The International Association for Healthcare Security and Safety
(IAHSS) is a professional organization that educates, certifies,
and serves its members and the healthcare profession with
exclusive resources and benefits. IAHSS members include
individuals in healthcare security, law enforcement, safety and
emergency management leaders. IAHSS offers multiple levels
of certifications, including the prestigious Certified Healthcare
Protection Administrator (CHPA) certification.
The California State Threat Assessment System is an all hazards
Information Sharing partnership of Federal, State and Local law
enforcement agencies throughout California. The System connects
Suspicious Activity Reporting and incidents that may have a
possible Terrorism or Homeland Security nexus with law
enforcement statewide through a network of interconnected
Regional Threat Assessment Centers (RTACs) in San Diego, Los
Angeles, San Francisco, and Sacramento.
These Regional Centers are directly connected to the FBI and the
U.S. Department of Homeland Security, and provide regional
analysis and assessment of events, including patterns and trends,
to deter, detect and prevent terrorism in California.
Additionally, the State Threat Assessment Center (STAC), also in
Sacramento, is a partnership of the California Highway Patrol and
the Governor’s Office of Homeland Security, whose focus is
statewide analysis of incidents, trends and patterns to help
identify larger threats and protect key and critical
Suspicious Activity Reporting (SAR) programs such as “If You See
Something, Say Something” are active across the country and help
communities deter crime, violent incidents, and in some cases
prevent terrorism. The idea is simple, but for first
responders/receivers there are particular activities to look for
depending on your sector.
This training module can easily be added to any in-house training
for new employees or yearly refresher training for established
personnel. The new training
module joins others disciplines such as public safety
telecommunications, fire/EMS, emergency management, maritime, and
more. Those completing the training successfully can print a
All hospitals should know what suspicious activity is and how it
should be reported. All hospitals should also know which threat
assessment center they fall under and maintain contact
The law requires all licensed general acute-care hospitals, acute
psychiatric hospitals and specialty hospitals to conduct a
security and safety assessment at least annually. The law also
requires hospitals to use the assessment to develop a security
plan with measures to protect personnel, patients and visitors
from aggressive or violent behavior. The security and safety
assessment must examine trends of aggressive or violent behavior
at the facility. Hospitals must track incidents of aggressive or
violent behavior as part of the quality assessment and
improvement program, and for the purposes of developing a
security plan to deter and manage further aggressive or violent
acts of a similar nature. The plan may include, but must not be
limited to, security considerations relating to all of the
Security personnel availability
Policy and training related to appropriate responses to
Efforts to cooperate with local law enforcement regarding
violent acts in the facility
In developing this plan, hospitals are required to consider
guidelines or standards on violence in health care facilities
issued by the California Department of Public Health, the
Division of Occupational Safety and Health, and the federal
Occupational Safety and Health Administration. As part of the
security plan, hospitals are required to adopt security policies
including, but not limited to, personnel training policies
designed to protect personnel, patients and visitors from
aggressive or violent behavior. In developing the plan and
assessment, hospitals are required to consult with affected
employees, including the recognized collective bargaining agent
or agents, if any, and members of the hospital medical staff.
This consultation may occur through hospital committees. The
hospital committee responsible for developing the security plan
is required to be familiar with all of the following:
Role of security in hospital operations.
Protective measures, including alarms and access
Handling of disturbed patients, visitors and employees.
Identification of aggressive and violent predicting
Hospital safety and emergency preparedness.
Rudiments of documenting and reporting crimes, including, by
way of example, not disturbing a crime scene.
Hospitals are required to have sufficient personnel to provide
security pursuant to the security plan developed. Persons
regularly assigned to provide security in a hospital setting are
required to be trained regarding the role of security in hospital
operations, including the identification of aggressive and
violent predicting factors and management of violent
Any act of assault, which results in injury or involves the use
of a firearm or other dangerous weapon, against any on-duty
hospital personnel are required to be reported to the local law
enforcement agency within 72 hours of the incident (defined in
Section 240 of the Penal Code, or battery, as defined in Section
242 of the Penal Code). Any other act of assault, against any
on-duty hospital personnel, may be reported to the local law
enforcement agency within 72 hours of the incident. No health
facility or employee of a health facility who reports a known or
suspected instance of assault or battery pursuant to this section
shall be civilly or criminally liable for any report required by
this section (as defined in Section 240 of the Penal Code, or
battery, as defined in Section 242 of the Penal Code). Any
individual knowingly interfering with or obstructing the lawful
reporting process may be guilty of a misdemeanor.
All hospital employees, as well as other health care workers such
as physicians and nurse practitioners, regularly assigned to the
emergency department are required to receive education as
provided for in the security plan developed relating to the
General safety measures.
Personal safety measures.
Aggression and violence predicting factors.
Obtaining patient history from a patient with violent
Characteristics of aggressive and violent patients and
Verbal and physical maneuvers to diffuse and avoid violent
Strategies to avoid physical harm.
Appropriate use of medications as chemical restraints.
Any resources available to employees for coping with
incidents of violence, including, by way of example, critical
incident stress debriefing or employee assistance programs.
Temporary personnel are also required to be oriented to the
Hospitals are encouraged to review Health and Safety Code
Sections 1257.7 and 1257.8 to ensure compliance with this
This Information Bulletin contains information gained from
federal, state and local public safety sources with expertise in
explosives and response to explosives incidents. As with any
public safety issue, local agencies must determine local policies
and procedures. Note that a subsequent Information Bulletin will
be issued, to include information for use when responding to a
suspected bomber, if the call is received prior to an actual
NH-ISAC is nationally recognized as part of the nation’s
healthcare and public health critical infrastructure by the U.S.
Department of Health and Human Services (HHS), the Health Sector
Coordinating Council, the National Council of ISACs, and
the organizations that form the health sector.
With a mission to enable, foster and preserve the public trust by
advancing the physical and cyber security protection of the
nation’s healthcare and public health critical infrastructure
from threats and vulnerabilities, NH-ISAC is the health sector’s
coordination and communications channel supporting national
healthcare and public health cybersecurity Prevention,
Protection, Mitigation, Response and Recovery.
The Healthcare and Public Health Sector Critical Infrastructure
Protection Program, in the Office of the Assistant Secretary of
Preparedness and Response, leads a unique public and private
sector partnership in protecting the essential goods, services,
and functions of healthcare and public health that, if destroyed
or compromised, would negatively affect the Nation. The National
Infrastructure Protection Plan (NIPP) provides the framework for
the healthcare and public health sector protection, as well as 17
other designated critical infrastructure sectors mandated by the
Homeland Security Presidential Directive -7.
What they do:
Implement the NIPP sector partnership and risk management
Develop protective programs to protective actions to defend
against, prepare for, and mitigate the consequences of a
terrorist attack or other hazards
Provide guidance on sector critical infrastructure protection
in line with NIPP
Measure the sector’s performance toward sector protection
Encourage information sharing among all sector partners
Submit an annual sector plan and an annual sector report.