Risk & Worksite Analysis
How to Conduct a Healthcare WV Risk Assessment
A step-by-step method for a survey-defensible healthcare workplace violence risk assessment — records review, walkthrough, and frontline input that satisfies HSC Ch. 331, Joint Commission, and OSHA.
A healthcare workplace violence risk assessment — what the Joint Commission calls a worksite analysis — is a documented, facility-specific study of where violence hazards concentrate in your environment of care. A defensible one rests on three legs: a records review, a physical walkthrough, and frontline employee input. It then ranks risks and feeds a mitigation log that closes each finding.
This is the foundation every surveyor expects you to have completed before anything else, because it is what makes your written plan facility-specific rather than a purchased template. Below is the method that produces an assessment a Texas HHSC licensing surveyor, a Joint Commission surveyor, or an OSHA compliance officer will accept.
#Why the risk assessment is the foundation
Three regimes converge on the same requirement. The Joint Commission's workplace violence prevention requirements (effective Jan. 1, 2022 for hospitals) require an annual worksite analysis with follow-up in the Environment of Care chapter. OSHA's Publication 3148, Guidelines for Preventing Workplace Violence for Healthcare and Social Service Workers, makes Worksite Analysis and Hazard Identification the second of its five program components. And Texas Health & Safety Code Chapter 331 (added by SB 240, 2023) requires a written, facility-specific plan — a standard you cannot meet without first analyzing your own facility's hazards and incident history.
One assessment, built correctly, supplies the evidence for all three. That is the central efficiency: you are not running three separate exercises.
#The three-leg method
A worksite analysis that survives a survey has three documented inputs. Skipping any one is the most common reason an assessment gets questioned in a survey-readiness audit.
#Leg 1 — Records review
Start with what already happened. Pull and read:
- Your internal workplace violence incident log for the trailing 12–24 months.
- The OSHA 300 Log, 300A Summary, and 301 reports (29 CFR 1904) — and reconcile them against the internal log. Serious assault injuries with days away from work are 300-recordable; mismatches are a recordkeeping finding in their own right.
- Any prior risk assessment and its open mitigation items.
- Security call logs, behavioral-emergency activations, and grievance data where available.
The records review tells you where violence has actually occurred, so your analysis is evidence-driven rather than theoretical.
#Leg 2 — Physical walkthrough of the environment of care
Walk the building the way a surveyor walks it. Inspect ingress and egress, sightlines, waiting-room flow, alarm and duress systems, staffing visibility, and the physical layout of high-risk areas. Document each observation. A walkthrough that is performed but never written down is, for survey purposes, a walkthrough that never happened.
The hazard walk-through checklist covers the unit-by-unit items to capture.
#Leg 3 — Frontline employee input
Collect structured input from the people who face the hazard — through a survey instrument, interviews, or both. Emergency department, behavioral health, and labor-and-delivery staff routinely surface risks that records and a walkthrough miss. OSHA Pub. 3148 makes worker participation its first program component; the Joint Commission values frontline input; and a surveyor reading an analysis with no employee voice reads a paper exercise.
#From findings to a risk register
Consolidate the three legs into a single risk register that ranks each finding by likelihood and severity. Ranking matters: it shows a surveyor you prioritized, and it tells leadership where to spend first. A register with no prioritization invites the question, "How did you decide what to fix?"
| Step | Output | Why a surveyor cares |
|---|---|---|
| Records review | Incident-driven hazard list, OSHA 300 reconciliation | Proves the analysis is evidence-based |
| Walkthrough | Documented environment-of-care observations | Proves you assessed this facility |
| Employee input | Survey/interview results | Proves worker participation (OSHA Component 1) |
| Risk register | Ranked, prioritized findings | Proves you prioritized rationally |
| Mitigation log | Findings tracked to closure | Proves follow-up, not just analysis |
#Close the loop with a mitigation log
The finding count is not what gets scored — closure is. The Joint Commission's EC requirement is for follow-up on the worksite analysis, not merely the analysis itself. A finding identified but left open indefinitely is the classic "recognized but not abated" exposure that surfaces in both surveys and post-incident litigation.
Every finding belongs in a mitigation log with a named owner and a target date. Turning that register into a defensible plan is its own discipline — see translating worksite-analysis findings into a prioritized corrective action plan.
#A note on scope
This is a compliance vulnerability assessment — an environment-of-care security risk assessment in the regulatory sense. It identifies and documents gaps. It is not a guard deployment, patrol design, or physical-security staffing service. The deliverable is a survey-defensible report, not personnel on a post.
#How VIGILO helps
VIGILO conducts the full three-leg worksite analysis and delivers it as a workplace violence risk assessment: a dated, survey-defensible written report, a ranked risk register, and a prioritized corrective-action log tied to your written plan. For Texas facilities, it maps directly to the HSC Chapter 331 requirements and is kept current through an annual program review so it never goes stale between surveys. To benchmark where your current assessment stands, start with the Chapter 331 compliance checklist.
Sources: The Joint Commission Workplace Violence Prevention requirements (Environment of Care chapter, effective Jan. 1, 2022 for hospitals); OSHA Publication 3148 (Worksite Analysis & Hazard Identification, Component 2) and General Duty Clause §5(a)(1); Texas Health & Safety Code Chapter 331 (SB 240, 88th Leg., 2023) and 26 TAC §133.55; OSHA recordkeeping 29 CFR 1904. This article supports compliance and survey-readiness; it does not guarantee safety outcomes.