Here is update #4 on NHS Security Management by Jim O’Dwyer, Senior Consultant at AEGIS Protective Services…NHS Protect – Decision maker identified…

Note: To view the previous update: Click Here

Who made the decision to terminate NHS Protect’s security management functions?

The answer to that question was provided at the annual NAHS Conference in Birmingham on 9th November 2017, by Anthony Jackson, the National Security Management Coordinator and Business Management and Continuity Manager at the Transformation & Corporate Operations Directorate, NHS England.

Anthony confirmed that, whilst not party to the ‘inner workings’ and so unable to answer the question directly, the senior manager’s name that had been provided to him was Andrew Baigent.


Andrew Baigent

Andrew Baigent (pictured left) used to be Director of Group Financial Management and a member of the Department of Health Management Committee.

Andrew no longer works for the NHS. On the 14 August 2017, he was appointed as Chief Finance Officer at HM Courts & Tribunals Service.

However, he would surely make himself available to Ministers to be held to account for the decision and answer relevant questions. Wouldn’t he?


Prior consultation with stakeholders

Anthony Jackson also advised that, contrary to popular opinion, there had in fact been some form of ‘consultation’ prior to the decision to terminate NHS Protect’s security management functions, telling us NHS England had been ‘one of many stakeholders’ engaged and questioned by Antony Bedford, DH in the Department of Health review of NHS Protect that took place about a year before the decision to ‘remove the mandate’.

Have the Secretary of State’s Directions been rescinded?

I contacted Anthony Jackson by email, asking 3 questions relating to the Directions to NHS Bodies on Security Management measures, issued by the Secretary of State for Health in 2004.

Question 1: The Directions stipulated at 5(1) that each NHS body must nominate at least one person that it proposes to appoint as the body’s LSMS. However, I have seen a response to a FOI request at North Cumbria University Hospitals NHS Trust that states: “The Trust does not have a ‘Local Security Management Specialist’ or anyone designated specifically as a ‘Security Manager’.” My question is, has the requirement at 5(1) been revoked and if so when and why?

Question 2: The Directions stipulated at 5(6) that a Local Security Management Specialist MUST NOT undertake responsibility for, or be in any way engaged in, the counter fraud activities of any NHS body. However, I have become aware of more than one LSMS simultaneously holding the position of both LSMS and LCFS at their NHS Trust. Could you please clarify whether or not the requirement at 5(6) has been revoked and if so when and why?

Question 3: In the light of the recent changes in NHS Protect’s remit, who or what organisation is now responsible for enforcing compliance with the Secretary of State’s Directions?

Anthony Jackson initially replied by telephone, telling me that, in effect, the Secretary of State’s Directions no longer applied and hadn’t since 2012 when the Health and Social Care Act came into force.

Anthony then followed up with an email explaining:

“The Health and Social Care Act effectively removed the Secretary of State’s ability to “direct” provider organisations, effectively abrogating responsibility in favour of The National Health Service Commissioning Board (established on 1 October 2012 as an executive non-departmental public body). Since 1 April 2013, the National Health Service Commissioning Board has used the name NHS England for operational purposes. The NHS Standard Contract (Service Condition 24) sets out the obligations for provider organisations to put in place and maintain appropriate counter fraud and security management arrangements.” 

Anthony also sent me the following links to information that he believed would answer my questions about the Secretary of State for Health’s duties.

I visited all the links but, I couldn’t find anything that supported Anthony’s assertion that the Secretary of State’s Directions to NHS Bodies on Security Management measures no longer applied?

But, if you spot anything, please let me know!

In any event, assuming Anthony’s interpretation of the position is correct, then health bodies are no longer under an obligation to comply with any of the Secretary of State’s Directions. Instead, they only have to comply with NHS Standard Contract (Service Condition 24) which sets out the obligations for provider organisations to put in place and maintain appropriate counter fraud and security management arrangements, having regard to NHS Protect’s Standards. 

NHS Standard Contract 2017-18

The NHS Security Management Standards need to be re-drafted

A problem is that the latest Security Management Standards for Providers (2017-18) and the Security Management Standards for Commissioners (2017-18) are both now out of date and NHS Protect no longer exists.

This means that achieving some of the standards is simply not possible.

So, there is an urgent and unavoidable need to re-draft the Security Management Standards.

