website templates

CIRS Guidance - Part 2:
Legal Framework

*The guidance analyzes the legal situations in Germany, Austria, and Switzerland and makes recommendations for developing and improving the legal framework for CIRS at both institutional and governmental levels. The excerpts below summarize general recommendations and are not intended to be legal advice.

A.  Freedom from Employment Sanctions

Recommendation: A written agreement

A basic prerequisite for a functioning CIRS is sanction-freedom for the reporter and the possibility of anonymity. In order to comply with these principles, it is strongly recommended to execute a written agreement between hospital management and the employees regarding the voluntariness, anonymity, and sanctions-free nature of CIRS reports.

Recommendation: Strict separation of CIRS and damage reporting systems

The effectiveness of CIRS depends upon the strict separation between CIRS and damage reporting systems. All employees should be informed of the legal framework for both systems in advance of CIRS implementation. A CIRS report is anonymous and the reporter usually cannot be identified. The damage report, on the other hand, contains personal identifying information. Because CIRS reports are not used in damage-causing events and cannot be connected to an event or reporter, CIRS reports should be irrelevant to judicial inquiries.[3] It should be clear that exemption from sanctions related to CIRS does not affect possible sanctions stemming from mandatory damage reporting systems. Although it is recommended to maintain two separate systems for CIRS and damage reporting, all reports should be integrated into risk management for evaluation.

B.  Legislative Protection for CIRS data

*While Germany’s Patients’ Rights Law provides protection for reporters (mainly in an employment context), it does not explicitly protect the use of CIRS reports against the organization in medical malpractice lawsuits. Austria and Switzerland offer no legal protection for reporters or data in error reporting and learning systems.

Recommendation: Legal protection for the reporter

According to German law, "Reports and data from internal and cross-institutional risk management and error reporting systems . . . cannot be used to the detriment of the reporter in any legal context." SGB V § 135a(3). This clear legal regulation protects not only the reporter, but also promotes the necessary change in dealing with healthcare errors by shifting the focus from individual blame to organizational learning. Without this protection, the individual would probably not report relevant critical events that they experience.

Limitation on reporter protection: Reporter protection has limits when it comes to particularly serious offenses. In particular, crimes that are punishable by more than five years imprisonment are not protected. SGB V § 135a(3).

Recommendation: Legal protection for the organization relating to insurance coverage

Austrian law protects a provider's participation in CIRS in an insurance context by ensuring that the insurer cannot use participation of an indemnifiable policyholder in a reporting and learning system to establish facts that constitute breach of obligations that lead to a denial of coverage. § 58 a ÄrztG.

Recommendation: Legal protection for CIRS data

Confidentiality of the reporting person, the receiver and evaluator, as well as the data in the CIRS should be protected pursuant to federal law. Generally the best solution is a combination of statutory guarantees with internal practical protection measures such as the de-personalization of the data.

Recommendation: Absent legal protection of CIRS data, ensure anonymity

Absent clear legal protections, healthcare professionals should only cooperate with anonymous reporting and learning systems.

C.  CIRS and Insurance

Reporting in CIRS should not lead to insurance disadvantages. On the other hand, admissions of guilt may very well have disadvantages. For this reason, it should be clear that:

> CIRS reports do not acknowledge guilt!

> Talking to the patient about a critical event is not an acknowledgment of guilt!

> Expressing regret over an incident is not an acknowledgment of guilt!

This means that CIRS should not jeopardize insurance coverage. Rather, a risk management system with an implemented CIRS can positively influence the level of the institution’s contributions to preventing compensable losses.

Source: Aktionsbündnis Patientensicherheit, Plattform Patientensicherheit, Stiftung Patientensicherheit (Hrsg., 2016): Einrichtung und erfolgreicher Betrieb eines Berichts- und Lernsystems (CIRS). Handlungsempfehlung für stationäre Einrichtungen im Gesundheitswesen, Berlin (available for download at

MedRisk Report by Mindy Nunez Duffourc