The error of our way
The need to implement integrated, (inter-)national, non-punitive, independent, confidential, and inclusive patient safety reporting systems
This is the fourth article in our Psyverse #2 series. To read previous articles, visit the compendium.
We need to address the elephant in the room. Not only do patient safety reporting systems already exist, but they have existed for at least a quarter of a century.1 While tempting to say, “case closed!” on an excellent example of a system from fields like aviation or nuclear safety being implemented within psychiatry2 and immediately high-tailing it out of here, the current situation is bedevilled by nuance. So much nuance that it has been difficult to wrap my head around it. And I love wrapping my head around things.3
Yes, patient safety reporting systems exist, but their effectiveness has been recently questioned by multiple authors.4 Despite significant investment in reporting systems, large numbers of patients continue to be harmed each year. It is still the case that for most areas of medicine, the safest time to receive healthcare treatment is tomorrow. This contrasts with other fields like aviation and the nuclear industry, where reporting systems have been a highly successful tool for helping improve safety through system change.5
Many reasons for the underwhelming performance of patient safety reporting systems have been suggested, along with proposed solutions.6 We are going to focus on their characteristics. Arguably, while patient safety incident reporting systems are widespread, few can claim to be integrated, (inter-)national,7 non-punitive, confidential, independent and inclusive. Why are these six characteristics important? We shall find out.8
Firstly, however, it would probably be a good idea to explain what a patient safety reporting system is.
The aim of a reporting system is to catch incidents, which, according to the World Health Organisation (WHO), broadly fall into three categories: near miss, no harm incident and harmful incident.9 The harmful incidents subsequently fall into two further categories: adverse events and adverse reactions. With “events” being preventable harm and “reactions” non-preventable harm. Within these broad categories, more specific classifications have been used and proposed.10
When a healthcare professional (or indeed a patient) comes across an incident, whether through direct involvement or as a bystander, they fill out a form. Depending on the type of system, reporting an incident may be mandatory or voluntary.
Mandatory systems are primarily used to hold healthcare providers accountable. They focus on the severe incidents, like sentinel events, otherwise known as “Never Events”. An example of a severe incident could be the amputation of the wrong leg during surgery or an incorrect medication given to a patient, leading to their death.11
Voluntary systems are primarily used for learning. These generally focus on near misses or very minimal patient harm. One example would be a prescription error (wrong dose, wrong drug, etc.) that is caught by a pharmacist before it reaches the patient. Voluntary incident reports submitted by healthcare reporters are indicators of potential systemic (procedural, technological, etc.) changes that need to be made.12
In either case, the incident form that a healthcare professional submits will generally have a section which classifies the incident (patient information, incident time/type/severity,13 etc.) to allow sorting and trend analysis. It will also have a free text section for the reporter to provide the story of what happened. The WHO proposed a Minimal Information model to help healthcare providers develop their own incident reporting form.
Once completed, the clinician/patient sends the form off (electronically nowadays) to an organisation that will sort and analyse the reports. If there are incident reports of interest, an investigative body could send a team of experts to review cases and investigate. After completion, different policies or procedures would then be recommended in a report and implemented to change the latent conditions, thereby preventing future incidents from occurring (depending on the reporting system in question and the seriousness of the incident, a reprimand of staff involved may also be issued).
Designing an effective patient safety reporting system is easier said than done. Out of the many characteristics and factors that need to be considered, arguably, the following are some of the most important.
Integrated
My initial intention for this Psyverse series was to focus exclusively on incident reporting systems in psychiatry. I found this an impossible task. Every time I wanted to make a point, the evidence and analysis leaked into other areas of patient safety. Whether that was the type of culture that encouraged reporting, or how investigations into incidents needed to be guided by an incident reporting system. Patient safety is an interconnected web of incredibly complex systems that influence, and are influenced by, each other.14
In industries such as aviation, investigation into harm (accidents) has been developed since at least the 1930s, with reporting systems being developed since the 1950s.15 An entire safety management system has been slowly developed over the course of nearly a century. In contrast, healthcare systems have attempted to translate safety knowledge from other sectors into a fully functional patient safety system within the space of a couple of decades.