Presumably, the ‘responsibility’ to do it lies with Anthony Jackson, the National Security Management Coordinator and Business Management and Continuity Manager at the Transformation & Corporate Operations Directorate, NHS England?

But, when it may happen is anyone’s guess!

LSMS Training News

The position on the Accredited Security Management Specialist (ASMS) qualification could be described as ‘still in a state of flux’.

Several organisations are now offering ASMS courses.

For example: Amber Conflict Training  I  Focus Training (UK) Ltd  I  Peter Darby Associates

The course material has been ‘accredited’ and delivery of the ASMS training course ‘quality assured’ by the University of Portsmouth. The ASMS certificate is issued by the Security Management Professional Accreditation Board (SMPAB). On successful completion of the ASMS course, students are awarded 40 level 4 credits. (Level 4 is the equivalent of the first year of an undergraduate degree!)

However, latest news is that the link with Portsmouth University is coming to a close (apparently because it is not economical for the University to continue the service) and the Security Management Professional Accreditation Board (SMPAB) are looking at a new option to maintain the accreditation required by the NHS Security Management Standards.

What we also know is that what was previously a five-week intensive training course has somehow been condensed into twelve days and in some cases only nine days of classroom training.

That’s obviously a concern.

Thinking back, a primary aim of the original Accredited Security Management Specialist (ASMS) training course for nominated Local Security Management Specialists (LSMS) was to standardise the training provided and eliminate variation. Yet, from what I can see, there is already what appears to be variation in the content and duration of the courses available and the gap is only likely to diverge still further.

So, maybe it’s the right time to review, consolidate and update the content of the Accredited Security Management Specialist (ASMS) qualification to make it more relevant. Maybe incorporate content on how to conduct a thorough security review, how to negotiate and manage security contracts and provide a basic understanding of security technology. If time constraints apply, maybe include less of a focus on crime investigation?

A new CPD Programme for LSMS

The ASMS course was supposed to be a ‘foundation’ training course and the intention was that, after qualifying, LSMS’ would continually refresh and update their skills with Continuing Professional Development (CPD). However, no CPD programme for NHS LSMS was ever developed.

Some training providers have developed additional ‘modules’ that they consider relevant to the LSMS role, but not incorporated in the ASMS course.

So, maybe, after re-designing the ASMS course, the next task should be to establish a recognised portfolio of additional training that can be done as CPD assignments?

Note: Meanwhile, the NAHS is advocating that members subscribe to the Security Institute’s CPD programme.

Updating the Security Management Manual

In the past, every LSMS was supported with a Security Management Manual that offered advice on handling specific security breaches. It also included examples of practical security measures, including:

  • Tackling violence and abuse against NHS staff;
  • Appropriate use of technology, e.g. CCTV and radio communications, and training for all security personnel to be able to use it effectively;
  • Effective alarm systems such as movement sensors and personal attack buttons;
  • NHS frontline staff trained in conflict resolution;
  • A series of measures to protect babies and children in maternity and paediatric units such as pressure alarms in cots and electronic tagging.

The Security Management Manual was supposed to be a ‘living document’ that could be augmented and updated in line with new developments. However, with NHS Protect gone there is no body responsible for updating it. If updating it is left to individual LSMS it is a certain route to divergence in standards.

I’m reluctant to load full responsibility for taking action on this issue onto Anthony Jackson, but he is the National Security Management Coordinator for the NHS and so it must surely be within his remit?

Who is checking for compliance with Security Management Standards?

Clinical Commissioning Groups (CCGs) plan and commission health care services for their local area and have a responsibility to ensure that Security Management Standards are met in accordance with the NHS Standard Contract. Whether CCGs have got the necessary expertise and financial resources to accomplish that task is another question. This fairly obvious consequence should have been considered before the decision was taken to dismantle NHS Protect. If it wasn’t, it would be a serious and unacceptable oversight and those responsible should surely be held to account. Well, shouldn’t they?

What about the CQC?

The Quality Care Commission (CQC) has an inspection and enforcement role in relation to Staffing (see Regulation 18) and Staff Training (including for restraint/restrictive practices – see Reg 13.4.b), but the CQC’s remit doesn’t cover all security matters.

More privatisation?

