When Jim Bigam was hired as security director at Medina Hospital Center in Medina, Ohio, three years ago, he faced several challenges. Homeland security concerns, protecting the open campus environment of the hospital, and dealing with privacy regulations were all priorities. After up-grading communications devices and installing a new digital CCTV system, Bigam concentrated on implementing an access control program. The result is a program that addresses time and attendance and privacy requirements while controlling access to critical areas.
Medina Hospital has 118 beds, 950 employees, and 36 departments that provide numerous services. The facility includes a 24-hour emergency department, serving more than 25,000 people a year, and a full-service family birthing center, where more than 900 babies are born annually.
When Bigam inherited the security department, it had only a handful of black-and-white CCTV cameras in the birthing area. These cameras fed into a VCR and were also monitored in a central station. The hospital was in the process of upgrading to a color analog CCTV system when Bigam was hired.
After reviewing the plan, Bigam decided to install digital color cameras instead and to expand their coverage. As part of the installation, 37 CCTV cameras were placed on the property. Six of these cameras are now trained on areas outside the hospital building and the rest are inside.
The access control system at that time consisted of keypad-controlled electronic locks on doors to certain sensitive areas, such as the pharmacy. Each keypad had a different numeric code that had to be entered to open the door. For an employee to enter that door, he or she would have to be given the code by security. However, security found that employees were giving the door codes to colleagues, even though such behavior was explicitly forbidden.
In addition, whenever an employee transferred out of the department, it created an administrative burden on security, because the code had to be changed and then each employee who used that door had to be informed of the new code.
System selection. To address these problems, Bigam began researching access control systems with Gary Linden, assistant director of MIS. The hospital had several criteria in mind as it began the search two years ago. First, security wanted to be able to track employee access, so the system had to be able to produce logs and audit trails. Also, security wanted a second layer of access controls at certain locations.
To hold down costs during the upgrade, the department also wanted to integrate the existing keypads into the new system. For that reason, it also sought systems that were compatible with the keypads. In addition, security wanted to schedule specific access control readers individually so that certain doors could be locked and unlocked automatically.
With these features in mind, the security team began looking for a system. Bigam conducted some product research, gathered general information, and discussed best practices with colleagues. As the security team analyzed the information, another crucial component stood out: The system had to be integrated with the hospital's existing employee time-and-attendance database so that security would not have to create duplicate entries.
Several systems that Bigam investigated would have allowed security to integrate a new access control system with the hospital's existing time-and-attendance program and keypads. However, in all but one case, the products could not produce a real-time interface. The two systems could talk to each other, but they required that a user run a separate computer program once or twice a day to integrate the time-and-attendance information with the access control data. Such a system would not provide the high level of security needed at the hospital.
The only system that met this need was one made by the same company that provided the hospital's time and attendance program. …