From anonymous reports to structured analysis and documented success of corrective actions: The CIRS module maps the entire learning cycle of your error management system—it’s easy to use, GDPR-compliant, and G-BA-compliant.
Over 1,500 companies rely on lawcode
The Challenge
The only key to the success of an incident reporting system is the reporting rate. A CIRS that receives no reports does not protect patients. Outdated tools, paper forms, and concerns about anonymity are the most common reasons for this.
Cumbersome forms or unclear processes result in critical incidents and near-misses not being recorded at all, which prevents any learning from taking place.
Without technically guaranteed, credible anonymity, employees would rather remain silent. A CIRS without genuine anonymity protection is not a CIRS.
Reviewing, anonymizing, and categorizing reports, deriving corrective actions, and documenting their effectiveness—all of this consumes QM resources. And in the end, there’s still no audit-proof documentation for the quality report.
Legal Requirements
Error reporting systems are required by law in the healthcare sector. The CIRS module helps you meet all requirements within a single system.
Section 135a(2)(2) of SGB V requires the implementation of an internal quality management system with an error reporting system.
The implementation of error reporting systems must be documented in the hospital’s quality report in a manner that is audit-proof and compliant with audit requirements.
Hospitals participating in an üFMS may negotiate additional reimbursement rates.
Reports must be voluntary, anonymous, and free from penalties, and must be systematically reviewed and evaluated for effectiveness.
Data from error reporting systems may not be used to the detriment of the person who reported the error (Section 135a(3) of Book V of the Social Code).
Applies to hospitals, doctors' offices, and medical care centers. Increasingly required for long-term care facilities.
In just 30 minutes, see what the CIRS module could look like at your facility.
Enter Reports
Employees can submit a report in just a few minutes using a clearly structured, anonymous form. After submitting the report, they receive login credentials that allow them to check the status at any time, respond to follow-up questions, and upload additional files without revealing their identity.
Forms & Workflows
Customize forms and workflows to suit your organization using easily configurable templates. Departments and locations each receive their own reporting forms, and you can control access rights in detail—all without any programming knowledge.
Dashboard & Key Metrics
Stay on top of things with customizable dashboards that display all relevant metrics in real time. Message volume, event categories, risk distribution, and action status—all at a glance.
Case Management & Triage
All processing steps are clearly documented, and the progress can be tracked at any time. The CIRS team is automatically notified of new reports and prioritizes the most important ones first.
Measures & Effectiveness
This is exactly what the G-BA QM guideline requires: Every report leads to specific tasks with deadlines and designated responsible parties. The implementation and effectiveness review are thoroughly documented and provide clear evidence for audits and the quality report.
Your Benefits
A CIRS is only as good as its reporting rate. Here’s what sets our module apart:
Intuitive operation and a clear reporting process lower the barrier to reporting, leading to more reports and greater safety.
No-code forms and workflows can be adapted to any department and any location.
Reporting, analysis, action, effectiveness: all in one system, exactly as required by the G-BA Quality Management Guideline.
CIRS, Whistleblower System, LkSG: one contract, one login, one security standard.
ISO 27001, GDPR-compliant, hosting in Germany. In the healthcare sector, where patient data is involved, this isn’t just an option—it’s a basic requirement.
Reporting channel available in over 40 languages. Ideal for caregivers, doctors, and medical staff from around the world.
Frequently Asked Questions
A Critical Incident Reporting System (CIRS) is an anonymous, voluntary, and penalty-free reporting and learning system for critical incidents and near misses in patient care. It is part of the legally mandated quality and risk management system and is intended for hospitals, medical care centers, doctors’ offices, and long-term care facilities.
For hospitals, participating physician practices, and medical care centers (MVZ), yes: Section 135a(2)(2) of Book V of the Social Code (SGB V) requires the implementation of an internal quality management system. The G-BA QM Guideline specifies the requirements for error reporting and learning systems, including anonymous, sanction-free reporting, systematic review, and effectiveness assessment of the measures. Error reporting systems are increasingly being required for long-term care facilities, even though the legal basis here is different.
Reporters do not disclose any identifying information when submitting reports. The system uses pseudonymization and a granular access control policy (need-to-know), ensuring that authorized users cannot identify specific individuals or departments. All reports are transmitted and stored with end-to-end encryption.
A CIRS is designed to promote patient safety. Its purpose is to learn from near misses, not to uncover legal violations. CIRS reports are strictly free of sanctions and intentionally anonymous. The whistleblower system under the HinSchG serves a different purpose, has different deadlines, and takes a different tone. Both modules are available in the lawcode Suite as separate channels with separate access rights.
Hospitals that can demonstrate participation in a cross-facility error reporting system (üFMS) are eligible for additional reimbursement (§ 136a(3) SGB V in conjunction with § 17b KHG). The CIRS module supports the documentation required for this purpose. For specific implementation details, we recommend consulting with your legal and billing teams.
Yes, completely. Using the drag-and-drop editor, you can customize reporting forms for individual departments and locations—all without any IT effort. Fields, categories, and required information can be freely configured.
The system is usually up and running within a few days. A personalized demo will show you the exact setup requirements for a facility of your size.
Exclusively in Germany, through a German provider certified to ISO 27001. The system is GDPR-compliant and meets the specific requirements of the healthcare sector for the protection of sensitive data.
Get ready now
Experience the CIRS module firsthand: from anonymous reporting through case management to documentation of effectiveness. Free of charge and with no obligation.
One platform, all regulations.
Recognize, evaluate and actively manage supplier risks across the entire value chain.
Record geodata, draw up due diligence declarations and provide complete proof of freedom from deforestation.
Create ESRS-compliant sustainability reports - structured, auditable and on time.
Provide secure, anonymous reporting channels - legally compliant and trustworthy for all parties involved.
Record gifts, invitations and approvals digitally and have them approved in an audit-proof manner.
Assign, conduct and document compliance training - multilingual and verifiable.
Version and distribute policies centrally and manage awareness risk-free.
DE