Doctors meeting discussing what they see on their tablets
HealthJune 15, 2019

How to perform an infection control risk assessment

An annual infection prevention and control (IPC) risk assessment is required by The Joint Commission to define programmatic goals and objectives and to provide a framework for identifying gaps in services, safety or data as well as tracking progress in meeting specific goals.

The IPC risk assessment should identify the risks for acquiring and transmitting infections based on the patient population served, the types of services provided and the analysis of surveillance data. Risk can be associated with people: patients and healthcare workers; technology: equipment used for direct or indirect care of patients; and the environment: construction activities. The identified risks should be prioritized collaboratively by the IPC team and the IPC committee members. Action plans for mitigation of risks should be defined in the assessment.

While the specifics of an IPC risk assessment vary between facilities, core elements include:

Create a specific, tailored, and detailed listing of challenges relevant to the organization

These are challenges an infection preventionist faces daily and to which the organization is vulnerable. Factors to consider include the facility’s geographic location, the surrounding community and the population served. For example, a public city hospital is more likely to serve a larger homeless community and see more tuberculosis than a private suburban healthcare campus.

Review information from ongoing surveillance and other infection prevention data

If surveillance reveals that the facility has seen an increase in a specific multi-drug resistant organism or an increasing surgical site infection rate, this information should be reflected in the risk assessment. If the facility’s antibiogram reveals increased resistance patterns for commonly seen organisms, the assessment should address this data. One very useful tool in assessing the hospitals’ effectiveness is the CDC’s Targeted Assessment for Prevention Strategy (TAP)  TAP is a quality improvement framework that:

  • Supports HAI Prevention. TAP implementation guides contain actionable tools that allow facilities to customize their interventions based on identified gaps.
  • Targets resources to maximize efficiency for the reduction of healthcare-associated infections (HAIs).
  • Prevents HAIs by targeting locations with excess infections, and implementing interventions.
  • Systematically identifies gaps in prevention and opportunities for improvement, while serving as real-time teaching moments among multidisciplinary staff. 

Prioritize risks based on impact and likelihood to occur

Most infection preventionists operate with limited resources, making mitigation of all risks difficult. In developing a risk assessment, an IP should ask, “How high is the risk associated with each of the identified items?” A sound analysis would focus energies on identifying the highest risks.

Receive input from staff

While The Joint Commission does not detail how organizations should solicit input, it does require hospitals to include staff input in the risk assessment. Input may take the form of surveys, participation on committees and interviews with members of the infection prevention team, nursing, medical staff and organizational leadership. The format and the input received should be preserved to demonstrate compliance.

At minimum, perform annual updates

A risk assessment must be done annually. To ensure unexpected scheduling difficulties or other challenges, do not push the date past its deadline. A good practice is to begin the assessment earlier than the deadline to avoid being cited for a tardy assessment. Keep in mind that the occurrence of events during the year that significantly affect infection prevention and control should trigger a revision of the IPC risk assessment.

This annual review is essential to ensure an effective IPC program for your hospital—ensuring early identification of high-risk patients, reduce the incidence of HAIs and to strengthen your Antimicrobial Stewardship practices to improve patient care and safety. Your team’s multi-disciplinary approach combined with the right technology and metrics will make your Infection Prevention program more effective and efficient, and will benefit patients, their visitors, health care staff and the community at large.

Manual aggregation of all the data from disparate data sources required to inform your annual infection prevention and control risk assessment is a daunting and time-consuming task. Acquisition and use of an electronic clinical surveillance application that automatically identifies potential or actual HAIs, as well as aggregates, trends and analyzes infection prevention-related data, including SIRs, can streamline daily surveillance workflow and greatly simplify development of an annual risk assessment. This would allow time to spend on more impactful infection prevention activities, including infection prevention consultation and education, especially with the additional challenges presented by the ongoing COVID-19 pandemic.

Learn about the 5 attributes of a high-performing infection prevention and control program in this guide.


Trusted real-time alerts and evidence-based guidance to ensure at-risk patients receive the right care at the right time, every time.

Sentri7's sophisticated algorithms identify at-risk patients in real-time by breaking down data silos that exist across hospitals and driving consistent clinical action. All to improve patient outcomes and hospital performance.