The result is that patient safety incident reporting is not properly integrated within a wider patient safety system. Too often, they have been used as a repository to gather statistics and keep track of the number and types of incidents, rather than as a learning tool.16 An incident report is only the start of the learning process; it is only a “window on the system”, from Vincent (2004):
Incident reports by themselves…tell you comparatively little about causes and prevention…. Reports are often brief and fragmented; they are not easily classified or pigeon holed. Making sense of them requires clinical expertise and a good understanding of the task, the context, and the many factors that may contribute to an adverse outcome.
An effective patient safety reporting system requires substantive analytical, investigative and regulatory systems to lean on. With each system intricately connected to the others, and the wider healthcare system, through procedure and legislation. Patient safety also needs to be promoted and communicated to build a safety culture.
In other words, the development of Safety Management Systems (SMSs) is desperately needed.17 Only then can the learnings, discovered through incident reports and investigated by experts, be implemented into principles, processes and practices, then subsequently followed by healthcare staff.
(Inter-)National
While there is value in a system that picks up on a specific local incident, then develops a specific local solution, this is not where the real value of a reporting system lies. Reporting systems are as much about preventing incidents occurring over the entire system as they are about finding specific cases.
Say we have an incident where there are two patients with the same first name (say Jacob M. and Jacob Y.) sitting next to each other, awaiting a routine blood transfusion. A unit of red blood cells was taken from the refrigerator, and during the setup of the transfusion for Jacob M., it was realised the blood cells were actually for the other patient - Jacob Y.18
If we don’t have a national reporting system, we are relying on every single local blood transfusion provider to pick up on this type of name mix up incident, report it, have a team investigate it, and then enact a correct latent condition change that would fix the problem (rather than a change that would only half-fix it, such as guidance or training etc.). Not only is this horrendously inefficient and expensive, but it is also a lot of work for each local provider to ensure patients stay safe.
A national reporting system’s role is to find common occurring problems as they start arising, have a national investigative body examine them, and then disseminate the solution to all local healthcare providers across the country. Meaning that for most providers, the incident is prevented from occurring in the first place.
While the UK has a national patient reporting system,19 many countries around the world, including the United States, do not.20 Given the number of countries with fragmented local reporting systems that do not permit the sharing of information between them, how many times has the wheel been reinvented? Perhaps more importantly, how many different shapes has the wheel been reinvented into?
While I have focused on national systems, there is scope for an international sharing of incident reporting. Healthcare is a global phenomenon, and there will be problems generic enough to apply to many countries around the world. But more importantly, there are many countries with rudimentary reporting systems that could benefit from the learnings of countries with more advanced ones.
A final point is that the introduction of a national reporting system does not mean the shutting down of local ones. Firstly, if every incident in the country were reported to a national agency, it would be overwhelmed quickly. Indeed, overreporting is a significant issue. Secondly, in many healthcare settings, solutions may need to be tailored to the individual characteristics of each healthcare provider (e.g. number of staff, layout of the hospital, number of beds, how busy the hospital is, etc.).
Non-Punitive
Lucian Leape, one of the experts at the forefront of pushing for increased patient safety awareness, once testified to the U.S. Congress:
The paradox [of punitive measures] is that the single greatest impediment to error prevention is that we punish people for making them.21
Keeping to the theme of apparent paradoxes, while encouraging healthcare staff to “report it all” to a national system tends to result in overreporting, having punitive consequences for reporting incidents tends to result in underreporting.22 Out of the many barriers to reporting,23 the most prominent seems to be the consequence of disciplinary action after submitting a report to a reporting system.24
Assuming the vast majority of healthcare professionals don’t intend to commit errors, some of the most important incident reports could be the ones most fraught with potential disciplinary consequences. This is because these reports may point to an aspect of the system unintentionally designed to encourage clinicians to go against regulations. Logically, it follows that by removing the consequence of disciplinary action, more of these types of errors will be reported.
But the picture is not quite as simple as legislating the removal of punitive measures resulting from incident report submissions. Whether a system is mandatory (generally focused on accountability - with greater likelihood of punitive measures), or voluntary (generally focused on learning - usually non-punitive), underreporting rates are still significant.
Some of this can be attributed to barriers such as confusion about what to report or time constraints. A likely more significant reason for underreporting can be attributed to blame culture and surrounding factors.
