by Rebecca Bailey, MSN, RN, CPHRM, ERM-Cert; and Shannon Delchamps, BSN, RN, CPHRM, CPPS, ERM-CERT
Patient allegations of abuse and assault can be costly to health care organizations in terms of finances, reputation and regulatory consequences. This article outlines how to position your organization for success when allegations of abuse or assault are made.
In the world of health care, protecting patients and providing a safe environment is an obligation and expectation. For decades, the focus has been on creating a culture of safety in health care. One area of concern that seems to be growing is patient allegations of assault or abuse by health care team members. These events, when credible, can have significant impacts on an organization. Financially, judgments and settlement payouts are rising. Between 2000 and 2023, the average payout, excluding outliers, rose from $7.6 million to $13.6 million (2). This also translates to reimbursement and regulatory risks that affect participation in CMS funding.
These cases are subject to great publicity, reaching the national news, which affects an organization’s reputation. One article on abuse in health systems in Illinois noted “Failures by health systems to respond adequately to abuse allegations had devastating consequences for victims, who felt betrayed by institutions they had trusted with their health and safety.” (1). In many cases, leadership has also been found accountable for ignoring credible reports, fostering a culture of silence and neglecting to conduct thorough investigations (2).
Prevention of patient abuse or assault is an area of great focus. Organizations are adopting best practices for the prevention, early identification, and reporting of these events. The comprehensive response and investigation of these allegations are part of the approach to be in the best position for financial resolution, regulatory response, and public perception.
A recent case involving patient sexual assault by hospital staff highlights the need for a comprehensive response and investigation plan. The hospital was found liable for negligence directly causing the patient’s injuries. The defense response included remarks that the hospital had cooperated with law enforcement. However, criticisms included the initial failure by the hospital staff to believe the patient and delayed police notification. The hospital was scrutinized for calling in the Risk Management team prior to calling the police, giving the perception of prioritizing the protection of the organization over protection of the patient. This article highlights one process that has been efficient and effective for working through the risk response (3).
In this model, the risk professional is responsible for investigating allegations of abuse or assault against members of the health care team and formulating an appropriate response. To ensure that these allegations are investigated timely, thoroughly and securely, the entity leadership and front-line staff must be educated to escalate them promptly to risk management. This is a good topic for leadership meetings, rounding, safety huddles, and other times when staff gather. A rounding card can be created for this purpose complete with contact details for the risk professional.
Steps Involved in the Process for Allegations of Abuse or Assault
Each step is explained in greater detail below:
- Notification of the patient’s healthcare team
- Ensure the physical safety of the patient reporter
- Notify the facility executive leadership team
- Interview the patient reporter in person
- Inform the patient, or the patient’s representative (if appropriate), of their right to contact law enforcement and assist them to do so
- Report patient abuse, neglect, or exploitation to the appropriate law enforcement authorities in accordance with state law
- Interview the person who is the subject of the allegation
- Involve Human Resources (HR) if the alleged perpetrator is an employee or contracted employee
- Interview peripheral staff members who cared for the patient or who may have witnessed the event
- Secure evidence
- Consider involving public relations
- Document each step of the investigation process in the claims file
- Report allegations of abuse/assault to the claims manager
Notify the Patient’s Healthcare Team
The patient’s healthcare team must be notified of the patient’s allegations immediately so that the patient receives appropriate care without delay. This may include care by a Sexual Assault Nurse Examiner (SANE) for the appropriate medical-forensic examination and compassionate trauma-informed care. This may also include psychiatric or psychological care.
Ensure the Safety of the Patient
The risk professional must ensure that the safety of the patient is maintained. This may include placing the alleged perpetrator, if known, on leave pending the outcome of the investigation.
Security staff and the unit leader(s) should be notified to increase rounding on the patient.
See notification of law enforcement below.
Notify the Executive Team
The risk professional must escalate to the Executive Team quickly when an allegation of abuse or assault is made. Avoid text messages and emails which are discoverable and may put your facility and team at risk. Notification in person or via telephone is best.
Report patient abuse, neglect or exploitation to the appropriate law enforcement authorities in accordance with state law
Part of ensuring the safety of the patient is to report to law enforcement authorities when an allegation of abuse or assault is made.
Most health care team members are mandated reporters and should be aware of state law requirements for reporting.
Should law enforcement present to the entity for investigation, the health care team should not impede their investigation.
Interview the Patient Reporter and Witnesses
In-person interview of the patient, and any witnesses of the event, is vital to a successful investigation. During this step, another person should be present in addition to the risk professional. This could be an HR professional, or the leader of the unit on which the event was alleged to have occurred. There may be times when it is not possible to interview the patient in person. In these cases, the patient can be interviewed via the use of a HIPAA-compliant telehealth platform. Patient identity should be confirmed using two patient identifiers.
A simple introduction to the patient followed by a polite request to speak with them will aid in the successful completion of the interview. If they agree to speak, sitting down for the interview will send a signal to the patient that there is adequate time to listen to their concerns. When they begin speaking, it is best to transcribe the patient’s interview in their own words. Do not record the interview as this may also be discoverable. Ask if the patient reporter knows the name of the alleged perpetrator. Often, they will not know the name but can give a description. Additionally, ask for the date and time the event took place and if they reported it or mentioned it to anyone.
