Most AED compliance mistakes have nothing to do with the device itself, at least in the audits and reviews we see most often. The AED works fine. What fails is the paperwork, the assigned responsibility, or a state requirement nobody read closely enough on day one. A facility can have a fully functional defibrillator on the wall and still fail a compliance review because no one can produce 18 months of inspection logs, or because the program never set up medical oversight that its specific state model requires.

Here’s the pattern worth knowing before anything else: compliance gaps are almost always invisible until someone asks for proof. The device passes its self-test every day. The cabinet looks fine. Then an insurance auditor, a state PAD program reviewer, or a plaintiff’s attorney after a failed rescue asks a specific question, and the answer doesn’t exist on paper. Below are the 10 mistakes that come up most often, in roughly the order they tend to surface during a real review. Laws and program requirements vary significantly by state and by facility type, so treat the state examples below as illustrations, not a complete list of what applies to your specific situation.

10Most common compliance mistakes
3-7 yrsTypical record retention range
5-10AEDs where manual tracking breaks down
# Mistake Why it gets missed What it costs you
1 No designated AED coordinator Responsibility is assumed, not assigned No one is accountable when something lapses
2 Treating certification as compliance The terms sound interchangeable Certified staff, non-compliant program
3 Skipping medical direction where required Requirements vary by state and program type Program fails specific PAD requirements
4 Inconsistent inspection documentation Inspections happen, logging doesn’t No proof of maintenance during audit
5 Letting pad or battery dates slip Adult and pediatric pads expire separately Non-functional device if a component expires
6 Forgetting EMS/PSAP registration Few people know this requirement exists Slower 911 response, potential non-compliance
7 Non-compliant signage or placement Assumed cosmetic, actually regulated Fails state-specific accessibility requirements
8 No post-incident reporting process Nobody plans for the day it’s actually used Missing required incident documentation
9 Assuming Good Samaritan immunity is unconditional Immunity often comes with conditions attached Weakened legal defense after a failed rescue
10 Records not retained long enough Retention period varies by state and entity type Audit finding for missing historical records

1 No designated AED coordinator

The single most common root cause behind every other mistake on this list. When no specific person is named as responsible for the AED program, every other task — inspections, battery tracking, certification renewals, incident reporting — defaults to “whoever notices.” Nobody notices consistently.

Some state PAD program rules explicitly call for a named individual or department responsible for maintenance and testing. Requirements vary by state, so confirm what your specific state’s PAD guidance asks for rather than assuming a national standard exists. Without a named coordinator on file, the program has a structural gap before anything else even goes wrong.

The fix: name one person per location in writing, document the appointment in the program compliance file, and designate a backup. Rotate the role formally if staff turnover requires it, don’t let it quietly become “nobody’s.”

2 Treating certification as compliance

A fully certified staff doesn’t make a program compliant. CPR/AED certification confirms a person is trained to use the device. It says nothing about whether the device is maintained, whether medical oversight exists where required, or whether records are being kept.

This mistake is common because casual language blurs the difference. “We’re AED certified” gets used to mean “we’re compliant,” and they’re not the same claim. A facility with 20 certified employees and an AED with expired pads is not compliant, regardless of how many wallet cards are current.

The fix: track certification and device compliance as two separate workstreams with two separate sets of expiration dates. Certification answers “is this person trained.” Compliance answers “is this program meeting its specific legal requirements.”

3 Skipping medical direction where the program model requires it

Medical direction — sometimes a written physician agreement, sometimes broader physician oversight — applies to some Public Access Defibrillation (PAD) program models but not others. Requirements vary by state and by the type of facility or program, so it’s inaccurate to say any single state requires it across the board. Some states, for example certain California and New York PAD program models, build medical oversight into specific program types or circumstances, not universally for every AED installation.

The mistake happens because medical direction is easy to overlook. The device works without it. Nothing visibly breaks. Then a state audit or insurance review asks for the physician agreement or oversight documentation, and it doesn’t exist, in cases where the program’s specific model required it.

The fix: check your specific state’s PAD guidance or statute to confirm whether your program model requires medical direction. If required, set up the agreement once and put a renewal reminder on the calendar — most medical direction agreements need periodic review.

4 Inconsistent inspection documentation

The inspection itself usually happens. Someone walks up to the AED, glances at the light, moves on. What doesn’t happen consistently is writing it down. A program that’s been inspecting devices monthly for two years but only has documentation for 8 of those 24 months looks, on paper, identical to a program that skipped 16 months of inspections entirely.

Auditors and insurance reviewers can only evaluate what’s documented, and they generally accept several formats: printed and signed logs, exported digital records (CSV or PDF), or timestamped entries from a tracking system. What matters is that something dated and attributable exists for every month, not which format it takes.

