free web design templates

CIRS Guidance - Part 3: Principles & Organization


The general principles underlying CIRS are explained below:

Principle Explanation
VoluntaryEmployees are invited, but not
obliged, to report.
Anonymity of the reporter and reportsThe identity of the reporting party is
unknown or made anonymous. 
No personal data is saved in the
report. The reports may only be
forwarded or published once they
are made anonymous and personal
data is removed.
Confidentiality of reportingAnonymous reports are necessary for
the development of safety culture,
which makes it possible to talk openly
about errors. In practice this means that
the identity of the reporter (and the
patient) is not disclosed to third parties. 
However, the reporter can be
identified initially to the reporting team.
Sanctions freedomEmployees must not suffer any
consequences based on reporting. 
In particular, they may not be held
liable for system failures.
IndependenceThe reporting system is independent of
any authority that could punish the
reporter or employee of the clinical
risk management.
Clear structures and processesThe duties, responsibilities, rights and
structures of CIRS and risk
management are standardized and
communicated to the employees.
Clear definition of reportable eventsThe institution defines simply and
clearly what is to be reported in
CIRS. All employees know the definition.
Simple reporting procedureAccess to the reporting system is
simple and reporting time is minimal.
ImmediacyIncoming reports are processed
immediately. Information that may
indicate acute threats to patient
safety should be dealt with promptly.
Appropriately qualified employees
analyze reports.
Analysis by expertsExperts are familiar with the
organization’s structures. They work
from a systems approach taking into
account human factors and system
factors during event analysis.
Systems FocusAnalysis and recommendations focus
on changes in systems and processes
and their interactions or products.
Feedback to allFeedback on the reports and
measures are passed on to all
employees. Decision makers regularly
receive systematic evaluations.

A.  Who Can Report?

Every employee of a health facility (clinical, nursing, administrative, and internal services) should be able to report. Even employees of external service providers should be allowed to report.

B.  Basic Structure

The physical reporting system and the reporters form the basic building blocks of CIRS. Rules for CIRS structures and processes supplement these building blocks and make the process more transparent and reliable.

1.  Centralized or Decentralized Structure

An internal CIRS may be designed centrally with a uniform reporting circuit or decentrally with several reporting circles. The selected structure determines the process for entering reports, the workflow in CIRS, and the organization and responsibilities of the assigned persons and teams.

Size and organizational structure of the institution and affiliation with an existing specialist or group-specific system can be used as criteria for organizing the collection and processing of CIRS reports. In every case, a central CIRS leader (i.e. CIRS authorized representative, risk manager, quality management representative) should be designated within the organization. For larger facilities, central and local CIRS contact persons can be beneficial. For facilities with multiple locations, a CIRS contact person should be designated for each site.

2.  Physical Reporting System

An internal reporting and learning system can be paper-based or electronic. An electronic system is recommended, because it can handle a larger number of reports in less time and reduce administrative effort. When selecting and setting up a system, it is important to recognize that software only supports CIRS if the CIRS structures and processes are defined independently of the software.

3.  Report Form

A report form should be simple and uniform for the entire institution. In addition to compulsory fields, voluntary fields can also be included.

Germany:  Germany recommends data fields from an established core data set such as CIRSmedical © or This facilitates the transmission of reports to interagency reporting and learning systems. The data fields can be set up as free text fields with the following questions:

> What happened?
> What was the result?
> Why did it happen?
> How could it be prevented in the future?

Austria:  The Austrian Society for Quality Assurance and Quality Management in Medicine GmbH (ÖQMed) requires only one data set for "What happened?" Other fields, such as reasons for the event or proposals for future prevention, are optional. ÖQMed recommends making the reporting form as short as possible in order to limit the reporting time required, thus increasing the readiness to report.

Switzerland:  In Switzerland, CIRRNET uses a minimum data set that includes the following four fields:

> Description of the event (text box: what exactly happened?)
> Description of the action that was taken (text box: what has been done?)
> Description of the corrective measures that have been implemented by case analysis (text box)
> Medical department / clinic (in which the case has occurred)

Other fields can be inserted individually in the interest of the institution. However, it is advisable to limit the number of mandatory and other fields to a minimum to keep the reporting time as low as possible. In electronic systems, the ability to send file attachments (i.e. photos) may be a useful addition.

C.  Workflow

The following processes are necessary for the operation of a reporting and learning system:

1.  Receiving and Processing Reports

Regardless of which structural design is chosen or who is responsible for processing, reports should always be processed using the same procedure. The first step is to examine whether the report triggers an immediate or urgent need for action and, if so, to determine whether responsive measures have already been taken.

a. Dealing with reports that do not meet the definition of reportable events or risks

Experience shows that reports with the following non-reportable content will be entered in CIRS:

> Damage reports
> Reports of staff shortages or high volume pressure ("overload indicators")
> Reports of inappropriate behavior of individual employees
> Reportable infections (i.e. MRSA)
> Events that must be reported to other agencies including medication errors, medical device incidents, transfusion incidents, or vaccine complications.

