Chris Ciabarra is the CTO of Athena Security.gettyCalifornia just introduced Assembly Bill (AB) 2975. Hospitals now have to install weapons detection systems at main and emergency entrances by March 2027, with trained, nonclinical staff assigned to operate them.​The law comes at a time when violence against healthcare workers is increasing in both frequency and severity. Recent incidents at Aurora Sinai Medical Center and Baptist Health Brookwood Hospital Women’s Center show how vulnerable hospital environments actually are, even when some safeguards are already in place.​Front-line staff members are the ones experiencing these attacks firsthand, and they are no longer accepting violence as an unavoidable part of their job.​California’s law signals a much-needed shift, which forces leadership teams to move from reactive policies to enforced entry-point controls. If one state is acting with this level of urgency, what does that mean for the rest of the country, where security still varies widely from state to state?​Healthcare violence cannot be managed with inconsistent state-level policies. The U.S. needs a more consistent baseline. ​Additionally, hospitals do not need to wait for a federal mandate to start evaluating entry-point screening gaps. That need becomes clearer when you look at how differently states are responding today.How Different States Are Responding To Hospital Workplace ViolenceIn the absence of a federal security mandate, states are building their own frameworks.​California’s AB 2975 takes a prescriptive approach, requiring automated weapons detection across key hospital entry points. It also points to a broader expectation around visitor screening and access control.​Other states focus on different layers of the problem, addressing only a part of the risk.​Illinois requires wearable panic buttons on staff IDs, along with risk assessments, training and violence prevention protocols. North Carolina mandates a law enforcement presence in emergency departments. New York requires comprehensive violence prevention programs built around risk assessment and response planning.​Across the 48 states with workplace violence laws, 18 focus primarily on penalties, while only a small number promote prevention and remediation. This imbalance often leads to inconsistent protocols and uneven levels of preparedness across healthcare facilities.​The question now is whether a more consistent national approach can close these gaps.Can A Federal, Technology-Led Security Mandate Improve Hospital Safety?The healthcare system is no stranger to federal standardization. When the Affordable Care Act set common coverage standards, it shifted what had been a state-by-state patchwork into a shared structure. ​A similar approach to hospital security could do the same. Although, its effectiveness will depend on how well hospitals implement screening at the front door. That is where technology becomes critical.​A safety review at Ohio State’s Wexner Medical Center found that its screening systems intercepted more than 9,500 weapons in one year, including 72 firearms, 6,606 knives and blades and 231 stun guns. ​That kind of volume reveals something many security leaders still underestimate: The challenge is not system installation. It is designing a process that can handle what the system actually finds.​The effectiveness of the technology still heavily depends on clear protocols, routine testing and trained staff who know how to respond when a system flags a potential threat.​While hospitals wait for a federal, technology-led framework, there are practical actions they can take today.What Hospitals Can Do Now To Strengthen Front-Line SecurityIt is hard to retain staff in an environment that does not feel safe. For example, when a nurse leaves, the impact is operational as well as financial, with organizations facing costs of $62,100 to $67,100 per nurse turnover. ​Hospitals need to act before safety concerns turn into staffing and continuity risks. Based on my work in the industry, this is what I believe hospitals should do now:​1. Define system requirements. Don’t choose basic detectors that only signal the presence of metal without giving staff enough detail to respond accurately. Define requirements based on actual entry-point risks before evaluating vendors.2. Start planning early. Don’t wait for external triggers. Set a defined internal timeline for evaluating and upgrading entry-point security systems.3. Establish a workplace violence committee. Include the heads of security, nursing and administration in your committee so that decisions reflect front-line realities, operational constraints and real security risks.4. Account for real implementation timelines. Factor in procurement and installation timelines before committing to systems.5. Balance speed with actual threat coverage. Choose technology that balances patient flow with real-world threat detection and integrates visitor management features with your weapons-detection hardware.6. Build the right staffing model. Use trained, nonclinical personnel to operate and manage security systems.7. Document processes and outcomes. Track and review incidents at entry points, and use that data to refine processes and investments.8. Define and enforce operational procedures. Ensure staff follow consistent protocols such as pre-shift system checks, clear escalation steps when alerts are triggered and proper handling of flagged items.​The window to act ahead of a federal mandate is open now. Hospitals that move first will be better equipped. Those who wait may end up playing catch-up under pressure.What The Future Of Hospital Security Looks LikeThe global healthcare security systems market is projected to reach approximately $35.27 billion by 2034. ​For those investments to work in practice, they need to be supported by clear standards and well-documented processes that ensure everyone knows their role and how to respond in an emergency. When systems are structured this way, decisions become easier, and the risk of error is reduced.​At the same time, security cannot be limited to physical entry points. ​Cybercriminals are increasingly targeting DNS. In healthcare, that makes it a direct pathway to EMRs, connected medical devices and internal clinical systems. Strengthening DNS security should be as much a part of the conversation as safeguarding the front door.​That broader view of security also changes what matters in practice. Installing a system is only the start. Without consistent testing, clear protocols and discipline in execution, even well-designed systems are unlikely to deliver their intended outcomes.​And in hospital security, outcomes are not defined by what is installed, but by how reliably it is used.​​​Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?