Which is why the organisation running the reporting system needs to be…
Independent
Perhaps the most widespread problem of patient safety reporting systems is that they are often run by the same organisation that also deals with punitive measures. Even if a reporting system is formally non-punitive, conflicts of interest25 can result in informal negative consequences, like reduced status or career prospects. Healthcare professionals may feel psychologically unsafe, reducing the likelihood of incident reporting.
An independent organisation running a reporting system would allow confidence that reports won’t be used punitively against the reporter, as the independent organisation would simply not have the power to punish. Recently, in the UK and Norway, independent investigative organisations have been set up for this very purpose.
Independence also likely provides psychological safety to healthcare reporters, as the information they submit won’t be seen by anyone working within the same organisation. This is especially relevant for many current local, hospital-wide reporting systems where staff report incidents directly to their superiors (e.g. supervisors or line managers). Not only does this mean that the superior could censor reports to administrators because of a conflict of interest (say, the line manager had performance targets they needed to keep to), but they could also use the incident reports as evidence to punish staff. Voluntary reporting systems have been used in this way within the United States.26
Ideally, an independent safety team within each local healthcare provider would operate and manage the incident reporting system. They would then report the issues to the board directly.27
Confidential
For readers familiar with reporting systems, you may have noticed I have not included “anonymous” alongside confidential. This is despite the fact that many reporting systems are either completely anonymous or provide a way to report anonymously. Some authors have argued for confidentiality over anonymity.28 Notably, the WHO also omitted anonymity in their initial report on the ideal incident reporting system, including only confidentiality.29
The primary issue is that anonymous reporting systems are problematic when it comes to the investigative process. Usually, reports require some form of follow-up, as investigators often have questions about the information provided by reporters, and reports also generally have information missing. In an anonymous system, follow-up isn’t possible,30 making investigations more difficult.
For the reporters submitting to anonymous systems, the lack of feedback after submission is also a significant problem. It can encourage submitting and forgetting of reports, reduce responsibility for local improvement, and, most importantly, a lack of feedback deters reporters from submitting future incident reports. With an anonymous system, reporters do not know if anyone has read their report, never mind whether the issue they have a stake in has led to any meaningful change or investigation.31
Confidential systems allow for the possibility of feedback to occur, opening the door to active participation in patient safety from all parties. Ideally, a system would allow for every report to be confidential, with an option for the reporter to stay anonymous.
Inclusive
Out of the many research papers and guidance on patient safety reporting systems, there appears to be a gaping hole. Patient contributions. Despite a 2020 WHO report advising that “[t]he best reporting systems also include and encourage patient generated reports”, the vast majority of incident reporting systems don’t appear to allow a patient to submit reports.32 Of the ones that do, patient contributions make up a tiny fraction of the total number of reports.33
In my opinion, this is a significant oversight. Unlike in industries like aviation, where the passengers are typically that, passengers, patients are part of the process. Almost every medical decision is discussed with the patient, and the patient is the ultimate decider on the treatment option they choose to go with (also holding a veto on any potential treatment offered).34
Patients have information that healthcare professionals do not have access to. While doctors see many patients, patients see many doctors… and surgeons… and nurses… and pharmacists… You get the picture. A patient’s care experience is different to healthcare professionals – as Pozzobon et al. (2023) puts it: “Patients are the only care team member present at every interaction across their care journey”.35
Patients can therefore identify mistakes and offer insights that would otherwise be inaccessible to staff. As an example, five out of my six psychiatrists never realised they made diagnostic and prescription mistakes during my care. By the time I learned the key information highlighting these errors, I was usually being seen by the next (or the next + 1) psychiatrist.
Given what I’ve mentioned so far, I don’t think it is too far-fetched to say that patients should be encouraged to write incident reports when the opportunity arises. But I don’t think this encouragement is occurring. In the decade I have been receiving treatment, I did not know that as a patient in the UK, I could have filled out an incident form to the NHS’s Learning From Patient Safety Events (LFPSE) reporting system. Heck, in my decade as a patient, I didn’t know that incident reporting systems even existed.
Whenever I encountered a problem with my care, the response from healthcare professionals was either an attempt to fix my problem (and only my problem) or a directive towards a complaints procedure.36 Of all the rhetoric about moving towards learning and away from blame, why is it that, for every problem I’ve had with the healthcare system, staff have failed to look for learning and instead asked me who I want to blame?
