Threat Assessment
Documenting Threat Assessments So They Help in Court
A threat assessment record can defend a facility or become Exhibit A. Learn how to document evaluations and management decisions so they help — not haunt — you in litigation and survey.
A threat assessment record is double-edged. Done well, it is the document that proves a facility recognized a concern, evaluated it deliberately, and managed it proportionately — the strongest answer to the question a surveyor or plaintiff's counsel asks after an incident: what did you do about it? Done poorly, the same record becomes the exhibit that shows the facility saw the risk and did nothing, or labeled a person without basis. The difference is documentation discipline.
The instinct to document nothing — to keep threat assessment a hallway conversation so there is no file to subpoena — is the wrong lesson. An undocumented assessment is the worst of both worlds: the reporting record shows a concern was raised, and the absence of any assessment record shows nothing was done with it. This article covers how to document so the record helps.
#Why "don't write it down" is the wrong instinct
When a workplace violence incident reaches litigation, discovery reconstructs what the facility knew and when. If incident reports, emails, or staff testimony show a concern was raised, the question becomes: what happened next? A clean assessment record answers it. Silence invites the inference that the concern was ignored.
The same logic governs survey. The Joint Commission's workplace violence requirements (effective Jan. 1, 2022 for hospitals) expect incident reporting, tracking, trending, and follow-up. A facility-specific plan under Texas HSC Chapter 331 requires a reporting mechanism and post-incident response. When a surveyor traces a concern, the assessment record is what demonstrates the facility acted. As our piece on documentation as your best legal defense puts it: the absence of a record is not protection — it is exposure.
#The principle: document the process, not a verdict on the person
The defensible record describes a deliberate process, not a conclusion about a human being. It shows what was observed, what factors the team weighed, what it decided, and what it did — proportionate, reviewed, owned. It does not pronounce that a person "is dangerous," nor that an incident was inevitable, nor speculate about motive or diagnosis the team is not qualified to assert.
This is the single mental model that keeps a record clean: you are documenting that a structured, good-faith process ran — the same process described in the five-step threat assessment workflow — not rendering a verdict.
#What a defensible record contains
| Element | What to capture | Why it helps |
|---|---|---|
| Trigger | The specific reported behavior or statement, factually | Shows what the team actually responded to |
| Structured factors | Specificity of the threat, access to the target, escalation over time, stabilizing influences | Demonstrates a method, not a guess |
| Decision | The management plan chosen and the reasoning | Shows proportionality |
| Owner & dates | Named role responsible (by role, not by name in published material) and review dates | Shows the matter was not dropped |
| Follow-up | What happened at each review; when and why the case closed | Proves the loop closed |
The throughline is that every entry is observable, factual, and tied to a decision. A record built this way reads, to a reviewer, as a careful process — which is precisely what it was.
#Language traps that turn a record toxic
The same facts can be written defensibly or dangerously. Train the team to avoid:
- Speculation and labels. "Patient is a psychopath / will definitely hurt someone" is opinion the team cannot support and that reads catastrophically in discovery. Record behavior, not character.
- Conclusions of certainty. Stating that violence was certain and then describing a modest response implies the facility under-reacted to a known certainty. Frame in terms of concern level and proportionate management.
- Unsupported clinical assertions. Do not record diagnoses the team did not make or is not qualified to make.
- Editorializing and humor. Asides, sarcasm, and venting in a record that may be read aloud to a jury are indefensible.
- Gaps in the timeline. A concern logged with no documented follow-up reads as abandonment. Close every loop on the record.
#Confidentiality, access, and privilege
Threat assessment records are sensitive and must be handled with restricted access, a defined retention schedule, and storage separate from the general medical record where appropriate. Whether any portion is protected — attorney-client privilege, work-product, or a quality/peer-review protection — depends on how the process is structured and your jurisdiction, and is a determination for your counsel, not a content team.
The practical, rail-safe guidance is twofold. First, coordinate the structure of the process with risk and legal up front, so privilege questions are settled before a case arises, not after. Second, regardless of how privilege shakes out, document the operational facts cleanly — because the goal is a record that is defensible whether or not it is ever protected.
#Connecting the record to the program
A threat assessment record does not sit in isolation. De-identified trends from cases feed the worksite analysis. Closed cases demonstrate, in aggregate, a functioning follow-up capability — exactly what the Joint Commission's tracking-and-trending expectation looks for. And the records, handled with the discipline above, become part of the survey-ready evidence base that shows a living program rather than a binder of policies.
#How VIGILO helps
VIGILO helps facilities build a threat assessment program with documentation standards designed to be both clinically sound and survey-defensible — factual record templates, a structured factor framework, owner-and-review discipline, and confidentiality handling coordinated with your risk and legal functions through the written WVP plan and policies. The documentation discipline is audited and refreshed in an annual program review, and for Texas facilities it aligns with HSC Chapter 331. To pressure-test your current records against what surveyors and discovery look for, start with the Chapter 331 compliance checklist.
VIGILO provides compliance, training, and consulting assistance and supports survey-readiness and preparedness; it does not provide legal advice, does not guarantee safety outcomes, and does not provide security guard, patrol, or investigative services. Privilege determinations are for your counsel. Sources: The Joint Commission Workplace Violence Prevention requirements (incident reporting, tracking, trending, follow-up; effective Jan. 1, 2022 for hospitals); Texas Health & Safety Code Chapter 331 (SB 240, 88th Leg., 2023) and 26 TAC §133.55; OSHA General Duty Clause §5(a)(1) and Publication 3148.