Negligent Security & Premises Liability in Healthcare WV

A healthcare workplace violence lawsuit rarely argues that the facility committed the violence. It argues something subtler and harder to rebut: that the facility controlled the premises, knew or should have known of a foreseeable risk, and failed to take reasonable measures to address it. That is the architecture of a negligent-security or premises-liability claim — and the records that decide it are the same ones a surveyor reviews.

This article supports our pillar on workplace violence incident response and legal exposure, and pairs with the employer's duty to protect staff from foreseeable violence. It is general compliance information, not legal advice; theories of liability vary by jurisdiction and turn on facts that only the facility's counsel can assess.

#Two related theories, one pivot point

Negligent security and premises liability are distinct legal theories that converge on the same factual pivot.

Both pivot on foreseeability and abatement — what the facility should have anticipated, and what it reasonably did about it. Neither requires proof the facility intended harm or directly caused the assault. That is what makes the documented compliance program so consequential: it is the primary evidence of what the facility knew and how it responded.

#How foreseeability is built — usually from your own files

Foreseeability is a question of notice. Plaintiff's counsel typically establishes it from four sources, and three of the four are documents the facility itself created.

1. Prior similar incidents. A documented history of assaults — especially in the same unit or involving the same category of risk — is the strongest evidence the hazard was knowable.
2. The worksite analysis. A risk assessment that correctly flagged a unit as high-risk, with no corrective action that followed, establishes that the facility recognized the hazard. We cover this exposure in documenting your worksite analysis so it survives a deposition.
3. Staff reports and complaints. Reported concerns that went unaddressed convert "should have known" into "did know."
4. Industry-wide data. Healthcare workers experience workplace violence injuries at a markedly elevated rate relative to the private sector overall (BLS, 2018, via OSHA/NIOSH), which counsel uses to argue the general category of harm was foreseeable to any reasonable healthcare operator.

The uncomfortable conclusion: the same incident log and risk assessment a facility builds for survey-readiness are the documents that can establish foreseeability against it — if it kept the records and ignored what they showed. The defense is not to stop documenting. It is to close the loop on what the documentation reveals.

#The "reasonable measures" standard is informed by what you already must do

In a negligent-security analysis, the central contested question is whether the facility's measures were reasonable. Healthcare facilities do not face this standard in a vacuum. Three regimes already define a baseline of expected practice for a covered facility:

• Texas HSC Chapter 331 (SB 240, 88th Leg., 2023) requires covered facilities to maintain a written workplace violence prevention plan, a committee, post-incident response, and an annual plan evaluation to the governing body.
• The Joint Commission requires (for accredited hospitals, effective January 1, 2022) a designated program leader, an annual worksite analysis, an incident reporting/tracking/trending system, post-incident strategies, and training (R3 Report Issue 45).
• OSHA expects, under the General Duty Clause §5(a)(1) and Publication 3148, that an employer with a recognized hazard takes feasible steps to abate it.

These do not, by themselves, set the legal standard of care — but they powerfully inform what "reasonable" looks like for a healthcare operator. A facility that met them has strong evidence its measures were reasonable. A facility that did not has handed counsel a benchmark it failed to meet. Critically, none of these regimes asks for guards, patrols, or armed personnel — they ask for a documented, functioning prevention program, which is squarely a compliance matter.

#Abatement: the step that separates a finding from a defense

Recognizing a hazard and failing to abate it is the most damaging factual pattern in this entire area. A facility that identified a high-risk unit, logged repeated incidents there, and took no corrective action has, in its own records, documented recognition without response. That is the essence of negligence.

Abatement, in compliance terms, is the corrective-action loop: a finding gets an owner, a date, a documented action, and verification that the fix held. We treat the mechanics in translating worksite-analysis findings into a corrective action plan. The litigation relevance is direct — a closed corrective action is the record that converts "knew and did nothing" into "knew and responded."

#What the defense record looks like

The facility that defends a negligent-security claim well is not the one that responded fastest after the assault. It is the one whose program was already a living, documented record when the incident occurred. That record shows:

• A current, facility-specific WVP plan that was actually followed.
• A worksite analysis that identified hazards, paired with a mitigation log showing what was done about them.
• An incident log paired with trend reports and closed corrective actions — recognition followed by response.
• Training rosters demonstrating the safeguard reached the affected workforce, including contracted and agency staff.
• Committee minutes showing leadership reviewed the data and directed action.

This is the same evidence set surveyors review — which is why a survey-ready facility is, by construction, a more defensible one. We develop the point in why documentation is your best legal defense.

A note on scope and privilege: how a facility structures incident review and what it routes through peer-review or attorney-client channels affects discoverability — those are decisions for the facility's counsel. VIGILO is a compliance, training, and consulting firm, not a guard, patrol, or investigations provider, and it does not provide legal advice or direct litigation strategy. It builds the compliance documentation a defensible program requires.

#How VIGILO helps

VIGILO builds and maintains the documented program that demonstrates reasonable, acted-on measures — on flat-fee terms, never per-incident or contingent.

• Workplace violence risk assessments produce the worksite analysis and mitigation log that show hazards were identified and abated.
• Annual program reviews maintain the contemporaneous trail — minuted reviews, trend reports, and closed corrective actions, year over year.
• Mock surveys test the recognition-to-abatement chain the way a surveyor, and opposing counsel, would.

Hospital risk managers and healthcare attorneys are the buyers here, because they answer for the record when an incident becomes a claim. For the upstream program that anchors all of this, see Texas SB 240 & HSC Chapter 331 compliance.

#Where to start

The best time to test your foreseeability-and-abatement record is before an incident makes it an exhibit. A flat-fee survey-readiness audit scores your plan, worksite analysis, incident log, and corrective-action trail against the Chapter 331, Joint Commission, and OSHA checklists — the same records a negligent-security claim would request — and tells you which gaps to close while you still control the timeline.

---

Sources: Texas Health & Safety Code Chapter 331 (SB 240, 88th Leg., 2023); 26 TAC §133.55 (adopted Oct. 11, 2024); The Joint Commission R3 Report Issue 45 (WVP requirements effective Jan. 1, 2022 for hospitals); OSHA General Duty Clause §5(a)(1), Publication 3148; BLS, 2018, via OSHA/NIOSH. This article is general compliance information, not legal advice.