Issues and Trends in Health Care Security Litigation

Elements of a Negligent Security Claim

The legal standard for negligent security claims is based on the tort of negligence. Negligence occurs when an individual or entity breaches a duty of care that the law requires for the protection of other individuals and their interests. In negligent security cases, property owners have breached their duty of care when they fail to adequately secure their premises in areas where they should have been able to reasonably foresee the potential for criminal activity. In court, the plaintiff bears the burden of proof and must show: (1) the existence of a legal duty owed by the business, (2) a breach of that duty, (3) the breach was the actual and proximate cause of the resulting injury, and (4) damages to the plaintiff’s person or property.

1. Duty

A defendant’s legal duty is measured according to an ordinary, prudent, reasonable person. The assumption is that an ordinary, prudent person will take precautions against creating unreasonable risks of injury to others. People who enter a property in connection with the business of an owner or occupier are considered “business invitees.” For HCFs, this includes patients, visitors, store customers, employees, persons making deliveries such as drug wholesalers, as well as members of the community at large who are invited to eat at the cafeteria.

Owners and occupiers generally owe invitees a legal duty to use reasonable and ordinary care to keep the property reasonably safe for the benefit of invitees. This includes a duty to make reasonable inspections to discover dangerous conditions and make them safe. The requirement to make dangerous conditions safe can be satisfied if a reasonable warning is given. When a HCF has knowledge of prior criminal activity, it can educate patients, visitors, and staff on the risk of criminal attacks and allow them to take proper safety precautions to avoid possible confrontations.

While most industries have no written standard of care for their security programs, HCFs have several sources of written security standards they may need to comply with as part of their accreditation process, including those established by the Centers for Medicare and Medicaid (CMS), The Joint Commission (TJC), and Del Norske Veritas (DNV).


A key issue in determining whether a legal duty existed in regard to a criminal attack is whether that type of criminal activity was “reasonably foreseeable.” The plaintiff must show that the criminal act was reasonably foreseeable, given the risk of that crime occurring on that property at that specific time. If the criminal attack was not reasonably foreseeable, then the business had no legal duty to provide any security to reduce, minimize, or eliminate the unforeseeable criminal event.1

The foreseeability of a crime is determined by the court, the jury, and/or the laws of that state. Foreseeability is established on a case-by-case basis, and courts and juries often rely on the testimony of security experts to clarify what was foreseeable based on the specific facts of the case. Courts generally use one of three different tests to determine whether a particular crime is a foreseeable event: (1) specific harm, (2) prior similar incidents, and (3) totality of the circumstances.

Specific Harm Test: The specific harm test is applied in limited circumstances where the business is aware of the probability of specific harm to an individual. For example, where the HCF is aware of a threat made by a specific assailant, a plaintiff might argue that the specific crime by that assailant was foreseeable.

Prior Similar Incidents Test: The prior similar incidents test is a conservative test that requires there to be evidence of prior crimes at the business that are similar to the one complained of in the plaintiff’s case. Under this test, if a plaintiff was robbed in a hospital parking lot, there must be evidence of prior similar crimes. State courts apply the prior similar incidents test on a case-by-case basis, and have varied in their interpretations of the following key issues:

  • How similar the prior incidents are to the subject crime
  • How large the geographic area is in which prior incidents occurred
  • The frequency and proximity in time of prior incidents
  • The publicity or notice surrounding the prior crimes

Totality of the Circumstances Test: The totality of the circumstances test expands the definition of foreseeability of a criminal incident. Courts that apply this test look beyond prior similar criminal incidents and may also consider evidence related to:

  • Prior dissimilar crimes
  • Level of crime in the neighborhood
  • Criminal activity at other business locations
  • Location and visibility of the business on the property
  • Existence of security personnel and surveillance cameras
  • Adequacy of lighting surrounding the business
  • Maintenance of the property and physical barriers like fences, and landscaping
  • Crimes at other facilities within the same industry

(1) Norman D. Bates. (2006). “Premises Security Liability,” in Karim H. Vellani’s Strategic Security Management: A Risk Assessment Guide for Decision Makers. Woburn: Butterworth-Heinemann.