Ask the patient if they would like to notify law enforcement. Providing the non-emergency number and assisting the patient with reporting may aid in avoiding allegations of indifference to or obstruction of law enforcement notification.
Report Patient Abuse/Neglect/Exploitation
Although CMS does not provide guidance on how to report or a timeline for doing so, there is a CMS memorandum reminding hospital providers and covered entities of the expectation to follow state law in reporting. (See Reminder regarding Mandatory Reporting of Abuse and Neglect to State and Local Authorities, April 2024). It may be beneficial to obtain legal counsel to determine what the state law requires and to ensure HIPAA compliance. Care must be given to reporting according to the timeline required by state law. In many cases this is within twenty-four hours of the realization that the event has taken place.
Interview the Person who is the Subject of the Accusation
Interviewing the employee involved is best done in person. It is helpful to have a member of the HR team involved. However, the risk professional should not delay continuing with the investigation while waiting for HR.
The risk professional should maintain an unbiased professional demeanor, beginning with an introduction and a thank you.
The next step should begin with open-ended questions which allow the employee to fill in the blanks.
Once the employee has had the opportunity to speak, more specific questions may be asked.
When the interview is complete, the HR representative should outline the next steps. If there is no HR representative participating in the interview, the risk professional should inform the employee that the HR representative will be in touch. The risk professional should not provide direction or an opinion on the HR process as this may erode the nonpunitive nature of risk investigations.
Interview Staff Present at the Time of the Allegation
Obtaining the recollection of other staff members present at the time of the allegations is vital to a thorough and credible investigation. Be sure to ask if they reported the allegations and to whom. Document the interviews in the event reporting system using the actual date and time the interviews were conducted.
Secure Evidence
Secure video and other evidence as soon as possible. Take immediate action to suspend automatic deletion of video for relevant cameras. Invoke the entity’s litigation hold/preservation policy. Review camera footage to establish timelines and identify those who may be involved.
Consider Notifying Public Relations
Once the entity is aware of a patient or family’s intent or threat to report to the media, consideration should be given to the notification of Public Relations.
Document Each Step of the Process in the Claims File
Make sure to document each step of the outlined process in the claims file. It may be helpful to use the bullet points in this article as a checklist. Documenting the interviews in the patient’s own words will be vital should a claim be made.
In the event of an unscheduled regulatory visit, the risk professional will be able to outline for the surveyors the steps taken without divulging the content of the investigation. This will demonstrate that a thorough and credible investigation occurred without compromising privilege.
Report Allegation to Claims Professional
Allegations of abuse or assault should be reported to the claims professional. Following the elements of causation will streamline reporting. These elements are duty, breach of duty, injury, and damages.
Summary
In today’s health care environment, the stakes are high when it comes to allegations of abuse or assault. These incidents carry not only profound human costs but also significant legal, financial, regulatory and reputational consequences. Health care organizations must be prepared with a clearly defined, well-practiced response process that prioritizes patient safety, preserves evidence, ensures timely and thorough investigations, and involves the appropriate internal and external stakeholders. As highlighted in this article, an effective risk management approach is essential—not only to fulfill legal and ethical obligations but also to demonstrate the organization’s commitment to a culture of safety and accountability. A proactive, compassionate and coordinated response can make all the difference in protecting patients, supporting staff and preserving the integrity of the organization.
For risk professionals, the growing frequency and visibility of abuse and assault allegations in health care settings demands a vigilant, structured and trauma-informed response. The risk professional’s response is critical in guiding the organization through these complex events with integrity, speed and professionalism. A well-executed response not only protects the patient and upholds ethical standards but also positions the organization to minimize legal exposure, maintain regulatory compliance and preserve public trust. By following a consistent process—centered on patient safety, timely leadership engagement, thorough investigation and clear documentation—risk professionals can lead with confidence in some of the most challenging and sensitive moments a health care entity may face. Risk professional leadership in these situations is essential to fostering a culture of safety, transparency and accountability.
References
1. Chicago Tribune. (2025, February 19). Medical misconduct: Read the investigation on sexual abuse by providers.
2. Praesidium. (2025). 2025 Praesidium Report. https://hubs.ly/Q03ghznv0
3. Public Law Library. (2024, October 2). Florida jury awards $25 million to elderly woman raped by hospital nurse; hospital denies negligence claims. https://publiclawlibrary.org
Authors
Rebecca Bailey, RN, MSN, CPHRM, ERM-Cert, is the Executive Director of Risk Management for Piedmont Healthcare. Becky holds the certificate in Enterprise Risk Management and the certificate in Risk Financing from ASHRM. Becky recently co-authored an article published in the Journal of Health Care Risk Management entitled, “Reducing the Cost of Inpatient Falls: an ERM perspective.”
Shannon Delchamps, RN, BSN, CPHRM, CPPS, ERM-Cert, is the Risk Manager for Piedmont Eastside Medical Center and Piedmont Eastside South. Shannon was privileged to present a concurrent session on Enterprise Risk Management during the ASHRM 2024 Annual Conference. She is the author of a recent article published in the Journal of Health Care Risk Management entitled, “Reducing the Cost of Inpatient Falls: an ERM perspective.”