NHS head of security interview pt2: procurement and competing for budget

Now head of security at Coventry Building Society Peter Finch was NHS security adviser for Sandwell & West Birmingham Hospitals NHS at the time of this interview.

Finch, who arrived at the NHS with a background in counter-terrorism, nuclear security and Royal protection, told IFSEC Global that you can’t beat “feet on the ground” in the health service regardless of technological advances and who he bought technology from in his previous role.

Find out how he managed NHS security during the Handsworth riots in part one of this interview, From Greenham Common to Riots in A&E: My Life in Security and why, in part two, the days of ex-military or security personnel landing plum security positions without relevant qualifications have now passed.

IFSEC Global: How has technology changed security in your time in the NHS?

Peter Finch: Despite the advances in technology you can’t beat having feet on the ground. Having that visible proactive deterrent is, to me, critical.

It’s no different from the public’s perception that there aren’t enough police officers on the ground.

City Hospital in Birmingham is a 51-acre site with 150 CCTV cameras because we don’t have as many officers as we’d like. With cutbacks in the NHS I’m not in the business of recruiting security officers unfortunately; I’m in the business of preventing what I’ve got from being reduced.

So having technology that monitors and directs officers to where there are problems is extremely helpful. Having an automated access control system for a full or partial site lockdown, and alarm systems that alert us to problems – it all helps.

Advances in technology, yes they are useful, but they cost money and again, in terms of getting resources I am competing with everyone else in this organisation and we need every penny to improve the health of our patients.

IG: So presumably it’s difficult persuading your superiors to sanction upgrades if your current systems work relatively well?

PF: Yes, but I was able to justify the move from VHS to digital. Both of our control rooms are digital and it cost quite a bit.

The digital system gives us rapid access to the information that we and the police need. Particularly here at City Hospital where it’s not unknown for a car to turn up in front of A&E and dump a body out of the back door, so the police need to know who was driving, vehicle registration etc – and they need to know it immediately.  The digital system allows us to provide that information very quickly and to enhance photographs of individuals should the police need them.

IG: What manufacturers do you get your technology from?

PF: The CCTV software is provided by Synectics.

Where organisations not just within the NHS but within security and information management in general need to be careful particularly in terms of data protection and reputational damage is with equipment like photocopiers. We have a very high-spec photocopier across the corridor and it records images for reproduction which are stored in its memory.

What happens to the hard drive in the photocopier when you get rid of it, when you change it?  It is full of what could be very sensitive or confidential data.

What happens to the information on medical devices that we give to patients for life? What happens if somebody else gets hold of it?

What happens when we decommission computers? Does the NHS or any other organisation for that matter really make sure those hard drives are properly destroyed, the data removed and an appropriate audit trail in place to verify that it has been?

Clearly not if you look at the Information Commissioner’s website; you’ll see several hundred thousand pounds worth of fines for NHS trusts for failing to do so.

IG: Do you ever encounter installation problems?

PF: The problem I see with installers is that they’re often not overly familiar with the equipment, in terms of how the manufacturer thinks the system should be installed. There should be closer work between manufacturers and installers so that systems are installed as the manufacturer would expect to provide the optimum performance that we buyers anticipate.

IG: Interesting point. A lot of false alarms are raised because of poor installation or maintenance…

PF: False alarms can occur because of both poor installation and maintenance tho our equipment installer here is very good.  Where we do get a lot of false alarms in the hospital  is where people think the red fire alarm button opens the nearby door.

We’re now putting alarmed covers over the red buttons to minimise this.

Our biggest false alarm is staff burning toast for the patient’s breakfasts which causes some understandable angst with the fire and rescue service!

IG: Oh dear. Any more technical upgrades on the horizon?

PF: Yes. Our big hope is to build a brand-new hospital, Midland Metropolitan, a 370-bed hospital with a state-of-the-art control room linking all our existing Birmingham sites via internet protocols.  [approval for this has since been granted.]

IG: I guess you can justify that investment on cost grounds…

PF: Yes, by centralising it we won’t need security officers in control rooms at each site. Midland Metropolitan Hospital should be built for 2019. We’re building in resilience so we can keep everything up to date over the next 50 years.

IG: Of course the IP connection leaves you vulnerable to hackers…

PF: Our technology has to be as resilient and secure as it can be. What you don’t want is someone hacking into your system and switching off your access controls or alarm systems in the most vulnerable places.

It will be one of our highest priorities.

IG: Perhaps that perception of vulnerability might give operators pause for thought when contemplating full IP integration…

PF: I think what’s inhibiting the convergence of IT with physical security and business continuity is actually the attitude of managers being too self-protective of their own mini-empire – it’s the silo effect.

It’s not understanding the wider risk of staying within silos, the risk to the organisation. If the board are unable to see the converged risks together then they won’t get the full view and this could seriously affect business operations.

My organisation is very good when it comes to risk.

IG: So the NHS is more competent than people give it credit for?

PF: We could talk about this for weeks and not come up with the answers. There is an issue, I’d say, around the quality of managers at the more senior level.

There’s very little leadership management training in the NHS. Someone may be very good in their specialism, but are they good managers? I’m a security specialist, but am I qualified as a manager – as a security manager?

I have to manage people and budgets. So I’m a recruiter, I’m an HR specialist. You have to lead from the front.

The NHS is the third largest organisation in the world and the largest in Europe.  We see a million patients every 36 hours, but you only ever hear the bad news stories. You don’t hear the amazing work that so many healthcare professionals are doing 24 hours a day.

Free Download: The Video Surveillance Report 2023

Discover the latest developments in the rapidly-evolving video surveillance sector by downloading the 2023 Video Surveillance Report. Over 500 responses to our survey, which come from integrators to consultants and heads of security, inform our analysis of the latest trends including AI, the state of the video surveillance market, uptake of the cloud, and the wider economic and geopolitical events impacting the sector!

Download for FREE to discover top industry insight around the latest innovations in video surveillance systems.

Download The Video Surveillance Report