The fix: every inspection gets logged the moment it happens, not at the end of the month from memory. A monthly inspection checklist with a 12-month tracking format on a single sheet per device is one practical template for this, but always follow your specific AED manufacturer’s inspection guidance as the primary source for what to check.

5 Letting pad or battery expiration dates slip

This is the most common device-level compliance failure, and it has a specific structural cause: adult pads, pediatric pads, and batteries all expire on different schedules, and most programs only track “the pads” or “the battery” as a single line item instead of tracking each component separately.

A facility can replace adult pads diligently for years while pediatric pads, used far less often and checked far less carefully, sit expired the entire time. The device passes every visual check because nobody’s looking at the pediatric pad date specifically. If any one component — adult pads, pediatric pads, or battery — is expired or missing when the device is needed, the AED can fail to function as intended.

The fix: track adult pads, pediatric pads, and battery as three separate dates per device, not one combined “supplies” date. Record the lot number and exact expiration date for each component, and set a reminder roughly 90 days ahead of each expiration so there’s time to order and install the replacement before the date arrives.

💡 Adult pads, pediatric pads, batteries, certifications — four cycles, one dashboard. AED Log tracks each separately and alerts you before the gap opens.

See how it works →

6 Forgetting EMS or PSAP registration

Many states and counties require AED locations to be registered with local EMS or the regional Public Safety Answering Point (PSAP), so 911 dispatchers can direct callers to the nearest device during an emergency. Registration rules are set at the state or local level, not federally, so what’s required in one county may not apply in the next. This requirement is also frequently a one-time registration combined with periodic updates whenever device details (location, model, responsible party) change, not a single set-and-forget filing.

What it affects is response time during an actual event, and even where a registry exists, dispatchers may only see that information if the registry is integrated with the local computer-aided dispatch (CAD) system, which varies by jurisdiction. An unregistered AED means a 911 dispatcher may not be able to tell a caller “there’s a defibrillator in the lobby,” even if there is one ten feet away.

The fix: check your state and county requirements specifically, and confirm whether registration needs periodic updates when device information changes. If registration is required, it’s typically a straightforward form through the local EMS authority.

7 Non-compliant signage or device placement

Some states regulate not just whether an AED is present, but where it’s placed and how it’s marked. Requirements can include specific signage language, visibility from a certain distance, mounting height, or proximity to high-traffic areas in buildings of a certain size. These rules differ by state and sometimes by facility type, so a requirement that applies to one building category may not apply to another.

This gets missed because signage feels like a cosmetic decision rather than a compliance requirement. A facility manager picks a spot that seems sensible and never checks whether the state has specific rules about it.

The fix: confirm your state’s specific signage and placement language before final installation, not after. Retrofitting signage is a minor cost. Failing an inspection over it is an unnecessary one.

8 No post-incident reporting process

Most AED programs have never had to use the device, which is good news, but it also means most programs have never tested their own incident reporting process until the day they actually need it. When that day comes, there’s often no clear protocol for who reports the event, to whom, and within what timeframe.

Many manufacturers request notification and retrieval of the device’s event data after any use, both for documentation purposes and for their own product review, though exact policies vary by brand. Check your specific device’s manual and warranty terms for what your manufacturer expects. Some states also have their own incident reporting expectations tied to PAD program participation.

The fix: write the incident reporting process down before it’s needed: who calls 911, who notifies the medical director (if the program has one), who downloads the event data, who replaces the pads, and who files any required report with the state or manufacturer. A 1-page protocol prevents confusion during the worst possible moment to be figuring it out.

9 Assuming Good Samaritan immunity is unconditional

This is the mistake with the highest legal stakes on this list. Good Samaritan laws exist in nearly every state to protect AED users and program owners from civil liability after a good-faith rescue attempt. What gets missed is that this immunity often comes with conditions attached. It’s seldom unconditional.

Conditions commonly include maintaining the device per manufacturer specifications, having trained or certified responders, and in some states, registering the device or maintaining medical oversight. Florida’s statute on AED use and immunity (Fla. Stat. § 401.2915) is one example of a state law in this area, but statutes differ substantially from state to state, and the specific conditions that apply to your program depend on your state’s law. This is general information, not legal advice, so for specifics, consult your state statute or legal counsel.

If a lawsuit follows a failed rescue, the first document request is almost always the maintenance log. A program that assumed immunity was unconditional and skipped documentation may discover, at the worst possible time, that the protection it was counting on had conditions it hadn’t met.

The fix: read your specific state’s Good Samaritan statute, or have legal counsel review it, and confirm what conditions apply to your program. Then make sure your documentation actually supports those conditions.

