................................................... 1.9 ACCESS CONTROL - CLINICAL ENVIRONMENT ................................................................................ 15.3 ACCESS CONTROL - CORE SECURITY ............................................................................................ 32.31 ACCESS CONTROL - DESIGN ISSUES.................................................................................................. 9.2 ACCESS CONTROL - DOORS................................................................................................................. 9.2 ACCESS CONTROL - GUIDELINES ........................................................................................................ 9.1 ACCESS CONTROL - IDENTIFICATION/ELECTRONIC ACCESS.......................................................... 9.4 ACCESS CONTROL - PERSONNEL/CONTRACTOR ID SYSTEMS....................................................... 9.3 ACCESS CONTROL - POLICY................................................................................................................. 9.1 ACCESS CONTROL - SCOPE OF DUTIES - SECURITY STAFF........................................................ 14.10 ACCESS CONTROL - SECURITY RISK MANAGEMENT........................................................................ 9.1 ACCESS CONTROL - SIGNS................................................................................................................... 9.3 ACCESS CONTROL - SUMMARY OF POLICY STATEMENTS ................................................................. 3 ACCESS CONTROL - VIDEO INTERCOM SYSTEMS ............................................................................ 9.3 ACCESS CONTROL - WINDOWS............................................................................................................ 9.3 ADMINISTRATION - SAMPLE RISK ASSESSMENT TOOL .................................................................. 1.13 ADMINISTRATION - SECURITY OF PROPERTY.................................................................................. 20.5 ADMINISTRATIVE CONTROLS - SECURITY RISK CONTROL .............................................................. 1.5 AFTER HOURS VISITS - WORKING AWAY FROM BASE.................................................................... 16.4 ALARM SYSTEMS - CORE SECURITY ............................................................................................... 32.35 ALARM SYSTEMS - DURESS ALARMS................................................................................................ 11.2 ALARM SYSTEMS - GUIDELINES......................................................................................................... 11.1 ALARM SYSTEMS - INSTALLING DURESS ALARM ............................................................................ 11.3 ALARM SYSTEMS - INTRUDER ALARMS ............................................................................................ 11.6 ALARM SYSTEMS - POLICY ................................................................................................................. 11.1 ALARM SYSTEMS - SECURITY RISK MANAGEMENT ........................................................................ 11.1 ALARM SYSTEMS - SUMMARY OF POLICY STATEMENTS .................................................................... 3 ALARM SYSTEMS - TRAINING ............................................................................................................. 11.5 APPENDICES - SUMMARY OF POLICY STATEMENTS ........................................................................... 1 ARMED HOLD-UP - GUIDELINES ......................................................................................................... 27.1 ARMED HOLD-UP - POLICY.................................................................................................................. 27.1 ARMED HOLD-UP - POST INCIDENT ISSUES ..................................................................................... 27.2 ARMED HOLD-UP - SAMPLE PROCEDURE - WHAT TO DO............................................................... 27.3 ARMED HOLD-UP - SECURITY RISK MANAGEMENT......................................................................... 27.1 ARMED HOLD-UP - SUMMARY OF POLICY STATEMENTS..................................................................... 7 ARMED HOLD-UP - UNPLANNED EVENTS........................................................................................ 32.71 ARMED HOLD-UP - WHAT TO DO - ARMED HOLD-UP ....................................................................... 27.2 ARRESTING POLICE - CUSTODY OF POLICE ...................................................................................... 6.7 ASSESSING/PRIORITISING RISK - RISK MANAGEMENT POLICY..................................................... 1.16 ASSESSMENT TOOL - CORE SECURITY RISK CONTROLS ............................................................ 32.30 ASSESSMENT TOOL - SECURITY RISK MANAGEMENT FRAMEWORK ......................................... 32.15 ASSESSMENT TOOL - SECURITY SURVEY - INTERPRETING .......................................................... 31.7
B BEDSIDE COURTS - CUSTODY OF POLICE.......................................................................................... 6.8 BOMB THREAT - BOMB THREAT - WHAT TO DO ............................................................................... 25.2 BOMB THREAT - CHECKLIST ............................................................................................................... 25.6 BOMB THREAT - GUIDELINES ............................................................................................................. 25.1 BOMB THREAT - HANDLING/IDENTIFYING - SUSPICIOUS ITEMS.................................................... 25.3 BOMB THREAT - IDENTIFYING/HANDLING - SUSPICIOUS ITEMS.................................................... 25.3 BOMB THREAT - POLICY...................................................................................................................... 25.1 BOMB THREAT - POST INCIDENT ISSUES ......................................................................................... 25.4
BOMB THREAT - PROCEDURE ............................................................................................................ 25.8 BOMB THREAT - RELATED RESOURCES ........................................................................................... 25.5 BOMB THREAT - SECURITY AND HOUSEKEEPING........................................................................... 25.2 BOMB THREAT - SECURITY RISK MANAGEMENT ............................................................................. 25.1 BOMB THREAT - SUMMARY OF POLICY STATEMENTS......................................................................... 6 BOMB THREAT - UNPLANNED EVENTS............................................................................................ 32.37 BOMB THREAT - WHAT TO DO - BOMB THREAT ............................................................................... 25.2 BUILDING DESIGN - CLINICAL ENVIRONMENT.................................................................................. 15.2
C CAR PARK/VEHICLE SECURITY - VIOLENCE ..................................................................................... 26.2 CAR PARKS - PRIORITY AREAS ........................................................................................................ 32.54 CAR PARKS - SUMMARY OF POLICY STATEMENTS.............................................................................. 5 CASH HANDLING - SAMPLE RISK ASSESSMENT TOOL ................................................................... 1.11 CASH HANDLING - SECURITY OF PROPERTY................................................................................... 20.6 CATERING - SECURITY OF PROPERTY.............................................................................................. 20.3 CHAPTER 1 - SECURITY RISK MANAGEMENT FRAMEWORK ............................................................ 1.1 CHAPTER 10 - KEY CONTROL ............................................................................................................. 10.1 CHAPTER 11 - ALARM SYSTEMS ........................................................................................................ 11.1 CHAPTER 13 - WORKPLACE CAMERA SURVEILLANCE ................................................................... 13.1 CHAPTER 14 - PROVISION OF SECURITY SERVICES....................................................................... 14.1 CHAPTER 15 - SECURITY IN THE CLINICAL ENVIRONMENT............................................................ 15.1 CHAPTER 16 - SECURITY OF STAFF WORKING IN THE COMMUNITY ............................................ 16.1 CHAPTER 17 - SECURITY IN RURAL AND REMOTE HEALTH SERVICES ........................................ 17.1 CHAPTER 18 - SECURITY IN PHARMACIES........................................................................................ 18.1 CHAPTER 19 - SECURITY IN CAR PARKS .......................................................................................... 19.1 CHAPTER 2 - RESPONSIBILITIES .......................................................................................................... 2.1 CHAPTER 20 - SECURITY PROPERTY ................................................................................................ 20.1 CHAPTER 21 - SECURITY OF INFORMATION..................................................................................... 21.1 CHAPTER 22 - SECURITY OF MEDICAL GASES................................................................................. 22.1 CHAPTER 23 - SECURITY OF RADIOACTIVE SUBSTANCES ............................................................ 23.1 CHAPTER 24 - FIRE SECURITY............................................................................................................ 24.1 CHAPTER 25 - BOMB THREAT ............................................................................................................. 25.1 CHAPTER 26 - VIOLENCE..................................................................................................................... 26.1 CHAPTER 27 - ARMED HOLD-UP......................................................................................................... 27.1 CHAPTER 28 - USE OF WEAPONS BY SECURITY STAFF ................................................................. 28.1 CHAPTER 29 - DURESS RESPONSE ARRANGEMENTS.................................................................... 29.1 CHAPTER 3 - SECURITY RISK MANAGEMENT - PLANNING PROCESS............................................. 3.1 CHAPTER 30 - EFFECTIVE INCIDENT MANAGEMENT....................................................................... 30.1 CHAPTER 31 - PART ONE - GUIDELINES............................................................................................ 31.1 CHAPTER 32 - PART TWO - ASSESSMENT TOOL.............................................................................. 32.1 CHAPTER 33 - PART THREE - IMPROVEMENT PLAN ........................................................................ 33.1 CHAPTER 4 - HEALTH FACILITY DESIGN STANDARDS ...................................................................... 4.1 CHAPTER 5 - HEALTH SERVICE LEASING - PROPERTY - EXTERNAL............................................... 5.1 CHAPTER 6 - SECURITY ARRANGEMENTS - PATIENT IN CUSTODY ................................................ 6.1 CHAPTER 7 - SECURITY EDUCATION AND TRAINING ........................................................................ 7.1 CHAPTER 8 - SECURITY CONTINUOUS IMPROVEMENT .................................................................... 8.1 CHAPTER 9 - ACCESS CONTROL.......................................................................................................... 9.1 CHECKLIST - BOMB THREAT ............................................................................................................... 25.6 CHECKLIST - SECURITY OF STAFF WORKING IN THE COMMUNITY ............................................ 16.11 CLIENT SERVICES - SCOPE OF DUTIES - SECURITY STAFF ........................................................... 14.9 CLINICAL ENVIRONMENT - ACCESS CONTROL ................................................................................ 15.3 CLINICAL ENVIRONMENT - BUILDING DESIGN.................................................................................. 15.2 CLINICAL ENVIRONMENT - EDUCATION/TRAINING .......................................................................... 15.4 CLINICAL ENVIRONMENT - GUIDELINES............................................................................................ 15.1 CLINICAL ENVIRONMENT - PATIENT LIAISON/MANAGEMENT......................................................... 15.3 CLINICAL ENVIRONMENT - PATIENT RESTRAINT ............................................................................. 15.6 CLINICAL ENVIRONMENT - PATIENTS - SECURITY NEEDS ............................................................. 15.7
