Security or police? Unclear role at University of Michigan hospital contributed to child porn reporting delay

"To any observer it looks as if they’re part of the same organization," says U-M DPS Oversight Committee chair Richard D. Friedman, also a professor at the law school.

Confusion regarding hospital security's role and responsibility at the U-M Health System is pervasive, university officials say. That murkiness is one factor that led to a six-month reporting lapse in child pornography found in an employee area of University Hospital, a preliminary U-M review found.

"There was confusion about the roles of Hospital Security and DPS," the preliminary review states. "Hospital employees that reported the incident thought they were talking to police when they were talking with Hospital Security."

A medical resident who found a thumb drive containing child pornography and documents with 36-year-old pediatrician Stephen Jenson's name on them reported the discovery to security officials on May 24. Yet the thumb drive was not reported to police until six months later on Nov. 18. Jenson was charged with four counts of possessing child pornography on Dec. 17.

Although the university recently admitted that "confusion about the roles" contributed to the incident, hospital security's website continues to claim that it is a division of DPS.

"We are a full-service, 24-hour public safety department," the website says. "We are one of three divisions of the University of Michigan Department of Public Safety."

The website also says security officials conduct "baseline criminal investigations."

Yet DPS spokeswoman Diane Brown says that security is not a part of DPS and staff is required to report all criminal activity to university police.

"They are a partner with us, but their reporting relationship is with the hospital and health center's administration," Brown said. "Crime is to be reported to the police."

University police investigate criminal activity at the health system and have the lone institutional authority to make arrests there. The school also reports crimes that occur at UMHS in its daily and yearly logs.

The unclear role of hospital security is further highlighted by the fact that 911 calls placed on UMHS grounds go directly to security headquarters and not university, city or county police. The university claims those calls are routed to hospital security because a large number deal with medical, not criminal, emergencies.

Brown says DPS is aware that people often confuse hospital security with DPS.

"We hear that quite frequently," she said.

Friedman agreed.

"It's often confused. Although on their website (hospital security) say they’re a part of DPS and DPS says 'Oh no they’re not,' " he said, noting that current security logos look similar to police logos. "It's unfortunate that there’s as much confusion as there is."

Since hospital security is not overseen by DPS, security is not subject to the oversight of an independent advisory board such as the DPS Oversight Committee, Friedman said.

U-M spokesman Rick Fitzgerald declined to comment why hospital security are often confused with university police, saying breakdowns in communication will become more clear when the university releases the results of an internal investigation. Fitzgerald did say that security officials are not deputized and do not carry deadly weapons.

"I don’t think that’s something I can answer for you," Fitzgerald said. "There are a lot of questions that are specific to the internal review."

Fitzgerald said he did not know the length and types of training security officials undergo.

Complete findings of U-M's preliminary review of the six-month child pornography lapse:

• There was not a clear line of responsibility for investigating the case. The Office of the General Counsel for the Health System ultimately took ownership of the case and determined that there was not enough evidence to continue the investigation.
• Hospital Security did not log the case in the system shared with the Department of Public Safety. If that had been done, DPS would have seen that there was a possible crime to investigate.
• MCIT (Medical Center Information Technology) reviewed the computer internal logs where the thumb drive had been seen and was able to determine who had accessed the computer. However, MCIT does not have the technology or training to do forensic investigation of electronic devices and, therefore, was not able to retrieve other relevant information such as thumb drive access.
• There was confusion about the roles of Hospital Security and DPS. Hospital employees that reported the incident thought they were talking to police when they were talking with Hospital Security.

Kellie Woodhouse covers higher education for AnnArbor.com. Reach her at kelliewoodhouse@annarbor.com or 734-623-4602 and follow her on twitter.