As a patient, I would much rather a system be fixed so that the mistakes that occurred to me yesterday don’t occur to somebody else tomorrow, than see one particular clinician be reprimanded and learn nothing. I am not alone in this sentiment.37
I think the time has come to include patients in patient safety reporting.
What about Psychiatry?
You may have noticed this article has been pretty light on psychiatry. If you were to read the patient safety literature, you would notice a similar phenomenon. Up until 2019, there had only been two reviews that examined patient safety in a mental health context.38 The barriers to incident reporting in psychiatry have been so significant, Russotto et al. (2024) used expert opinion as an alternative source of information to study inpatient psychiatric incidents. Research specifically about psychiatric patient safety in a community setting is practically nonexistent.
For the research that has been conducted, many of the studies are published in speciality-specific journals (e.g. a psychiatric nursing journal) instead of patient safety ones. Consequently, psychiatric patient safety studies are not only separated from general patient safety literature, they are separated from each other. The scientific practice of building on a diverse array of past studies has become extremely difficult.39
Given the paucity of research and unique challenges associated with patient safety in mental health,40 the field of psychiatry may very well be the area in medicine most in need of effective incident reporting systems.
But, before we start thinking about how to design such a system, it is worth exploring the history of an industry that has already gone through the inevitable trials and tribulations of incident reporting implementation: Aviation.
The series continues next week, where we will start our exploration into the history of aviation reporting systems.
If you enjoyed reading about how to best capture errors through patient safety incident reporting systems, please considdffdjhbbjddfdf #ERR #ERR
Rebooting… … … … #SUCCESS If you enjoyed reading about how to best capture errors, please consider gifting a heart❤️. And if you think someone else woullllll #BUFFERING 🔄🔄🔄 d appreciate a deep dive into patient safety reporting systems, please do restack🔄 or share🔗. It would be much appreciated!
The history of patient safety reporting systems will be covered in a future article.
and medicine in general
That could’ve come out better…
From Goekcimen et al. (2023):
To sum up, the scattered and unsystematically reported evidence in learning from [Critical Incident Reporting Systems] to improve patient safety paints a rather dire picture of the current situation.
Also see: Shojania (2021), Stavropoulou et al. (2015) & Mitchell et al. (2015).
Some authors have argued that there have been success stories when it comes to healthcare reporting systems, and patient safety overall. E.g. Pronovost et al. (2016)
But Carl Macrae (2025) perhaps sums up the state of patient safety best:
Despite enormous effort and considerable investment over the past several decades, frustrations are rising at the limited progress that has been made. Even in healthcare systems that have developed a significant strategic and policy focus on patient safety, such as England’s National Health Service (NHS), major failures of care continue to occur with distressing regularity and large numbers of patients are still harmed each year in patient safety incidents.
See Illingworth et al. (2022), Illingworth et al. (2023) & Panagioti et al. (2019) for the prevalence of patient harm.
See Barach and Small (2000) for the relation of non-medical reporting systems to healthcare.
Suggested reasons for underwhelming performance include poor processing of reports, inadequate communication & feedback to front-line healthcare staff, low engagement by staff, information overload due to unselective “report everything” guidance, among many others.
Solutions include targeted reporting, making the reporting process easier and quicker for staff, improved standardisation of event types, etc.
For more information, see Macrae et al. (2016), Goekcimen et al. (2023), Shojania (2021), Stavropoulou et al. (2015) & Mitchell et al. (2015)
An international system definitely does not exist.
The six characteristics were in part inspired by Table 2 in Leape (2002) (also in the WHO 2005 incident reporting guidelines) and this short aviation article
A near miss is an incident which did not reach the patient. This includes things like a medical error that could have resulted in an injury, but didn’t through an intervention by a practitioner or sheer luck. See page 130 of the WHO international classification for patient safety
A no harm incident is where an event reached the patient, but no harm occurred as a result. An example would be a patient falling down (perhaps due to a drug which lowered blood pressure), but having no injury.
A harmful incident is where an event reached the patient and subsequently caused harm.