CLINICAL ENVIRONMENT - POLICY .................................................................................................... 15.1 CLINICAL ENVIRONMENT - PRIORITY AREAS ................................................................................. 32.45 CLINICAL ENVIRONMENT - RELATED RESOURCES ......................................................................... 15.9 CLINICAL ENVIRONMENT - RESPONDING TO VIOLENCE ................................................................ 15.6 CLINICAL ENVIRONMENT - SEARCHING PATIENTS/VISITORS ........................................................ 15.5 CLINICAL ENVIRONMENT - SECURITY RISK MANAGEMENT ........................................................... 15.2 CLINICAL ENVIRONMENT - SECURITY SERVICES ............................................................................ 15.4 CLINICAL ENVIRONMENT - STAFF AWARENESS .............................................................................. 15.4 CLINICAL ENVIRONMENT - STAFFING ISSUES.................................................................................. 15.4 CLINICAL ENVIRONMENT - SUMMARY OF POLICY STATEMENTS ....................................................... 4 COMMUNICATION TECHNOLOGY - SECURITY IN RURAL/REMOTE AREAS................................... 17.3 COMMUNICATION TECHNOLOGY - SECURITY OF STAFF IN COMMUNITY .................................... 16.8 COMMUNITY - PRIORITY AREAS - STAFF WORKING...................................................................... 32.47 COMMUNITY HEALTH SERVICES - GUIDELINES - RISK MANAGEMENT ......................................... 16.1 COMMUNITY VISITS - WORKING AWAY FROM BASE ....................................................................... 16.2 COMPETENCY BASED TRAINING - GUIDELINES................................................................................. 7.3 CONCLUSION COMMUNITY VISITS - WORKING AWAY FROM BASE............................................... 16.4 CONDUCTING - SECURITY SURVEY - PROCESS OVERVIEW .......................................................... 31.2 CONSULTATION - GUIDELINES ............................................................................................................. 1.2 CONTINUOUS IMPROVEMENT - SECURITY RISK MANAGEMENT ................................................. 32.28 CONTINUOUS IMPROVEMENT - SUMMARY OF POLICY STATEMENTS............................................... 2 CONTRACTED SECURITY - WEAPONS - SECURITY STAFF ............................................................. 28.4 CORE SECURITY - ACCESS CONTROL ............................................................................................ 32.31 CORE SECURITY - ALARM SYSTEMS ............................................................................................... 32.35 CORE SECURITY - DURESS RESPONSE ARRANGEMENTS........................................................... 32.42 CORE SECURITY - KEY CONTROL.................................................................................................... 32.33 CORE SECURITY - LIGHTING............................................................................................................. 32.37 CORE SECURITY - PROVISION OF SECURITY SERVICES.............................................................. 32.38 CORE SECURITY RISK CONTROLS - ASSESSMENT TOOL ............................................................ 32.30 CORPORATE GOVERNANCE/ACCOUNTABILITY - GUIDELINES ...................................................... 26.1 CORRECTIVE SERVICES INMATES - PATIENTS IN CUSTODY ........................................................... 6.2 COVERT SURVEILLANCE - WORKPLACE CAMERA SURVEILLANCE .............................................. 13.7 CRIME PREVENTION - GUIDELINES ..................................................................................................... 4.1 CUSTODY OF POLICE - ARRESTING POLICE ...................................................................................... 6.7 CUSTODY OF POLICE - BEDSIDE COURTS.......................................................................................... 6.8 CUSTODY OF POLICE - FIREARMS..................................................................................................... 6.10 CUSTODY OF POLICE - INTRODUCTION.............................................................................................. 6.7 CUSTODY OF POLICE - MENTAL HEALTH PATIENTS ......................................................................... 6.9 CUSTODY OF POLICE - PATIENTS IN CUSTODY................................................................................. 6.7 CUSTODY OF POLICE - PERSONS REFUSED BAIL ............................................................................. 6.8 CUSTODY OF POLICE - POLICE GUARD .............................................................................................. 6.8 CUSTODY OF POLICE - RESTRAINTS................................................................................................... 6.9 CUSTODY OF POLICE - SUPERVISION................................................................................................. 6.9
D DEFINITIONS - HEALTH SERVICE ............................................................................................................ 2 DEFINITIONS - INTRODUCTION................................................................................................................ 1 DEFINITIONS - NSW HEALTH.................................................................................................................... 1 DEFINITIONS - SECURITY ......................................................................................................................... 1 DEFINITIONS - WORKPLACE CAMERA SURVEILLANCE................................................................... 13.1 DESIGN ISSUES - ACCESS CONTROL.................................................................................................. 9.2 DEVELOPING PERFORMANCE INDICATORS - GUIDELINES .............................................................. 8.2 DISPOSAL/STORAGE - WEAPONS - GUIDELINES ............................................................................. 14.7 DISTINGUISHING BETWEEN FUNDS - SPECIAL PURPOSE & TRUST FUND..................................... 4.3 DOCUMENTATION - WEAPONS - SECURITY STAFF ......................................................................... 28.3 DOORS - ACCESS CONTROL................................................................................................................. 9.2 DURESS ALARMS - ALARM SYSTEM .................................................................................................. 11.2 DURESS RESPONSE - DURESS RESPONSE ARRANGEMENTS ...................................................... 29.2
DURESS RESPONSE - SUMMARY OF POLICY STATEMENTS............................................................... 7 DURESS RESPONSE ARRANGEMENTS - CORE SECURITY........................................................... 32.42 DURESS RESPONSE ARRANGEMENTS - DURESS RESPONSE ...................................................... 29.2 DURESS RESPONSE ARRANGEMENTS - DURESS RESPONSE TEAMS ......................................... 29.3 DURESS RESPONSE ARRANGEMENTS - GUIDELINES .................................................................... 29.1 DURESS RESPONSE ARRANGEMENTS - MODEL RESPONSE PROCEDURES .............................. 29.6 DURESS RESPONSE ARRANGEMENTS - PLANNING/IMPLEMENTATION ....................................... 29.3 DURESS RESPONSE ARRANGEMENTS - POLICY............................................................................. 29.1 DURESS RESPONSE ARRANGEMENTS - POST INCIDENT ISSUES ................................................ 29.5 DURESS RESPONSE TEAMS - DURESS RESPONSE ARRANGEMENTS ......................................... 29.3 DURING COMMUNITY VISITS - WORKING AWAY FROM BASE ........................................................ 16.4
E EDUCATION - TRAINING - SECURITY RISK MANAGEMENT............................................................ 32.26 EDUCATION/TRAINING - CLINICAL ENVIRONMENT .......................................................................... 15.4 EDUCATION/TRAINING - SUMMARY OF POLICY STATEMENTS ........................................................... 2 EFFECTIVE INCIDENT MANAGEMENT - GUIDELINES ....................................................................... 30.1 EFFECTIVE INCIDENT MANAGEMENT - POLICY................................................................................ 30.1 EMERGENCY DEPARTMENTS - SAMPLE RISK ASSESSMENT TOOL.............................................. 1.12 EMERGENCY PROCEDURES - SAMPLE RISK ASSESSMENT TOOL................................................ 1.14 EMERGENCY RESPONSE - SCOPE OF DUTIES - SECURITY STAFF............................................... 14.9 ENGINEERING CONTROL - SECURITY RISK CONTROL ..................................................................... 1.5 ENGINEERING/MAINTENANCE - SECURITY OF PROPERTY ............................................................ 20.2 EQUIP STANDARDS - INTRODUCTION .................................................................................................... 2 ESCORTS - SCOPE OF DUTIES - SECURITY STAFF ......................................................................... 14.9 EVALUATION EDUCATION/TRAINING - GUIDELINES .......................................................................... 7.5 EVASIVE SELF-DEFENCE - GUIDELINES............................................................................................ 14.3 EVASIVE SELF-DEFENCE - SECURITY OF STAFF IN COMMUNITY ................................................. 16.7 EVASIVE SELF-DEFENCE TRAINING - GUIDELINES............................................................................ 7.4 EVENT OF A FIRE - FIRE SECURITY - WHAT TO DO ......................................................................... 24.2 EVIDENCE GUIDELINES - SECURITY IMPROVEMENT TOOL............................................................ 32.6 EXECUTION OF DUTY - GUIDELINES - USING FORCE...................................................................... 14.3 EXECUTIVE SUMMARY ........................................................................................................................ 31.1 EXTERNAL ORGANISATIONS - NATURE OF BUSINESS - LEASING................................................... 5.3 EXTERNAL ORGANISATIONS - PLACEMENT OF BUSINESS - LEASING............................................ 5.3 EXTERNAL ORGANISATIONS - SECURITY ARRANGEMENTS - LEASING ......................................... 5.3 EXTERNAL ORGANISATIONS - SECURITY RISK MANAGEMENT - LEASING..................................... 5.2 EXTERNAL PARTIES - GUIDELINES - LEASING - PROPERTY............................................................. 5.1 EXTERNAL PARTIES - LEGISLATIVE FRAMEWORK - LEASING.......................................................... 5.1 EXTERNAL PARTIES - POLICY - LEASING - PROPERTY ..................................................................... 5.1 EXTERNAL PARTIES - SECURITY RISK MANAGEMENT - LEASING ................................................... 5.2
F FIRE - SUMMARY OF POLICY STATEMENTS .......................................................................................... 6 FIRE - UNPLANNED EVENTS ............................................................................................................. 32.65 FIRE SECURITY - GUIDELINES ............................................................................................................ 24.1 FIRE SECURITY - POLICY .................................................................................................................... 24.1 FIRE SECURITY - POST INCIDENT ISSUES ........................................................................................ 24.2 FIRE SECURITY - SECURITY RISK MANAGEMENT............................................................................ 24.1 FIRE SECURITY - WHAT TO DO - EVENT OF A FIRE ......................................................................... 24.2 FIREARMS - CUSTODY OF POLICE..................................................................................................... 6.10 FORENSIC PATIENTS - PATIENTS IN CUSTODY ............................................................................... 6.10 FURTHER INFORMATION - SECURITY IN PHARMACIES .................................................................. 18.3
