May 9, 2023
Ms. Rebekah E. Allen, J.D.
Senior Policy Analyst
Virginia Department of Health
Office of Licensure and Certification
9960 Mayland Drive, Suite 401
Henrico, Virginia 23233
RE: Public Comment on Draft Amendments for 12VAC5-410-10 et seq. to Implement SB 827 from 2023 Regular Session
Dear Ms. Allen,
On behalf of the Virginia Hospital & Healthcare Association (VHHA) and its hospital and health system members across the Commonwealth, please accept these comments submitted in response to the notice of public comment on draft amendments for 12VAC5-410-10 et seq. to implement SB 827 from the 2023 Regular Session. SB 827 pertains generally to hospital emergency department security requirements.
The safety and security of patients, staff, and the public is of paramount concern for hospitals. In the current environment, there is a clear need to take appropriate measures to ensure the physical security of hospitals, and emergency departments in particular, but the decision to embed security personnel in healthcare settings is one that requires careful consideration of a number of factors including level of risk, legal and regulatory limitations, and community response.
For example, applicable federal regulations at 42 C.F.R. § 482.13 are designed to place some limitations on use of security staff and recognize the distinction between the role of hospital staff in ensuring security and law enforcement. In interpreting this regulation, the Centers for Medicare and Medicaid Services (CMS) provides that security staff may carry weapons as allowed by hospital policy, and state and federal law. However, the use of weapons by security staff is considered a law enforcement action, not a health care intervention. If a weapon is used by security or law enforcement personnel on a person in a hospital (patient, staff, or visitor) to protect people or hospital property from harm, CMS expects the situation to be handled as a criminal activity and for the perpetrator to be placed in the custody of local law enforcement.
Federal regulations and accreditation standards applied to hospitals do not require or assume the need for security personnel to be present in the hospital or any given department at all times. An assessment of risk is the most reliable indicator of the need for security personnel in hospital settings. The risk factors that are considered include size of the facility, security call volumes, area crime statistics, high risk areas (e.g., emergency department, trauma center, psychiatric unit), clinical staffing levels, visitor traffic level, and emergency department visit levels. Because the level of risk varies widely, security staffing levels likewise can vary dramatically from hospital to hospital and from location to location. Security personnel duties can range from full-time posts at a single location to patrol and response across multiple locations. The presence of security personnel is often also limited to certain periods of the day when there is a higher level of risk or activity.
VHHA and its member hospitals and health systems continue to have concerns with mandating the presence of at least one off-duty law-enforcement officer or trained security personnel at every emergency department location at all times. Many hospitals have determined that this requirement is not appropriate or necessary at some emergency department locations based upon factors described above – level of risk, legal and regulatory limitations, and community response.
While requiring at least one off-duty law-enforcement officer or trained security personnel at every emergency department location at all times as a precautionary measure may appear reasonable regardless of competing factors, this presents significant cost and workforce concerns that must also be taken into consideration. Industry experts note that the cost of off-duty law enforcement officers has escalated and, as we have seen here in Virginia, the additional demands placed on many police departments has reduced the availability of officers for off-duty assignments. Similarly, private security firms are subject to the same workforce challenges applied to all industries making recruitment and retention difficult and more costly.
It is also important to note that the physical presence of security personnel is just one component of security. For example, hospitals are required by federal regulations and accrediting bodies to maintain all-hazards security plans, train staff on emergency preparedness and response, violence prevention and de-escalation techniques, and employ robust physical security systems and access control measures. All of these components should be taken into account when evaluating what level of security is appropriate and necessary at any given facility.
Accordingly, any state regulation pertaining to emergency department security must provide flexibility for hospitals to develop and implement security plans, especially as it pertains to any requirement to maintain the presence of an off-duty law-enforcement officer or trained security personnel in the hospital or in the emergency department. Any such determination should be informed by each hospital’s security plan and security risk assessment.
SB 827 requires every hospital with an emergency department to establish a security plan for the emergency department. The security plan must be developed using standards established by the International Association for Healthcare Security and Safety (IAHSS) or other industry standard and be based on the results of a security risk assessment of each emergency department location of the hospital. The security plan must include the presence of at least one off-duty law-enforcement officer or trained security personnel who is present in the emergency department at all times, as indicated to be necessary and appropriate by the security risk assessment. VHHA interprets this to mean that where the security risk assessment indicates that the presence of at least one trained security personnel is not necessary and appropriate, a different security standard could be applied. Furthermore, this would not require any waiver by the Commissioner of Health.
SB 827 provides for a waiver to be granted by the Commissioner of Health from the requirement that at least one off-duty law-enforcement officer or trained security personnel be present at all times in the emergency department. VHHA interprets this to mean that even where the security risk assessment indicates the need for at least one off-duty law-enforcement officer or trained security personnel to be present at all times, the Commissioner shall grant a waiver where the hospital demonstrates that a different level of security is necessary and appropriate for such emergency department. For example, where there are other measures taken to ensure the security of the facility in combination with some other level or frequency of off-duty law-enforcement officer or trained security personnel presence.
Accordingly, VHHA submits that any regulations should incorporate these flexibilities established in SB 827 pertaining to the presence of off-duty law-enforcement officers or trained security personnel. Any regulation that limits these flexibilities or has the effect of mandating for any emergency department the presence of at least one off-duty law-enforcement officer or trained security personnel who is present in the emergency department at all times would be problematic for the reasons stated and would be opposed by VHHA.
