77 officer roles, all coveredArt. 33 GDPR, 72 hours to report a breach93 controls under ISO/IEC 27001:2022905 ready-to-run audit templates in the workspace§ 130 OWiG, supervisory duty of the management boardOfficer appointment letter, signed, filed, evidencedOne workspace for tasks, trainings, audits, documentationDIN 14095 fire protection plans, standardisedEU AI Act, the first horizontal AI regulation worldwide77 officer roles, all coveredArt. 33 GDPR, 72 hours to report a breach93 controls under ISO/IEC 27001:2022905 ready-to-run audit templates in the workspace§ 130 OWiG, supervisory duty of the management boardOfficer appointment letter, signed, filed, evidencedOne workspace for tasks, trainings, audits, documentationDIN 14095 fire protection plans, standardisedEU AI Act, the first horizontal AI regulation worldwide
KRINKO guidelines for hospital hygiene: obligations and implementation
Health & Hygiene

KRINKO guidelines for hospital hygiene: obligations and implementation

24 June 202612 min readBy Stefan Möller
CIVAC

Hospital hygiene is not a recommendation, but rather a requirement under the IfSG, state hygiene regulations and KRINKO specifications. This article shows how clinics document risk analyses, hygiene plans and reporting paths in a legally compliant manner.

The obligation for infection prevention management in hospitals results from Section 23 of the Infection Protection Act (IfSG) and the state hygiene regulations of the federal states. The recommendations of the Commission for Hospital Hygiene and Infection Prevention (KRINKO) at the Robert Koch Institute, which are considered the state of medical science within the meaning of Section 23 Paragraph 3 IfSG, are decisive. According to Section 73 IfSG, violations are punished as an administrative offense with fines of up to 25,000 euros; in qualified cases, the clinic management is threatened with criminal liability under Section 222 StGB (negligent homicide) or Section 229 StGB (negligent bodily harm). The state supervisory authorities regularly check the hygiene organisation on site.

This article brings together the most important KRINKO recommendations, the legal framework from IfSG and state regulations as well as the operational duties of the hygiene officers, doctors, hospital hygienists and hygiene specialists. You will learn how an auditable hygiene plan is structured, which reports are mandatory according to § 6 and § 7 IfSG and how the documentation is kept in an audit-proof manner. CIVAC operates this documentation as a compliance platform and officer-as-a-service, so that the hygiene plan, risk analyses and training certificates are signed, filed and verifiable. Licence the workspace for your internal representatives, or have our representatives order it. The EU data residency protects sensitive patient data in the hygiene organisation's environment, and the reporting line to hospital management is preset as the default path.

Key Takeaways

  • Section 23 IfSG obliges hospitals to implement KRINKO recommendations as the state of the art and to maintain documented hygiene management.
  • The hygiene plan must be risk-based and checked at least annually; proof of training is required in accordance with Section 8 BiostoffV.
  • Reports in accordance with Section 6 IfSG (disease) and Section 7 IfSG (pathogens) must be sent to the health department immediately, at the latest within 24 hours.

Legal framework: IfSG, KRINKO and state hygiene regulations

The legal framework for hospital hygiene is three-tiered. Firstly, the Infection Protection Act (IfSG) regulates in Section 23 Paragraph 3 the obligation of hospitals to take the measures necessary according to the state of medical science in order to avoid nosocomial infections and the development of resistance. Secondly, the KRINKO recommendations specify this obligation in currently over 30 topic-specific publications that are published in the Federal Health Gazette. Thirdly, every federal state has a state hygiene regulation, such as the HygMedVO North Rhine-Westphalia or the MedHygV Bavaria, which specify structural requirements for personnel, training and documentation.

The KRINKO recommendations are not legal standards, but rather traffic safety standards. Anyone who demonstrably deviates from them must justify and document the deviation. In the event of liability, the burden of proof lies with the clinic, which must prove that an equivalent or higher level of protection was guaranteed. The Federal Court of Justice case law (most recently VI ZR 144/21) on the reversal of the burden of proof in the case of fully controllable risks has further tightened the requirements.

For implementation, hospitals need at least three functions: a hospital hygienist with specialist training in hygiene and environmental medicine, one or more hygiene officers, doctors from the specialist departments and hygiene specialists in accordance with the respective state regulations. The responsibility for the order lies with the hospital management. Anyone who appoints a hygiene representative documents their qualifications, the appointment certificate and the list of tasks in a central personnel file. Otherwise, the appointment will be vulnerable in the supervisory process because personal suitability cannot be proven. The Hygiene Commission meets at least every six months and records the decisions, which is also subject to review by the supervisory authorities. The appointment certificate, signed, filed, verifiable. The additional appointment of a medical device safety representative in accordance with Section 6 MPDG is also mandatory for clinics with their own processing department and should be closely coordinated with the hygiene organisation.

