Access Control System: Hamad General Hospital, Qatar
ACCESS CONTROL SYSTEM: HAMAD GENERAL HOSPITAL, QATAR 17
Access Control System: Hamad General Hospital, Qatar
Table of Contents
Access Control System: Hamad General Hospital, Qatar 3
Design of an appropriate access control system 6
Justification of the Access Control System 7
Key Issues to be Associated with Implementation of the project at Hamad General Hospital 10
Cost effectiveness 10
Substitution of equipment 11
Quality Assurance 11
Integration with other systems 12
Access Control System: Hamad General Hospital, Qatar
Safety and security at healthcare facilities are of much essence for both public safety and quality healthcare. Clinics and hospitals present a safe haven for individuals in emotional or physical need; they are indeed perceived as a place of refuge in moments of large-scale emergence with the likes of terrorist attacks or natural disasters. This explains why an immense deal of people has been making use of hospitals as their initial source of help. As a result the healthcare security departments have the obligation to put into consideration facility safety and security alongside broader public safety. The application of the best practices presents an array of technologies that have the capability of helping well-trained healthcare security departments in the management of security incidents and prevention of crime (Al Dulaimi, S.H. and Bin Sailan, M.S, 2011). The principal security systems in healthcare facilities are inclusive of access control, video surveillance, intrusion detection, and emergence communications. The separate purchase of each of these systems could lead to ballooning of expenses incurred by the healthcare facility with considering initial costs of the equipments, training healthcare personnel on the use of the equipment, and maintenance of the equipment (Weber, A.S., Verjee, M., Rahman, Z.H., Ameerudeen, F. and Al-Baz, 2011).
The occurrence of intrusion alarms is on one system, the administration of access badges is subject to a stand-alone data base, with the running of intelligent digital video happening on dedicated computer equipment. Notably, each of the systems has the requirement of service, administration, training, and maintenance.
Hospital executives could realize a reduced upfront investment, yet a formidable security solution, via the integration the various security systems under BAS, a flexible building automation system (Gerard, 1973). This is because, the use of BAS has the implication that installation of the system and training of hospital personnel will take place on a single system. Such operational costs as maintenance and administration are also lowered by the integration of the different security systems under BAS. Component devices are made use of in multiple ways with the objective of triggering lighting, pan-tilt-zoom, higher video resolution, video capture, door locks, frame rate, alongside other building control aspects. With the use of a single system, the healthcare facility is able to achieve greater flexibility thus adding components that support easy integration into an overall system. As a result the capital expenditures and operational costs of the system are kept low (Al-Hajri, M., Bener, A., Balbaid, O. and Eljack, E, 2011).
The Hamad General Hospital refers to a 603-bed medical facility with location in Doha, Qatar. The medical facility is capable of offering pediatrics, trauma, emergence medicine, specialized surgery, laboratory medicine, radiology services, and specialized medicine. There are plans underway to make expansions of the hospital thus the capability of accommodating the increasingly large population living in Doha (Al-Kubaisi, N.J., Al-Dahnaim, L.A. and Salama,, 2010). It is also worth noting that the creation of a diabetes unit is underway within the hospital that the ability to offer treatment to an expansive population living with diabetes in Qatar. The fact that the hospital is visited by a large number of people calls for the existence of an integrated security system in order to handle any insecurity threats emerging in the healthcare facility. Already, the hospital has a computerized control system allowing such functionality as quality control monitoring, capability of data collection, alongside the automatic verification of results. Ideally, the healthcare facility exhibits commitment to enhancing the care received by patients in Qatar via the development of excellence in healthcare (Al-Kubaisi, N.J., Al-Dahnaim, L.A. and Salama,, 2010).. The facility is committed in the provision of efficient and high quality services; consequently, the hospital has received accreditation from the Joint Commission International operating under a program by the name Academic Medical Center. The hospital has also put in place a new laboratory analyzer supporting over 110 different types of tests (Al-Kubaisi, N.J., Al-Dahnaim, L.A. and Salama,, 2010)..
