Increasing concerns around the physical safety of patients and security of information is causing healthcare facilities to find new, intelligent ways to address both. Fawn Staerkel, director of healthcare, North America at Johnson Controls, and Jason Rosselot, director of global product security at Johnson Controls, answer questions about how facilities are creating environments that promote patient and employee security.
Q: What are some of the biggest security challenges healthcare facilities face today?
Fawn Staerkel: There’s been an increase in random violence against clinical staff at hospitals, which is of course a major concern. Another rising concern is cybersecurity.
Jason Rosselot: In 2016, cyber-attacks against U.S. health providers increased by 320 percent, with a total of 377 reported data breaches. Medical records in that same year were worth up to ten times more than credit card numbers on the black market – so securing that information is a vital concern to healthcare facilities. As risky as these stats sound, they also reveal opportunities where technology can be used to improve the experience of patients and staff.
Q: How has the addition of Tyco security products given you the ability to have deeper conversations around security?
FS: The addition of Tyco allows us to assess risks and threats, then provide the technologies that help with early detection and rapid response. This includes video surveillance, mass notification and determining where risks exist and where they can occur next. We can now help by limiting the flow of traffic and built-in security with features like card access to important areas. Having the ability to address so many elements of security makes us uniquely positioned to discuss security in healthcare and provide customized solutions.
Q: What are the biggest concerns or risks related to building automation and cybersecurity?
JR: Healthcare facilities have a lot to lose if they are attacked by ransomware or have patient data stolen. The biggest concern is how to make sure automated systems are locked down and monitored for abnormalities and that IT systems aren’t open to outside influences. Hospitals are moving closer to automating the patient experience. That means giving patients control of their room environment, TV, scheduling and more. When properly architected and secured, these automated systems provide the greatest opportunity to improve the patient experience, as well as increase efficiencies for the hospital.
Q: As cybersecurity and building automation become part of the conversation, what shifts have you seen with regards to key stakeholders?
FS: The IT group is now involved in every single project. Chief information officers (CIOs) and chief information security officers (CISO) are also part of the conversation because it’s not just about data, it’s about access to the entirety of the hospital’s systems. We’re also talking to the chief nursing officer (CNO) and chief operating officer (COO) about integrating new technologies with existing ones. This relationship is about allowing the staff to improve efficiencies while also increasing the patient’s sense of safety and security.
Q: What are some best practices clients can employ to help optimize security in their building or on their campus?
FS: When we worked with Eskenazi Hospital in Indianapolis, we used technology contracting to leverage integration of clinical, facility and IT systems. This led to a smarter, safer, more optimized and efficient facility.
JR: More generally, adapting to new technologies, having a faster response time to alert staff and providing the technology for staff to request help or alert other employees to emergencies are all best practices to follow. These systems all require a partner like Johnson Controls who can help with new hospital construction or existing campus updates, creating the environment where security and cybersecurity are built into every element.