When I first requested a copy of Hospital and Healthcare Security (Butterworth-Heinemann 012-4200486), I assumed it was brief high-level reference on the topic. Upon getting this monster of a book, I read as Tom Smith wrote in the forward, “this is the bible of healthcare security”.
At just over 700 pages, the book is indeed a comprehensive reference for everything related to hospital and healthcare facilities security related.
In this, the 6th edition of the book, authors Tony York and Don MacAlister have written a most valuable and helpful reference. In the books 26 chapters, there’s hardly an area the authors don’t cover.
The focus of the book is around the creation of effective physical and logical security controls for hospitals and healthcare facilities. There is perhaps nothing more frightening to a hospital security team than the prospect of a newborn being kidnapped from the maternity ward. While the odds of that happening are actually extremely low, the perception is that it does happen often. The book shows how a team, led by a competent head of security, can have a framework for implementing these broad sets of security controls to minimize the chances of a newborn kidnapping (and every real scenario) from ever really occurring.
The first chapter on The Healthcare Environment provides a sound introduction to how hospitals and healthcare organizations work, included who the stakeholders are and the various regulatory bodies and standards involved in a hospital setting. Even those who’ve worked in the industry for a while will find the chapter insightful.
The book then builds on that foundation and shows the reader the myriad areas that needs secure to ensure the complete physical, logical and digital security of a modern hospital.
I enjoyed the fact that the book has a focus on practical and actionable security, as opposed to theory. Anyone who has ever studied for the CISSP certification examination will have come across the Bell-LaPadula model; which is used to enforce access control. While a fascinating theoretical model, once is hard pressed to find even a single commercial organization over the last 30 years who have used Bell-LaPadula.
Even at 700-pages, there are some areas that book is lacking in. The overall theme of the book focuses on the physical security aspect, such that topics such as firewalls, encryption, anti-malware, patching and the like are not dealt with in depth.
But for those looks for an all-inclusive guide to the topic, one is hard pressed to find a better resource than this.