Protecting People and Property Manual

The Protecting People and Property Manual explores NSW Health policy regarding the measures taken to assure personal and property security. This allows NSW Health Agencies to establish an effective security program that follows a structured, on-going risk management process, consultation, appropriate documentation, and record keeping and regular monitoring and evaluation.

The Manual breaks these procedures into four sections and addresses these measures in detail.

Security Risk Management Framework

Security risk management, as defined within the Protecting People and Property Manual, is the process of assessing the clinical and non-clinical environment, including consideration of internal and external risks. NSW Health Agencies should undertake risk management process in consultation with staff and other stakeholders. The purpose of this is to identify potential sources of risk and work closely to develop effective strategies to ensure that the potential threat exposure is contained.

A team of clinical, non-clinical, WHS and security staff should be organised to ensure that procedures are followed. The process of planning disciplinary and decision-making actions must be recorded, along with effective procedures, and steps should also be taken when determining risk control options.

Workplace safety is a critical in considering implicating changes in working environment. This places a huge responsibility NSW Health Agencies to ensure that control procedures are established to eliminate or effectively minimise the potential effect of threats.

Security risk associated with Leasing property for use by NSW Health Agencies or Leasing premises to external organisations must be monitored and related documentation maintained.

NSW Health Agencies also need to be aware that NSW Police, Corrective Services NSW, Juvenile Justice NSW and the Department of Immigration and Citizenship have operational protocols, regarding the transport and supervision of their inmates/detainees during treatment in a public health facility.

At the end of the day the security of patients is the responsibility of the agency that they are associated with.

A training analysis must be conducted at least every two years to ensure that well designed and structured procedures are placed to train current staff in relation to new security control measures.

Finally, ongoing review and continuous improvement of security risk management through audit and assurance processes must be established to ensure that the likelihood of intended outcomes is maximised.

Core Security Risk Controls

Effective access and egress controls must be put in place to offer a safe work environment. This should involve appropriately documented procedures and perimeter controls, including remote locking on main access doors to Emergency Departments (EDs). It should also include access/identification systems, along with appropriate lock down procedures.

Appropriate key control methods should be installed to support access control. A review of alarm systems must also be conducted, and external lighting must be sufficient to eliminate dark areas, allow facial recognition, and must facilitate the correct functioning of CCTV cameras.

In Instances in where camera surveillance is installed as the part of a security control, effective procedures must be implemented that are consist with the NSW Workplace Surveillance Act 2005.

Lastly, security staff are crucial to ensure the safety of a person at imminent threat of harm. A critical assessment should be undertaken to ensure that guard force composition is reflective of potential threat exposure.

Security Risk Controls in Priority Areas

Effective procedures must be developed to mitigate risks associated with an ED. The physical layout of these controls must be consistent with specific risks identified for the ED environment.

Clinical protocols must be developed to identify and address the risk of violence arising from a patient’s medical or mental health condition. Effective arrangements for communication must also be available for staff, consistent with the NSW Health Protecting People and Property Manual.

Agencies must develop procedures for rural and remote workplace safety; where accommodation is provided, staff members must have appropriately considered facilities to assure their safety.

Carpark protection must account for the safety of individuals that use such facilities, and appropriate monitoring should be considered. Cases of theft and wilful damage should be reported to police.

The protection of electronic information held by government agencies and private entities should be fire-walled, password and protected, and other feasible methods considered on merit.

Any purchase of medical gases must be recorded and records managed in detail. If these include a radioactive material proper labelling, storage areas and protective environment must be implemented/established, and constant monitoring performed.

Security Risk Controls in Unplanned Events (Protecting People and Property Manual)

In instances of fire, evacuations and other emergencies, response measures should account for appropriate level of security staff, essential equipment and methods should be applied to maximise patient protection.

Clearly defined evacuation plans and features must also be established. NSW Health Agencies are required to ensure that the risk assessment process associated with bomb/terrorist threat emergency procedures are developed and implemented.

Routine security checks of all workplaces must be conducted, while the National Terrorism Threat Level remains at PROBABLE.

Appropriate standards are to be implemented to address risks of violence, which must include; surveillance monitoring; alarms; physical security staff and other precautionary approaches in congruence with potential threat exposure.

In relation to the risk of armed hold, vulnerable areas must be accounted for in risk assessments.

NSW Health Agencies are responsible for making sue that staff associated with Code Black responses are trained to respond to various circumstances to handle potential response challenges as part of their duties.

Finally, mandatory standards must be established to ensure that a consistent and coordinated approach exists for the: identification; notification; prioritisation; investigation; analysis and follow-up actions relating to incidents.

Requirements for undertaking Root Cause Analysis and generating Reportable Incidents Briefs to the Ministry of Health are also specified and must be observed.

Yours in security risk and resilience,

Konrad Buczynski

Industry Risk is Australia’s shining light in solutions for security risk and business resilience. We welcome opportunities to assist entities in getting to a security baseline, then acting as guide in more advanced (proactive) endeavours.