For example: Table 1 of Cooper et al. (2018), this UK National Health Service (NHS) policy guidance on reporting systems & this 2013 slide from the Sheffield Health Partnership University NHS Trust
The UK’s NHS keeps a log of the number of sentinel events, which they call “Never Events”. For example, between April 2025 and November 2025 there were 116 wrong site surgeries (with 10 of these intended for a completely different patient), 73 retained foreign objects post procedure (including 1 cotton wool ball case, 13 surgical instrument cases & 19 cases of a vaginal swab left in a patient), and 1 patient trapped between the mattress and bedrail.
The full codification of Never Events can be found here.
More info about mandatory and voluntary incident reporting systems, as well as the differences between them, can be found in Chapter 5 of the Institute of Medicine’s To Err is Human report (2000), or Chapter 35 of the Patient Safety and Quality handbook for Nurses (2008)
For some examples of voluntary/mandatory/hybrid reporting systems, see Chapter 5 of the 2005 WHO adverse event and learning system guidelines (for a more up to date, but less specific, state of reporting systems in the world, see page 232 of the 2024 WHO Global patient safety report)
Interestingly, the NHS has moved away from a discrete categorisation of severe incidents. Due to the poor quality of severe incident investigations, among other issues, the Serious Incident Framework was ditched in favour of the Patient Safety Incident Response Framework (PSIRF) in 2022.
PSIRF has placed a greater focus on patient involvement, learning and compassion.
Examples include: culture, checklists, investigative bodies, safety committees, improvement projects, risk registers, safety huddles, complaints processes, regulatory bodies and how they interact, policy implementation, communication systems, etc.
The history of aviation safety reporting systems will be covered in future articles.
A Safety Management System is “a systematic approach to managing safety, including the necessary organisational structures, accountabilities, responsibilities, policies and procedures”
(From the ICAO Safety Management Manual 2018 - pdf copy here)
According to a review by Zhelev et al. (2025), out of five high-income countries (Australia, Canada, Ireland, the Netherlands & New Zealand), only the Netherlands had adopted a formal SMS approach.
For more info on Safety Management Systems, see Macrae (2025), the UK’s Health Services Safety Investigations Body 2023 report on SMSs or the aforementioned review by Zhelev et al. (2025)
And was one of the pioneers of such a system.
See Meyer (2019) & the WHO global patient safety report (2024)
From the 1997 House of Representatives hearing: VHA’s risk management policy and performance.
This quote is also often misquoted as:
The single greatest impediment to error prevention in the medical industry is that we punish people for making mistakes.
Misquotes like these don’t appear to be all too rare. Sometimes, even if we literally hear the original correct quote, we may remember a different one (otherwise known as the Mandela effect).
There may be a few reasons why these types of misquotes become more memorable. From Processing Fluency, to the Illusory Truth Effect and the Misinformation Effect.
The paradox is resolved through understanding that incidents that are unlikely to result in disciplinary action will likely be reported with abandon, while incidents which could lead to disciplinary action may very well not be reported. Further, the reports themselves may miss crucial details which could get the reporter in trouble.
In other words, punitive action may encourage reports of a similar nature, with little diversity, while also reducing the reliability and quality of the incident reports.
For some examples: see Haw et al. (2014), Soydemir et al. (2017), Vrbnjak et al. (2016) & Waring (2005)
See Aljabari and Kadhim (2021), Hamed and Konstantinidis (2022) & Archer et al. (2017)
For example, the organisation running the reporting system is also the one paying the healthcare employees.
A perceived conflict of interest also applies here. For instance the UK’s LFPSE reporting system is run by NHS England, who generally don’t employ healthcare professionals (these usually sit with local providers of varying types).
But given I had to look to the terms and conditions of the LFPSE to check that NHS England does not have any power to investigate individual cases, means there are likely healthcare professionals who are also unsure about who they are reporting to under the generic “NHS” banner.
See Gampetro et al. (2024). Pdf copy here
See Arnal-Velasco and Barach (2021), Fernald et al. (2004), Clarke (2006)
See Table 1 of the WHO draft guidelines for adverse reporting and learning systems (2005)
Technically, this isn’t true. There is a way to provide anonymity for reporters and still communicate with them. But I will cover this in a future article.