This has the implication that the hospital is handling a higher population in Qatar, thus the possibility of security threats. There is thus an increased need for an integrated security system bringing together separate security systems under BAS. Since independence, Qatar has recorded an improvement in health alongside a overall decline in rates of mortality. The country has exhibited intensive focus on evaluation and quality assurance of the existing health programs (Al-Kubaisi, N.J., Al-Dahnaim, L.A. and Salama, 2010).. However, healthcare facilities in the country, inclusive of the Hamad General Hospital are faced with substantial challenge in access control and monitoring of the flow of individuals in the hospital premises. The challenge is enhanced by large public premises in the hospital alongside a high margin increase of people visiting the hospital on a daily basis (Rosenberg, J., Abramson, 1985).
Design of an appropriate access control system
Access control refers to the means via which an organization can grant or deny access to restricted areas. For the case of Hamad General Hospital, restricted areas can be inclusive of clinics, labs, parking garages, and operating rooms (P. C. Tang, J. S. Ash, D. W. Bates, J. M. Overhage, and D. Z. Sands, 2005). Expansive hospitals face a challenge on how to secure the means to use in securing a space that ought not to be a public one and an inviting one. As a result, there is need for a balance between control and permissiveness. The establishment of this balance s not only subject to the use of technology but also the security culture of the healthcare facility. Hamad General Hospital will develop an access control system that will be inclusive of picture badges issue to staff members, electrified locks, cameras protecting doors, and card readers (Thomas. 2007). It is, however, worth noting that a courteous employee has the capability of defeating all the security measures and hold a door open for perpetrators of crime. A sophisticated access control system has the capability of detecting this and issuing an alarm to the security department.
The access control system will also be inclusive of a visitor management system that will be capable of managing visitors and vendors. In addition, the design of the access control system will be inclusive of electronic readable cards; ideally single such cards will be used for both access to the hospitals and parking garages (Mishra, P., Eich, M.H, 1994). Used as a stand-alone system, card readers alongside other electronic devices have the capability of offering a cost-effective and flexible way for Hamad General Hospital to limit access to certain areas of hospital premises. The system will have ability to give record of individuals who have visited certain areas and at what time. The sequence of operations entails an access device triggering the door lock, granting of entry, and recording of event by a central system (Saltzer, 1973). The design of the system to be developed will be inclusive of video recorders with about 75 cameras and Ethernet capability. As a result security staff will have the capacity of recording, monitoring, and viewing surveillance activity simultaneously with an array of digital day/night-pan-tilt-zoom cameras in various parts of the building (Thomas and R. S. Sandhu, 1998).
Justification of the Access Control System
The Hamad General Hospital is among hospitals whose security staff and departments could be challenged in the provision of safe environments to visitors, employees, and patients, with the main reason behind this challenge being the high inflow of people. It is worth noting that, traditionally, the design of hospitals is open and accessible to members of the public. This has the implication that street crime, alongside other dangers has the possibility of reaching the hospital via doors in events of improper protection (W. Tolone, G.-J. Ahn, T. Pai, and S.-P. Hong, 2005). Studies have revealed that the country’s emergency departments have been treating thousands of people, on annual basis, resulting from violent attacks; notably, these attacks are capable of escalating and going on in the hospital itself after the initial incident. Other studies have also revealed that workers in healthcare facilities have been experiencing the highest incidence of assault injuries. Indeed, one of the studies found out that 82% of the surveyed nurses had been assaulted on the job (Tuchinda, 2002).
There were also results indicating that 25% of the assault cases took place in mergence departments. It is also worth noting that medical supplies, equipment, alongside controlled substances can be theft targets. This has the implication that staff, patients, and visitors could become victims of muggings and purse snatchings. Outsized urban hospitals, such as the Hamad General Hospital can serve as many as 1,000 visitors per day, alongside hundreds of patients. Consequently, effective security has become one of the key operations of a large number of healthcare facilities, regardless the type and location of hospital (Verdon and G. McGraw, 2004). On a daily basis, senior and middle management identify and address security concerns and issues. The table below shows the security concerns that have received top ranking.