The need for CCG’s to hire in the expertise needed to ensure healthcare providers are complying with the NHS Security Management Standards will inevitably mean that yet another slice of the NHS will effectively be privatised. It really is difficult to see this as being a cheaper Cost/Performance option to the NHS and something that would be in the best interests of the NHS. So, why did it happen?

‘Whistling in the wind’

Previously, where security management standards were not being met, NHS Protect would step in and provide the Trust with ‘written advice’, support and assistance to help them improve performance.

Generally speaking, the weight of NHS Protect’s authority was enough to coerce even the most unwilling Trusts to act on its recommendations and invest in security improvements.

However, currently there is no organisation offering this kind of ‘support’ to Local Security Management Specialists who, on their own, may now be unable to persuade their Directors of the need to appropriately finance essential anti-crime work, resulting in falling standards of security performance.

Predictably, violence has increased again

On the 17th April 2018, Health and Safety Journal (HSJ) published a Special Report on Violence against NHS Staff.

Sponsored by UNISON, HSJ had sent a Freedom of Information request to all 244 NHS trusts in England asking how many physical assaults had been suffered by staff during 2016-17 and what criminal or civil and administrative sanctions (including prosecutions) had followed on from those physical assaults.

Responses were received from 181 Trusts. 63 Trusts did not respond!

When HSJ compared the FOI responses that had been received against NHS Protect’s register of reported physical assaults for the period 2015-16 they found that reported physical attacks on NHS staff rose had gone up by 9.7%.

When that figure was extrapolated to include the 63 Trusts that had not responded it equated to a total of about 75,000 (or about 200 a day – every day!)

Variances in recording and reporting

It would appear that, since the abolition of NHS Protect, many Trusts have started organising data on assaults in different ways and some Trusts had also re-structured to perform combined services (e.g. Mental Health and Community care) making direct comparison with the figures for 2015-16 difficult.

HSJ also reported that data returns sent by some Trusts were so poor as to be unusable. A few Trusts sent illegible or incomprehensible data, but most simply did not respond to the questions with comparable figures or, suggested that it was now the responsibility of other agencies, such as the police, to collect the data!

Jon Restell, chief executive of NHS union Managers in Partnership, said: “The infrastructure to support trusts on security issues went when NHS Protect was axed. The government should urgently replace it with a national body with the power to collect data about the problem and intervene.”

Sara Gorton, UNISON’s Head of Health said: “There is now no government body collating data on violent assaults against NHS staff or responsible for staff safety in England. We sponsored this HSJ Report to get a national picture of the levels of violent assaults against staff and to investigate what some trusts were doing to reduce them. This report reinforces what we suspected. The number of violent assaults is rising. Yet worryingly the collection of data about assaults and the criminal or civil sanctions that should follow, are simply not happening in a robust or consistent manner. It’s very difficult for trusts to know if they are doing well in protecting their staff when there are no figures they can compare to. Without a national body with the remit for staff safety and the ability to request figures from trusts, the data we collect through Freedom of Information requests will only ever give an incomplete picture. It’s shocking that when assaults are on the increase, the government has decided to look the other way.”

Note: Trusts should be publishing assault statistics on their public websites!

It should not have been necessary for HSJ – or anyone else – to send Freedom of Information requests to each NHS Trust in order to gain the information they were seeking. It Trusts were complying with NICE Guidance, it should have been publicly available on the internet!

NICE guideline [NG10] : Violence and aggression: short-term management in mental health, health and community settings (published: May 2015) recommends (at 1.2.6) that health and social care provider organisations should publish board reports on their public websites that include data about incidents of violence and aggression and use of restrictive interventions within each team, ward and service, and include reasons for the similarities and differences between services.

I’m not aware of any Trust that is complying with this element of NICE Guidance, if you know different, please let me know.

Currently, it is not mandatory that Trusts implement NICE Guidance but, if it was mandatory to comply with 1.2.6, it would have enabled a much clearer picture of the position.

Other HSJ Report findings:

Acute hospital trusts have seen the biggest increase in attacks – 21%.

Attacks on Ambulance Staff went up 14.5%.

Working with people experiencing mental ill health presents the highest risk of being assaulted. Staff in mental health trusts are approximately seven and half times more likely to be attacked than staff in other NHS trusts. However, mental health trusts do appear to be successfully slowing the rate of increase in assaults. In the 20 dedicated mental health trusts surveyed, there was a 5% increase on 2015-16 figures and in the 19 combined mental health and community trusts, there was an increase of only 1.5%.