For more on feedback, including as a barrier to reporting, see:
Macrae (2016), Mahmoud et al. (2023), Beecham et al. (2025), Koskiniemi et al. (2025), Bovis et al. (2018)
I found it difficult to ascertain how many reporting systems allow patient contributions without manually surveying.
For the United States, I did find an Office of Inspector General report about Patient Safety Organizations (PSOs), which noted that:
most of the PSOs we interviewed said that they do not accept patient submitted reports.
But this was only out of a sample of five PSOs.
Notably, the Agency for Healthcare Research and Quality has funded at least four projects since 2000 focused on the role of patients and families in reporting (and also carried out an extensive report into designing systems for patient contributions in 2012). But these aren’t exactly earth shattering numbers.
Worldwide was a tougher nut to crack. And I couldn’t find any direct survey data.
I could though, through evidence of absent patient contribution mentions in the literature, infer that very few systems allow patients to report.
For example, in Table 2 of Scott et al. (2023), a paper reviewing types of safety incident reporting, there are only 2 papers (out of 53) that might reference patient contributions (under the category of “Mix—Clinical staff, non-clinical staff, relatives or residents”). The rest of the papers fall under categories related only to staff
I could only find one explicit mention: A study using the Danish Patient Safety Database by Christiansen et al. (2021) that found patient contributions accounting for only 1.4% of the 209,263 incident reports studied.
From an implicit mention in a study by Ward and Armitage (2012), there is reason to believe that the UK’s reporting system (NRLS then LFPSE), which allows patient reporting, has a similarly low percentage of patient reports. The authors also claim it is a similar story worldwide.
As an analogy, if getting your car serviced were like healthcare, you would have to stand next to the mechanic as they were doing the service. All the while, they would have to explain to you what they were doing for every single check and fix, then you would be the one making the final choice about the best way to proceed for every single decision that needed to be made.
Pozzobon et al. (2023) is an excellent review about the handful of studies on patient contributions to incident reporting systems.
I highly recommend giving it a read (it is open access).
I’ll give an example:
After one of my psychiatrists wrote a report containing numerous factual inaccuracies and contradictions based on a fifteen minute phone call about a lithium dose increase, I went to the NHS’s Patient Advice and Liaison Service (PALS). They were friendly and helpful, but only pointed me towards who to complain to. There was never any mention that I could submit a report to LFPSE.
The complaints procedure revolved around my specific problem and what they could do to fix it (Spoiler: all they could offer was for me to submit another report to my medical record with annotations pointing out the inaccuracies - the original is still part of my record).
I found the “preventing reoccurrences” section of Mazor et al. (2014) to be the most personally impactful example
Also see: van Dael et al. (2020), Bismark et al. (2006), Bouwman et al. (2015) & Bark et al. (1994)
Thibaut et al. (2019) cited Brickell et al. (2000) and Kanerva et al. (2013)
See D’Lima et al. (2018) for claims made in this paragraph
This includes the aforementioned extra barriers to reporting, potential need for a different taxonomy, difficulties measuring diagnostic errors, incidents unique to mental health, etc.
I'm not sure exactly what you want to include, or expect to see, for psychiatry. For prescriptions, the issue I had was my GP surgery repeatedly interfering with the prescription written by my psychiatrist like changing the number of tablets or "forgetting" to issue prescriptions. Both of these repeat issues were for the pramipexole for RLS and procyclidine for akithesia that were side effects from quetiapine XR. Without those two medicines I couldn't take the quetiapine.
But, more than anything, my psychiatrist is a danger to patients. She was a her very own patient danger. Or the CMHT clinic were the other psychiatrists would not intervene when your psychiatrist was on vacation for 2 or 3 weeks. I developed an episode of rapid cycling while my psychiatrist was on vacation for 3 weeks and the duty nurse told me the other psychiatrists would not "interfere" with my treatment out of "professional curtousy" so the duty nurse had to dose me up on diazepam for over 2 weeks, and my GP had to force the clinic to make an appointment for 9am on my psychiatrist's 1st day back. My psychiatrist was 45mins late for the appointment and told me she "was just checking emails".
Psychiatrists know that they can get away with unprofessional behaviour and behaviour that harms their patients because we are the unreliable crazy people. It is why there should be extra levels of protection for this population