Threat Assessment
Managing a Terminated-Employee Threat in Healthcare
A disgruntled or terminated employee is a Type III workplace violence risk. Learn how a healthcare threat assessment team manages it defensibly across HR, safety, and the WVP plan.
A threat from a current or former employee is a category most healthcare workplace violence programs underbuild. Programs concentrate, correctly, on Type II violence — patients and visitors directing aggression at staff. But a disgruntled or terminated employee is Type III violence, worker-on-worker, and it travels a different path: through HR, through access systems, and through the period around a separation. Managing it defensibly means routing it to the threat assessment team with HR as a central partner, and documenting the response like any other case.
This article covers how a healthcare facility recognizes, plans for, and manages an employee-origin threat without turning the response into an investigation or a security operation.
#Why Type III needs its own pathway
The Type II case — an agitated patient in the emergency department — and the Type III case — an employee whose conduct has become threatening — are both workplace violence, but they share little operationally. The employee case involves an employment relationship, conduct and discipline policy, badge and system access, and frequently a termination event. None of that is in play with a patient or visitor. A program that has only a Type II reflex will mishandle the employee threat by treating it as either a pure HR matter or a pure security matter, when in fact it is both, plus a clinical-coordination question.
The factors a threat assessment team weighs apply here too — specificity, escalation, access, stabilizing and destabilizing influences — but they are read against an employment backdrop. The same warning behaviors and pre-incident indicators the team watches for in any case are often more visible with employees because colleagues observe them daily.
#Recognizing the concern early
Employee-origin concerns usually announce themselves before any overt threat. Co-workers and managers are the sensors. A confidential reporting channel that staff trust — the same one the WVP plan already requires — is what surfaces:
- Escalating grievances that fixate on a specific person, decision, or perceived injustice.
- Statements that reference harming colleagues, the facility, or oneself.
- A marked behavioral change, withdrawal, or boundary-pushing that managers notice but hesitate to report.
- Conduct around an impending or recent disciplinary action or termination.
The hesitation to report is the gap. Staff worry that flagging a colleague is disloyal or career-damaging. A program that pairs a confidential channel with a genuine anti-retaliation commitment is what converts that hesitation into early information.
#Routing it: the threat assessment team plus HR
When a concern about an employee reaches the team, HR is not a bystander — it is a co-lead. The division of work:
| Function | Role in an employee-origin threat |
|---|---|
| Threat assessment team (chair) | Convenes, applies the structured method, owns the documented case |
| Human resources | Employment context, conduct policy, discipline, and termination planning |
| Behavioral health | Clinical evaluation where a treatable state is in play, including self-harm risk |
| Safety / security leadership | Access deactivation, physical measures, response coordination |
| Risk / legal | Privacy, documentation discipline, and the law-enforcement decision |
The case is worked through the facility's five-step process — identification, triage, assessment, management, documentation and follow-up — exactly as any other threat. What changes is that the management plan includes employment levers HR controls and access levers safety controls.
#Planning a high-risk termination
The highest-tension moment in many employee cases is the termination itself. When the assessment suggests a separation could provoke a violent response, the team and HR should plan it deliberately and in writing rather than improvising. A defensible high-risk-termination plan addresses:
- Timing and location — a setting and time that reduce audience, exposure, and humiliation.
- Who is present — a small, prepared group; treat the employee with dignity throughout.
- Access deactivation — badge, system, and physical access changes timed to the event.
- Communication — what colleagues are told, consistent with privacy and anti-retaliation.
- Post-termination monitoring — a defined window of heightened attention and a re-convene trigger if concern resurfaces.
The objective is two-sided and should read that way in the record: a calm, respectful separation and a protected staff. Planning for safety is not the same as presuming guilt, and the documentation should reflect a measured, factual posture.
#Documenting without crossing into investigation
The case record here carries extra sensitivity because it concerns an employee and touches employment decisions. Hold it to the discipline in documenting threat assessments defensibly: record the concern, the factors weighed, the management plan, the named owner, and the review dates — factually, without speculation, labels, or conclusions about the person's character. The team coordinates and manages; it does not investigate misconduct as a quasi-police function. Where the matter requires investigation, that is HR's or counsel's process, kept distinct from the threat-management record.
#Tying it back to the program
Employee-origin cases, de-identified, belong in the trends the WVP committee reviews. A cluster of Type III concerns on one unit may signal a management or culture issue the worksite analysis should address — turning individual cases into program-level learning. Under Texas HSC Chapter 331 and the Joint Commission's workplace violence requirements (effective Jan. 1, 2022 for hospitals), that loop — report, manage, follow up, learn — is exactly what a functioning program is expected to demonstrate.
#How VIGILO helps
VIGILO helps facilities build the Type III pathway into a documented threat assessment program — the HR-and-team co-lead model, a high-risk-termination planning template, access-control coordination, and the document-it-factually discipline — integrated with the written WVP plan and policies and trained through staff education. The capability is kept current through an annual program review, and for Texas facilities it aligns with HSC Chapter 331. To see where your structure stands, start with the Chapter 331 compliance checklist.
VIGILO provides compliance, training, and consulting assistance and supports survey-readiness and preparedness; it does not provide legal or HR advice, does not guarantee safety outcomes, and does not provide security guard, patrol, or investigative services. Employment decisions should be coordinated with qualified HR and legal counsel. Sources: BLS Survey of Occupational Injuries and Illnesses (workplace violence typology, Type I–IV); The Joint Commission Workplace Violence Prevention requirements (effective Jan. 1, 2022 for hospitals); Texas Health & Safety Code Chapter 331 (SB 240, 88th Leg., 2023) and 26 TAC §133.55; OSHA General Duty Clause §5(a)(1) and Publication 3148.