Hygiene plan: structure and mandatory components

The hygiene plan according to Section 36 IfSG is the central document of the internal procedural instructions. It must be in writing, updated regularly and accessible to all employees. The KRINKO recommendation "Hygiene requirements for medical care" lists at least eleven mandatory chapters: hand hygiene, surface cleaning and disinfection, reprocessing of medical devices, personal protective equipment, waste handling, laundry management, food hygiene, water hygiene (especially legionella), structural requirements, personal hygiene and patient isolation.

There are also chapters specific to risk areas: operating departments, intensive care units, endoscopy, dialysis, oncology, Neonatal ward, emergency room. Each chapter must reference the relevant KRINKO recommendation and specify the in-house procedural instructions. A blanket reference to the KRINKO recommendations without in-house specification will be objected to in the supervisory procedure.

The hygiene plan must be reviewed at least annually and adjusted as necessary in the event of significant changes (new devices, new procedures, new pathogens, new KRINKO recommendations). The version history must be traceable, ideally with date, author and release note. The handing over to the employees requires proof, for example through confirmation during induction and every time there is an update. In practice, an electronic platform with read confirmation and proof of training has proven to be effective. Anyone who keeps a version of the hygiene plan in a compliance platform can access any previous version with two clicks and present it in the audit. Others run compliance like a filing cabinet. We run it like software. An electronic read confirmation when handed out replaces hand-held attendance lists and, in the event of liability, provides reliable evidence that the employee has taken note of the plan. For very large companies with over 1,500 employees, there is practically no alternative to the electronic solution because manual maintenance takes up the effort of half a full-time position. The annual approval by the hygiene commission and the clinic management is documented in minutes of the meeting, which the supervisory office often checks as an input document in the audit.

KRINKO recommendations: Which ones are critical?

Of the large number of KRINKO recommendations, some are particularly relevant to testing in everyday clinical practice. First, the hand hygiene recommendation (2016): It requires alcohol-based hand disinfection before and after patient contact, before aseptic activities, after contact with potentially infectious material and after patient surroundings (the WHO's five indications). Compliance measurements through observation are mandatory documented. Second, the recommendation on the reprocessing of medical devices (2012, updated): It regulates risk classification (non-critical, semi-critical A/B, critical A/B/C), validation of the reprocessing procedures and approval by qualified personnel.

Third, the recommendation on the surveillance of nosocomial infections (2020): It obliges hospitals to record infections in a structured manner, regularly via the KISS system of the National Reference Centre. Fourth, the MRSA and MRGN recommendations: They regulate screening, isolation, remediation and decolonization. Fifth, the recommendation for construction planning and execution: It must be taken into account for new buildings and renovations and regularly leads to conflicts with architects and developers.

Sixth, the recommendation for water hygiene and Legionella prevention: It requires regular sampling, risk assessments according to the Drinking Water Ordinance and action plans if action values ​​are exceeded. Seventh, the recommendation on hygiene in outpatient care (relevant for hospital outpatient clinics and MVZs). Each of these recommendations must be implemented in its own procedural instructions, which are referenced in the hygiene plan. In the event of an audit, random checks are carried out to determine whether the in-house procedural instructions correspond to the current KRINKO version. Anyone who keeps outdated versions here risks complaints and obligations to make improvements within set deadlines. A systematic resubmission of the KRINKO recommendations via the compliance system ensures that updates from the Federal Health Gazette are directly incorporated into the in-house procedural instructions and are not lost in a personal inbox. In the CIVAC workspace, this follow-up is activated by default and delivers a monthly status report to the clinic management.

Reporting obligations according to § 6 and § 7 IfSG: Who reports when?

The IfSG has three mandatory reporting categories. Section 6 IfSG regulates the reporting of illnesses by name by the treating doctor, for example in the event of suspicion, illness or death from cholera, diphtheria, measles, rabies, tuberculosis and other pathogens. The report must be made immediately, at the latest within 24 hours, to the responsible health authority. Section 7 IfSG regulates the reporting of pathogens by name by laboratories, also within 24 hours. Section 6 (3) IfSG also covers nosocomial infections with clusters that must be reported as suspected outbreaks.

The obligation to report applies to the treating doctor or, alternatively, the head of the medical facility. The clinic management must ensure organizationally that reporting is also possible outside of office hours. This includes an on-call system, a documented reporting path and templates for electronic reporting via DEMIS (German Electronic Reporting and Information System). Anyone who has not established the DEMIS connection risks fines according to Section 73 IfSG.

