Healthcare workers face violence on the job at rates few other industries come close to, and California recognized the problem decades before most states. Emergency departments, behavioral health units, and busy lobbies put staff in contact with patients in crisis, visitors under extreme stress, and occasionally people who came to do harm. A hospital that treats security as an afterthought is exposing its staff, its patients, and its license.
California law sets specific obligations for healthcare facilities, and meeting them takes more than posting a guard at the door. This guide explains what California requires, starting with AB 508, and the practical security measures that turn legal compliance into a safer facility.
1. Understand AB 508: California’s Hospital Safety and Security Act
California enacted the Hospital Safety and Security Act, commonly known as AB 508, in the mid-1990s to address escalating violence against hospital staff, particularly in emergency departments.
The law requires acute care hospitals to conduct a security and safety assessment and to use the findings to develop a security plan with specific measures protecting personnel, patients, and visitors from aggressive or violent behavior. That plan must address physical security components such as facility layout and design, alarms, and other safeguards. AB 508 also requires that employees regularly assigned to the emergency department receive training covering general safety, factors that predict aggression and violence, and verbal and physical techniques to de-escalate or avoid violent behavior.
The training piece is where AB 508 intersects directly with security staffing. The Management of Assaultive Behavior (MAB) training many California healthcare workers complete grew out of these requirements. Security officers working in a hospital should be trained in the same de-escalation principles the clinical staff are.
2. Know the Broader Cal/OSHA Workplace Violence Rules
AB 508 is the foundation, but it is not the whole picture. California’s workplace violence prevention requirements for healthcare have expanded through Cal/OSHA, which adopted a healthcare-specific workplace violence prevention standard requiring covered facilities to maintain a written Workplace Violence Prevention Plan, log and report violent incidents, and train staff on an ongoing basis.
For a hospital or healthcare facility, this means security is not a standalone function. It is part of a documented, auditable program that ties together assessment, planning, staffing, training, and incident tracking. A security provider working in this environment needs to understand that its guards are operating inside a regulated compliance framework, not just providing a presence. Confirm that any company you hire knows how its officers fit into your written plan and your incident reporting.
3. Match Security Staffing to Facility Risk Zones
A hospital is not one environment, it is several, each with a different risk profile. Effective healthcare security maps staffing to those zones.
The emergency department is the highest-risk area in most facilities, with unpredictable arrivals, patients in crisis, and emotionally charged situations. It typically warrants dedicated, trained coverage. Behavioral and psychiatric units require officers experienced in de-escalation and trained to work alongside clinical staff. Main entrances and lobbies need access control and visitor management. Parking structures and grounds benefit from patrol coverage, especially during shift changes at night. Pharmacies and medication storage require controlled access given the value and abuse potential of the contents.
A one-guard-at-the-front-desk model does not serve a facility with this range of risk. The staffing plan should follow the assessment AB 508 already requires you to conduct.
4. Best Practices Beyond the Minimum
Compliance is the floor. The facilities that actually reduce incidents go further.
Train security and clinical staff together on de-escalation so they respond as a coordinated team rather than at cross purposes. Use access control and visitor badging to keep unauthorized people out of patient care areas. Maintain clear incident documentation, both because Cal/OSHA requires it and because patterns in the data tell you where to adjust coverage. Coordinate security with local law enforcement so escalations that exceed your officers’ authority get a fast response. And review the security plan on a schedule, not just after an incident, because patient populations and facility layouts change.
The common thread is that healthcare security works best as an integrated program with trained people, clear procedures, and accountability, rather than a body in a uniform.
5. What to Look for in a Healthcare Security Provider
Given the regulatory environment, not every security company is suited to a hospital. Look for a provider whose guards are BSIS-licensed and trained in de-escalation, who understands AB 508 and the Cal/OSHA workplace violence requirements, who can document its officers’ activity for your compliance records, and who supervises its staff with real accountability rather than dropping off guards and disappearing.
OnGuard provides security for hospital and healthcare facilities across California, with BSIS-licensed guards, documented onsite training, 24/7 dispatch, and live supervisor tracking through the OnGuardLive app. The company builds each healthcare engagement around a facility threat assessment and customized post orders, which is exactly the structure AB 508 contemplates. With more than eight years protecting California properties, including healthcare environments, OnGuard understands that a hospital guard is part of a clinical safety system. You can see the full range of security guard services the company tailors to regulated industries.
Frequently Asked Questions
What is AB 508 in California?
AB 508 is California’s Hospital Safety and Security Act. It requires acute care hospitals to conduct a security and safety assessment, develop a security plan to protect staff, patients, and visitors from violence, and train emergency department staff in recognizing and de-escalating aggressive behavior.
Are hospitals in California required to have security guards?
California law requires acute care hospitals to assess security risks and implement a security plan, and Cal/OSHA requires a written workplace violence prevention plan for healthcare facilities. While the law focuses on the plan and outcomes, meeting it in a high-risk facility almost always requires trained security staffing, especially in the emergency department.
What training should hospital security guards have?
Beyond their BSIS guard registration, hospital security officers should be trained in de-escalation and the management of assaultive behavior, ideally aligned with the MAB training California healthcare staff receive. They should also understand the facility’s workplace violence prevention plan and incident reporting.
What is the highest-risk area in a hospital for violence?
The emergency department is consistently the highest-risk area, due to unpredictable arrivals, patients in crisis, long waits, and emotionally charged situations. It typically warrants dedicated, specially trained security coverage.
Does a hospital security plan need to be documented?
Yes. AB 508 requires a security plan based on a facility assessment, and Cal/OSHA requires a written workplace violence prevention plan with incident logging and ongoing training. Documentation is both a legal requirement and the basis for improving coverage over time.
Healthcare security is a compliance obligation and a duty to your staff at the same time. OnGuard Security Guard Services offers a free consultation and facility threat assessment, BSIS-licensed and de-escalation-trained guards, and no long-term contracts, serving healthcare facilities across California. Contact us to build a security plan that meets the law and protects your people.