Looking For Advice On Getting Deeper Into Healthcare Security

I have several healthcare agencies I have been supporting with access control and CCTV/IP video - but I am woefully under educated on both HIPAA and JHACO requirements. Its a fun field to work with (security wise) as the challenges seem high and the complexity seems to match if the hospital wants to handle things correctly -

I am familiar with ASIS and have been debating on getting a PSP certification, is there an organization for the healthcare side that is similar to ASIS but for healthcare professionals?

I'd like to learn more on this area but am having some troubles finding out where you might recommend I start.


Btw, one quick thing that might be useful to you: An Inside Look at Hospital Security.

I am not well versed in JCAHO or HIPAA, as when I was still in the integration field we had a dedicated healthcare rep who knew all that. But you may want to start with the International Association for Healthcare Security and Safety (IAHSS). It's a relatively small group compared to something like ASIS, but it's dedicated to the vertical. I remember meeting a couple of people who were involved in it and they were quite serious about it.

Their exams are for security officers, not designers, so likely not practical for you. But it's a place to start.

As far as the PSP, opinions are varied. I think it's not a bad knowledge set to have, but it's broad, and the systems information in it is dated. I found a lot of the stuff I learned useful just as a more holistic knowledge of how systems fit into an overall security scheme, but I don't think I would do it again, nor recommend it. Learn it, sure. Bother with the certification? Likely not...though you can get a cool embosser with your name on it once you have it...

PSP info is grossly outdated. Not worth getting the cert unless you NEED a certification.

The security organization that best represents the healthcare profession is the International Association for Healthcare Security & Safety (IAHSS). They offer several levels of certification and training and have local Chapters in most major cities.

Providing good security in healthcare is 90% operational and 10% technology. I have seen many security integrators and manufacturers fall flat on their face when they propose technology solutions without having a good grasp on the operational and regulatory aspects of healthcare security. Specific technology solutions are not "HIPAA and Joint Commission compliant", regardless of what the sellers of such solutions may advertise - compliance is achived by having a comprehesive security plan of which technology is only a small part.

If you have an interest in this field, I would suggest that you start out by reading Hospital and Healthcare Security by Russ Colling and Tony York, both legends in the hospital security profession.

In addition to IAHSS, another group to consider aligning with is The American Society for Healthcare Engineering, ASHE.

Most sizable hospitals have one of their Facilities Staff who are a member and they seem to live and breath The Joint Commission process (used to be JCAHO). In most cases the Joint Commission survey process is vital to continued Medicaid/Medicare funding so this remains high on their radar screen--from Facilities right through to Hospital Administrators.

Most of my interaction with ASHE members was on the Fire/Life Safety side, although Security is also covered.

Healthcare security is my specialty. I'd be happy to discuss further. John can pass along my information to you via email if you're interested.