As it pertains to the draft regulations in particular, VHHA provides the following additional comments:
12VAC5-410-280.I.1 and J.2 – Other Industry Standards
SB 827 provides that the “security plan shall be developed using standards established by the International Association for Healthcare Security and Safety or other industry standard.” 12VAC5-410-280.I.1 as drafted appears to grant the OLC with the authority to determine what other industry standard may be used in his sole discretion. VHHA disagrees with this regulation. Individual hospitals should be provided with the flexibility to determine the industry standard to apply in its organization. Furthermore, the requirement for each hospital to request permission from OLC to use a different standard is administratively burdensome and not required by statute.
VHHA submits that as an alternative, OLC could develop a list of acceptable industry standards that are the same or similar based upon input from hospitals to include in its guidance that could be updated from time to time as new standards are developed and identified. For purpose of the regulation at I.1 it would be sufficient to state “Is developed using standard established by the Healthcare Security Industry Guidelines 13th Edition (International Association for Healthcare Security and Safety), or other standard identified by the Department.” This would provide notice to hospitals of all acceptable industry standards without requiring individual approval and additional regulatory burden. OLC would also retain the ability to assess whether a standard is substantially similar, without creating the additional administrative burden of responding to and managing individual hospital requests.
Along with the proposed alternative above, VHHA submits that the regulation at J.2 pertaining to requests to use other industry standards should be eliminated.
12VAC5-410-280.I.3 – Security Personnel Requirement
As discussed above, VHHA interprets 12VAC5-410-280.I.3 to mean that where the security risk assessment indicates that the presence of at least one trained security personnel is not necessary and appropriate, a different security standard could be applied, without the requirement for any waiver by the Commissioner of Health. The OLC would retain the ability to inspect security plans and risk assessments to confirm that the presence of at least one trained security personnel is not necessary and appropriate as indicated by the security risk assessment.
We also note that it appears the reference to subsection K (pertaining to security plan updates) should be changed to subsection L (pertaining to waivers).
12VAC5-410-280.L – Waiver Process
VHHA disagrees with the requirement at L.1.B that a copy of the security risk assessment, or any security risk assessment, must have been “reviewed and approved by the governing body or its designee.” Security risk assessments or documents of this nature are a function of day-to-day management and are not required to be reviewed or approved by the governing body. This would constitute an additional regulatory burden not required by statute and inconsistent with existing business practices. Accordingly, VHHA submits that the words “that has been reviewed and approved by the governing body or its designee” should be eliminated. Corresponding changes should be made to subsection L.3.b below.
VHHA would support including in the regulation at L.1 a requirement that the hospital specify the rationale for the request for waiver, supported by the results of the security risk assessment and information on any alternative measures or mitigating strategies proposed to address the subject or intent of the regulatory requirement requested to be waived.
VHHA submits that L.2 should be revised to state that “The commissioner shall grant a waiver pursuant to this section, and shall specify . . .” SB 827 expressly states that “The commissioner shall provide a waiver from the requirement that at least one off-duty law-enforcement officer or trained security personnel be present at all times in the emergency department if the hospital demonstrates that a different level of security is necessary and appropriate for any of its emergency departments based upon findings in the security risk assessment.” VHHA interprets this to mean that the Commissioner is required to grant a waiver where the hospital demonstrates that a different level of security is necessary and appropriate for any of its emergency departments based upon findings in the security risk assessment. In order to ensure that the regulation is implemented consistent with the language and intent of the statute, L.2 should be further revised to state: “The commissioner shall grant a waiver pursuant to this subsection upon receipt of information and rationale demonstrating that a different level of security is necessary and appropriate for the emergency department.” This would continue to provide the Commissioner with the authority to require additional information from the hospital as determined appropriate to demonstrate that a different level of security is necessary and appropriate for the emergency department prior to granting a waiver.
L.3 requires a hospital that has been granted a waiver to notify the Commissioner any time its security risk assessment changes. VHHA submits that notice should only be required where such change impacts when and how many off-duty-law-enforcement officers or trained security personnel should be present at the emergency department. This could be accomplished by eliminating the word “and” in the first instance in L.3.
VHHA disagrees with the provision at L.5.a permitting the Commissioner to modify or rescind a waiver if the security risk assessment changes. There could be changes to the security risk assessment that would have no bearing on the determination of whether at least one off-duty law-enforcement officer or trained security personnel be present at all times in the emergency department. The underlying concern, that there is a change to a security risk assessment that indicates that a different level of security may now be necessary and appropriate, is already captured by L.5.b “Additional information becomes known with alters the basis for the original decision.” Accordingly, VHHA submits that L.5.a should be eliminated.
VHHA also disagrees with the provision at L.5.c giving the Commissioner the authority to modify or rescind a waiver where “results of the waiver jeopardize the health or safety of patients, employees, contractors, or the public.” We are concerned that this is very subjective and ambiguous. As an alternative, VHHA submits that this subsection be revised to state “The commissioner can demonstrate that the waiver directly results in jeopardizing the health or safety of patients, employees, contractors, or the public.”
Lastly, with respect to L.6, VHHA agrees that all information that a hospital discloses pursuant to this subsection pertaining to waiver should not be released to the public. Information regarding security plans and security risk assessments is highly sensitive information and could jeopardize the security of the hospital. Accordingly, VHHA submits that the language “to the extent those records are exempt from disclosure” should be deleted.
In conclusion, VHHA is encouraged that SB 827 and these regulations will help to promote even greater uniformity in security planning by hospitals across the Commonwealth and result in further improvement by our hospitals in their efforts to provide the safest environment possible for their patients, staff, and the public. At the same time, it is important that the implementing regulations provide needed flexibility for different levels of risk at various emergency departments across the Commonwealth and avoid imposing unnecessary regulatory burden on hospitals.
Thank you for your consideration of these comments. Please let us know if we can provide you with any further information on this matter.
Sincerely,
/s/
R. Brent Rawlings
Senior Vice President and General Counsel
cc: Ms. Julie M. Dime, Vice President of Government Affairs