G GENERAL ISSUES - WORKPLACE CAMERA SURVEILLANCE .......................................................... 13.3 GUIDELINES - ACCESS CONTROL ........................................................................................................ 9.1 GUIDELINES - ALARM SYSTEMS......................................................................................................... 11.1 GUIDELINES - ARMED HOLD-UP ......................................................................................................... 27.1 GUIDELINES - BOMB THREAT ............................................................................................................. 25.1 GUIDELINES - CLINICAL ENVIRONMENT............................................................................................ 15.1 GUIDELINES - COMPETENCY BASED TRAINING................................................................................. 7.3 GUIDELINES - CONSULTATION ............................................................................................................. 1.2 GUIDELINES - CORPORATE GOVERNANCE ACCOUNTABILITY ...................................................... 26.1 GUIDELINES - CRIME PREVENTION ..................................................................................................... 4.1 GUIDELINES - DEVELOPING PERFORMANCE INDICATORS .............................................................. 8.2 GUIDELINES - DISPOSAL/STORAGE - WEAPONS ............................................................................. 14.7 GUIDELINES - DURESS RESPONSE ARRANGEMENTS .................................................................... 29.1 GUIDELINES - EFFECTIVE INCIDENT MANAGEMENT ....................................................................... 30.1 GUIDELINES - EVALUATION EDUCATION/TRAINING .......................................................................... 7.5 GUIDELINES - EVASIVE SELF-DEFENCE............................................................................................ 14.3 GUIDELINES - EVASIVE SELF-DEFENCE TRAINING............................................................................ 7.4 GUIDELINES - FIRE SECURITY ............................................................................................................ 24.1 GUIDELINES - HEALTH FACILITY DESIGN STANDARDS..................................................................... 4.1 GUIDELINES - HEALTH SERVICE LEASING - PROPERTY - EXTERNAL ............................................. 5.1 GUIDELINES - HEALTH SERVICE RESOURCES................................................................................... 7.4 GUIDELINES - HOW THE MANUAL IS ARRANGED.................................................................................. 2 GUIDELINES - KEY CONTROL.............................................................................................................. 10.1 GUIDELINES - LIGHTING ...................................................................................................................... 12.1 GUIDELINES - MEASURING/EVALUATING PERFORMANCE ............................................................... 8.2 GUIDELINES - OVERVIEW ...................................................................................................................... 1.1 GUIDELINES - PRIORITY AREAS ......................................................................................................... 15.1 GUIDELINES - PROVISION OF SECURITY SERVICES ....................................................................... 14.1 GUIDELINES - PROVISION OF TRAINING ............................................................................................. 7.3 GUIDELINES - RECOGNITION PRIOR LEARNING ................................................................................ 7.3 GUIDELINES - RESTORATION/RETENTION - WEAPONS .................................................................. 14.5 GUIDELINES - RESTRAINTS................................................................................................................. 14.4 GUIDELINES - RETENTION/RESTORATION - WEAPONS .................................................................. 14.5 GUIDELINES - RISK MANAGEMENT - COMMUNITY HEALTH SERVICES ......................................... 16.1 GUIDELINES - ROLE SECURITY SERVICES ....................................................................................... 14.2 GUIDELINES - SEARCHING PATIENTS/VISITORS.............................................................................. 14.4 GUIDELINES - SECURITY ARRANGEMENTS - PATIENTS IN CUSTODY ............................................ 6.1 GUIDELINES - SECURITY CONTINUOUS IMPROVEMENT................................................................... 8.1 GUIDELINES - SECURITY EDUCATION AND TRAINING ...................................................................... 7.2 GUIDELINES - SECURITY IN CAR PARKS ........................................................................................... 19.1 GUIDELINES - SECURITY IN PHARMACIES ........................................................................................ 18.1 GUIDELINES - SECURITY IN RURAL AND REMOTE HEALTH SERVICES ........................................ 17.1 GUIDELINES - SECURITY OF INFORMATION ..................................................................................... 21.1 GUIDELINES - SECURITY OF MEDICAL GASES ................................................................................. 22.1 GUIDELINES - SECURITY OF PROPERTY........................................................................................... 20.1 GUIDELINES - SECURITY OF RADIOACTIVE SUBSTANCES............................................................. 23.1 GUIDELINES - SECURITY OF STAFF WORKING IN COMMUNITY..................................................... 16.1 GUIDELINES - SECURITY RISK MANAGEMENT ................................................................................. 14.1 GUIDELINES - SECURITY RISK MANAGEMENT - PLANNING PROCESS ........................................... 3.1 GUIDELINES - SECURITY RISK MANAGEMENT POLICY AND PROGRAM ......................................... 1.1 GUIDELINES - SECURITY SURVEY ..................................................................................................... 31.3 GUIDELINES - SPACE MANAGEMENT .................................................................................................. 4.2 GUIDELINES - SPECIALIST TRAINING .................................................................................................. 7.5 GUIDELINES - STORAGE/DISPOSAL - WEAPONS ............................................................................. 14.7 GUIDELINES - SURVEILLANCE .............................................................................................................. 4.2 GUIDELINES - TERRITORIAL REINFORCEMENT ................................................................................. 4.1 GUIDELINES - TRAINING NEEDS........................................................................................................... 7.2
GUIDELINES - TYPES OF KEYS ........................................................................................................... GUIDELINES - USING FORCE - EXECUTION OF DUTY...................................................................... GUIDELINES - VIOLENCE ..................................................................................................................... GUIDELINES - WEAPONS - SECURITY STAFF ................................................................................... GUIDELINES - WORKPLACE CAMERA SURVEILLANCE ....................................................................
10.1 14.3 26.1 28.3 13.2
H HANDLING/IDENTIFYING - SUSPICIOUS ITEMS - BOMB THREAT.................................................... 25.3 HAZARD IDENTIFICATION - SECURITY RISK MANAGEMENT POLICY............................................... 1.3 HAZARD REPORTING - SECURITY RISK MANAGEMENT POLICY...................................................... 1.7 HEALTH FACILITY DESIGN STANDARDS - GUIDELINES..................................................................... 4.1 HEALTH FACILITY DESIGN STANDARDS - POLICY ............................................................................. 4.1 HEALTH FACILITY DESIGN STANDARDS - SUMMARY POLICY STATEMENTS .................................... 1 HEALTH FACILITY SCORE SHEET - SECURITY MANAGEMENT TOOL ............................................ 32.4 HEALTH SERVICE - DEFINITIONS ............................................................................................................ 2 HEALTH SERVICE LEASING - PROPERTY - EXTERNAL - GUIDELINES ............................................. 5.1 HEALTH SERVICE LEASING - PROPERTY - EXTERNAL - LEGISLATION ........................................... 5.1 HEALTH SERVICE LEASING - PROPERTY - EXTERNAL - POLICY...................................................... 5.1 HEALTH SERVICE LEASING - PROPERTY - EXTERNAL - RISK .......................................................... 5.2 HEALTH SERVICE LEASING PROPERTY - SUMMARY POLICY STATEMENTS..................................... 2 HEALTH SERVICE RESOURCES - GUIDELINES................................................................................... 7.4 HELICOPTER LANDINGS/DEPARTURES - SECURITY STAFF ......................................................... 14.10 HOW THE MANUAL IS ARRANGED - GUIDELINES.................................................................................. 2 HOW THE MANUAL IS ARRANGED - INTRODUCTION ............................................................................ 2 HOW THE MANUAL IS ARRANGED - LEGISLATIVE FRAMEWORK ........................................................ 2 HOW THE MANUAL IS ARRANGED - POLICY .......................................................................................... 2 HOW TO USE THE TOOL - SECURITY SURVEY ............................................................................... 31.10
I IDENTIFICATION - SCOPE OF DUTIES - SECURITY STAFF ............................................................ 14.10 IDENTIFICATION/ELECTRONIC ACCESS - ACCESS CONTROL.......................................................... 9.4 IDENTIFYING - SUSPICIOUS ITEMS .................................................................................................... 25.3 IDENTIFYING/HANDLING - SUSPICIOUS ITEMS - BOMB THREAT.................................................... 25.3 INCIDENT INFORMATION - SECURITY OF INFORMATION ................................................................ 21.3 INCIDENT INVESTIGATION - SECURITY RISK MANAGEMENT POLICY ............................................. 1.7 INCIDENT MANAGEMENT - SECURITY RISK MANAGEMENT POLICY ............................................... 1.7 INCIDENT MANAGEMENT - SUMMARY OF POLICY STATEMENTS ....................................................... 7 INCIDENT REPORTING - SECURITY RISK MANAGEMENT POLICY.................................................... 1.7 INCIDENT RESPONSE - SCOPE OF DUTIES - SECURITY STAFF ..................................................... 14.9 INFORMATION - PRIORITY AREAS.................................................................................................... 32.58 INFORMATION - SUMMARY OF POLICY STATEMENTS ......................................................................... 5 INJURY MANAGEMENT - SECURITY RISK MANAGEMENT POLICY ................................................... 1.8 INSTALLING DURESS ALARM - ALARM SYSTEMS ............................................................................ 11.3 INTERPRETING - ASSESSMENT TOOL - SECURITY SURVEY .......................................................... 31.7 INTRODUCTION - CUSTODY OF POLICE.............................................................................................. 6.7 INTRODUCTION - DEFINITIONS................................................................................................................ 1 INTRODUCTION - EQUIP STANDARDS .................................................................................................... 2 INTRODUCTION - HOW THE MANUAL IS ARRANGED ............................................................................ 2 INTRODUCTION - PURPOSE AND SCOPE OF DOCUMENT ................................................................... 1 INTRODUCTION - RELATED DOCUMENTS/LEGISLATION ..................................................................... 3 INTRODUCTION - SECURITY SURVEY................................................................................................ 31.3 INTRODUCTION - VERSIONS .................................................................................................................... 4 INTRUDER ALARMS - ALARM SYSTEMS ............................................................................................ 11.6 ISOLATED CENTRES - SECURITY OF STAFF WORKING IN COMMUNITY....................................... 16.5