Trusts with with large financial deficits also experienced significant increases in physical assaults on Staff. At those more than £20 million in the red, assaults went up 23.1%.

In contrast, trusts which were in the black had only a 1.5% rise.

Trusts with the worst performance in terms of key NHS-wide treatment targets were also more likely to see their staff being attacked. At trusts that only treated 90% or less of patients waiting for ‘planned care’ under the referral to treatment 18-week care pathway, assaults on staff went up by an average of 36.2% – far more than the overall 9.7% increase.

Below (in alphabetical order) is a sample of NHS Trusts where the increases in reported physical assaults were above the national average during 2016-17

  • 2gether FT
  • Great Western Hospitals FT
  • Guy’s and St Thomas’ FT
  • Hull and East Yorkshire Hospitals Trust
  • Humber FT
  • Isle of Wight Trust
  • Lancashire Teaching Hospitals FT
  • Lincolnshire Community Health Services Trust
  • North Bristol Trust
  • Royal Liverpool and Broadgreen University Hospitals Trust
  • Sussex Community FT
  • University College London Hospitals FT
  • University Hospitals of Leicester Trust
  • Weston Area Health Trust
  • Whittington Hospital Trust
  • Yorkshire Ambulance Service Trust

And, below (in alphabetical order) is a sample of NHS Trusts whose performance was better than the national average during 2016-17

  • Alder Hey Children’s FT
  • Barnet, Enfield and Haringey Mental Health Trust
  • Central and North West London FT
  • Cornwall Partnership FT
  • Countess of Chester Hospital FT
  • Coventry and Warwickshire Partnership Trust
  • Devon Partnership Trust
  • Frimley Health FT
  • Lincolnshire Partnership FT
  • Nottinghamshire Healthcare FT
  • Pennine Care FT
  • Poole Hospital FT
  • Queen Elizabeth Hospital King’s Lynn FT
  • Rotherham FT
  • Royal Wolverhampton Trust
  • Somerset Partnership FT
  • South West Yorkshire Partnership FT
  • West Hertfordshire Hospitals Trust
  • Wrightington, Wigan And Leigh FT

Learn how violence can be reduced

The research by HSJ and Unison explored the factors influencing attacks on NHS Staff and provides several case studies showing successful initiatives to reduce assaults.

It’s well worth a read!

To read the HSJ Special Report – Violence against NHS staff: Click here

The unavoidable conclusion

Sara Gorton, UNISON’s Head of Health summed it up when she said: “An unavoidable conclusion of this work is that the choice to stop the national collection and publication of this data with the abolition of NHS Protect last year has proved a serious error. Health ministers and senior NHS leaders should reverse this decision as a matter of urgency.”

Stakeholder pressure is beginning to work

Mounting pressure from stakeholders like the RCN, BMA, UNISON, UNITE, KINGS FUND, NAO, MiP, all calling for a review of the decision to disband NHS Protect, (including questions being asked in the House of Commons) seems, at last, to be having a positive effect at the Department of Health.

NHS England, NHS Improvement and DH are apparently conducting a ‘collaborative review’ of security management, violence and abuse etc.

As part of the exercise, LSMS’ in London have been asked to complete a short ‘template’ outlining local incident data and classifications for the last two years.

The findings are to be shared with senior NHS management and Ministers.

Hopefully, those who made the decision to discontinue NHS Protect’s Security Management functions – and the decision to suddenly wipe all of NHS Protect’s materials and Guidance documents off the website and make them unavailable – will sooner rather than later be held to account for the mess that’s been left by their decision.

More good news!

The National Association for Healthcare Security (NAHS) is making headway towards filling the vacuum left by NHS Protect and, as I understand it, NAHS is in the process of changing its legal standing with a view to playing an even more influential role in guiding and developing NHS Security Management Standards.

Membership of the NAHS is free for those involved in healthcare security and its the best way to stay connected with other Healthcare Security Professionals and keep up-to-date with developments and best practice.

The next NAHS Conference is on 8th November 2018 in Birmingham. I hope to see you there!

Jim O’Dwyer
Senior Consultant
AEGIS Protective Services
T: 01202 773736