The documentation of the report belongs in the patient file and, at the same time, in a reporting database at the clinic. Every message must be recorded with the date, time, recipient and content so that compliance with the deadline can be proven in the event of a complaint. The deadline of 24 hours is a maximum period; it expires as soon as we become aware of it. If an outbreak is suspected (three or more nosocomial infections with the same pathogen in a temporal and spatial context), an immediate report is also required in accordance with Section 6 Paragraph 3 IfSG. The structured recording in the KISS system of the National Reference Centre is a mandatory part of modern hospital hygiene. Deadline begins as soon as we become aware of it. The auditor calls, the evidence is ready. The connection to the nationwide IfSG reporting portal should be technically anchored in the hospital information system so that there is no manual break between patient documentation and the reporting path.

Mandatory training and qualifications of hygiene staff

The qualifications of hygiene staff are regulated in detail in the state hygiene regulations. The hospital hygienist must be a specialist in hygiene and environmental medicine or microbiology, or alternatively a doctor with additional training in hospital hygiene (ÄK curriculum). Hygiene specialists require two years of in-service training in accordance with the DKG recommendations. Doctors responsible for hygiene complete a 40-hour curriculum, while nurses responsible for hygiene complete a 24-hour curriculum.

Staffing is based on the recommendations of KRINKO and the state regulations. A rule of thumb: one hospital hygienist per 1,000 beds, one hygiene specialist per 200 to 250 beds in acute care, one hygiene officer doctor per specialist department. Larger companies require hygiene commissions that meet at least every six months and record decisions.

The obligation to train employees results from Section 12 BiostoffV (Ordinance on Organic Materials), Section 4 ArbSchG (Occupational Safety and Health Act) and the respective state hygiene regulations. Mandatory are: briefing upon hiring, annual refresher, event-related training on new procedures or pathogens. The training courses require proof with date, content, list of participants and signature. A compliance platform with electronic training management makes verification much easier. CIVAC offers a workspace for hygiene officers with 490 audit templates, including hygiene plan templates, training documentation and surveillance protocols. Licence the workspace for your internal representatives, or have our representatives order it. The auditor calls, the evidence is ready. The SLA of two working days for new training templates replaces classic waiting times of several weeks. For very small hospitals with fewer than 100 beds, it is also possible to appoint the hygiene officer externally, provided that availability within the clinic and connection to staff training are guaranteed. In any case, the training certificates must be kept for at least five years in order to be able to be presented in occupational safety and liability proceedings. For hospitals with a particular focus (oncology, transplantation, neonatology), the qualification requirements should go beyond the minimum and a special curriculum should be integrated.

Surveillance of nosocomial infections: KISS and home procedures

Surveillance of nosocomial infections is mandatory for defined areas according to Section 23 Paragraph 4 IfSG. Hospitals must continuously record, evaluate and use data on nosocomial infections and multi-resistant pathogens internally to optimise preventive measures. The National Reference Centre for Surveillance of Nosocomial Infections (NRZ) at the Robert Koch Institute operates the KISS system, in which most clinics participate voluntarily.

KISS includes several modules, including ITS-KISS (intensive care unit), OP-KISS (post-operative wound infections), CDAD-KISS (Clostridioides difficile), MRSA-KISS, NEO-KISS (neonatal intensive care unit) and HAND-KISS (hand disinfectant consumption as a surrogate parameter). Participation allows anonymous comparisons with national reference values, which is valuable for internal improvement and serves as proof of quality in the supervisory process.

In addition to KISS, in-house procedures for outbreak detection are necessary. Definition of an outbreak according to KRINKO: three or more infections with the same pathogen in a temporal and spatial context. Hygiene management must have an outbreak management plan that regulates the reporting path, containment measures, communication with the health department and documentation. In an emergency, every hour counts: Anyone who has not implemented the plan loses reaction time. CIVAC supports clinics in creating the outbreak plan and connecting it to health department communication. The outbreak protocols are stored in versioned form in the Workspace so that each message can be reconstructed with a time stamp. The appointment certificate, signed, filed, verifiable. The connection to the electronic reporting interface DEMIS reduces manual errors when reporting outbreaks and makes it possible to reliably meet the 24-hour deadline in routine operations. The surveillance data from the past three years should be available at any time as a trend analysis because the health department regularly requests this during supervisory visits. The anonymized possibility of comparison with national KISS reference values ​​is also a valuable control instrument for the clinic management in the quality dialogue with the MDK and the G-BA.