Defined rules for dealing with non-reportable events should be established, maintained, and clearly communicated. Reports with content that is inadequate for CIRS should still be taken into account, and if necessary, incorporated elsewhere in the organization’s risk management department to identify areas for potential improvement.

The following procedures should be followed when non-reportable events are entered into CIRS:

> Review existing information systems, including damage reporting systems and compliance systems, to evaluate their suitability for employee use
> Check whether all employees know the definition of CIRS reportable events
> Check whether or not the report, irrespective of the inadequate content, describes a relevant problem that requires corrective or preventive measures.

Regardless of whether or not reports are published in an institution’s internal reporting and learning system, reports with non-reportable events can be edited beyond the usual anonymisation as follows:

> Revise the editorial process (i.e. modify the extent of damage or re-formulate the narrative)
> Delete problematic sections of the report
> Delete the report completely
> Document the content relevant to the learning process and delete the original report.

Reports should not be falsified in any way; the core content regarding a risk, event, or error-prone factor must be maintained.

b. Anonymising, de-identifying, and categorizing reports

The processing of the report includes initial anonymising or de-identifying. This is done primarily as a confidence-building measure and to protect the reporter. Existing identities and specific facts (i.e. location, time, medication, detailed medical history) that can be used to draw specific conclusions must be removed or deleted without losing the essential safety-relevant content. In case of doubt, the preference should be given to anonymity.

The reports should also be categorized into specific topics, areas, or departments. This can be done according to the International Classification for Patient Safety (ICPS). This systematic identification of risk situations allows one to derive responsive measures based on a series of reports with common characteristics (i.e. by event type or area in which the event occurred) and facilitates the report retrieval.

Depending on the CIRS basic structure, it must be determined whether the anonymisation (and the further processing of the reports) takes place at a central location or de-centrally in the reporting groups.

2.  Analyzing Reports and Deriving Preventive Measures

a. Obtaining relevant information

Before analysis, more information about the reported event may need to be obtained (i.e. through an onsite visit).

b. Analysis

Report analysis is carried out according to an established procedure designed to identify causes and factors related to the event. Systemic analysis suitable for this purpose can be adapted based upon the London Protocol or the PRISMA method. Employees carrying out these analyses must be trained in the application of the specific analytical method.

The scope of the analysis depends on the depth of reported information, additional retrievable information, and initial risk assessment. The initial risk assessment, which is based upon information in the report, uses a two-dimensional matrix to determine potential damage severity and recurrence probability.

c. Deriving measures

Recommendations for action are derived from the report analysis. The recommendations should help to prevent a recurrence of the same or similar events, recognize more quickly the same or similar events, and/or minimize the threat of damage in case a same or similar event is repeated.

3.  Implementing, Communicating, and Evaluating Derived Measures

Quality-improving measures and preventive measures are targeted actions that reduce the existing risk and improve patient safety.

a. Implementing measures

Implementation of concrete measures following the recommendations for action is critical for CIRS success. Without implementation of measures, CIRS is useless.

For each measure, a responsible person and a realistic target date for implementation should be identified. Because preventive measures should ideally include the entire system, it is recommended to include the derived measure in the organization’s written policy. All employees should be informed of new measures, and when necessary, trained regarding the implementation of new measures. In addition, the effectiveness of derived measures should be evaluated.

The report information, analysis and derived measures should be communicated to hospital management, nursing management, and all department heads. Both the measure and its implementation should be evaluated after a suitable period.

b. Documentation of measures, reports

Results of the report processing (analysis, measures, implementation and their evaluation) should be documented so that they are available for re-occurrence of events or risk patterns. The reporting database and documentation can be used for further analysis or for identifying new indicators. Proper documentation of reports and measures provides a basis for regular reporting on CIRS.

c. Feedback

Employees of a department or institution should receive regular feedback.

The reporting person may also receive feedback to answer questions or convey results of the report analysis.

In addition to providing feedback to all employees, communication within the CIRS team(s) is also required. In the case of a decentralized structure, monthly or quarterly meetings allow for an exchange of experience and an evaluation of CIRS processes and structures. Communication rules should clearly define who, where, how, when, and what is communicated. This can be represented in a communication matrix.

d. Methods of communication in the reporting and learning system

Regular feedback to employees can be achieved through the following:

> via the intranet, announcements, emails, or newsletters
> in general or department meetings
> on “Patient Safety Day”

The following feedback content should be updated regularly:

> publication of reports
> selected reports ( "Case of the Month")
> information about reported events and derived measures
> successful implementations: improvements stemming from derived measures
> results of general evaluations of the reporting and learning system

Source: Aktionsbündnis Patientensicherheit, Plattform Patientensicherheit, Stiftung Patientensicherheit (Hrsg., 2016): Einrichtung und erfolgreicher Betrieb eines Berichts- und Lernsystems (CIRS). Handlungsempfehlung für stationäre Einrichtungen im Gesundheitswesen, Berlin (available for download at

MedRisk Report by Mindy Nunez Duffourc