Note: This series contains translated excerpts and summaries from the original German-language guidance.[1] The content, organization, and names of the parts and subparts in this series are not identical to that of the original guidance.

Previous: Part 4: Establishment of a Reporting and Learning System: The CIRS Teams and Officers

Part 5: Establishment of a Reporting and Learning System: The Decision-Making Phase

It is important that leadership and management believe that CIRS is a valuable tool for proactive risk management and that they demonstrate that belief through a visible commitment to the system. Before CIRS is implemented, the institution must consider the existing organizational structures and create the conditions for successful CIRS implementation.

I.  Establish Clear and Active Support from Management

Clinical risk management, of which CIRS is a part, empowers top management to recognize organizational risks. The entire top management of the facility must make a clear decision to implement and establish CIRS and they must actively support this decision. To accomplish this goal, all managers must be informed of CIRS’s advantages, disadvantages, requirements, and objectives. In the absence of managerial support, reporters’ security may not be guaranteed and the implementation of preventive measures may not be assured.

II.  Define Security and Privacy Policies

For successful implementation of CIRS, rules must be defined that apply equally to the institution’s management, quality and clinical risk management, and all other employees. These rules should be binding, transparent, and written in an operating or service agreement. The agreement should include an explicit guarantee of freedom from sanctions for reporters. Sanction freedom signals management’s position on protecting reporters, forms the basis of institution’s culture for handling errors, and guarantees the anonymity and security of the reporter.

 III. Examine basic structures

The existing structures of the risk and quality management must be examined at an early stage. This makes it possible to assess how the CIRS system can be efficiently integrated to achieve an adequate structure from the outset.

Risk and damage information from various sources should be combined and analyzed together with the risk information from CIRS in the quality and risk management department. To ensure that these information sources are combined, CIRS should become part of the overall clinical risk management. Ideally, the existing structures of quality and risk management, central departments or cross-departmental sections, and established communication structures and processes can be used in CIRS.

The structure of CIRS should support the following functions:

  • Neutral and objective evaluation and processing of reports
  • Initiation and coordination of measures across institutions and departments
  • Rapid horizontal and vertical communication of information
  • Ability to provide an overview of all reports in order to centrally merge error patterns or isolate sources of error or risk patterns
  • Provision of statistics for the whole facility or for individual departments, ideally based on defined metrics
  • Creation of reports for management

The CIRS staff must be carefully selected. Clinical experience, knowledge of the institution and its administrative and technical procedures, and skills in the field of patient safety/human factors should be considered or the employees should be trained accordingly.

IV.  Evaluate Resources

Personnel resources must be planned depending upon the centralized or decentralized structure of CIRS and size of the institution. The number of officers and members of the CIRS team should be determined. In making this determination, leave and absence policies should be considered.

In addition to the structural resources such as hardware (servers, computers, etc.), software and/or report sheets and deposit boxes needed for the physical CIRS system, the facility should also provide a space for the CIRS team or a secure cabinet for CIRS records to ensure the protection of data.

It is imperative that sufficient personnel and financial resources are available before the start of CIRS and are ensured in the future.

V.  Examine Internal Conditions

Internal conditions and prerequisites for successful CIRS implementation must be examined in advance. The following aspects and steps must be checked or carried out before implementing a CIRS.

The following internal departments and representatives must be involved in the decision-making phase:

  • Legal Department
  • Data Protection Officer
  • Staff or employee representation
  • IT department (with planned electronic data processing)

The institution’s liability insurer should be informed after successful implementation.

Important prerequisites concern the institution’s mission statement and safety culture and include:

  • The institution’s vision for quality management
  • An assessment of the safety culture. Employee and patient surveys as well as external assessments through audits or certifications can provide information on the safety culture of a facility.

Since the internal CIRS should be integrated into the quality and risk management, critical examination of current risk management is also recommended, particularly with regard to structure, use, internal networking, and efficiency of other reporting systems and instruments. These include, for example:

  • Damage reporting systems, such as technical problems, and reports to liability insurers
  • Complaint management systems
  • Mortality and morbidity conferences, peer review, etc.
  • Statutory reporting channels

Next: Part 6: Establishment of a Reporting and Learning System: The Planning Phase

[1] Aktionsbündnis Patientensicherheit, Plattform Patientensicherheit, Stiftung Patientensicherheit (Hrsg., 2016): Einrichtung und erfolgreicher Betrieb eines Berichts- und Lernsystems (CIRS). Handlungsempfehlung für stationäre Einrichtungen im Gesundheitswesen, Berlin (available for download at