Understanding The Joint Commission’s new requirements for workplace violence prevention

William S. Marcisz, JD, CPP, CHPA

Beyond spelling out the new requirements, the author provides detailed, practical advice for implementing them. 

(William S. Marcisz, JD, CPP, CHPA, is President and Chief Consultant at Strategic Security Management Consulting, Inc., based in Apopka, FL. He is an expert in hospital and workplace violence security. He has 40 years of healthcare and legal experience and has assessed, developed, and implemented security and workplace violence programs in organizations ranging from small, rural hospitals to large, complex, multi-regional healthcare systems. He is a member of IAHSS. Reach him at William.Marcisz@SSMCSecurity.com.)

Workplace violence (WPV) is a national epidemic. Statistics show that healthcare workers are victimized by workplace violence far more than employees in any other industry.

Effective January 1, 2022, The Joint Commission (TJC) has implemented new workplace violence requirements that have been incorporated into existing standards. In so doing, TJC has taken an important step toward standardizing certain requirements that hospitals must meet to prevent, mitigate, and respond to workplace violence. The new requirements clarify the roles of hospital staff and leaders who are responsible for administering workplace violence prevention and response by attaching certain accountabilities.

However, there has been some confusion as to what has been added to the existing workplace violence standards. Even those who understand the new TJC requirements may be left with questions about how to go about meeting some of those requirements. This article seeks to explain the new TJC requirements and how to bring your organization into compliance.

THE NEW REQUIREMENTS

As security leaders know, The Joint Commission, an independent, not-for-profit organization, establishes standards for hospitals to meet to attain accreditation. Within the TJC’s standards are Elements of Performance (EPs) that explain what a hospital must do to meet the standards.

I next address the EPs of note. There are three new EPs relating to existing standards and two revised EPs. As such, there are no new Joint Commission standards, only additions to existing standards. Below, the italicized summaries of the changes are reprinted, with permission, from The Joint Commission’s R³ Report of June 18, 2021 [1].

Standard EC.02.01.01: The Hospital Manages Safety and Security Risks.

The following is a new EP added to Standard EC.02.01.01.

EP 17: The hospital conducts an annual worksite analysis related to its workplace violence prevention program. The hospital takes actions to mitigate or resolve the workplace violence safety and security risks based upon findings from the analysis. A worksite analysis includes:

1. A proactive analysis of the worksite,
2. An investigation of the hospital’s workplace violence incidents, and
3. An analysis of how the program’s policies and procedures, training, education, and environmental design reflect best practices and conform to applicable laws and regulations.

This EP is meant to ensure that hospitals are assessing risk and identifying gaps in security and safety as related to workplace violence. The purpose is to ensure that hospitals continuously assess and develop plans for improvements to processes and the physical environment.

Because hospital security policies, processes, and infrastructure are so inextricably entwined, my company, Strategic Security Management Consulting (SSMC), suggests conducting both a security and a workplace violence assessment on an annual basis. These assessments can be accomplished by conducting a security audit and gap analysis and by compiling various datasets that track: (a) incidents of workplace violence, (b) employee injuries and lost time resulting from incidents of WPV, and (c) threats made to hospital and staff. SSMC further recommends that the datasets drill down to factors such as date, time, and location of incidents as well as the occupation of the employee who has become a victim of WPV.

An analysis of your WPV program’s training and education should track the number of employees trained and the education they received. Different levels of training and education can be appropriate for different levels of risk of exposure to workplace violence. For example, a nurse working in an emergency room or behavioral health unit is likely to have greater exposure than a clerical worker or employee who is working remotely.

It is an industry best practice to perform an annual assessment of security and workplace violence prevention and to have an independent consultant review the hospital’s site, plans, and security and workplace violence prevention programs every five years.

Standard EC.04.01.01: The Hospital Collects Information to Monitor Conditions in the Environment

The bolded words below highlight the slight revisions that have been made to EP 1 of Standard EC.04.01.01.

EP 1: The hospital establishes a process(es) for continually monitoring, internally reporting, and investigating the following:

• Injuries to patients or others within the hospital’s facilities
• Occupational illnesses and staff injuries
• Incidents of damage to its property or the property of others
• Safety and security incidents involving patients, staff, or others within its facilities, including those related to workplace violence
• Hazardous materials and waste spills and exposures
• Fire safety management problems, deficiencies, and failures
• Medical or laboratory equipment management problems, failures, and use errors
• Utility systems management problems, failures, or use errors

Note 1: All incidents and issues listed above may be reported to staff in quality assessment, improvement, or other functions. A summary of such incidents may also be shared with the person designated to coordinate safety management activities.

