International comparative analyses of healthcare risk management


Jun Zhou, Department of Medical Regulation, Ministry of Health, No.1 South Xizhimenwai Road, Xicheng District, Beijing 100044, China
Tel: +86-10-68792034
Fax: +86-10-68792034


Objective Interpretation of the growing body of global literature on health care risk is compromised by a lack of common understanding and language. This series of articles aims to comprehensively compare laws and regulations, institutional management, and administration of incidence reporting systems on medical risk management in the United Kingdom, the United States, Canada, Australia, and Taiwan, so as to provide evidence and recommendations for health care risk management policy in China.

Methods We searched the official websites of the healthcare risk management agencies of the four countries and one district for laws, regulatory documents, research reports, reviews and evaluation forms concerned with healthcare risk management and assessment. Descriptive comparative analysis was performed on relevant documents.

Results A total of 146 documents were included in this study, including 2 laws (1.4%), 17 policy documents (11.6%), 41 guidance documents (28.1%), 37 reviews (25.3%), and 49 documents giving general information (33.6%). The United States government implemented one law and one rule of patient safety management, while the United Kingdom and Australia each issued professional guidances on patient safety improvement. The four countries implemented patient safety management policy on four different levels: national, state/province, hospital, and non-governmental organization.

Conclusion The four countries and one district adopted four levels of patient safety management, and the administration modes can be divided into an “NGO-led mode” represented by the United States and Canada and a “government-led mode” represented by the United Kingdom, Australia, and Taiwan.

Medical or clinical risk is high throughout the entire healthcare process, from diagnosis to treatment to rehabilitation. Because of the complexity and seriousness of the consequences of healthcare risk, it is critical that not only hospitals but also government departments implement sound risk management mechanisms for early warning and macro administration. Risk management is the process of identifying, assessing, analysing and managing all potential risks. Healthcare risk management is an effort to reduce and assess risks to patients, staff, and organizational assets within a health care institution. Currently, there is no comprehensive incidence reporting and analysis database in China, so it is difficult to assess healthcare risks quickly and accurately, or to make predictions about medical risks. Therefore, in line with the ongoing reform of its healthcare system, China can draw on the successful experiences of developed countries and regions to establish its own healthcare risk management and early warning and monitoring system.

Although the results of the first large-scale study of adverse events were published over 30 years ago (1), the field of patient safety has only gained widespread attention in the last decade (2–4). In this time, there has been a rapid increase in the number of publications and reports in this area, but interpretation and comparisons have been compromised by a lack of common understanding and language. This series of articles aims to comprehensively compare the concepts, policies, and regulations of institutional management (Article One), administration of incidence reporting systems (Article Two), tools of risk assessment (Article Three), and performance evaluation (Article Four)of medical risk management and early warning and monitoring systems by examining patient safety laws, regulatory documents, research reports, reviews, and other documents in the United Kingdom, the United States, Canada, Australia, and Taiwan, and to provide evidence and policy recommendations for national risk management. In this piece, Article One of the series, we report the laws, regulations, institutional structures, and management mechanisms of medical risk in the United Kingdom, the United States, Canada, Australia, and Taiwan.


Data sources and searches

We searched the official websites of healthcare risk management agencies and non-governmental organizations (NGOs)in the United Kingdom, the United States, Canada, Australia, and Taiwan using the Medical Subject Headings medical errors, risk assessment, and risk management, as well as the keywords medical risk, healthcare risk, clinical risk, medical error, medical accident, medical incident, medication error, malpractice, patient safety, adverse events, adverse reaction, risk warning, risk monitoring, risk surveillance, and risk management (Table 1). We also hand searched references cited in the published official reports.