J JUVENILE JUSTICE DETAINEES - PATIENTS IN CUSTODY ................................................................ 6.5
K KEY CONTROL - CORE SECURITY.................................................................................................... 32.33 KEY CONTROL - GUIDELINES.............................................................................................................. 10.1 KEY CONTROL - MANAGING KEYS ..................................................................................................... 10.2 KEY CONTROL - POLICY ...................................................................................................................... 10.1 KEY CONTROL - SAMPLE RISK ASSESSMENT TOOL ....................................................................... 1.10 KEY CONTROL - SCOPE OF DUTIES - SECURITY STAFF ............................................................... 14.10 KEY CONTROL - SECURITY RISK MANAGEMENT ............................................................................. 10.1 KEY CONTROL - SUMMARY OF POLICY STATEMENTS......................................................................... 3
L LABELLING INFORMATION - SECURITY OF INFORMATION ............................................................. 21.4 LANDSCAPING - SAMPLE RISK ASSESSMENT TOOL ......................................................................... 1.9 LAUNDRY - SECURITY OF PROPERTY ............................................................................................... 20.3 LEASING OF PROPERTY - SECURITY RISK MANAGEMENT........................................................... 32.21 LEASING PREMISES - ORGANISATIONS - NATURE OF BUSINESS ................................................... 5.3 LEASING PREMISES - ORGANISATIONS - PLACEMENT OF BUSINESS ............................................ 5.3 LEASING PREMISES - ORGANISATIONS - SECURITY ARRANGEMENTS.......................................... 5.3 LEASING PREMISES - ORGANISATIONS - SECURITY RISK MANAGEMENT ..................................... 5.2 LEGISLATION - SECURITY SURVEY - RELATED DOCUMENTS ...................................................... 31.12 LEGISLATIVE FRAMEWORK - HOW THE MANUAL IS ARRANGED ........................................................ 2 LEGISLATIVE FRAMEWORK - LEASING - PROPERTY - EXTERNAL ................................................... 5.1 LEGISLATIVE FRAMEWORK - SECURITY EDUCATION AND TRAINING............................................. 7.1 LEGISLATIVE FRAMEWORK - WEAPONS - OHS ACT 2000 ............................................................... 28.2 LEGISLATIVE FRAMEWORK - WEAPONS - SECURITY STAFF.......................................................... 28.1 LEGISLATIVE FRAMEWORK - WEAPONS - WEAPONS PROHIBITION REG..................................... 28.1 LEGISLATIVE FRAMEWORK - WORKPLACE CAMERA SURVEILLANCE .......................................... 13.1 LEGISLATIVE/POLICY ENVIRONMENT - SECURITY OF INFORMATION .......................................... 21.2 LICENSING REQUIREMENTS - MASTER SECURITY LICENCE ......................................................... 14.8 LICENSING REQUIREMENTS - PROVISION OF SECURITY SERVICES............................................ 14.8 LICENSING REQUIREMENTS - TYPES OF LICENCES ....................................................................... 14.8 LIGHTING - CORE SECURITY............................................................................................................. 32.37 LIGHTING - GUIDELINES ...................................................................................................................... 12.1 LIGHTING - POLICY............................................................................................................................... 12.1 LIGHTING - SAMPLE RISK ASSESSMENT TOOL .................................................................................. 1.9 LIGHTING - SECURITY RISK MANAGEMENT ...................................................................................... 12.1 LIGHTING - SUMMARY OF POLICY STATEMENTS.................................................................................. 3 LOCKING/UNLOCKING BUILDINGS - SCOPE DUTIES - SECURITY STAFF ...................................... 14.9
M MAIL DELIVERIES - SECURITY OF PROPERTY.................................................................................. 20.6 MANAGING KEYS - KEY CONTROL ..................................................................................................... 10.2 MASTER SECURITY LICENCE - LICENSING REQUIREMENTS ......................................................... 14.8 MEASURING/EVALUATING PERFORMANCE - GUIDELINES ............................................................... 8.2 MEDICAL GASES - PRIORITY AREAS................................................................................................ 32.60 MEDICAL GASES - SUMMARY OF POLICY STATEMENTS ..................................................................... 5 MEDICAL RECORDS - SAMPLE RISK ASSESSMENT TOOL .............................................................. 1.14 MENTAL HEALTH PATIENTS - CUSTODY OF POLICE ......................................................................... 6.9 MODEL DURESS RESPONSE PROCEDURES - ARRANGEMENTS ................................................... 29.6
MONITORING AND REVIEW - SECURITY RISK MANAGEMENT POLICY............................................ 1.6 MOVEMENT AT WORK - VIOLENCE .................................................................................................... 26.2
N NATURE OF BUSINESS - LEASING - EXTERNAL ORGANISATIONS................................................... 5.3 NSW HEALTH - DEFINITIONS.................................................................................................................... 1
O OCCUPATIONAL HEALTH SAFETY ACT 2000 - WEAPONS ............................................................... 28.2 OPERATING ROOMS - SAMPLE RISK ASSESSMENT TOOL ............................................................. 1.12 OVERT CAMERA - WORKPLACE CAMERA SURVEILLANCE ............................................................. 13.2 OVERVIEW - GUIDELINES ...................................................................................................................... 1.1 OVERVIEW - SECURITY SURVEY........................................................................................................ 31.5
P PARKING CONTROL - SCOPE OF DUTIES - SECURITY STAFF ........................................................ 14.9 PATIENT LIAISON/MANAGEMENT - CLINICAL ENVIRONMENT......................................................... 15.3 PATIENT RESTRAINT - CLINICAL ENVIRONMENT ............................................................................. 15.6 PATIENTS - SECURITY NEEDS - CLINICAL ENVIRONMENT ............................................................. 15.7 PATIENTS IN CUSTODY - CORRECTIVE SERVICES INMATES ........................................................... 6.2 PATIENTS IN CUSTODY - CUSTODY OF POLICE................................................................................. 6.7 PATIENTS IN CUSTODY - FORENSIC PATIENTS ............................................................................... 6.10 PATIENTS IN CUSTODY - GUIDELINES - SECURITY ARRANGEMENTS ............................................ 6.1 PATIENTS IN CUSTODY - JUVENILE JUSTICE DETAINEES ................................................................ 6.5 PATIENTS IN CUSTODY - POLICY - SECURITY ARRANGEMENTS..................................................... 6.1 PATIENTS IN CUSTODY - SECURITY RISK MANAGEMENT ............................................................ 32.24 PATIENTS IN CUSTODY - SECURITY RISK MANAGEMENT - ARRANGEMENT ................................. 6.1 PATIENTS IN CUSTODY - SUMMARY OF POLICY STATEMENTS .......................................................... 2 PATIENTS' PROPERTY - SECURITY OF PROPERTY ......................................................................... 20.6 PATROLLING - SCOPE OF DUTIES - SECURITY STAFF .................................................................... 14.9 PERSONAL HEALTH INFORMATION - SECURITY OF INFORMATION .............................................. 21.3 PERSONAL PROTECTIVE EQUIPMENT - SECURITY RISK CONTROL ............................................... 1.6 PERSONNEL/CONTRACTOR ID SYSTEMS - ACCESS CONTROL....................................................... 9.3 PERSONS REFUSED BAIL - CUSTODY OF POLICE ............................................................................. 6.8 PHARMACIES - PRIORITY AREAS ..................................................................................................... 32.52 PHARMACIES - SUMMARY OF POLICY STATEMENTS........................................................................... 5 PLACEMENT OF BUSINESS - LEASING PREMISES - ORGANISATIONS ............................................ 5.3 PLACEMENT OF CAMERAS - WORKPLACE CAMERA SURVEILLANCE ........................................... 13.5 PLANNING PROCESS - GUIDELINES - SECURITY RISK MANAGEMENT ........................................... 3.1 PLANNING PROCESS - POLICY - SECURITY RISK MANAGEMENT.................................................... 3.1 PLANNING PROCESS - SECURITY RISK MANAGEMENT ................................................................ 32.19 PLANNING/IMPLEMENTATION/REVIEWING - DURESS RESPONSE................................................. 29.3 POLICE GUARD - CUSTODY OF POLICE .............................................................................................. 6.8 POLICY - ACCESS CONTROL................................................................................................................. 9.1 POLICY - ALARM SYSTEMS ................................................................................................................. 11.1 POLICY - ARMED HOLD-UP.................................................................................................................. 27.1 POLICY - BOMB THREAT ...................................................................................................................... 25.1 POLICY - CLINICAL ENVIRONMENT .................................................................................................... 15.1 POLICY - DURESS RESPONSE ARRANGEMENTS............................................................................. 29.1 POLICY - EFFECTIVE INCIDENT MANAGEMENT................................................................................ 30.1 POLICY - FIRE SECURITY .................................................................................................................... 24.1 POLICY - HEALTH FACILITY DESIGN STANDARDS ............................................................................. 4.1 POLICY - HEALTH SERVICE LEASING - PROPERTY - EXTERNAL...................................................... 5.1 POLICY - HOW THE MANUAL IS ARRANGED .......................................................................................... 2
