Incident Response & Legal
Employer Duty to Protect Staff From Foreseeable Violence
The employer's duty to protect healthcare staff from foreseeable workplace violence — how foreseeability and notice are built from your own records, and how to meet the duty.
A healthcare employer has a duty to protect its staff from foreseeable workplace violence. That duty is not a single rule — it is the overlap of OSHA's General Duty Clause, Texas HSC Chapter 331, and common-law principles that require reasonable steps against foreseeable harm. Because workplace violence in healthcare is so widely recognized as a hazard, the duty itself is hard to dispute. The defensible question is narrower: did the facility take reasonable, documented steps to meet it?
This article supports our pillar on workplace violence incident response and legal exposure.
#Three overlapping sources of the duty
The duty to protect staff does not come from one place. For a Texas healthcare facility, three sources reinforce each other:
| Source | What it requires | How it frames the duty |
|---|---|---|
| OSHA General Duty Clause §5(a)(1) | A workplace "free from recognized hazards" likely to cause death or serious harm | Workplace violence is a recognized hazard in healthcare |
| Texas HSC Chapter 331 | Adopt and implement a facility-specific WVP program | A statutory, affirmative obligation to prevent and respond |
| Common-law duty / premises liability | Reasonable care against foreseeable harm | A duty triggered once a hazard is on notice |
The General Duty Clause matters because OSHA has no specific workplace violence standard — enforcement runs through §5(a)(1), and "recognized hazard" is the operative phrase. We unpack it in the General Duty Clause and recognized hazards in hospitals. Chapter 331 converts the duty from a general standard into a specific, written program requirement (HSC Chapter 331; SB 240, 88th Leg., 2023). And common-law theories supply the foreseeability-and-notice frame that drives most civil claims.
#Why "recognized" is already settled against you
In many hazard disputes, an employer can argue the risk was not recognized. In healthcare workplace violence, that argument is weak — and the data is why. Healthcare workers faced a workplace-violence injury rate roughly 5× the private-sector average in 2018 (BLS, 2018), and they bear roughly three-quarters of nonfatal intentional-violence injuries. OSHA publishes guidance specifically for the sector (Publication 3148). The Joint Commission adopted dedicated requirements effective Jan. 1, 2022 for hospitals. Texas passed Chapter 331. When the hazard is recognized at the statute, accreditor, and federal-guidance level, a facility cannot credibly claim it could not foresee the risk in general.
That shifts the entire contest onto the second question: what did the facility do about it?
#Foreseeability at the facility level
General recognition establishes the duty. Facility-specific foreseeability sharpens it — and, again, the facility usually supplies the evidence from its own records:
- The incident log showing prior events in the same unit.
- The worksite analysis identifying that unit as high-risk.
- Staff reports and surveys flagging the problem.
- Trend reports that put the pattern in front of leadership.
When these records show the facility knew of a specific hazard, the duty becomes concrete: a reasonable employer, on notice of that hazard, takes reasonable steps to abate it. The most damaging position is a record that proves notice with no matching action — which is exactly the pattern that surfaces in litigation discovery.
#Meeting the duty is about reasonableness, not guarantees
Here is the principle that should shape every program: the duty is to take reasonable, recognized steps — not to guarantee no one is ever harmed. No program eliminates workplace violence, and a facility that frames its obligation as "prevent all violence" sets an impossible standard. The defensible posture is to demonstrate that the facility did what a reasonable healthcare employer, on notice of the hazard, would do:
- Assess — a current worksite analysis that identifies high-risk units and hazards.
- Control — engineering and administrative controls matched to the findings.
- Train — workforce education at least annually, reaching contracted staff too.
- Report and respond — an incident system, post-incident support, and a confidential reporting policy with anti-retaliation protection.
- Trend and act — leadership review of the data and corrective actions tracked to closure.
- Evaluate — an annual plan evaluation reported to the governing body.
Each step is both a Chapter 331 requirement and a piece of evidence that the duty was met. The facility that runs and documents this cycle has a reasonableness story; the one that does not has a notice-without-action story.
A rails note: VIGILO frames premises-liability and negligent-security concepts strictly as documentation and program-gap matters. It is a compliance, training, and consulting firm — not a security-guard, patrol, armed, or investigations provider — and it does not provide legal advice. Meeting the duty here means building the program and the record, not deploying guards.
#The stakes without a fine schedule
It is tempting to read Chapter 331's lack of a dedicated fine schedule as low stakes. The duty analysis shows why that reading is backwards. Without a regulatory penalty cap, the consequence of failing the duty lands in civil litigation, where exposure is open-ended, and in licensure-survey deficiencies that compound over time. The absence of a fine does not lower the stakes — it relocates them to a forum with no ceiling. That is the honest urgency behind the statute: not a penalty to avoid, but a duty whose breach is measured in litigation and survey terms.
#The duty is a recurring obligation, not a one-time fix
A subtle but important point: the duty to protect is continuing. A worksite analysis done once and shelved does not discharge it; a plan adopted in 2024 and never updated does not either. Chapter 331 builds the recurrence in — the annual plan evaluation to the governing body is a statutory, repeating obligation. Meeting the duty means maintaining a program of record between surveys and after incidents, year over year, so that at any given moment the facility can show a current, living response to a recognized hazard.
#How VIGILO helps
VIGILO builds and maintains the program that demonstrates the duty was met — on flat-fee terms, never per-incident or contingent.
- Workplace violence risk assessments produce the worksite analysis and mitigation log that show the facility identified and acted on its hazards.
- Annual program reviews carry the recurring obligation forward: trend review, corrective-action tracking, and the annual plan evaluation to the governing body.
- Mock surveys test whether the program would read as reasonable-and-documented to a surveyor — and, after an incident, to opposing counsel.
Hospital executives, risk managers, and compliance officers own this duty, and healthcare attorneys advise on its legal contours.
#Where to start
If you cannot currently produce a recent worksite analysis, trended incident data, and closed corrective actions on demand, the duty is being met in intention but not in record — and record is what gets examined. A flat-fee survey-readiness audit scores your program against the Chapter 331, Joint Commission, and OSHA checklists and shows exactly where the reasonable-steps story has a gap, while you can still close it on your own terms.
Sources: Texas Health & Safety Code Chapter 331 (SB 240, 88th Leg., 2023); OSHA General Duty Clause §5(a)(1), Publication 3148; The Joint Commission R3 Report Issue 45 (WVP requirements effective Jan. 1, 2022 for hospitals); BLS, 2018, via OSHA/NIOSH. This article is general compliance information, not legal advice.