Table 1.  Websites searched for documents on healthcare risk management
CountryOfficial websites
Governmental agenciesNon-governmental organizations
  1. HHS: United States Department of Health and Human Services; AHRQ: Agency for Healthcare Research and Quality; ASHRM: American Society for Healthcare Risk Management; QUIC: Quality Interagency Coordination Task Force; JCAHO: Joint Commission on Accreditation of Healthcare Organizations; AHA: American Hospital Association; USP: United States Pharmacopeia; DH: Department of Health; NPSA: National Patient Safety Agency; IHI: Institute for Healthcare Improvement; CPSI: Canada Patient Safety Institute; CIHI: Canadian Institute for Health Information; ISMP: Institute for Safe Medication Practices Canada; ACSQHC: Australian Commission on Safety and Quality in Health Care; APSF: Australian Patient Safety Foundation; TJCHA: Taiwan Joint Commission on Hospital Accreditation; TPR: Taiwan Patient-Safety Reporting System.

AHRQ ( (
QUIC ( (
 USP (
UKDH ( (
CanadaHealth Canada ( (
 ISMP Canada (
AustraliaDepartment of Health and Ageing ( (
Taiwan-TJCHA (
 TPR (

Inclusion criteria and data selection

Laws, regulatory documents, research reports, reviews, and evaluation forms about healthcare risk management in the United Kingdom, the United States, Canada, Australia, and Taiwan were eligible for inclusion. Disagreements on data inclusion or exclusion were resolved by discussion between the two reviewers.

Data extraction and quality assessment

A pilot data extraction form was developed and tested on 5% of the included literature. Data were abstracted by two investigators independently, who discussed problems and differences to reach consensus and amended the extraction form accordingly. Extracted data included data sources and methods; healthcare risk management concepts; contents of laws, regulations, and policy documents about healthcare risk management; administrating mechanisms of agencies and incidence reporting systems; and tools and methods of clinical risk management and assessment.

For policies, regulations and other official documents, we evaluated the sources of documents, implementing channels, and updating of documents. For research literature, we evaluated the quality of the study design, data analysis, bias control, and reporting of the results. Documents were graded into three levels according to their sources and content: Grade A was legal documents; grade B was professional standards, guidance documents or general information from official websites; and grade C was descriptive reviews.

Data analysis

Descriptive comparative analysis was used to compare the laws, regulations, organization structuring, management of incident reporting systems, and methods of clinical risk management and comparative assessment of the four countries and one district.


Literature classification

A total of 146 documents were included in our study (Table 2).

Table 2.  Literature Sources and Types
SourceLaw/RegulationPolicy documentGuidance/ToolkitOfficial website informationReviewsRegion total
Evidence gradeABBBC-
Evidence type total217414937146

Concepts in healthcare risk management

Explanations of terms related to healthcare risk are provided in Figure 1 and Table 3.

Figure 1.

Relationships among healthcare risk concepts.

Table 3.  Terms related to healthcare risk
Healthcare risk/Clinical risk (5)The chance that an adverse outcome will result from a clinical investigation, treatment, or patient care.
Patient safety incident (6)An event or circumstance that could have or did lead to unintended and/or unnecessary harm to a person and/or a complaint, loss, or damage. Patient safety incidents include adverse events and near misses.
Adverse event (6)A type of patient safety incident in which unintended harm occurs as a result of a patient receiving healthcare. One type of adverse event is an adverse drug reaction, which is a noxious and unintended response to a drug that occurs at doses used in man for prophylaxis, diagnosis, or therapy of disease or modification of physiologic functions. Adverse drug events are the single greatest risk factor for patients in healthcare.
Near miss event (6)An incident that did not cause actual harm, but had the potential to.
Sentinel event (7)An unexpected occurrence involving death or serious physical or psychological injury, or the risk thereof. Serious injury specifically includes loss of limb or function. The phrase “or the risk thereof” includes any process variation for which a recurrence would carry a significant chance of a serious adverse outcome.
Serious incident (8)An incident that occurs in relation to NHS-funded services and care and results in one of the following:
 • Unexpected or avoidable death of one or more patients, staff, visitors, or members of the public;
 • Serious harm to one or more patients, staff, visitors, or members of the public, defined as an outcome requiring life-saving intervention, major surgical/medical intervention; permanent harm; shortening life expectancy; or resulting in prolonged pain or psychological harm;
 • A scenario that prevents or threatens to prevent a provider organization's ability to continue to deliver healthcare services, for example, actual or potential loss of personal/organizational information; damage to property, reputation, or the environment; or IT failure;
 • Allegations of abuse;
 • Adverse media coverage or public concern about the organization or the wider NHS;
 • One of the core set of ‘Never Events,’ as updated on an annual basis.
Severe harm (8)A patient safety incident that appears to have resulted in permanent harm to one or more persons receiving NHS-funded care.
Permanent harm (8)Directly related to the incident and not to the natural course of the patient's illness or underlying conditions, defined as permanent lessening of bodily functions, including sensory, motor, physiological, or intellectual.
Patient safety (9)The process by which an organization makes patient care safer. This should involve risk assessment, identification and management of patient-related risks, reporting and analysis of incidents, and the capacity to learn from and follow up on incidents and implement solutions to minimize the risk of recurrence.
Integrated risk management (9)The process of identification, assessment, analysis, and management of all risks and incidents for every level of an organization, and aggregating the results at a corporate level. This facilitates priority-setting and improved decision-making to reach an optimal balance of risk, benefit, and cost.