10 Not retaining records long enough

Retention requirements vary by state and by entity type, generally falling somewhere in a 3 to 7 year range, though some sectors have their own specific rules (for example, certain employer recordkeeping obligations or healthcare-specific requirements can differ from a general business’s PAD recordkeeping). Many programs simply don’t know what their specific requirement is. Records get cleaned out during an office move, an IT migration, or a staff transition, often well before the legally required retention period ends.

This becomes a problem specifically when a review or claim happens years after the maintenance occurred. A program with excellent recent records but no historical data is still exposed for the gap years.

The fix: confirm your state’s specific retention period, and your entity type’s specific rules if applicable, with your state PAD guidance or legal counsel. Set an internal policy that’s longer, not shorter, than the legal minimum. Digital records solve this more reliably than paper, since paper has a way of disappearing during the exact transitions that matter most.

Why these mistakes cluster together

Almost every program that has one of these gaps has several. The reason is structural, not a reflection of carelessness. Each of the 10 items above is a different date, a different document, or a different requirement, and most programs are tracking all of them, if they’re tracked at all, across some combination of memory, a shared drive folder, and a clipboard near the AED cabinet.

Past about 5 to 10 AEDs, or past a handful of certified responders whose CPR/AED cards also expire on staggered dates, this combination stops being manageable by any one person. The mistakes above aren’t really 10 separate problems. They’re 10 symptoms of one underlying issue: nothing forces these dates and requirements into a single place where someone can see all of them at once.

AED Log was built around that specific gap. Every device’s inspection schedule, pad and battery expirations (adult and pediatric tracked separately), responder certification dates, and incident records live in one dashboard instead of scattered across a clipboard, a spreadsheet, and someone’s memory. Alerts fire ahead of every expiration, and every record stays exportable and audit-ready, which is the difference between answering an auditor’s question in 30 seconds and spending a week reconstructing two years of history.

Pricing is tier-based, not per device, so a 15-AED program with the corresponding certification and pad-tracking complexity doesn’t cost more per device than a 2-AED one.

Note: This article provides general information, not legal advice. AED laws and PAD program requirements vary by state and facility type. Confirm specifics with your state’s PAD guidance or legal counsel.

Fix your AED compliance gaps in under 5 minutes

Free forever on 1 AED and unlimited users. No credit card. No trial clock.

✓ No credit card
✓ Audit-ready records
✓ State-specific tracking

FAQ

What is the most common AED compliance mistake?Not having a named, accountable AED program coordinator. Nearly every other compliance gap — missed inspections, expired pads, missing medical oversight — traces back to responsibility being assumed rather than formally assigned to one person.
Is having certified staff enough for AED compliance?No. Certification confirms a person is trained to use the device. Compliance requires the device itself to be maintained, medical oversight to be in place where the program model requires it, and records to be kept. A program can have fully certified staff and still fail a compliance review on the device or documentation side.
Does every state require AED medical direction?No. Requirements vary by state and by program model. Some states build medical oversight into certain PAD program types, while others have lighter requirements. Check your specific state’s statute or PAD guidance rather than assuming a uniform national rule.
Is Good Samaritan immunity automatic when using an AED?Generally not unconditional. Most state Good Samaritan laws extend immunity with conditions attached, often requiring the device to be maintained per manufacturer specifications and used in good faith without gross negligence. Laws differ by state, so check your specific statute or consult legal counsel for how it applies to your situation.
How long do AED compliance records need to be kept?Typically in a 3 to 7 year range, though this varies by state and by entity type. When uncertain, retain records longer than the minimum rather than shorter, since gaps usually surface during reviews that happen years after the fact. Confirm specifics with your state PAD guidance or legal counsel.
Do AEDs need to be registered with local EMS?In many states and counties, yes, though this is set at the state or local level rather than federally. Registration allows 911 dispatchers to direct callers to the nearest known AED location, where the local dispatch system is integrated with the registry. Check your specific state and county requirements.
What happens during an AED compliance audit?An auditor typically requests inspection logs, proof of current pad and battery dates, current responder certifications, evidence of medical oversight (where the program model requires it), and documentation of any past incidents. Accepted formats commonly include printed logs, exported digital records, or timestamped system entries. Missing documentation, even when the device itself is functional, is the most common audit finding.
Can a single missed inspection cause a compliance failure?One missed inspection rarely causes a failure on its own, but it creates a documentation gap that compounds. Auditors and legal reviewers look for patterns, and an isolated missing month is treated very differently from a program with no consistent inspection record at all.

Join to newsletter.

Curabitur ac leo nunc vestibulum.

Continue Reading

Get a personal consultation.

Call us today at (555) 802-1234

Aliquam dictum amet blandit efficitur.