Access Control at Kings College Hospital

A hospital is by its very nature a public place with a constant flow of patients, staff and visitors where urgency associated with admission may conflict with a need to document entrance and egress through rigorous procedures. These may slow down movement but are a vital part of security and can be part of a delicate balancing act for facilities managers. Access control in hospitals is no longer seen as a low priority and receives serious consideration from all parties in the security community as can be seen in this case study at a major health trust.

King’s College Hospital NHS Foundation Trust is one of London’s largest and busiest hospitals. It provides a full range of local services for over 700,000 people in south-east London and plays a key role in the training and education of medical and nursing students. The Trust is recognised internationally for its research in the field of liver disease and operates the largest liver transplantation programme inEurope.

The hospital site in Denmark Hill has a 950-bed acute care facility and acts as a referral centre in its fields of expertise for the wider population of southern England. A quarter of the UK’s dentists study here. The Trust has complex needs for role-based access control which are being met by installer NT Security working in association with Dublin-based Access Control Technology (ACT). 

Security requirements at King’s are not only wide-ranging but make subtle demands on manufacturers. Role-based access control has been implemented at multiple levels in the hospital by establishing a relationship between individual job profiles and appropriate privileges in terms of ability to move around different parts of the site.

The Trust works closely with police on security matters and initially NT Security received an enquiry from the Metropolitan Police on a specific problem.  Andy Purvis, Managing Director of NT Security, said: “After we addressed immediate police concerns on site it became apparent that the legacy access control system was not able to meet the Trust’s needs. They needed functionality that would enable them to distinguish between levels of seniority within the medical and administrative workforces, areas of practice for clinicians (which could change weekly) and even simple criteria such as gender and likely hours of work.”

Andy continued: “Access control cards had to contain precise information on an individual’s profile, job description, responsibilities and seniority. In turn, as an installer, we needed the support of a responsive manufacturer whose equipment could not only create a hierarchy of privileges but would allow for growth and continued alterations at individual and group levels. The Trust currently receives 150 requests a day for changes of access rights and has a permanent member of staff implementing these. My engineers have recently audited activity on ACT’s ACTWin pro software and they report that 50 million transactions (this being anything that is recorded on the ACT system) have been carried out in the last six months. Even at tender stage this likely level of usage was not apparent.”

The ACT offering suggested itself immediately since networking the company’s units to a PC allows up to 2,000 doors to be monitored on a single system with 30,000 users. Crucially, the flexible protocols that characterise the controllers meant they could function with the existing third-party readers already on site. This kind of openness and transparency appealed to the client at many levels and an initial 140 doors were fitted with ACTpro 3000 controllers. There are now over 500 doors on the system. It was also a vital requirement that the controllers could work off-line where necessary without a network connection.

There were immense cost savings but the approach was also ‘green’ in terms of its use of component materials. The Trust could not only continue using existing locking systems but was even able to retain ancillary units such as power supplies and exit devices. It should be remembered that large areas of the hospital are devoted to clinical procedures in sterile conditions that can be compromised by any form of engineering activity, so minimising installation work was advantageous. Similarly, intrusion by security technicians into the core functioning of the hospital was reduced. A final plus factor – and one that avoided a potential logistical nightmare at a site of this complexity – was that the ACT controllers were able to function from existing IT cabling on the Trust’s LAN, so avoiding the need to lay additional hard wiring in all but a few locations.

The flexibility of the ACT controllers is endorsed by the fact that currently the Trust has approximately 10,000 staff, all of whom use cards from the legacy system.  Given the complexities of photo ID and enrolment details, calling in such a large volume of cards would not have been viable. ACT’s flexible operating methods meant that the company’s engineers adapted their offering so that it would not only operate with the existing cards but function with the inherited database.

Andy Purvis continued: “Manipulation of database formats has since become a platform on which ACT has been able to expand its offering and fine-tune products in response to client needs. Anybody with meaningful experience of access control will tell you that, invariably, if you ask a vendor to change something either it is done but for an enormous fee or nothing happens. By contrast, ACT consistently show responsiveness in supporting us and will support the client directly where appropriate, taking an active interest in how projects develop. This has been a rewarding experience at King’s where the Trust’s managers have made innovative use of the system and pushed its functionality to the maximum.”

Naturally, at a hospital site, product reliability is paramount and there must be fail-safe override in the event of emergency as well as the ability to ensure unimpeded entry for crash teams. Logistics managers at the Trust rely on the access control system to create a subtle hierarchy of access rights for different users with hundreds of distinct levels. Access may be granted at certain times of day only according to a member of staff’s profile. The range of building types to secure is broad and includes operating theatres, childcare facilities, the dental school and a pharmacy that contains significant holdings of medication that would have enormous street value in the event of theft. The access control is complemented by extensive CCTV consisting predominantly of PTZ and dome cameras from Honeywell and Samsung, the units being both analogue and IP-addressable. Recording is to DVRs from the Dedicated Micros Sprite range.

The Trust has been quick to realize the potential of IP surveillance and is looking to integrate CCTV fully with access control. ANPR is being considered and the potential of video analytics is being assessed. There are extensive and varied measures to prevent unauthorised intrusion across the whole campus with special focus on sensitive areas.

The installer, Rochester-based NT Security, is active in both civic and commercial markets including the infrastructure and leisure sectors. The company has expertise in both access control and CCTV, and has its own range of locking products aimed at hotel properties.  Projects in this sector include work on the five-star Athenæum inLondon’sMayfair. NT Security’s portfolio includes analogue, IP and hybrid installations. The installer has been using ACT products since its inception and appreciates the free lifetime software upgrades, the robust build of readers and controllers as well as the ease with which they can be integrated to operate with biometric devices. NT Security employs 25 people in addition to external contractors, and prides itself on staff retention which means that clients see familiar faces when engineers come to site and do not have to explain the layout of a facility every time there is a maintenance visit. The installer’s staff frequently have their own access control cards at an end-user’s premises and become an integral part of the administration team.