Healthcare risk management laws, regulations, and policy documents

Three of the countries had released investigation reports of adverse events and medical risks for 1995–2000 (Table 4). The United Kingdom and Australia issued professional guidelines regarding patient safety improvement in 2004 and 2005, respectively. Only the United States had implemented laws and regulations governing patient safety management.

Table 4.  Comparison of patient safety laws, regulations and reports in four countries
CountryPatients safety report (10)Law/RegulationGuidanceIssuing institution (national, local, or professional)
ReportYearPublishing institution
UKAn Organization with a Memory: Report of an Expert Group on Learning from Adverse Events in the NHS2000the National Health Service (NHS)None foundSeven steps to patient safety (2004)*NPSA
USATo Err Is Human: Building a Safer Health System2000the Institute of Medicine (IOM).Patient Safety and Quality Improvement Act (2005)*None foundUnited States Congress
Patient Safety Rule (2008)* HHS
AustraliaSafety First: Report to the Australian Health Ministers’ Conference2000the Australian Council for Safety and Quality of Health CareNone foundMeasurement for Improvement Toolkit (2006)*ACSQHC
CanadaBuilding a Safer System: A National Integrated Strategy for Improving Patient Safety in Canadian Health Care2002the National Steering Committee on Patient Safety (NSCPS)None foundNone foundCPSI

In 2005, the United States Congress approved the Patient Safety and Quality Improvement Act, which established Patient Safety Organizations (PSOs) to protect patients and medical personnel privacy and security information (Table 5). Three years later, the U.S. Department of Health and Human Services issued the Patient Safety Rule, which established the authorities, processes, and rules necessary to implement the Patient Safety Act.

Table 5.  Patient safety regulations in the United States
CountryLawImplementation dateInstitutionContents
USAPatient Safety and Quality Improvement Act of 2005 (11)2005.7.29United States Congress• Encourages development of Patient Safety Organizations (PSOs).
   • Fosters a culture of safety by establishing strong Federal confidentiality and privilege protections for information assembled and developed by provider organizations, physicians, and other clinicians for deliberations and analyses regarding quality and safety.
   • Accelerates the speed with which solutions can be identified for the risks and hazards associated with patient care by facilitating the aggregation of a sufficient number of events in a protected legal environment
Patient Safety and Quality Improvement Final Rule (12)2008.11.21United States Department of Health and Human Services• Establishes a framework by which hospitals, doctors, and other health care providers may voluntarily report information to Patient Safety Organizations (PSOs), on a privileged and confidential basis, for the aggregation and analysis of patient safety events.
   • Outlines the requirements that entities must meet to become PSOs and the processes by which the Secretary of Health and Human Services will review and accept certifications and list PSOs.
   • Describes privilege and confidentiality protections for the information that is assembled and developed by providers and PSOs, exceptions to these privileges and confidentiality protections, and procedures for the imposition of civil money penalties for knowing or reckless impermissible disclosure of patient safety work products.