Note 2: Review of incident reports often requires that legal processes be followed to preserve confidentiality. Opportunities to improve care, treatment, or services, or to prevent similar incidents, are not lost as a result of following the legal process.

Here, language has been added specifically to include reporting and documentation of security incidents concerning workplace violence. This new requirement is best accomplished by creating, at a minimum, the specialized datasets I listed earlier to categorize incidents of workplace violence—tracking incidents of workplace violence, employee injuries and lost time resulting from incidents of WPV, and threats made to hospital and staff. Records management is discussed in greater detail below.

Standard EC.04.01.01: The Hospital Collects Information to Monitor Conditions in the Environment

The bolded words below highlight language that has been added to EP 6 of Standard EC.04.01.01.

EP 6: Based on its process(es), the hospital reports and investigates the following: Safety and security incidents involving patients, staff, or others within its facilities, including those related to workplace violence.

This new EP may be considered a “bookend” to the added requirements in EP 1 of Standard EC.04.01.01 discussed above. There, the standard requires collection and monitoring of data related to workplace violence. In EP 6, the standard requires the hospital to act on the information.

Once again, responding to the new language in the EP will be facilitated by having the specialized datasets I have listed above for tracking incidents of workplace violence, employee injuries and lost time resulting from incidents of WPV, and threats made to hospital and staff. SSMC suggests cataloging the type of incident (verbal or physical), where it occurs, and the team member who is the victim (for example, a nurse, PCT, or security officer). 

Hospital-based workplace violence data is typically found in three areas: security (incident reports), risk management (incident reports), and human resources/employee health (employee injury reports, lost time, employee assistance referrals, and workers’ compensation cases). To attain a meaningful understanding of how workplace violence is affecting your hospital, you are wise to examine data from all three areas in a comprehensive assessment of reported workplace violence. To date, I have not found software or an effective single database for a hospital to use that captures all incidents and outcomes and provides a meaningful analysis other than reporting raw data. This data problem exists because security, risk management, and human resources capture and analyze only the data that is important to their own disciplines. 

Security incident reports provide good aggregate data on workplace violence in terms of where, when, who, what type of incident, and how frequently this type is occurring. The downside to confining analysis solely to security reporting is that clinical staff do not always call security; they may opt to manage incidents on their own or may document minor incidents of workplace violence through (a) charting patient behavior, (b) verbally reporting issues to the charge nurse, or (c) submitting an occurrence report in a risk management database, or some combination of these actions. The decision to not call security is one reason that workplace violence is underreported.

Also assessing risk management incident reports on workplace violence is recommended because they capture many incidents that occur on nursing units and elsewhere in the hospital that security is never called on to respond to. In many circumstances, nursing staff will not call security because there was no imminent danger of harm or because they were able to resolve the issue without the need of security. (When hospitals correlate security and risk management records, they find that the same incident was reported in both security and risk management records management systems about 15% to 20% of the time.) In addition to providing information on actual incidents, risk management can provide important records relating to litigation and claims, covering how many incidents result in a lawsuit, what damages/settlements were paid, and the litigation costs for the organization because of incidents of workplace violence. Few organizations tabulate and provide this information to their administration or others tasked with workplace violence prevention.

Meanwhile, human resources records provide substantive data related to employees who are injured or have filed a workers’ compensation claim. This is where the organization will find important information relating to business continuity and resiliency. Costs relating to employee injuries from workplace violence (which can result in lost time, medical expenses, workers’ compensation claims, and low employee retention rates) are readily available through human resources/employee health. Finally, human resources records provide two additional key reports not found in security or risk management databases. First, employee-versus-employee incidents are seldom reported to security or risk management unless there is a high level of concerning behavior or threat. Second, human resources records do capture additional incidents of workplace violence that were not reported to security or risk management.

SMSC recommends that representatives from security, risk management, and human resources compile their respective datasets and formally provide a report (monthly or quarterly) to a designated committee to ensure information is being transparently disseminated to persons in the organization who have a clinical or environmental safety responsibility, or both. Typically, various committees receive information on workplace violence, such as those involved with environment of care, clinical safety, or even workplace violence. We are suggesting that one of these committees take the specific responsibility of compiling information on workplace violence and reporting it to senior leadership. We further suggest that the committee provide an annual report to the areas responsible for quality assurance and organizational safety, such as quality assurance performance improvement (QAPI) and/or the organization’s board of directors.