Security & Safety Priorities
Areas Ranked for Greatest Risk of Crime
Considering the size of the healthcare facility, the level of security risks that ought to be addressed, and the location of the facility, an electronic security system is justified for the Hamad General Hospital. Such a system ought to have the essential components which are inclusive of access control, video surveillance, intrusion detection, and visitor management system (Beznosov, K., Deng, 1999).
The new access control system will have the ability to satisfy the security needs of the Hamad General Hospital. Together with video verification, the access control system will allow the user to view live video alongside the picture of the cardholder upon the presentation of an access card at a reader. The effectiveness of the access control system will also be inclusive of the ability to achieve the identification of people who are tailgating (Beznosov, K., Deng, 1999).
The new access control system at the Hamad General Hospital will come up with additional flexibility and enhanced productivity of security staff capable of monitoring several cameras or for non-manned time it has the potential of sending out alerts to other staff members making use of mobile devices to give response where needed (Beznosov, K., Deng, 1999). This capability will be provided by video analytics which refers to a technology used in software aimed at examining the field of the video camera for movement patterns matching such real-life events as fence climbing, falling, trip-lines, and lurking. Video analytics enables the ser to place focus on only the essential events thus achieving surveillance via exception events (Beznosov, K., Deng, 1999).
Figure 1: Video analytics Software
Success of the design intended for use at the Hamad General Hospital can be illustrated by a study carried out by Strategic ICT Consulting (Bögeholz, 2003). It was established that a 145,000 square foot building exhibits 24% cost saving in system installation of an integrated BAS against separate systems. Upon the installation, life-cycle and operations savings continue. Analysis of the project reveals 33% reduction of training costs, 82% reduction of costs associated with IT administration, and 32% reduction of costs associated with additions associated to an integrated system (Blakley, B., Blakley, R., Soley, 2000). Ideally, these operational figures are on grounds of measurement and experience, clearly demonstrating the value of an integrated BAS.
Key Issues to be Associated with Implementation of the project at Hamad General Hospital
For implementation to take place, the project will have to be declared cost-effective. In the midst of financial difficulties, it is of much essence for healthcare organizations to find ways to proactively lower operating costs alongside limiting liabilities. Consequently, an array of hospitals is turning to technology in attempts to come with more effective and productive security programs (Brose, 1999). The project will, therefore, need to have the potential to achieve security and data management at reduced costs.
Substitution of equipment
Alternate material or equipment ought to be approved before the implementation of the project. The contractor who will be awarded the development tender will have to submit evidence that supports the contention that the material proposed for use as substitute material is of the required standards (Kiczales, 1997). The contractor may provide substitution material calling for extra services of the Security Systems Engineer; in a case, the contractor ought to be in a position to pay the Security Systems Engineer extra costs associated with the extra services (Eddon, 1999). Such requirements will also apply when the Security Systems Engineer may have to carry gout an examination and evaluation of changes that have been proposed with an objective of enhancing convenience and the Security Systems Contractor (Blakley, B., Blakley, R., Soley, 2000).
A contractor certification ought to be given out before the project can be implemented. In this case, a certified security systems installer has to approve the Security Systems Contractor forte installation of the new access control system (Blakley, B., Blakley, R., Soley, 2000). A copy of a certificate bearing the bid will have to be presented to0act as a proof for the certification. There also ought to have visual inspection of the installations; notably, these process will be carried out by the Security Systems Contractor’s Quality Assurance Inspector and it will have a primary goal of doing verification of standard and design f materials that will have been used in the installation. After this process, the Quality Assurance Inspector ought to sign inspection records and present them to the design Engineer (Blakley, B., Blakley, R., Soley, 2000).