POLICY - KEY CONTROL ...................................................................................................................... 10.1 POLICY - LIGHTING............................................................................................................................... 12.1 POLICY - PROVISION OF SECURITY SERVICES................................................................................ 14.1 POLICY - SECURITY ARRANGEMENTS - PATIENTS IN CUSTODY..................................................... 6.1 POLICY - SECURITY CONTINUOUS IMPROVEMENT ........................................................................... 8.1 POLICY - SECURITY EDUCATION AND TRAINING ............................................................................... 7.1 POLICY - SECURITY IN CAR PARKS ................................................................................................... 19.1 POLICY - SECURITY IN PHARMACIES ................................................................................................ 18.1 POLICY - SECURITY IN RURAL AND REMOTE HEALTH SERVICES ................................................. 17.1 POLICY - SECURITY OF INFORMATION.............................................................................................. 21.1 POLICY - SECURITY OF MEDICAL GASES ......................................................................................... 22.1 POLICY - SECURITY OF PROPERTY ................................................................................................... 20.1 POLICY - SECURITY OF RADIOACTIVE SUBSTANCES ..................................................................... 23.1 POLICY - SECURITY OF STAFF WORKING IN THE COMMUNITY ..................................................... 16.1 POLICY - SECURITY RISK MANAGEMENT - PLANNING PROCESS.................................................... 3.1 POLICY - SECURITY RISK MANAGEMENT POLICY AND PROGRAM.................................................. 1.1 POLICY - VIOLENCE.............................................................................................................................. 26.1 POLICY - WEAPONS - SECURITY STAFF............................................................................................ 28.1 POLICY - WORKPLACE CAMERA SURVEILLANCE ............................................................................ 13.1 POLICY AND PROGRAM - SECURITY RISK MANAGEMENT............................................................ 32.16 POST INCIDENT ISSUES - ARMED HOLD-UP ..................................................................................... 27.2 POST INCIDENT ISSUES - BOMB THREAT ......................................................................................... 25.4 POST INCIDENT ISSUES - DURESS RESPONSE ARRANGEMENTS ................................................ 29.5 POST INCIDENT ISSUES - FIRE SECURITY ........................................................................................ 24.2 POST INCIDENT ISSUES - VIOLENCE ................................................................................................. 26.5 PRECAUTION - SECURITY OF STAFF WORKING IN COMMUNITY ................................................... 16.9 PRE-EMPLOYMENT SCREENING - PROVISION SECURITY SERVICES ........................................... 14.8 PRIOR TO LEAVING BASE - WORKING AWAY FROM BASE.............................................................. 16.4 PRIORITY AREAS - CAR PARKS ........................................................................................................ 32.54 PRIORITY AREAS - CLINICAL ENVIRONMENT ................................................................................. 32.45 PRIORITY AREAS - GUIDELINES ......................................................................................................... 15.1 PRIORITY AREAS - INFORMATION.................................................................................................... 32.58 PRIORITY AREAS - MEDICAL GASES................................................................................................ 32.60 PRIORITY AREAS - PHARMACIES ..................................................................................................... 32.52 PRIORITY AREAS - PROPERTY ......................................................................................................... 32.55 PRIORITY AREAS - RADIOACTIVE SUBSTANCES ........................................................................... 32.62 PRIORITY AREAS - RURAL - REMOTE FACILITIES .......................................................................... 32.49 PRIORITY AREAS - STAFF WORKING - COMMUNITY...................................................................... 32.47 PRIORITY WORKPLACES - SECURITY RISK CONTROL...................................................................... 1.6 PROCEDURE - BOMB THREAT ............................................................................................................ 25.8 PROCESS OVERVIEW - CONDUCTING - SECURITY SURVEY .......................................................... 31.2 PROHIBITED SURVEILLANCE - WORKPLACE CAMERA SURVEILLANCE ....................................... 13.7 PROPERTY - EXTERNAL - GUIDELINES - HEALTH SERVICE LEASING ............................................. 5.1 PROPERTY - EXTERNAL - LEGISLATIVE - HEALTH SERVICE LEASING............................................ 5.1 PROPERTY - EXTERNAL - POLICY - HEALTH SERVICE LEASING...................................................... 5.1 PROPERTY - EXTERNAL - SECURITY RISK - HEALTH SERVICE LEASING ....................................... 5.2 PROPERTY - PRIORITY AREAS ......................................................................................................... 32.55 PROPERTY - SUMMARY OF POLICY STATEMENTS............................................................................... 5 PROVISION OF SECURITY SERVICES - CORE SECURITY.............................................................. 32.38 PROVISION OF SECURITY SERVICES - EVASIVE SELF-DEFENCE ................................................. 14.3 PROVISION OF SECURITY SERVICES - GUIDELINES ....................................................................... 14.1 PROVISION OF SECURITY SERVICES - LICENSING REQUIREMENTS............................................ 14.8 PROVISION OF SECURITY SERVICES - POLICY................................................................................ 14.1 PROVISION OF SECURITY SERVICES - PRE-EMPLOYMENT SCREENING ..................................... 14.8 PROVISION OF SECURITY SERVICES - RESTRAINTS ...................................................................... 14.4 PROVISION OF SECURITY SERVICES - RETENTION - WEAPONS................................................... 14.5 PROVISION OF SECURITY SERVICES - ROLE OF SECURITY SERVICES ....................................... 14.2 PROVISION OF SECURITY SERVICES - SCOPE OF DUTIES - STAFF.............................................. 14.9 PROVISION OF SECURITY SERVICES - SEARCHING PATIENTS/VISITORS.................................... 14.4 PROVISION OF SECURITY SERVICES - SECURITY RISK MANAGEMENT ....................................... 14.1
PROVISION OF SECURITY SERVICES - STORAGE/DISPOSAL WEAPONS ..................................... 14.7 PROVISION OF SECURITY SERVICES - SUMMARY OF POLICY............................................................ 3 PROVISION OF SECURITY SERVICES - USING FORCE .................................................................... 14.3 PROVISION OF TRAINING - GUIDELINES ............................................................................................. 7.3 PURPOSE AND SCOPE - SECURITY SURVEY.................................................................................... 31.3 PURPOSE AND SCOPE OF DOCUMENT - INTRODUCTION ................................................................... 1
R RADIOACTIVE SUBSTANCES - PRIORITY AREAS ........................................................................... 32.62 RADIOACTIVE SUBSTANCES - SUMMARY OF POLICY STATEMENTS ................................................. 6 RECOGNITION PRIOR LEARNING - GUIDELINES ................................................................................ 7.3 RELATED DOCUMENTS - LEGISLATION - SECURITY SURVEY ...................................................... 31.12 RELATED DOCUMENTS/LEGISLATION - INTRODUCTION...................................................................... 3 RELATED PROCEDURES - WORKPLACE CAMERA SURVEILLANCE ............................................... 13.5 RELATED RESOURCES - BOMB THREAT ........................................................................................... 25.5 RELATED RESOURCES - CLINICAL ENVIRONMENT ......................................................................... 15.9 RELATED RESOURCES - SECURITY IN RURAL/REMOTE HEALTH SERVICES............................... 17.4 RELATED RESOURCES - SECURITY OF PROPERTY ........................................................................ 20.7 REMOTE FACILITIES - PRIORITY AREAS - RURAL .......................................................................... 32.49 REPORTS/INVESTIGATIONS - SCOPE OF DUTIES - SECURITY STAFF ........................................ 14.10 RESPONDING - SUSPICIOUS ITEMS................................................................................................... 25.4 RESPONDING TO VIOLENCE - CLINICAL ENVIRONMENT ................................................................ 15.6 RESPONSIBILITIES ................................................................................................................................. 2.1 RESPONSIBILITIES - SECURITY RISK MANAGEMENT .................................................................... 32.18 RESPONSIBILITIES - SUMMARY OF POLICY STATEMENTS.................................................................. 1 RESTORATION/RETENTION - WEAPONS - GUIDELINES .................................................................. 14.5 RESTRAINTS - CUSTODY OF POLICE................................................................................................... 6.9 RESTRAINTS - GUIDELINES................................................................................................................. 14.4 RETENTION/RESTORATION - WEAPONS - GUIDELINES .................................................................. 14.5 RISK ASSESSMENT - SECURITY RISK MANAGEMENT POLICY/PROGRAM...................................... 1.4 RISK CONTROL - SECURITY RISK MANAGEMENT POLICY/PROGRAM ............................................ 1.5 RISK MANAGEMENT - COMMUNITY HEALTH SERVICES - GUIDELINES ......................................... 16.1 RISK MANAGEMENT - GUIDELINES .................................................................................................... 14.1 RISK MANAGEMENT - SECURITY IN RURAL/REMOTE HEALTH SERVICES.................................... 17.1 RISK MANAGEMENT - SECURITY OF INFORMATION........................................................................ 21.1 RISK MANAGEMENT - SECURITY OF MEDICAL GASES.................................................................... 22.1 RISK MANAGEMENT - SECURITY OF RADIOACTIVE SUBSTANCES ............................................... 23.1 RISK MANAGEMENT - VIOLENCE........................................................................................................ 26.2 ROLE SECURITY SERVICES - GUIDELINES ....................................................................................... 14.2 RURAL - REMOTE FACILITIES - PRIORITY AREAS .......................................................................... 32.49 RURAL/REMOTE HEALTH SERVICES - SUMMARY POLICY STATEMENTS .......................................... 4
S SAMPLE PROCEDURE - WHAT TO DO - ARMED HOLD-UP............................................................... 27.3 SAMPLE RISK ASSESSMENT TOOL - ACCESS .................................................................................... 1.9 SAMPLE RISK ASSESSMENT TOOL - ADMINISTRATION .................................................................. 1.13 SAMPLE RISK ASSESSMENT TOOL - CASH HANDLING ................................................................... 1.11 SAMPLE RISK ASSESSMENT TOOL - EMERGENCY DEPARTMENTS.............................................. 1.12 SAMPLE RISK ASSESSMENT TOOL - EMERGENCY PROCEDURES................................................ 1.14 SAMPLE RISK ASSESSMENT TOOL - KEY CONTROL ....................................................................... 1.10 SAMPLE RISK ASSESSMENT TOOL - LANDSCAPING ......................................................................... 1.9 SAMPLE RISK ASSESSMENT TOOL - LIGHTING .................................................................................. 1.9 SAMPLE RISK ASSESSMENT TOOL - MEDICAL RECORDS .............................................................. 1.14 SAMPLE RISK ASSESSMENT TOOL - OPERATING ROOMS ............................................................. 1.12 SAMPLE RISK ASSESSMENT TOOL - SECURITY DOCUMENTATION .............................................. 1.11 SAMPLE RISK ASSESSMENT TOOL - SECURITY EQUIPMENT......................................................... 1.14