Healthcare risk management institutions and functions

The United States was the first of the regions to found a patient safety agency, the Agency for Health Care Policy and Research (AHCPR), established as a constituent unit of the Public Health Service in HHS in1989, which was renamed the Agency for Healthcare Research and Quality (AHRQ) in 1999 (Table 6). AHRQ is a public health service agency under the jurisdiction of the Department of Health and Human Services (HHS). It is composed of five centers and three offices (Figure 2). The Center of Quality Improvement and Patients Safety (CQuIPS) was established in 2001 with the mission of carrying out research and collecting evidence of best practices in order to improve the quality and safety of the healthcare system.

Table 6.  Comparison of healthcare risk management institutions and functions in four countries
InstitutionFounding yearStructure
USAAHRQ1999 (renamed)CQuIPS (Figure 2)
AustraliaACSQHC2000(1) ACSQHC; (2) State Quality Council;
 (3) Hospital quality committee (Figure 3)   
UKNPSA2001(1) NRLS; (2) NCAS; (3) NRES (Figure 4)
CanadaNSCPS2001CPSI (Figure 5)
Figure 3.

Institution structure for Canada.

Figure 4.

Different levels of patient safety management in Australia (14).

Figure 2.

AHRQ structure (13).

Canada's National Steering Committee on Patient Safety (NSCPS), founded the same year, is responsible for patient safety systems, legislation and management, and evaluation. The role of the Ministry of Health is to provide secretarial work in medication errors and adverse drug reactions related studies to support the Advisory Committee, and to contact drug manufacturers to resolve medication error events (Table 6).

The Australian Commission on Safety and Quality in Health Care (ACSQHC) was founded in 2000, and is administrated at the national, state and hospital levels (Table 6). Different level of institution has vary responsibility. The ACSQHC's main task was to provide strategic advised to Health Ministers on best practices to drive quality improvement; the State Quality Council has the leadership and accountability for the safety and quality of healthcare; the mission of hospital quality committee was to strengthen the organization and coordination of management in hospital. However, the United Kingdom's National Patient Safety Agency (NPSA) has a more explicit division of labor and a more detailed framework (Table 6). The sturcture of NPSA could be grouped into three categories: management (board; chief executive), research (national programme; professional support and assessment; research ethics; etc.) and services (patient and public involvement; Confidential Enquiries; etc.) (Figure 5).

Figure 5.

Structure of NPSA (15).


The history of healthcare quality research

Doctors and health policymakers tend to focus first and foremost on curing disease. Especially with the emergence of new diseases, therapeutic technologies, and drugs, medical quality management has been the top priority in many healthcare systems, while healthcare risk has been all but ignored. The earliest article on patient safety, published in 1953 (16), marked a nascent awareness that while contemporary medical treatment brings many benefits, new technologies and medicines, the complex healthcare system, the limitations of doctors’ knowledge, and various pressures will inevitably lead to some negative outcomes. In recent decades several European and American countries have issued nationwide reports on adverse events, and the field of patient safety quickly became a hot topic in global health service and the biggest challenge worldwide (17). In 1995, the Canadian Institute for Health Information reported an incidence rate of adverse events in Canada hospitals of 16.6%. In 2000, the Institute of Medicine published “To Err is Human,” which revealed that as many as 98,000 people die each year in the United States due to medical errors. In the same year, a group of UK experts reported in “An Organization with a Memory” that the NHS failed to draw lessons from adverse events or avoidable unsafe events, which are the leading cause of unintentional harm to patients. The experts also proposed establishing an entity within the NHS to collect raw data, draw lessons, and take effective measures to prevent similar incidents from recurring (18).

Comparison of national patient safety systems

The incidence of adverse events has increased continuously for the past few years, causing the public and the media to raise questions. This has impelled central governments to review patient safety protection and quality of healthcare. The United States, Britain, Australia, and Canada have all set up patient safety institutions since 1999.