Having a complete picture on the total scope of workplace violence reporting allows the organization to make informed decisions on prioritizing resources designated for prevention and response to workplace violence. Having financial data relating to revenue losses caused by workplace violence allows for a cost-benefit analysis to determine the value of training and education, security measures, and other prevention strategies. This is the type of information hospital administrators need not only to provide the safest work environment possible but also for strategic planning, organizational resilience, and fiscal sustainability.

Standard HR.01.05.03: Staff Participate in Ongoing Education and Training

The following is a new EP added to Standard HR.01.05.03.

EP 29: As part of its workplace violence prevention program, the hospital provides training, education, and resources (at time of hire, annually, and whenever changes occur regarding the workplace violence prevention program) to leadership, staff, and licensed practitioners. The hospital determines what aspects of training are appropriate for individuals based on their roles and responsibilities.

The training, education, and resources address prevention, recognition, response, and reporting of workplace violence as follows:

• What constitutes workplace violence
• Education on the roles and responsibilities of leadership, clinical staff, security personnel, and external law enforcement
• Training in de-escalation, nonphysical intervention skills, physical intervention techniques, and response to emergency incidents
• The reporting process for workplace violence incidents

This new EP is an addition to TJC’s standards relating to human resources management. This EP is designed to ensure that hospitals are providing education and training to hospital staff. There are both explicit requirements listed in the EP as well as elements that are implied.

Explicit is that the training and education should occur on hiring and change of position. The language relating to this timing is added to close a gap left when certain positions require enhanced or added training in workplace violence that was not needed for the previous position occupied by the employee. Also explicit in the new EP is the provision that training or refresher education be completed annually.

One of the implied messages is that training and education requirements should be formalized and monitored under the supervision of a hospital’s human resources department and that the training should be specific to job functions. A good practice may be to include and identify certain specialized workplace violence training and education in job descriptions, to reinforce employee responsibilities for having situational awareness and reporting incidents and injuries.

The new EP further implies that training and education should include:

1. An explanation on what constitutes workplace violence. This explanation should also be stated in the organization’s policy or procedure on workplace violence.

2. A clarification of roles and responsibilities. Because leadership, clinical staff, and security are specifically mentioned, the education should identify responsibilities for all of them so that there is no confusion as to who is accountable for elements of prevention, response, and reporting. Accountabilities should also be clearly defined in the policy covering workplace violence and within the job descriptions of staff.

3. As indicated above, the specific training provided to staff depends on their roles and expectations.

a) De-escalation training can (and should) be combined with education about and training in the skills of “customer service.” When employees take a customer-service approach, they become more aware of what is going on around them and, in many cases, will then mitigate others’ anxiety and frustration, which can be precursors to escalation of aggression. It is better to avoid aggressive behavior before it mushrooms into the need to advance to nonphysical and physical intervention. It is advisable for all hospital staff to receive training on de-escalation and basic customer service.

b) De-escalation and physical intervention training is generally provided to staff members who have frequent contact with aggressive patients and visitors. It is recommended that security, behavioral health, emergency room, and clinical staff receive de-escalation and physical intervention training.

c) At a minimum, security, behavioral health, and emergency room staff should be trained in physical intervention with aggressive patients. In addition, all staff assigned to an emergency response team (ERT) should also receive this advanced level of training.

d) As a best practice, non-physical and physical intervention training should consist of an independent program that certifies staff in these skills.

4. Training and education should also identify when it is appropriate for external law enforcement agencies to be summoned to assist, what information can or should be provided to police, and who is responsible for documenting police intervention.

a) To reinforce and add clarity to law enforcement assistance with incidents involving workplace violence, SSMC recommends establishing a policy and process to ensure that roles and responsibilities are defined.

b) It is good practice to engage local law enforcement in the development of the policy, as there may be limitations and legal aspects of police involvement to consider. Said another way, a hospital should partner with police so that the hospital and the police gain empathy for each otherand buy in to the policy. A partnership approach will promote seamless cooperation at the line-staff level to avoid future misunderstandings.

5. Training for “emergency incidents” is not defined. However, the EP implies that hospitals have an emergency response team (ERT) and/or a threat management team (TMT). (These teams are also referred to as threat assessment teams). I discuss the different roles of these teams in sections a and b below.

a) An Emergency Response Team, or ERT— sometimes referred to as a BERT, for behavioral emergency response team—is a multidisciplinary group of designated staff who respond to an ongoing threat or act of aggressive behavior.

• An ERT is typically comprised of the administrative supervisor, security personnel, and other designated staff trained and certified in de-escalation of aggressive behavior and physical restraints.

