The obligation does not get smaller. Neither does the evidence.

For hospitals and critical access hospitals, The Joint Commission's 2026 Accreditation 360 restructuring consolidated the former Environment of Care and Life Safety chapters into a new Physical Environment chapter to better align with the structure of the CMS Conditions of Participation.

The issue is not that every underlying obligation is new. The issue is whether legacy EC/LS policies, evidence, committee reporting, corrective-action pathways, and ownership still map cleanly to the current PE structure.

Petronus identifies the gaps between the legacy Environment of Care / Life Safety structure and the current Physical Environment framework.

The review evaluates whether required elements are present, evidenced, assigned, and coordinated across the organization — and whether the existing program still reflects the standard being surveyed.

Infection prevention expectations continue to reach beyond policies, surveillance, and hand hygiene. Healthcare organizations are expected to show that infection risks are identified, reduced, monitored, and corrected across the care environment, clinical operations, high-risk procedures, equipment handling, water systems, cleaning practices, and staff practices.

The pressure is not only whether an infection prevention program exists. The pressure is whether the program can show how risk is recognized across the organization, how control measures are applied, how findings are escalated, and how evidence supports the actions taken.

Petronus evaluates whether the infection prevention program is connected to the risks that actually move through the organization.

The review focuses on whether infection prevention expectations are built into daily operations, supported by evidence, coordinated with the physical environment, and understood by the functions that affect patient exposure.

Water management is a deliberate crossover. Physical Environment owns the system side: maintenance, testing, treatment, corrective action, and documentation. Infection Prevention owns the patient-risk side: waterborne pathogen exposure, vulnerable populations, clinical risk recognition, and escalation when water conditions may affect patient safety.

Workplace violence is no longer limited to internal policy or security response. Joint Commission standards make workplace violence prevention a surveyed accreditation issue for covered healthcare organizations. OSHA enforces recognized workplace violence hazards through the General Duty Clause.

In some states, the obligation is more prescriptive. Healthcare operators may face state-specific requirements for prevention plans, violence prevention committees, risk assessments, incident records, training frequency, paid-time training, or minimum training duration.

The pressure is coming from multiple directions: accreditation, OSHA enforcement, and state healthcare workplace violence laws. Workplace violence prevention has become an organizational responsibility, not a security-only function.

Petronus evaluates whether the workplace violence prevention program is active, owned, and evidenced.

The review focuses on worksite analysis, incident reporting and investigation, role-based training, leadership accountability, post-incident review, governing-body visibility, and whether the program operates across clinical leadership, security, HR, safety, quality, and executive oversight.

The risk may look different across an emergency department, behavioral health setting, long-term care facility, hospice environment, or outpatient care area, but the core question is the same: can the organization show that workplace violence is being identified, reported, reviewed, acted on, and owned across the organization?

Emergency preparedness is no longer judged by whether a plan exists. The practical question is whether the organization can identify hazards, communicate under disruption, sustain care, test response, and improve after exercises or actual events.

Emergency preparedness expectations may come through regulation, accreditation, or state oversight, but the operating questions are consistent: has the organization assessed its hazards, built workable procedures, established communication pathways, trained staff, tested the plan, and improved from what it learned?

The framework is common. Readiness is proven through the realities of the care setting: the patients served, the services provided, the critical systems relied on, the outside partners involved, and the people expected to run the event.

Petronus evaluates whether the emergency preparedness program is connected, current, and operationally usable.

The review focuses on the all-hazards risk assessment, emergency operations plan, communication plan, policies and procedures, training and testing cycle, exercise design, after-action improvement, continuity assumptions, and role clarity for the people who would run the event.

Construction and renovation in healthcare settings create risk before work begins, while work is underway, and after the project is turned over. The pressure is not limited to whether a project is completed. The question is whether the organization can show that project risk was identified, classified, coordinated, controlled, inspected, escalated, and closed with evidence.

Construction activity can affect infection prevention, life safety, utilities, air pressure relationships, egress, patient movement, clinical operations, contractor access, and environmental conditions in occupied care space. When those controls are treated as project details instead of healthcare risk controls, exposure can move quickly across departments.

Petronus evaluates whether construction and renovation risk is being managed as a healthcare control process, not just a project-management function.

The review focuses on how project risk is identified before work begins, how infection prevention and physical environment controls are selected, how interim measures are approved, how contractors are coordinated, how work areas are inspected, how issues are escalated, and how the organization validates that protective measures remain effective throughout the project.

This is where the construction seam lives. Physical Environment owns the standing controls when work affects the care environment. Infection Prevention owns the patient-risk interface when construction activity may create exposure. Construction & Project Risk owns the project methodology: risk classification, planning, phasing, contractor coordination, inspection, documentation, escalation, and closeout.

Healthcare organizations rely on outside parties for contracted services, information access, facilities support, utilities, environmental services, food operations, maintenance, construction, supply chain, and other services that affect care, safety, privacy, or operations.

The oversight obligation depends on the nature of the work. Some contracted services are governed as patient-care services. Others are evaluated through the life safety, utilities, infection prevention, privacy, hazardous materials, physical environment, or operational standards that apply to the service being performed.

The risk is not only that a vendor is present. The risk is that the organization cannot show who the vendor is, what they are authorized to do, which requirements apply, how performance is monitored, and who remains accountable when the service affects patients, staff, systems, or the care environment.

Petronus evaluates whether vendor and third-party activity is mapped, authorized, limited, overseen, and evidenced.

The review focuses on whether the organization understands the difference between contracted patient-care services, nonclinical support services, physical-environment contractors, information-access vendors, construction contractors, and other third parties — and whether each is being overseen through the correct requirement pathway.

Vendor access is not governed by one universal access rule. It is mapped to the requirements triggered by the vendor's role, location, and activity — including workplace violence and security, emergency security, infection prevention, information privacy, medication security, life safety and hazardous materials controls, and applicable Conditions of Participation and state licensure requirements.

A signed agreement may define the service, but the organization still has to show that the work is being performed safely, effectively, within scope, and under the right oversight model.

Corrective action is not unique to one accreditor, regulator, or program. Across survey, accreditation, state oversight, serious-event review, and internal performance-improvement processes, healthcare organizations are expected to show that the requirement was understood, the condition was corrected, and the evidence supports closure.

Whether the response is an Evidence of Standards Compliance, a Plan of Correction, an adverse-event response, or an internal corrective-action plan, the pressure is the same: the organization must be able to show what was corrected, how it was corrected, where accountability sits, what evidence supports completion, and how the correction will be sustained.

Petronus evaluates how the standard is being interpreted, how the program is structured, and whether the evidence supports the correction.

The review focuses on required elements, program alignment, assigned accountability, evidence, corrective action, validation, monitoring, and recurrence prevention.

The central question is whether the organization can defend that the requirement was understood, the gap was corrected, the evidence supports closure, and the program has been brought back into alignment.