Using Incident Data for a Defensible Worksite Analysis

Your own incident data is the single strongest piece of evidence in a workplace violence worksite analysis. A walkthrough shows what could happen; your incident log shows what already has — by unit, shift, and type. Cleaned, reconciled against your OSHA 300 Log, and analyzed for patterns, that data turns a theoretical risk assessment into an evidence-driven one that survives both a survey and a deposition.

This is the leg of the worksite analysis that facilities most often shortchange, because their data is messy, scattered, or quietly underreported. Below is how to turn an imperfect incident log into the defensible backbone of your analysis.

#Why surveyors and plaintiff's counsel both start with your data

When a surveyor traces a workplace violence finding, they ask to see what the facility knew and when. When plaintiff's counsel litigates an assault, the first document requested is the incident log. Both are reading for the same thing: did the facility recognize a pattern and act on it, or did the data sit unexamined?

That is why a data-driven worksite analysis is so much stronger than one built on walkthrough impressions alone. The Joint Commission's workplace violence requirements (effective Jan. 1, 2022 for hospitals) call for incident reporting, tracking, trending, and follow-up — trending is a data activity. OSHA Publication 3148 makes records review part of worksite analysis. And a facility-specific written plan under Texas HSC Chapter 331 cannot be facility-specific without facility data behind it.

The incident log is not just an input to the analysis — it is the exhibit that proves the analysis was honest.

#Step 1 — Assemble and reconcile the records

Pull every source that records violence, then reconcile them so they tell one consistent story.

• Internal workplace violence incident log for the trailing 12–24 months.
• OSHA 300 Log, 300A Summary, and 301 reports (29 CFR 1904). Serious assault injuries with days away, restricted duty, or transfer are 300-recordable.
• Security call logs, behavioral-emergency activations, duress-alarm records, and grievances where available.

Reconciliation matters because mismatches are findings in their own right. An assault that appears in the internal log but never reached the 300 Log is a recordkeeping deficiency a compliance officer can cite without ever evaluating your prevention program. Conversely, a 300-Log entry with no internal incident report shows the reporting channel is leaking.

#Step 2 — Confront underreporting head-on

Healthcare workplace violence is heavily underreported — staff often treat assault as "part of the job." A thin incident log therefore proves very little, and a worksite analysis that treats low numbers as evidence of safety reads as naive to a surveyor and reckless to plaintiff's counsel.

Address it directly:

• State the limitation in the analysis. Acknowledging probable underreporting is more credible than ignoring it, and it frames any reporting-culture improvements as a deliberate corrective action.
• Triangulate. Where the formal log is thin, lean harder on security calls, behavioral activations, and frontline employee input to fill the picture.
• Treat underreporting as its own finding. A confidential, anti-retaliation reporting policy that drives reports up is a legitimate mitigation item — rising numbers after its rollout signal a healthier culture, not a more violent facility.

#Step 3 — Analyze for the patterns that drive controls

Raw counts do not persuade; patterns do. Cut the data along the axes that point to specific controls.

Mapping incidents by unit usually confirms — or sharpens — the national pattern of where violence concentrates; see high-risk units and where workplace violence concentrates. The full three-leg method that pairs this data review with a walkthrough and frontline input is laid out in how to conduct a healthcare workplace violence risk assessment.

#Step 4 — Carry the data into a ranked register and a closed loop

Findings drawn from data go into the same risk register as walkthrough and employee-input findings, ranked by likelihood and severity. Then each one enters a mitigation log with a named owner and target date. The metric that gets scored is closure, not count — a data-identified pattern left unaddressed is the textbook "recognized but not abated" exposure.

Refresh the analysis with current data on a defined cadence so it never goes stale. Trending only works if the dataset keeps moving; a worksite analysis frozen at one point in time stops being evidence the moment the next incident lands.

#A note on scope

Analyzing incident data is a compliance and documentation activity — it identifies where hazards concentrate and proves the facility examined its own record. It is not a guard-staffing or investigations service. The deliverable is a survey-defensible, data-backed analysis, not personnel or case investigations.

#How VIGILO helps

VIGILO builds the data backbone of your workplace violence risk assessment: assembling and reconciling your incident log against the OSHA 300 Log, surfacing the unit/shift/type patterns that drive controls, and translating them into a ranked, closeable register tied to your written plan. For Texas facilities it maps to HSC Chapter 331 and is kept current through an annual program review. To see where your current data stands against the requirements, start with the Chapter 331 compliance checklist.

---

VIGILO provides compliance, training, and consulting assistance and supports survey-readiness and preparedness; it does not guarantee safety outcomes and does not provide security guard, patrol, or investigative services. Sources: The Joint Commission Workplace Violence Prevention requirements (incident reporting, tracking, trending, and follow-up; effective Jan. 1, 2022 for hospitals); OSHA Publication 3148 (Worksite Analysis & Hazard Identification) and recordkeeping 29 CFR 1904; Texas Health & Safety Code Chapter 331 (SB 240, 88th Leg., 2023) and 26 TAC §133.55.