Issues and Trends in Health Care Security Litigation

Determining Foreseeable Threats at HCFs

The International Association of Professional Security Consultants (IAPSC) has developed Forensic Methodology Best Practices for security experts in connection with third party premises security litigation. The IAPSC’s Best Practices establishes the framework for performing threat assessments which includes an evaluation of all actual and inherent threats.2 Actual threats are the crimes that have happened historically at the property based on crime data for the property, as well as relevant crimes in the immediate vicinity of the property. Examples of actual threats at HCFs include Workplace Violence Type II incidents (patient-on-staff assaults), theft of medical equipment, and other crimes of opportunity. Inherent threats are the potential crime risks at the property based on its status as an HCF. Examples of these include infant/child abductions and pharmacy robberies.

2. Breach of Duty

Once it is established that the crime was foreseeable and therefore a duty exists, the injured party must then prove that there was a breach of the duty of care owed to them. Businesses have a duty to act reasonably and responsibly in connection with providing a safe and secure environment for its customers. A business breaches this duty if it: (1) fails to provide adequate security against foreseeable crimes, (2) fails to provide adequate inspections to guard against dangerous conditions, or (3) fails to warn or conceals a known criminal safety hazard. When a victim is harmed by someone who took advantage of that breach in security, the victim can pursue damages against the business.

Adequate Security Measures

Negligent security cases assume that a crime could have been prevented or at least made less likely by using adequate security measures. Adequate security measures for a particular property will vary from case to case. There are no comprehensive laws or standards that regulate the types of security measures that a private business must have. As with the question of foreseeability, courts and juries frequently rely on security expert testimony to determine what measures were adequate given the specific facts of the case. Jurors will consider a variety of factors, including:

  • Nature of business conducted at the property
  • Whether a business has complied with statutory requirements
  • Industry standards for that type of business
  • For crimes occurring at night, was the location and level of lighting adequate
  • Location of the crime on the property
  • Physical layout and visibility of the business
  • Maintenance and location of landscaping
  • Business routines
  • Blind spots in walls, at entrances, or walkways
  • Other deterrence measures
  • Prior crimes on the property, whether the incidents were similar, and what actions were taken to prevent additional incidences
  • Neighborhood crime rate, and types of crimes that have occurred in the area
  • Condition of security devices
  • Business staffing levels
3. Causation – Actual and Proximate Cause

Once duty and negligence have been established, the plaintiff must prove that the defendant’s breach of duty was the actual and proximate cause of the harm or damage the plaintiff suffered. Specifically, the plaintiff must demonstrate that the defendant’s breach of duty was a “substantial factor” in causing the harm to the plaintiff. This means that without the defendant’s actual, specific breach of a duty, the plaintiff would not have suffered the injury or damage. For example, if a plaintiff asserts that a property owner acted negligently by failing to remove a pile of debris from their walkway, then the plaintiff must prove that their slip and fall accident would not have occurred but for that failure.

In negligent security cases, the question is whether the injury could have been avoided had the property security measures been taken. In civil court, a plaintiff need not prove that correcting a deficiency would have absolutely prevented the crime, only that the deficiencies more likely than not contributed to the crime.3 If it is unclear that additional

security measures would have deterred the attack, the property owner may not be liable. In addition, there must be no legal rule or defense excusing the defendant’s conduct or relieving the defendant of liability for the breach of the relevant duty.

4. Damages

In tort law, damages are an award, typically a sum of money, given as compensation for loss or injury to an individual’s person or property. Compensatory damages generally include economic losses such as loss of earnings, property damage and medical expenses, as well as noneconomic damages such as pain and suffering and emotional distress. Punitive damages may be recovered under certain circumstances if there was evidence of “gross negligence” on the part of the defendant. To qualify as gross negligence, there must be a conscious and voluntary disregard of the need to use reasonable care, which is likely to cause foreseeable grave injury or harm to persons or property.4

It should be noted that most negligent security lawsuits against HCFs are unlikely to go to trial. Nationally, it is estimated that around 97% of all civil cases are settled or dismissed without a trial.5 Given that the terms of settlement agreements and other key information for civil cases resolved before trial may not be reported to the court or may not be publicly available, there is little data available regarding the dollar amounts involved in most cases.

Common Claims in Negligent Security Cases

There are a number of common deficiencies in HCF security programs that could be used as the basis for a negligent security lawsuit. While any of these deficiencies alone may not constitute negligence on the part of the organization, they should be seen as red flags that merit further attention. Some of the most common deficiencies in HCF security programs include:

  • Inadequate lighting of hallways, stairwells, elevators, entrances, parking garages/lots
  • Poor parking lot surveillance
  • Poor security design (e.g. lack of compliance with Crime Prevention Through Environmental Design guidelines6)
  • Poorly maintained facilities (broken doors and locks, overgrown landscaping, etc.)
  • Inadequate or poorly maintained security systems (gates, cameras, alarms, etc.)
  • Inattentive or poorly-trained security officers
  • Improper surveillance
  • Failure to change security codes on keypads
  • Failure to deactivate lost or stolen access cards
  • Inadequate number of security staff
  • Restriction of key duplication
  • Inadequate or outdated security plans and procedures
  • Failing to comply with security plans or procedures
  • Excessive use of force
  • Negligent hiring, retention, training, supervision of employees and security staff
  • Failure to conduct security background checks on employees and contractors

(2) International Association of Professional Security Consultants, Best Practices: Forensic Methodology, 2018.

(3) Norman D. Bates. (2006). “Premises Security Liability,” in Karim H. Vellani’s Strategic Security Management: A Risk Assessment Guide for Decision Makers. Woburn: Butterworth-Heinemann.

(4) Wex Legal Dictionary, Cornell Law School,

(5) U.S. Department of Justice, Bureau of Justice Statistics, Special Report: Civil Bench and Jury Trials in State Courts, 2005, revised 4/9/09, Washington, DC.

(6) Ray Jeffrey, Crime Prevention Through Environmental Design (Beverly Hills: SAGE Publications, Inc., 1977).