SAMPLE RISK ASSESSMENT TOOL - SECURITY RISK MANAGEMENT ............................................. 1.9 SAMPLE RISK ASSESSMENT TOOL - STAFF LIVING QUARTERS .................................................... 1.13 SAMPLE RISK ASSESSMENT TOOL - STORES .................................................................................. 1.11 SAMPLE RISK ASSESSMENT TOOL - VEHICLES ............................................................................... 1.13 SAMPLE RISK ASSESSMENT TOOL - WARDS/DEPARTMENTS........................................................ 1.12 SCOPE OF DUTIES - SECURITY STAFF - ACCESS CONTROL........................................................ 14.10 SCOPE OF DUTIES - SECURITY STAFF - CLIENT SERVICES ........................................................... 14.9 SCOPE OF DUTIES - SECURITY STAFF - EMERGENCY RESPONSE............................................... 14.9 SCOPE OF DUTIES - SECURITY STAFF - ESCORTS ......................................................................... 14.9 SCOPE OF DUTIES - SECURITY STAFF - HELICOPTER LANDINGS............................................... 14.10 SCOPE OF DUTIES - SECURITY STAFF - IDENTIFICATION ............................................................ 14.10 SCOPE OF DUTIES - SECURITY STAFF - INCIDENT RESPONSE ..................................................... 14.9 SCOPE OF DUTIES - SECURITY STAFF - KEY CONTROL ............................................................... 14.10 SCOPE OF DUTIES - SECURITY STAFF - LOCKING/UNLOCKING .................................................... 14.9 SCOPE OF DUTIES - SECURITY STAFF - PARKING CONTROL ........................................................ 14.9 SCOPE OF DUTIES - SECURITY STAFF - PATROLLING .................................................................... 14.9 SCOPE OF DUTIES - SECURITY STAFF - PROVISION OF SERVICES.............................................. 14.9 SCOPE OF DUTIES - SECURITY STAFF - REPORTS/INVESTIGATIONS ........................................ 14.10 SCREENING AREAS - SUSPICIOUS ITEMS......................................................................................... 25.3 SEARCHING PATIENTS/VISITORS - CLINICAL ENVIRONMENT ........................................................ 15.5 SEARCHING PATIENTS/VISITORS - GUIDELINES.............................................................................. 14.4 SEARCHING PERSONS/PROPERTY - SECURITY OF PROPERTY.................................................... 20.7 SECURITY - DEFINITIONS ......................................................................................................................... 1 SECURITY AND HOUSEKEEPING - BOMB THREAT........................................................................... 25.2 SECURITY ARRANGEMENTS - LEASING - EXTERNAL ORGANISATIONS ......................................... 5.3 SECURITY ARRANGEMENTS - PATIENTS IN CUSTODY - GUIDELINES ............................................ 6.1 SECURITY ARRANGEMENTS - PATIENTS IN CUSTODY - POLICY..................................................... 6.1 SECURITY ARRANGEMENTS - PATIENTS IN CUSTODY - SECURITY RISK....................................... 6.1 SECURITY CONTINUOUS IMPROVEMENT - GUIDELINES................................................................... 8.1 SECURITY CONTINUOUS IMPROVEMENT - POLICY ........................................................................... 8.1 SECURITY DOCUMENTATION - SAMPLE RISK ASSESSMENT TOOL .............................................. 1.11 SECURITY EDUCATION AND TRAINING - EVALUATION ..................................................................... 7.5 SECURITY EDUCATION AND TRAINING - EVASIVE SELF-DEFENCE................................................. 7.4 SECURITY EDUCATION AND TRAINING - GUIDELINES ...................................................................... 7.2 SECURITY EDUCATION AND TRAINING - HEALTH SERVICE RESOURCES...................................... 7.4 SECURITY EDUCATION AND TRAINING - LEGISLATIVE FRAMEWORK............................................. 7.1 SECURITY EDUCATION AND TRAINING - MANAGING VIOLENT BEHAVIOUR .................................. 7.4 SECURITY EDUCATION AND TRAINING - NEEDS - STAFF ................................................................. 7.2 SECURITY EDUCATION AND TRAINING - POLICY ............................................................................... 7.1 SECURITY EDUCATION AND TRAINING - PROVISION OF TRAINING ................................................ 7.3 SECURITY EDUCATION AND TRAINING - RECOGNITION PRIOR LEARNING ................................... 7.3 SECURITY EDUCATION AND TRAINING - SPECIALIST TRAINING ..................................................... 7.5 SECURITY EQUIPMENT - SAMPLE RISK ASSESSMENT TOOL......................................................... 1.14 SECURITY IMPROVEMENT PLAN ........................................................................................................ 33.1 SECURITY IMPROVEMENT TOOL - EVIDENCE GUIDELINES............................................................ 32.6 SECURITY IMPROVEMENT TOOL - HEALTH FACILITY SCORE SHEET ........................................... 32.4 SECURITY IN CAR PARKS - GUIDELINES ........................................................................................... 19.1 SECURITY IN CAR PARKS - POLICY ................................................................................................... 19.1 SECURITY IN CAR PARKS - SECURITY RISK MANAGEMENT........................................................... 19.1 SECURITY IN PHARMACIES - FURTHER INFORMATION .................................................................. 18.3 SECURITY IN PHARMACIES - GUIDELINES ........................................................................................ 18.1 SECURITY IN PHARMACIES - POLICY ................................................................................................ 18.1 SECURITY IN PHARMACIES - SECURITY RISK MANAGEMENT........................................................ 18.1 SECURITY IN RURAL/REMOTE HEALTH SERVICES - COMMUNICATION........................................ 17.3 SECURITY IN RURAL/REMOTE HEALTH SERVICES - GUIDELINES ................................................. 17.1 SECURITY IN RURAL/REMOTE HEALTH SERVICES - POLICY.......................................................... 17.1 SECURITY IN RURAL/REMOTE HEALTH SERVICES - RELATED RESOURCES............................... 17.4 SECURITY IN RURAL/REMOTE HEALTH SERVICES - RISK MANAGEMENT.................................... 17.1 SECURITY NEEDS - CLINICAL ENVIRONMENT - PATIENTS ............................................................. 15.7 SECURITY OF INFORMATION - GUIDELINES ..................................................................................... 21.1
SECURITY OF INFORMATION - INCIDENT INFORMATION ................................................................ 21.3 SECURITY OF INFORMATION - LABELLING INFORMATION ............................................................. 21.4 SECURITY OF INFORMATION - LEGISLATIVE/POLICY ENVIRONMENT .......................................... 21.2 SECURITY OF INFORMATION - PERSONAL HEALTH INFORMATION .............................................. 21.3 SECURITY OF INFORMATION - POLICY.............................................................................................. 21.1 SECURITY OF INFORMATION - SECURITY RISK MANAGEMENT..................................................... 21.1 SECURITY OF MEDICAL GASES - GUIDELINES ................................................................................. 22.1 SECURITY OF MEDICAL GASES - POLICY ......................................................................................... 22.1 SECURITY OF MEDICAL GASES - SECURITY RISK MANAGEMENT................................................. 22.1 SECURITY OF PROPERTY - ADMINISTRATION.................................................................................. 20.5 SECURITY OF PROPERTY - CASH HANDLING................................................................................... 20.6 SECURITY OF PROPERTY - CATERING.............................................................................................. 20.3 SECURITY OF PROPERTY - ENGINEERING/MAINTENANCE ............................................................ 20.2 SECURITY OF PROPERTY - GUIDELINES .......................................................................................... 20.1 SECURITY OF PROPERTY - LAUNDRY ............................................................................................... 20.3 SECURITY OF PROPERTY - MAIL DELIVERIES.................................................................................. 20.6 SECURITY OF PROPERTY - PATIENTS' PROPERTY ......................................................................... 20.6 SECURITY OF PROPERTY - POLICY ................................................................................................... 20.1 SECURITY OF PROPERTY - RELATED RESOURCES ........................................................................ 20.7 SECURITY OF PROPERTY - SEARCHING PERSONS/PROPERTY.................................................... 20.7 SECURITY OF PROPERTY - SECURITY RISK MANAGEMENT .......................................................... 20.1 SECURITY OF PROPERTY - SPECIFIC AREAS FOR ATTENTION..................................................... 20.2 SECURITY OF PROPERTY - STAFF PROPERTY ................................................................................ 20.7 SECURITY OF PROPERTY - STORES ................................................................................................. 20.4 SECURITY OF PROPERTY - TRANSPORT .......................................................................................... 20.2 SECURITY OF RADIOACTIVE SUBSTANCES - GUIDELINES............................................................. 23.1 SECURITY OF RADIOACTIVE SUBSTANCES - POLICY ..................................................................... 23.1 SECURITY OF RADIOACTIVE SUBSTANCES - RISK MANAGEMENT ............................................... 23.1 SECURITY OF RADIOACTIVE SUBSTANCES - TRANSPORT OF ...................................................... 23.2 SECURITY OF STAFF WORKING IN COMMUNITY - CHECKLIST .................................................... 16.11 SECURITY OF STAFF WORKING IN COMMUNITY - COMMUNICATION ........................................... 16.8 SECURITY OF STAFF WORKING IN COMMUNITY - GUIDELINES..................................................... 16.1 SECURITY OF STAFF WORKING IN COMMUNITY - ISOLATED CENTRES....................................... 16.5 SECURITY OF STAFF WORKING IN COMMUNITY - POLICY ............................................................. 16.1 SECURITY OF STAFF WORKING IN COMMUNITY - PRECAUTIONS................................................. 16.9 SECURITY OF STAFF WORKING IN COMMUNITY - RISK MANAGEMENT........................................ 16.1 SECURITY OF STAFF WORKING IN COMMUNITY - SELF DEFENCE ............................................... 16.7 SECURITY OF STAFF WORKING IN COMMUNITY - VIOLENT BEHAVIOUR ..................................... 16.6 SECURITY OF STAFF WORKING IN COMMUNITY - WORKING AWAY ............................................. 16.2 SECURITY RISK CONTROL - ADMINISTRATIVE CONTROLS .............................................................. 1.5 SECURITY RISK CONTROL - ENGINEERING CONTROL ..................................................................... 1.5 SECURITY RISK CONTROL - PERSONAL PROTECTIVE EQUIPMENT ............................................... 1.6 SECURITY RISK CONTROL - PRIORITY WORKPLACES ...................................................................... 1.6 SECURITY RISK MANAGEMENT - ACCESS CONTROL........................................................................ 9.1 SECURITY RISK MANAGEMENT - ARMED HOLD-UP......................................................................... 27.1 SECURITY RISK MANAGEMENT - BOMB THREAT ............................................................................. 25.1 SECURITY RISK MANAGEMENT - CLINICAL ENVIRONMENT ........................................................... 15.2 SECURITY RISK MANAGEMENT - CONTINUOUS IMPROVEMENT ................................................. 32.28 SECURITY RISK MANAGEMENT - EDUCATION - TRAINING............................................................ 32.26 SECURITY RISK MANAGEMENT - FIRE SECURITY............................................................................ 24.1 SECURITY RISK MANAGEMENT - KEY CONTROL ............................................................................. 10.1 SECURITY RISK MANAGEMENT - LEASING - EXTERNAL ORGANISATIONS..................................... 5.2 SECURITY RISK MANAGEMENT - LEASING - PROPERTY - EXTERNAL ............................................ 5.2 SECURITY RISK MANAGEMENT - LEASING OF PROPERTY........................................................... 32.21 SECURITY RISK MANAGEMENT - LIGHTING ...................................................................................... 12.1 SECURITY RISK MANAGEMENT - PATIENTS IN CUSTODY ............................................................ 32.24 SECURITY RISK MANAGEMENT - PLANNING PROCESS ................................................................ 32.19 SECURITY RISK MANAGEMENT - PLANNING PROCESS - GUIDELINES ........................................... 3.1 SECURITY RISK MANAGEMENT - PLANNING PROCESS - POLICY.................................................... 3.1 SECURITY RISK MANAGEMENT - POLICY AND PROGRAM............................................................ 32.16
