The Joint Commission Has Added New Workplace Violence Prevention Requirements for the Healthcare Industry

Timothy P. Sutton CPP, PSP, PCI, CHPA April 7, 2022

According to The Joint Commission (TJC), which oversees accreditation of hospitals and other healthcare facilities, about 73% of nonfatal workplace injuries and illnesses leading to missed work days in healthcare are connected to workplace violence. This figure does not consider the number of unreported incidents, so the actual percentage is likely higher.

Effective January 1, 2022, TJC introduced revisions to workplace violence standards that provide guidance for developing strong workplace violence prevention systems.

As a participant in ASIS International’s publication of Workplace Violence Prevention and Response Guidelines, which align with these revisions, I want to clarify the confusion and some inaccuracies circulating on social media about these modifications.

The modifications have erroneously been referenced as “R3 Regulation.” R3 refers to the name of a report that TJC publishes. The aptly named R3 Report |Requirement, Rationale, Reference provides a summary of the rationale and references for all new TJC requirements. While there is no new standard related to workplace violence, there are modifications to existing standards with new or modified elements of performance (EP) for their enactment.

new EP 17 has been added to the Standard EC.02.01.01: The hospital manages safety and security risks. This EP 17 is expanded to read: The hospital conducts an annual worksite analysis related to its workplace violence prevention program. The hospital takes actions to mitigate or resolve the workplace violence safety and security risks based upon findings from the analysis.


Note: A proactive worksite analysis includes an investigation of the hospital’s workplace violence incidents, and an assessment of how the program’s policies and procedures, training, education, and environmental design reflect best practices and conform to applicable laws and regulations. An independent third-party consultant can bring an objective viewpoint to the process.


This year there is also a slight modification to EP 1 and EP 6 for the existing Standard EC.04.01.01: The hospital collects information to monitor conditions in the environment. In EP 1, the fourth item in the existing list of processes — the hospital establishes for continually monitoring, internally reporting, and investigating — is modified to read — Safety and security incidents involving patients, staff, or others within its facilities, including those related to workplace violence. EP 6 has similar modifications and now reads — Based on its process(es), the hospital reports and investigates the following: Safety and security incidents involving patients, staff, or others within its facilities, including those related to workplace violence.

new EP 29 has also been added to the existing Standard HR.01.05.03: Staff participate in ongoing education and training.  The new EP 29 reads — As part of its workplace violence prevention program, the hospital provides training, education, and resources (at time of hire, annually, and whenever changes occur regarding the workplace violence prevention program) to leadership, staff, and licensed practitioners. The hospital determines what aspects of training are appropriate for individuals based on their roles and responsibilities. The training, education, and resources address prevention, recognition, response, and reporting of workplace violence as follows:

  • What constitutes workplace violence
  • Education on the roles and responsibilities of leadership, clinical staff, security personnel, and external law enforcement
  • Training in de-escalation, nonphysical intervention skills, physical intervention techniques, and response to emergency incidents
  • The reporting process for workplace violence incidents

Of course, rationale and references follow the new EP.

Lastly, a new EP 9 has been added to the existing Standard LD.03.01.01 — Leaders create and maintain a culture of safety and quality throughout the hospital.  The new EP 9 reads — The hospital has a workplace violence prevention program led by a designated individual and developed by a multidisciplinary team that includes the following:

  • Policies and procedures to prevent and respond to workplace violence
  • A process to report incidents to analyze incidents and trends
  • A process for follow up and support to victims and witnesses affected by workplace violence, including trauma and psychological counseling, if necessary
  • Reporting of workplace violence incidents to the governing body

Again, rationale and references follow the new EP.

A Look Back and Forward

In addition to ASIS International’s Workplace Violence Prevention and Response Guideline, attention to workplace violence took the front seat in  the ASIS Healthcare Security Council’s December 2010 whitepaper titled Managing Disruptive Behavior and Workplace Violence in Healthcare, and a 2011 collaborative effort between ASIS International and the Society for Human Resources Management (SHRM)’s development of an American National Standard titled Workplace Violence and Intervention (ASIS/SHRM WVPI.1-2011).

The whitepaper is available for free download from the U.S. Department of Health and Human Services’ Healthcare Emergency Preparedness Information Gateway.

The new EPs issued by TJC also align with the information found in these ASIS documents – in both their current versions and updates.

Healthcare organizations that don’t apply best practices will jeopardize their employees’ safety and expose their facilities to legal, economic, and reputational repercussions, including sanctions and hefty fines. Engaging an independent third-party consultant with experience in healthcare protection administration and security management to assess your facilities and programs will strengthen your security posture, and better protect those you serve. An independent third-party security consultant brings an objective viewpoint to the process, an objectivity that is difficult to achieve by organization insiders.

Timothy P. Sutton CPP, PSP, PCI, CHPA

Senior Security Consultant

Timothy Sutton has more than 30 years of security experience. His expertise includes operational security management and program development, loss prevention, physical security and risk assessments, and technical security systems design and implementation. He has worked with clients in diverse sectors including medicinal and adult-use cannabis, healthcare, retail, government, manufacturing, and multi-use properties.

InvestigationHotlines