• Note: as a best practice, the ERT can be set up similarly to a code team, with designated responsibility for a staff member to bring an ERT cart or bag with restraints and medications that can be administered if needed. This approach eliminates delays and allows the team to resolve the aggressive behavior and create a safer environment.

• The ERT should have a designated “clinical chain of command,” beginning with the administrative supervisor. These are persons with decision-making authority to address the clinical aspects of the incident. A clearly defined leader hastens decision-making and eliminates confusion. 

b) It is recommended for each hospital site to establish a Threat Management Team (TMT) consistent with ASIS/SHRM standards. A Threat Management Team evaluates and assesses a threat made to the hospital or those that may be made against and employee or physician. Once the threat is analyzed, the TMT will develop a a course of action which includes a “safety plan” to protect the person and those who may also be placed in harm’s way. This is different than a “BERT” (Behavioral Emergency Response Team), which is a multidisciplinary team that addresses a combative patient.

• Security, risk management, human resources, administration, and legal, generally form the core of a TMT, but the team can flex and add subject matter experts as the situation requires.

• SSMC recommends that the core members receive threat management training from a certified threat assessment professional, that training be offered to new members, and that existing staff on the TMT undergo an annual skills assessment.

Standard LD.03.01.01: Leaders Create and Maintain a Culture of Safety and Quality Throughout the Hospital

The following is a new EP added to Standard LD.03.01.01.

EP 9: The hospital has a workplace violence prevention program led by a designated individual and developed by a multidisciplinary team that includes the following:

• Policies and procedures to prevent and respond to workplace violence
• A process to report incidents in order to analyze incidents and trends
• A process for follow-up and support to victims and witnesses affected by workplace violence, including trauma and psychological counseling, if necessary
• Reporting of workplace violence incidents to the governing body

This is a new EP, directed to hospital leadership. Without leadership buy-in and overt and active support for the workplace violence program, the subordinate leaders who are expected to carry out all the above requirements of the workplace violence plan and program will have difficulty doing so.

Without full leadership accountability and support, the workplace violence program will be more difficult to put into effect and operate. Half-measures and inefficiencies in a workplace violence prevention program can result in needless and unnecessary physical injuries and/or mental trauma.

The new EP expressly states that hospital leadership is responsible for:

a) Policies and procedures concerning workplace violence prevention and response.

b) A process to report and analyze incidents of workplace violence and trends. As indicated above, a safety or workplace violence committee or environment of care committee could take responsibility for the reporting, but a subcommittee composed of key stakeholders may be more effective at analyzing data and providing briefings to the committee. As a best practice, quality assurance and performance improvement and senior leadership (the C-Suite) should be required to receive a workplace violence status briefing from committee subject matter experts no less than once a year.

c) Workplace violence can cause mental trauma. Most organizations already have some form of employee assistance program (EAP) to assist employee victims of violence. However, it is also recommended that leaders tasked with managing the workplace violence program reach out to employee victims of violence (to the extent any overture is welcome). We know good security directors who inconspicuously but intentionally round on employees who have been victimized. An authentic display of compassion and empathy is appreciated by the employee and benefits the organization by sustaining employee engagement and, at times, retention.

CONCLUSION

A workplace violence prevention and response program is complex to administer in a hospital environment. It requires subject matter expertise, time, resources, commitment, and an organizational will to be effective. The new Joint Commission requirements codify several existing healthcare industry best practices and add accountability standards designed to help a hospital’s workplace violence program be successful.

Workplace violence is difficult for a hospital to manage because it requires thorough understanding and coordination by several key disciplines, as well as a total commitment by all staff. Even for organizations in which departments work together, getting everyone on the same page can be challenging.

What is beginning to take shape as a best practice in managing workplace violence in several healthcare systems and large hospitals is creating a workplace violence manager position dedicated to administering the healthcare system’s workplace violence prevention program. The chief advantage of having this position is that it takes the burden off security directors, risk managers, human resources leaders, and others who are responsible for workplace violence prevention while also carrying out their other roles in the organization.

This person can gather information from the various sources in the organization, prepare datasets and reports to committees and leadership, ensure compliance with all aspects of the organization’s workplace violence program, and in some cases, oversee threat management responses.

I hope this briefing and analysis has been helpful. I welcome questions.

Reference

1. The Joint Commission. (2021, June 18). Workplace violence prevention standards. R³ Report, 30, 1–6. https://www.jointcommission.org/-/media/tjc/documents/standards/r3-reports/wpvp-r3-30_revised_06302021.pdf