SECURITY RISK MANAGEMENT - RESPONSIBILITIES .................................................................... 32.18 SECURITY RISK MANAGEMENT - SECURITY - PATIENTS IN CUSTODY ........................................... 6.1 SECURITY RISK MANAGEMENT - SECURITY IN CAR PARKS........................................................... 19.1 SECURITY RISK MANAGEMENT - SECURITY IN PHARMACIES........................................................ 18.1 SECURITY RISK MANAGEMENT - SECURITY OF PROPERTY .......................................................... 20.1 SECURITY RISK MANAGEMENT - SUMMARY OF POLICY STATEMENTS ............................................ 1 SECURITY RISK MANAGEMENT FRAMEWORK - ASSESSMENT TOOL ......................................... 32.15 SECURITY RISK MANAGEMENT PLANNING PROCESS - SUMMARY.................................................... 1 SECURITY RISK MANAGEMENT POLICY/PROGRAM - ASSESSING RISK ....................................... 1.16 SECURITY RISK MANAGEMENT POLICY/PROGRAM - ASSESSMENT TOOL .................................... 1.9 SECURITY RISK MANAGEMENT POLICY/PROGRAM - GUIDELINES.................................................. 1.1 SECURITY RISK MANAGEMENT POLICY/PROGRAM - HAZARD REPORTING .................................. 1.7 SECURITY RISK MANAGEMENT POLICY/PROGRAM - HAZARDS ...................................................... 1.3 SECURITY RISK MANAGEMENT POLICY/PROGRAM - INCIDENT INVEST ........................................ 1.7 SECURITY RISK MANAGEMENT POLICY/PROGRAM - INCIDENT MANAGE ...................................... 1.7 SECURITY RISK MANAGEMENT POLICY/PROGRAM - INCIDENT REPORTING ................................ 1.7 SECURITY RISK MANAGEMENT POLICY/PROGRAM - INJURY MANAGEMENT................................ 1.8 SECURITY RISK MANAGEMENT POLICY/PROGRAM - MONITORING/REVIEW ................................. 1.6 SECURITY RISK MANAGEMENT POLICY/PROGRAM - POLICY .......................................................... 1.1 SECURITY RISK MANAGEMENT POLICY/PROGRAM - RISK ASSESSMENT ..................................... 1.4 SECURITY RISK MANAGEMENT POLICY/PROGRAM - RISK CONTROL ............................................ 1.5 SECURITY SERVICES - CLINICAL ENVIRONMENT ............................................................................ 15.4 SECURITY STAFF - ACCESS CONTROL - SCOPE OF DUTIES........................................................ 14.10 SECURITY STAFF - CLIENT SERVICES - SCOPE OF DUTIES ........................................................... 14.9 SECURITY STAFF - CONTRACTED SECURITY - WEAPONS ............................................................. 28.4 SECURITY STAFF - DOCUMENTATION - WEAPONS ......................................................................... 28.3 SECURITY STAFF - EMERGENCY RESPONSE - SCOPE OF DUTIES............................................... 14.9 SECURITY STAFF - ESCORTS - SCOPE OF DUTIES ......................................................................... 14.9 SECURITY STAFF - GUIDELINES - WEAPONS ................................................................................... 28.3 SECURITY STAFF - HELICOPTER LANDINGS/DEPARTURES - SCOPE ......................................... 14.10 SECURITY STAFF - IDENTIFICATION - SCOPE OF DUTIES ............................................................ 14.10 SECURITY STAFF - INCIDENT RESPONSE - SCOPE OF DUTIES ..................................................... 14.9 SECURITY STAFF - KEY CONTROL - SCOPE OF DUTIES ............................................................... 14.10 SECURITY STAFF - LEGISLATIVE FRAMEWORK - WEAPONS.......................................................... 28.1 SECURITY STAFF - LOCKING/UNLOCKING BUILDINGS - SCOPE .................................................... 14.9 SECURITY STAFF - PARKING CONTROL - SCOPE OF DUTIES ........................................................ 14.9 SECURITY STAFF - PATROLLING - SCOPE OF DUTIES .................................................................... 14.9 SECURITY STAFF - POLICY - WEAPONS............................................................................................ 28.1 SECURITY STAFF - PROVISION SECURITY SERVICES - SCOPE..................................................... 14.9 SECURITY STAFF - REPORTS/INVESTIGATIONS - SCOPE OF DUTIES ........................................ 14.10 SECURITY SURVEY - GUIDELINES ..................................................................................................... 31.3 SECURITY SURVEY - HOW TO USE THE TOOL ............................................................................... 31.10 SECURITY SURVEY - INTERPRETING - ASSESSMENT TOOL .......................................................... 31.7 SECURITY SURVEY - INTRODUCTION................................................................................................ 31.3 SECURITY SURVEY - OVERVIEW........................................................................................................ 31.5 SECURITY SURVEY - PROCESS OVERVIEW - CONDUCTING .......................................................... 31.2 SECURITY SURVEY - PURPOSE AND SCOPE.................................................................................... 31.3 SECURITY SURVEY - RELATED DOCUMENTS - LEGISLATION ...................................................... 31.12 SECURITY SURVEY - STATUS OF TOOL ............................................................................................ 31.4 SECURITY SURVEY - TARGET GROUP .............................................................................................. 31.4 SIGNS - ACCESS CONTROL................................................................................................................... 9.3 SPACE MANAGEMENT - GUIDELINES .................................................................................................. 4.2 SPECIALIST TRAINING - GUIDELINES .................................................................................................. 7.5 SPECIFIC AREAS FOR ATTENTION - SECURITY OF PROPERTY..................................................... 20.2 STAFF ACCOMMODATION - VIOLENCE.............................................................................................. 26.3 STAFF AT NIGHT - VIOLENCE.............................................................................................................. 26.3 STAFF AWARENESS - CLINICAL ENVIRONMENT .............................................................................. 15.4 STAFF LIVING QUARTERS - SAMPLE RISK ASSESSMENT TOOL .................................................... 1.13 STAFF PROPERTY - SECURITY OF PROPERTY ................................................................................ 20.7 STAFF WORKING - COMMUNITY - PRIORITY AREAS...................................................................... 32.47
STAFF WORKING IN COMMUNITY - SUMMARY POLICY STATEMENTS ............................................... 4 STAFFING ISSUES - CLINICAL ENVIRONMENT.................................................................................. 15.4 STAFFING ISSUES - WORKPLACE CAMERA SURVEILLANCE.......................................................... 13.4 STATUS OF TOOL - SECURITY SURVEY ............................................................................................ 31.4 STORAGE/DISPOSAL - WEAPONS - GUIDELINES ............................................................................. 14.7 STORES - SAMPLE RISK ASSESSMENT TOOL .................................................................................. 1.11 STORES - SECURITY OF PROPERTY ................................................................................................. 20.4 SUMMARY OF POLICY STATEMENTS - ACCESS CONTROL ............................................................ 3, 3 SUMMARY OF POLICY STATEMENTS - ALARM SYSTEMS ............................................................... 3, 3 SUMMARY OF POLICY STATEMENTS - APPENDICES ........................................................................... 1 SUMMARY OF POLICY STATEMENTS - ARMED HOLD-UP ............................................................... 7, 7 SUMMARY OF POLICY STATEMENTS - BOMB THREAT.................................................................... 6, 6 SUMMARY OF POLICY STATEMENTS - CAMERA SURVEILLANCE ....................................................... 3 SUMMARY OF POLICY STATEMENTS - CAR PARKS......................................................................... 5, 5 SUMMARY OF POLICY STATEMENTS - CLINICAL ENVIRONMENT .................................................. 4, 4 SUMMARY OF POLICY STATEMENTS - CONTINUOUS IMPROVEMENT .......................................... 2, 2 SUMMARY OF POLICY STATEMENTS - DESIGN STANDARDS......................................................... 1, 1 SUMMARY OF POLICY STATEMENTS - DURESS RESPONSE.......................................................... 7, 7 SUMMARY OF POLICY STATEMENTS - EDUCATION AND TRAINING.............................................. 2, SUMMARY OF POLICY STATEMENTS - FIRE .......................................................................................... SUMMARY OF POLICY STATEMENTS - FIRE SECURITY ....................................................................... SUMMARY OF POLICY STATEMENTS - INCIDENT MANAGEMENT .................................................. 7,
2 6 6 7
SUMMARY OF POLICY STATEMENTS - INFORMATION .................................................................... 5, 5 SUMMARY OF POLICY STATEMENTS - KEY CONTROL.................................................................... 3, 3 SUMMARY OF POLICY STATEMENTS - LEASING OF PROPERTY ........................................................ 2 SUMMARY OF POLICY STATEMENTS - LEASING PROPERTY .............................................................. 2 SUMMARY OF POLICY STATEMENTS - LIGHTING............................................................................. 3, 3 SUMMARY OF POLICY STATEMENTS - MEDICAL GASES ................................................................ 5, 6 SUMMARY OF POLICY STATEMENTS - PATIENTS IN CUSTODY ..................................................... 2, 2 SUMMARY OF POLICY STATEMENTS - PHARMACIES...................................................................... 5, 5 SUMMARY OF POLICY STATEMENTS - PLANNING PROCESS.............................................................. 1 SUMMARY OF POLICY STATEMENTS - PROGRAM ................................................................................ 1 SUMMARY OF POLICY STATEMENTS - PROPERTY.......................................................................... 5, 5 SUMMARY OF POLICY STATEMENTS - PROVISION SECURITY SERVICES......................................... 3 SUMMARY OF POLICY STATEMENTS - RADIOACTIVE SUBSTANCES ............................................ 6, 6 SUMMARY OF POLICY STATEMENTS - RESPONSIBILITIES............................................................. 1, SUMMARY OF POLICY STATEMENTS - RISK MANAGEMENT PLANNING ............................................ SUMMARY OF POLICY STATEMENTS - RURAL/REMOTE HEALTH SERVICES .................................... SUMMARY OF POLICY STATEMENTS - RURAL/REMOTE SERVICES ................................................... SUMMARY OF POLICY STATEMENTS - SECURITY RISK MANAGEMENT ............................................ SUMMARY OF POLICY STATEMENTS - SECURITY SERVICES ............................................................. SUMMARY OF POLICY STATEMENTS - STAFF IN COMMUNITY............................................................ SUMMARY OF POLICY STATEMENTS - STAFF WORKING COMMUNITY.............................................. SUMMARY OF POLICY STATEMENTS - VIDEO SURVEILLANCE ...........................................................