Integration with other systems
The new system will entail the integration of intrusion detection, video surveillance, and access control. With contemporary technology, video surveillance and access control systems can work together in an integrated BAS with an objective of providing holistic solution for healthcare institutions, limiting access to pediatric and infant wards, keeping intruders off secure areas, monitoring sensitive areas to minimize the risk of security and crime incidents (Evered, 2002). As a result, Hamad General Hospital will have to use CCTV as part of the overall security plan. The use of an integrated system will enable the personnel at the central monitoring station to have a view of live video taken by the surveillance cameras. In addition, the security personnel will have the capability of controlling pan-tilt-zoom cameras, alongside searching for video cameras in Digital Video Recorders. Upon the triggering of an alarm by invalid access card or intrusion, the BAS has the potential of commanding the DVR to commence the process of recording, displaying live video, mapping the alarm location, and sending an email to administrators (Habermann, A.N., Campbell, 1974).
CCTV cameras form an essential surveillance component at hospitals’ vulnerable areas such as parking garages, nurse stations, entrances, and pharmacies. Upon the activation of duress alarms at one of the vulnerable locations, there is activation of cameras to survey the scene, alongside monitoring of the emergence; as a result personnel swiftly evaluate their response. The Hamad General Hospital is also prioritizing asset protection; there is need for the hospital to keep on tracking assets ranging from wheelchairs to PCs, to phones and PDAs considering that most of these assets hold crucial hospital data (Keedy, 2000). As a result, the hospital is exploring the service of Radio Frequency Identification alongside tagging technologies (Hartman, B., Flinn, D.J., Benznosov, 1971). The system has been functioning in connection with access control and video to give a documentation of asset movement.
The integration of security has the capability of enhancing the protection of infants. The administrators at the hospital show main concern in abduction of infants alongside securing them, both public relations and safety reasons. Following many cases of infant abduction, a high-tech protection program known as infant tagging was developed to counter the cases of infant abduction from maternity nurseries and units. The Hamad General Hospital will make use of a round button-like tag joined to a band around the ankle of an infant after birth (Jones, A., Liskov, 1978). The tag functions in conjunction with automatic door locks and access control systems. An alarm will be triggered in all events of the tag going through a door or approaching it. In addition, an active monitoring system will be reporting all the events of alarms triggered by the tag, to the central monitoring system.
After the development of the system it will meet all the certification requirements thus authorization of its implementations. Notably, the quality of the materials and equipment used to design the automated access control system will be tested against international standards to approve its implementation. Technology ought to function effectively as a tool for well-trained security staff. In the course of evaluation of intrusion detection, video surveillance, and card access control systems, vendors ought to display the functionality of the integration of the security systems.
The security personnel at the Hamad General Hospital will receive prior training on the use of the system prior to its implementation. The system will be sophisticated thus its use will make call for the relevant skills thus training personnel will be of utmost importance.
Al Dulaimi, S.H. and Bin Sailan, M.S. (2011) Examining the National Culture of Qatar. Australian Journal of Basic and Applied Sciences, 5, 727-735.
Al-Hajri, M., Bener, A., Balbaid, O. and Eljack, E. (2011) Knowledge and Practice of Travel Medicine among Primary Health Care Physicians in Qatar. Southeast Asian Journal Tropical Medicine and Public Health, 42, 1546-1552.
Al-Kubaisi, N.J., Al-Dahnaim, L.A. and Salama, R.E. (2010) Knowledge, Attitudes and Practices of Primary Health Care Physicians towards Evidence-Based Medicine in Doha, Qatar. Eastern Mediterranean Health Journal, 16, 1189- 1197.
Beznosov, K., Deng, Y. (1999): A Framework for Implementing Role-based Access Control using CORBA Security Service, Proc. 4th ACM Workshop on Role-based access control, Fairfax.
Blakley, B., Blakley, R., Soley, R.M. (2000): CORBA Security: An Introduction to Safe Computing with Objects, Addison-Wesley.