These four countries all use four levels of governance to improve health care safety. However, their management mechanisms all fall into one of two categories:

NGO-led management. In 1999, AHCPR was renamed AHRQ, and became the lead agency for management of medical errors in the the Quality Interagency Coordination Task Force (QUIC). The main tasks of AHRQ are to improve the quality, safety, efficiency, and effectiveness of health care, and to support research that helps people make more informed decisions and improves the quality of health care services. However, prevention of medical errors and incidence collection are mainly managed by NGOs such as The Joint Commission (TJC) and the American Society for Healthcare Risk Management (ASHRM). Management of patient safety in Canada is similar to that in the United States. The non-governmental organization NSCPS was established in 2001, and on its suggestion, another NGO, CPSI, was founded in 2004. Both NGOs aim to improve medication safety and minimize clinical risk.

National or state government-led management. The Australian Commission on Safety and Quality in Health Care (ACSQHC) was founded in 2000 by the Australian federal, state, and territory governments. Every level of government has a clear mission and responsibility in health care quality and patient safety. In the United Kingdom, the British National Patient Safety Agency, established in 2001, is responsible for directing and funding initiatives related to improving patient safety and preventing medical risk.

Laws and policies of patient safety protection

While patient safety agencies in many countries work hard to enhance and ensure patient safety, the lack of normative guidance from laws, regulations and guidelines results in the unnecessary loss of human and material resources. In 2002, the WHO Executive Committee discussed the problem of patient safety and recommended a resolution to the 55th World Health Assembly. In the same year, the World Health Assembly adopted resolution WHA 55.18, urging member states to establish and strengthen patient safety safeguards and improve the quality of their health care systems, for example, by monitoring drug and infrastructure equipment. The WHO Director-General led the development of global patient safety standards and the establishment of an evidence-based policy framework and a mechanism to encourage research. In May 2004, the 57th World Health Assembly supported new proposals to improve patient safety internationally. In October of the same year, WHO Director-General Dr. Lee Jong-wook launched the World Alliance of Patient Safety.

In the United States, in 2005 Congress approved the Patient Safety and Quality Improvement Act (2005 Edition)to encourage, protect, and promote the establishment of PSO and patient safety information collection. In 2008, the United States Department of Health and Human Services (HHS)issued the Patient Safety and Quality Improvement Final Rule to build a collaborative framework for voluntary reporting among hospitals, doctor offices, and other health institutions of PSO, and to promote patient safety incident analysis, further emphasizing the importance of the PSOs. Since November 2008, AHRQ began to adopt PSOs; at the same time, it released the Patient Safety Rule (first enforced in 2009). As of July 2009, there were 65 partner organizations included in the PSO.

Neither the United Kingdom nor Australia have enacted laws or regulations at the national level, but both have implemented nationwide professional standards for supervision and control of patient safety. Britain's “seven steps” defined relevant terms in patient safety, and provided resources (e.g., a patient safety culture assessment tool, a fault tree analysis, e-learning tools, a root cause analysis, and related tools and training videos)and statistical information dissemination methods of patient safety improvement measures. Australia's “Patient Safety Management Guide” mainly concerned identification, investigation and analysis, management, feedback from patient safety incidents, as well as learning through monitoring of these incidents.


This study was commissioned by the Institute of Hospital Administration in China's Ministry of Health to compare relevant laws and regulations, institutional settings, and operational mechanism of healthcare management and early warning in the United States, Britain, Canada, Australia, and Taiwan. Therefore, searches did not extend to other countries and databases. Evidence grades of included documents were defined by the authors for there were no recognized standards of grading about policy evidence.


Only the United States had implemented laws and regulations to improve patient safety and prevent healthcare risk; both the United Kingdom and Australia had published professional guidance to enhance medical quality and patient safety.

The four countries and one district adopted four levels of patient safety management: national, state/province, hospital, and NGO. Their administration mode can be divided into an “NGO-led mode” represented by the United States and Canada, and “the central/state government-led mode” represented by United Kingdom and Australia.