The UK Terrorism (Protection of Premises) Bill, published in draft by the UK Government, is a significant step towards improved safety and emergency preparedness in the UK. Named in honour of Martyn Hett, a 2017 Manchester Arena victim, Martyn’s Law seeks to fortify security in public spaces, including where healthcare is delivered, and better prepare organisations to respond to terrorist threats.
Below we explore the implications of this highly anticipated legislation for the health & social care sector and ways in which you can prepare your organisation to be more resilient in the face of active assailants regardless of motivation.
Under the impending Protect Duty legislation, re-announced in the recent King’s Speech and expected to become law later in 2024, venue operators, including health and social care providers and non-profits/charities, will be required to ensure public safety from the threats of terrorism.
The consultation on the Bill earlier this year sheds some light on what future intention is for the Bill including specific requirements for organisations. These requirements mandate to ‘have in place procedural measures’ aimed at reducing, as far as reasonably practicable, the risk of physical harm to individuals at the premises in the event of an attack. These measures will cover evacuation, invacuation, lockdown and communication strategies. While the Bill primarily addresses terrorism, many attacks are carried out by lone assailants driven by a variety of personal motivations. Therefore, a broader focus is essential.
The legislation emphasises the importance of proportionality, ensuring that security measures are reasonably practicable and implemented through a tiered approach:
Ultimately, if passed into law, there is likely to be an 18-24 months gap before implementation. The initial focus appears to be on Standard Tier operations. The legislation may not address the Enhanced Tier until the Bill has proven effective for ‘Standard’ size organisations - a recommendation from the select committee, though not yet formally confirmed.
Simply put, yes.
The former drafting of the Bill defines ‘hospital’ with a reference to S.275 of the National Health Service Act 2006, which does not make a distinction between NHS or independent hospitals, with the intention that both were captured by this legislation.
UK health and social care providers are considered vulnerable to attacks under the Protect Duty legislation due both the nature of services, locations and type of attack.
Health and social care facilities are often busy publicly accessible spaces that provide critical services, making them potential targets for active assailants. The open and welcoming nature of these environments, combined with the presence of vulnerable individuals, can increase their attractiveness as targets for those who seek to cause significant harm and disruption. The potential for harm is further exacerbated by the high-profile ambassadors or patrons of many sector organisations and the types of events held for fundraising purposes, often attended by high-profile individuals, which can raise the level of risk.
Historically, most UK attacks were the work of organised groups with centralised command structures. Today, however, most attacks are perpetrated by individuals acting alone, often not motivated by terrorism, which can make them more unpredictable and harder to prevent. Sadly, incidents in recent years serve as a reminder that attacks can occur anywhere to anyone.
Providers must keep in mind the diverse threats that may impact their spaces, such as knife or gun violence, explosives, or vehicle assaults, carried by individuals or groups. In addition, providers must also be diligent in evaluating the potential for both general and targeted attacks and the risk of mass harm. There is a need to assess the vulnerabilities of publicly accessible buildings and remain vigilant in updating security plans in response to evolving threat levels.
The steps any organisation takes should aim to disrupt assailants before they can act and minimise loss if an attack occurs. The measures should:
Use of fences, lights and signage, or security guards to show your business is not a soft target and to deter potential assailants.
Train your staff to spot suspicious behaviour and consider installing CCTV and alarms to detect intruders. Lone attackers may frequently visit potential targets to collect information, displaying nervous, anxious or paranoid behaviour during interactions with staff. This unusual behaviour offers staff a chance to identify and prevent potential attacks early. Training staff who interact with patients to recognise and address suspicious behaviour can help deter attackers and show that the facility is secure. Even basic interactions like a friendly greeting or asking polite questions can interrupt a potential assailant’s plans. The National Protective Security Authority (NPSA), which is the UK's authority on physical and personnel security, provides a free training programme called See, Check and Notify (SCaN). This programme is available to all UK businesses and organisations, helping employees detect unusual behaviour and learn the correct ways to report and respond to it.
Additional physical measures such as fencing, vehicle barriers, roller shutters and security doors can give you vital extra minutes that could save lives in the event of a terror attack.
Assailants consider the broader environment, not just individual sites. Health and social care providers should look outside their buildings and work with nearby businesses and authorities to make shared spaces safer. By forming partnerships for joint security initiatives like CCTV or security patrols, and participating in information-sharing networks, providers can reduce potential safe zones for hostile individuals, secure vulnerable areas and stay updated on security trends and threats. This collaborative approach helps prevent areas from being used for terrorist planning and maintains a high level of threat awareness.
Health and social care providers should have tried and tested incident response and crisis management plans including first aid and links to emergency services. Typically, these will cover three phases:
By developing a crisis management strategy, you can enhance your organisation’s resilience and its ability to respond effectively in the event of a major incident. There are five key steps to develop an effective crisis management plan:
For more information on how to build a crisis management plan, please contact our Risk & Resilience Advisory Practice.
Other steps you can take to embed security, protect employees and the public, and foster resilience in the long term include:
Make sure that active assailant risk is included in your risk register and it prioritises resilience to such threats.
Organisations should develop an understanding of the UK threat levels including the changing terror landscape:
If you are moving or building new premises, think about how you can build security from the start. For example, you could integrate surveillance systems into the design, reduce visibility from outside, control access points – anything to make it harder for assailants to attack.
Look at what you are already doing and how you can deploy it to address active assailant threats specifically. For example, could you build on your health and safety and fire safety procedures? The chances are much of this activity can be mapped across to meet the new legislation as well. Look at the risk assessments you already perform and see how you could adapt them into a template for your active assailant assessments.
Having a well-developed security culture in your organisation will go a long way towards enhancing your resilience and meeting this forthcoming legislation. This could comprise:
Health and social care providers in the UK are often at risk because of the work they do and the environment they work in. The Terrorism (Protection of Premises) Bill aims to mitigate this risk by introducing more consistent and effective security measures, ensuring that organisations work together and making sure the right people are in place to oversee and manage security. Irrespective of the proposed legislation, providers should expand their risk assessment to cover the threat of active assailants, whatever their motivation, to boost their own resilience. For further updates and detailed guidance, refer to the official resources provided by the UK government and relevant authorities.
If you need support enhancing your organisation’s resilience, or a smarter way to help assess your current preparedness, please get in touch.