Bögeholz, S. (2003): Access Control in a Distributed Health Information System: A Case Study, MastersThesis, University of New England, Armidale.
Brose, G. (1999): A View-Based Access Control Model for CORBA, in: Jan Vitek, Christian Jensen (eds.), Secure Internet Programming: Security Issues for Mobile and Distributed Objects, LNCS 1603, Springer.
D. Verdon and G. McGraw. (2004). Risk analysis in software design. IEEE Security & Privacy, 2(4):79–84.
Eddon, G. (1999): The COM+ Security Model Gets You Out of the Security Programming Business, Microsoft Systems Journal, November.
Evered, M. (2002): Bracket Capabilities for Distributed Systems Security, Proc. 25th Australasian Computer Science Conference, Melbourne.
Gerard, B. (1973) Qatar into the Seventies. Qatar: A Forward-Looking Country with Centuries Old Traditions. Editions Delroisses for the Ministry of Information, Qatar, Boulogne.
Habermann, A.N., Campbell, R.H. (1974): The specification of process synchronization by path expressions, Lecture Notes on Computer Science, 16.
Hartman, B., Flinn, D.J., Benznosov, K. (2001): Enterprise Security with EJB and CORBA, Wiley.
Jones, A., Liskov, B. (1978): A language extension for expressing constraints on data access. Communications of the ACM, 21(5):358-367, May.
Keedy, J.L., et al. (2000): Software Reuse in an Object Oriented Framework: Distinguishing Types from Implementations and Objects from Attributes, Proc. Sixth International Conference on Software Reuse, Vienna.
Kiczales, G. et al. (1997): Aspect-oriented programming, Proc. European Conference for
Mishra, P., Eich, M.H. (1994): Taxonomy of views in OODBs, Proc. ACM Computer Science Conference.
Object-Oriented Programming, Finland (Lecture Notes in Computer Science, vol. 1241). Springer.
P. C. Tang, J. S. Ash, D. W. Bates, J. M. Overhage, and D. Z. Sands. (2005). Personalhealth records: Definition, benefits, and strategies for overcoming barriers to adoption. Journal of the Ammerican Medical Informatics Association.
R. K. Thomas and R. S. Sandhu. (1998). Task-based authorization controls (tbac): A family of models for active and enterprise-oriented autorization management. In Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI, pages 166–181, London, UK, UK. Chapman & Hall, Ltd. ISBN 0-412-82090-0.
R. K. Thomas. (1997). Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments. Proceedings of the second ACM workshop on Role-based access control. ACM Press, Fairfax,Virginia, United States,
R. K. Thomas. (1997). Team-based access control (tmac): a primitive for applying role-based access controls in collaborative environments. In RBAC ’97: Proceedings of the second ACM workshop on Role-based access control, pages 13–19, New York, NY, USA.
R. Tuchinda. (2002). Access control mechanism for intelligent environments. Bitstream: The MIT Journal of EECS Student Research,.
Richardson, J., Schwarz, P., Cabrera, L. (1992): CACL: Efficient Fine-Grained Protection for Objects, Proc. OOPSLA Conference.
Rosenberg, J., Abramson, D. A. (1985): The MONADS Architecture: Motivation and Implementation, Proc. First Pan Pacific Computer
Conference, p. 4/10-4/23.
Saltzer, J.H. (1973): Protection and the Control of i nformation Sharing in Multics, Symposium on Operating System Principles, Yorktown Heights,NY.
W. Tolone, G.-J. Ahn, T. Pai, and S.-P. Hong. (2005). Access control in collaborative systems. ACM Comput. Surv., 37(1):29 41.
Weber, A.S., Verjee, M., Rahman, Z.H., Ameerudeen, F. and Al-Baz, N. (2015) Typology and Credibility of Internet Health Websites Originating from Gulf Cooperation Council Countries. Eastern Mediterranean Health Journal, 20, 804-811.
Wilkes, M.V., Needham, R.M. (1979): The Cambridge CAP Computer and its Operating System, NorthHolland