About Hospital Safety Center  
Career Center  
Contact Us
       Free Resources
Hospital Safety Insider

Mac's Safety Space  
        News & Analysis
Healthcare Safety Leader  
Environment of Care Leader  
Forms and Checklists Library  




Post-event security planning: Keys to an effective root cause analysis


An RCA can help security departments uncover weaknesses after a violent incident

Post-event security planning: Keys to an effective root cause analysis

An RCA can help security departments uncover weaknesses after a violent incident

Hospital security departments are tasked with preventing violent and criminal events. But the keys to future prevention efforts are often unveiled through past mistakes.

In its August 28 issue of Quick Safety, The Joint Commission focuses on preventing violent and criminal events. According to the publication, The Joint Commission has received 201 reports of violent criminal events since 2010, including 118 reports of rape, 32 reports of homicide, 28 reports of physical assault, seven reports of sexual assault, and 16 reports of shootings. In response, The Joint Commission lists several "safety actions to consider," including a "plan for post-event activities," which should include the following:

  • Provide an environment that promotes open communication
  • Develop written procedures for reporting and responding to violence
  • Offer and encourage counseling whenever a worker is threatened or assaulted


Also, in October, The Joint Commission updated its sentinel event statistics with data from January 1 to June 30, 2014. During that time period, criminal events (including assault, rape, or homicide) ranked as the seventh most frequently reported sentinel event with 29 events.

Violence in healthcare remains a prominent concern, but too few hospital security departments utilize a root cause analysis (RCA) to review recent security events, says Karim H. Vellani, CPP, CSC, president of Threat Analysis Group, LLC, in Houston.

"In healthcare, there is this pervasive concept of root cause analysis when it comes to medical decisions and treatment decisions," he says. "But the root cause analysis concept is not always adopted by security and safety."


Utilizing micro and macro reviews

Vellani estimates that only 20% of hospitals conduct a post-event security RCA, primarily because it is a time-consuming and labor-intensive process. But this exhaustive approach can help hospitals identify why an event occurred and what the security department could have done better in terms of prevention or response.

"I think that using that can shed a lot of light on the vulnerabilities?if any?that contributed to the incident that occurred," Vellani says.

Typically an RCA involves a multidisciplinary approach that includes security leaders, risk management, human resources, facilities management, and key members of hospital leadership. In instances where a staff member has been a victim of workplace violence, that staff member should be included in the review as well.

For all the benefits an RCA can bring, Vellani recognizes that hospitals need to pick and choose when to conduct them. Because RCA is time intensive, it should be reserved for major security incidents. Vellani suggests developing a written policy identifying specific incidents that would trigger this type of review. "It would have to be something with serious bodily injury, more than just a verbal assault," he says. "Or an attempted or actual infant abduction because those are fairly infrequent."

Although an RCA represents a "micro" level incident review, hospitals should also do a "macro" level review of security incidents by routinely tracking and documenting anything that would be considered a security breach or incident to identify trends. The problem is that there are often two reporting systems within the hospital: one through security and one through risk management. Properly identifying trends can be difficult when the systems overlap. To resolve that issue, some hospitals have trained staff to report security events to one department, such as security, and then security subsequently reports that information to risk management.

"At some point there has to be reconciliation between the two databases," Vellani says. "Once that occurs, then we can do the analysis if there are any more global, macro level trends."

 Editor's note: To learn more about RCA, check out HCPro's new book Beyond Root Cause Analysis: Building an Effective Program. Visit www.hcmarketplace.com/beyond-root-cause-analysis-building-an-effective-program-2 for more information.

Subscribe Now!
Sign up for our free e-newsletter
About Us | Terms of Use | Privacy Statement | Contact Us
Copyright © 2021. Hospital Safety Center.