1 1 4 5 1 4 4 4 3
SUMMARY OF POLICY STATEMENTS - VIOLENCE ........................................................................... 6, 6 SUMMARY OF POLICY STATEMENTS - WEAPONS ........................................................................... 7, 7 SUPERVISION - CUSTODY OF POLICE................................................................................................. 6.9 SURVEILLANCE - GUIDELINES .............................................................................................................. 4.2 SURVEILLANCE RECORDS - WORKPLACE CAMERA SURVEILLANCE ........................................... 13.6 SUSPICIOUS ITEMS - BOMB THREAT - HANDLING/IDENTIFYING.................................................... 25.3 SUSPICIOUS ITEMS - BOMB THREAT - IDENTIFYING/HANDLING.................................................... 25.3 SUSPICIOUS ITEMS - IDENTIFYING .................................................................................................... 25.3 SUSPICIOUS ITEMS - RESPONDING................................................................................................... 25.4 SUSPICIOUS ITEMS - SCREENING AREAS ........................................................................................ 25.3
T TARGET GROUP - SECURITY SURVEY .............................................................................................. 31.4 TERRITORIAL REINFORCEMENT - GUIDELINES ................................................................................. 4.1 TRAINING - ALARMS SYSTEMS ........................................................................................................... 11.5 TRAINING - SECURITY RISK MANAGEMENT - EDUCATION............................................................ 32.26 TRAINING NEEDS - GUIDELINES........................................................................................................... 7.2 TRANSPORT - SECURITY OF PROPERTY .......................................................................................... 20.2 TRANSPORT RADIOACTIVE SUBSTANCES - SECURITY .................................................................. 23.2 TRANSPORTING CASH - VIOLENCE ................................................................................................... 26.3 TYPES OF KEYS - GUIDELINES ........................................................................................................... 10.1 TYPES OF LICENCES - LICENSING REQUIREMENTS ....................................................................... 14.8
U UNPLANNED EVENTS - ARMED HOLD-UP ....................................................................................... 32.71 UNPLANNED EVENTS - BOMB THREAT............................................................................................ 32.67 UNPLANNED EVENTS - FIRE ............................................................................................................. 32.65 UNPLANNED EVENTS - VIOLENCE ................................................................................................... 32.69 USING FORCE - EXECUTION OF DUTY - GUIDELINES...................................................................... 14.3
V VEHICLE/CAR PARK SECURITY - VIOLENCE ..................................................................................... 26.2 VEHICLES - SAMPLE RISK ASSESSMENT TOOL ............................................................................... 1.13 VERSIONS - INTRODUCTION .................................................................................................................... 4 VIDEO INTERCOM SYSTEMS - ACCESS CONTROL ............................................................................ 9.3 VIDEO SURVEILLANCE - SUMMARY OF POLICY STATEMENTS ........................................................... 3 VIOLENCE - CAR PARK/VEHICLE SECURITY ..................................................................................... 26.2 VIOLENCE - GUIDELINES ..................................................................................................................... 26.1 VIOLENCE - MOVEMENT AT WORK .................................................................................................... 26.2 VIOLENCE - POLICY.............................................................................................................................. 26.1 VIOLENCE - POST INCIDENT ISSUES ................................................................................................. 26.5 VIOLENCE - RISK MANAGEMENT........................................................................................................ 26.2 VIOLENCE - STAFF ACCOMMODATION.............................................................................................. 26.3 VIOLENCE - STAFF AT NIGHT.............................................................................................................. 26.3 VIOLENCE - SUMMARY OF POLICY STATEMENTS ................................................................................ 6 VIOLENCE - TRANSPORTING CASH ................................................................................................... 26.3 VIOLENCE - UNPLANNED EVENTS ................................................................................................... 32.69 VIOLENCE - VEHICLE/CAR PARK SECURITY ..................................................................................... 26.2 VIOLENCE - VIOLENT BEHAVIOUR ..................................................................................................... 26.3 VIOLENCE - ZERO TOLERANCE POLICY ............................................................................................ 26.5 VIOLENT BEHAVIOUR - SECURITY OF STAFF WORKING IN COMMUNITY ..................................... 16.6 VIOLENT BEHAVIOUR - VIOLENCE ..................................................................................................... 26.3
W WARDS/DEPARTMENTS - SAMPLE RISK ASSESSMENT TOOL........................................................ WEAPONS - GUIDELINES - DISPOSAL/STORAGE ............................................................................. WEAPONS - GUIDELINES - RESTORATION/RETENTION .................................................................. WEAPONS - GUIDELINES - RETENTION/RESTORATION .................................................................. WEAPONS - GUIDELINES - STORAGE/DISPOSAL ............................................................................. WEAPONS - OHS ACT 2000 - LEGISLATIVE FRAMEWORK ............................................................... WEAPONS - SECURITY STAFF - CONTRACTED SECURITY ............................................................. WEAPONS - SECURITY STAFF - DOCUMENTATION ......................................................................... WEAPONS - SECURITY STAFF - GUIDELINES ...................................................................................
1.12 14.7 14.5 14.5 14.7 28.2 28.4 28.3 28.3
WEAPONS - SECURITY STAFF - LEGISLATIVE FRAMEWORK.......................................................... 28.1 WEAPONS - SECURITY STAFF - POLICY............................................................................................ 28.1 WEAPONS - SUMMARY OF POLICY STATEMENTS ................................................................................ 7 WEAPONS - WEAPONS PROHIBITION REG 1999 - LEGISLATION.................................................... 28.1 WEAPONS PROHIBITION REG 1999 - LEGISLATION - WEAPONS.................................................... 28.1 WHAT TO DO - ARMED HOLD-UP ........................................................................................................ 27.2 WHAT TO DO - ARMED HOLD-UP - SAMPLE PROCEDURE............................................................... 27.2 WHAT TO DO - BOMB THREAT ............................................................................................................ 25.2 WHAT TO DO - EVENT OF A FIRE - FIRE SECURITY ......................................................................... 24.2 WINDOWS - ACCESS CONTROL............................................................................................................ 9.3 WORKING AWAY FROM BASE - AFTER HOURS VISITS.................................................................... 16.4 WORKING AWAY FROM BASE - COMMUNITY VISITS ....................................................................... 16.2 WORKING AWAY FROM BASE - CONCLUSION COMMUNITY VISITS............................................... 16.4 WORKING AWAY FROM BASE - DURING COMMUNITY VISITS ........................................................ 16.4 WORKING AWAY FROM BASE - PRIOR TO LEAVING BASE.............................................................. 16.4 WORKING AWAY FROM BASE - SECURITY - STAFF IN COMMUNITY.............................................. 16.2 WORKPLACE CAMERA SURVEILLANCE - COVERT SURVEILLANCE .............................................. 13.7 WORKPLACE CAMERA SURVEILLANCE - DEFINITIONS................................................................... 13.1 WORKPLACE CAMERA SURVEILLANCE - GENERAL ISSUES .......................................................... 13.3 WORKPLACE CAMERA SURVEILLANCE - GUIDELINES.................................................................... 13.2 WORKPLACE CAMERA SURVEILLANCE - LEGISLATIVE FRAMEWORK .......................................... 13.1 WORKPLACE CAMERA SURVEILLANCE - OVERT CAMERA ............................................................. 13.2 WORKPLACE CAMERA SURVEILLANCE - PLACEMENT OF CAMERAS ........................................... 13.5 WORKPLACE CAMERA SURVEILLANCE - POLICY ............................................................................ 13.1 WORKPLACE CAMERA SURVEILLANCE - PROHIBITED SURVEILLANCE ....................................... 13.7 WORKPLACE CAMERA SURVEILLANCE - RELATED PROCEDURES............................................... 13.5 WORKPLACE CAMERA SURVEILLANCE - STAFFING ISSUES.......................................................... 13.4 WORKPLACE CAMERA SURVEILLANCE - SURVEILLANCE RECORDS ........................................... 13.6
Z ZERO TOLERANCE POLICY - VIOLENCE............................................................................................ 26.5
Related Documents
Protecting People Property
November 2019 6
Property
May 2020 24
People
November 2019 24
