Targeted violence in healthcare — whether by current or former employees, patients, family members, or community members — is rarely without warning. Research by the FBI and Secret Service consistently shows that individuals who engage in targeted violence display observable behaviors before the attack: concerning communications, escalating grievances, fixation on a specific individual or the organization, or direct threats.

Behavioral Threat Assessment Teams (BTATs) provide the organizational infrastructure to identify these warning signs early, assess the level of risk, and intervene before violence occurs. For healthcare facilities, Joint Commission standards and OSHA guidance support — and increasingly expect — formal threat assessment programs as part of a comprehensive workplace violence prevention strategy.

What is a Behavioral Threat Assessment Team?

A BTAT is a multidisciplinary team responsible for receiving, evaluating, and managing reports of concerning behavior that may indicate risk of violence. Membership typically includes:

  • Security: For threat assessment expertise, information gathering, and access control authority
  • Human Resources: For employee relations, discipline, and separation procedures
  • Legal counsel: For legal implications of interventions, restraining orders, and termination
  • Behavioral health: For clinical assessment of psychological risk factors
  • Nursing or physician leadership: For clinical context when threats involve patient care situations
  • Facilities: For understanding physical access points and infrastructure response capabilities

The BTAT meets on a scheduled basis (typically monthly) to review open cases and on an urgent basis when immediate threats are reported.

Why Healthcare Needs Formal Threat Assessment

Healthcare settings have specific threat assessment needs:

Employee terminations: Workplace violence research shows that termination events carry elevated risk. HR departments that inform security and the BTAT before conducting terminations can ensure appropriate security presence and access revocation is coordinated.

Patient grievances: Patients or family members who believe they received inadequate care may direct anger at specific physicians or staff. Written complaints that contain threatening language should be reviewed by the BTAT, not just filed in a grievance system.

Domestic violence spillover: Healthcare employees experiencing domestic abuse are at risk of their abuser following them to the workplace. Employee assistance programs and security should be prepared to respond when a staff member reports being stalked or threatened by a domestic partner.

Behavioral health patient contact: Patients with violent history or active psychosis who are discharging from inpatient behavioral health may attempt to return and confront staff. Discharge planning should include security notification when known risk factors are present.

The Threat Assessment Process

A structured threat assessment process includes:

Step 1: Report Intake

Every concerning behavior report should be documented and routed to the BTAT coordinator or security. Reports may come from:

  • Staff who observe or receive concerning communications
  • HR receiving threatening written communications
  • Security responding to behavioral incidents
  • The employee assistance program receiving disclosures from employees about threatening colleagues

Anonymous reporting mechanisms (tip lines, online reporting portals) increase the volume of early-stage reports that allow intervention before situations escalate.

Step 2: Initial Assessment

The BTAT conducts an initial assessment to determine the level of urgency and type of response:

  • Imminent threat: Requires immediate security response, possible law enforcement notification, and emergency access revocation
  • Elevated concern: Active monitoring, information gathering, and direct intervention with the individual
  • Monitor and manage: Document, assign a case manager, and establish a monitoring protocol for future indicators

Structured professional judgment tools — including the WAVR-21 (Workplace Assessment of Violence Risk) — provide a framework for consistent assessment across BTAT members.

Step 3: Intervention

Interventions are tailored to the risk level and the nature of the threat:

  • Managerial conversation: For early-stage behavioral concerns where a supervisor check-in or HR conversation may address the underlying issue
  • EAP referral: Employee assistance program referral for individuals showing stress, substance abuse, or mental health indicators
  • Formal disciplinary action: When behavior violates workplace policy, combined with monitoring for escalation
  • Administrative leave with access revocation: When risk level warrants removing the individual from the workplace while the investigation continues
  • Law enforcement referral: When credible threats are made or evidence of planned violence is identified

Step 4: Case Management and Closure

Open cases require ongoing monitoring — the absence of further reports is not equivalent to resolved risk. Case managers maintain contact with supervisors and HR to identify any new indicators. Cases are formally closed when risk factors are resolved or the individual is no longer associated with the facility.

Physical Environment Integration

The BTAT’s risk assessments should inform physical security decisions:

  • Access revocation: When an individual is placed on leave or terminated, badge access must be revoked immediately — including remote deactivation through the access control system. HR and security must have a documented same-day access revocation protocol.
  • Target hardening: If a specific individual (employee, patient, or visitor) is identified as a threat to a specific person or unit, physical countermeasures can be implemented — camera coverage review, controlled access to the target’s work area, escort protocols.
  • Incident documentation: All BTAT case documentation serves as the evidentiary foundation for legal action, restraining orders, and regulatory reporting if violence does occur.

Documentation and Regulatory Alignment

The Joint Commission’s EC.04.01.01 requires a security management plan that addresses workplace violence prevention. While BTAT is not specifically named, the plan must include procedures for managing violence risk. OSHA’s healthcare workplace violence guidelines recommend threat assessment programs as a best practice for Level I programs (highest risk).

Case documentation should be maintained securely, with access limited to BTAT members and counsel. Privacy considerations — particularly for employee behavioral health disclosures — must be carefully managed with legal guidance.

Frequently Asked Questions

Is a Behavioral Threat Assessment Team required by Joint Commission? The Joint Commission does not mandate a BTAT by name. EC.04.01.01 requires a security management plan that addresses violent and criminal events, and the plan must be implemented and evaluated. BTAT programs represent best-practice implementation of this requirement. Facilities without a BTAT should document how they fulfill the same functions through their existing security management structure.

What is the difference between threat assessment and threat management? Threat assessment is the process of evaluating whether an individual poses a risk of violence. Threat management is the ongoing process of monitoring, intervening, and managing the situation to prevent violence. Both functions are typically housed within the BTAT, but they are conceptually distinct: assessment determines risk level, management determines and implements the response.

Who should report concerns to the BTAT? Any staff member who observes or receives concerning behavior — including threatening communications, fixation on a specific individual, expressions of grievance combined with hopelessness, or access to weapons — should report to the BTAT or security. Reporting mechanisms should be easy to use, well-communicated to all staff, and protected from retaliation. Leaders who discourage reporting undermine the program’s effectiveness.

How does the BTAT coordinate with law enforcement? High-risk cases should be shared with local law enforcement — particularly when credible threats exist or evidence of planning for violence is found. Many hospitals establish relationships with their local police department’s threat assessment unit or SWAT liaison for pre-event coordination. Law enforcement can conduct independent background investigation and, where legally supported, intervene with the subject directly.