Reprocessing of medical devices: Section 8 MPBetreibV

The reprocessing of medical devices is regulated in Section 8 of the Medical Device Operator Ordinance (MPBetreibV) and the KRINKO/BfArM recommendation 2012 (with subsequent updates). Risk classification: non-critical (contact with intact skin, such as a stethoscope), semi-critical A (contact with mucous membrane, such as an endoscope without canal rinsing), semi-critical B (contact with mucous membrane, difficult to reprocess, such as a flexible endoscope), critical A (contact with wounds or blood, such as surgical instruments), critical B (with increased requirements, such as hip endoprosthesis instruments), critical C (with special requirements, such as minimally invasive instruments that are difficult to reprocess). Instruments).

The preparation must be validated. Validation includes cleaning, disinfection and sterilization, each with documented procedures, equipment and tests. The expertise of the processing personnel must be proven, usually through training in accordance with DGSV recommendations. A separate central sterile goods supply department (CSSD) is standard for larger hospitals; smaller clinics can have reprocessing carried out externally, but then have to have a work contract with clear requirements.

The documentation of the reprocessing includes batch protocols, validation reports, maintenance records of the reprocessing devices and proof of training. For products processed externally, the work contract with quality requirements and audit rights is added. For critical B and C medical devices, KRINKO requires reprocessing using a certified process, ideally certified according to ISO 13485. Anyone who does not check the validation situation annually risks complaints in both the MDR audit and the hygiene audit. Audit-proof, documented, Section 8-proof. For endoscopes, an annual microbiological sample is also mandatory according to KRINKO recommendations, otherwise the burden of proof is reversed in the case of infections. Anyone who carries out the processing according to CSSD standards and has the validation checked externally every year significantly relieves the burden of having to provide evidence in the event of damage. Interlinking with the quality management representative in accordance with DIN EN 15224 also ensures the overall consistency of the procedural instructions.

Interfaces: Occupational safety, medical device law and IT security

Hospital hygiene is not isolated. Three cross-sections are particularly relevant to the exam. Firstly, occupational safety according to Section 5 ArbSchG and BiostoffV: risk assessments for biological agents (protection levels 1 to 4), appointment of an occupational safety specialist (SiFa) and a company doctor according to ASiG. Hygiene and occupational safety overlap in protective equipment, vaccination offers (particularly hepatitis B, influenza, COVID-19), injury management for needlestick injuries and psychological stress in outbreak management.

Secondly, medical device law according to MPDG and MDR (Regulation 2017/745/EU): Commissioner for medical device safety according to § 6 MPDG, reporting obligations in the event of incidents, processing according to Section 8 MPBetreibV. The interfaces to hygiene are close-knit here, especially with endoscopes, ventilators and dialysis equipment. Thirdly, IT security according to NIS-2 and KRITIS: Hospitals with over 30,000 inpatient cases per year fall under the KRITIS regulation and the BSIG, and at the same time NIS-2 obliges other hospitals to adopt cybersecurity governance. Cyber ​​attacks on clinics regularly lead to hygiene problems when documentation systems fail and processing protocols have to be kept manually.

An integrated compliance structure brings these three cross-sections together. The hygiene officer, medical device safety officer, data protection officer and information security officer should report to the clinic management in a joint compliance commission. CIVAC operates the reporting line as a single platform in which all representatives enter their findings, risk classifications and measures. Licence the workspace for your internal representatives, or have our representatives order it. Also see the Contribution to NIS 2 implementation for the cybersecurity dimension. Multiple capture is a tool issue. For medium-sized clinics with three to five representatives, an integrated platform usually saves two to four man-days of preparation effort per audit cycle. The uniform reporting line to management also ensures a clear distribution of responsibility and puts an end to the question of whether a finding has already been escalated.

From hygiene plan to auditable file: The CIVAC approach

A hygiene plan is only worth as much as the file in which it is contained. CIVAC is a compliance platform and officer-as-a-service for hospitals, rehabilitation clinics, MVZs and care facilities. All hygiene plans, risk analyses, training certificates, surveillance data and reporting protocols are stored in version form in the workspace. Each KRINKO recommendation is linked to the in-house procedural instructions, so that when the recommendation is updated, the need for adjustment is immediately recognised.

Licence the workspace for your internal representatives (hospital hygienists, hygiene specialists, hygiene officers, doctors), or have our representatives order it. The appointment certificate is issued within two working days, instead of the usual two to six weeks that occur in classic consulting mandates. It is signed, filed and linked to the hospital management via the reporting line. In the event of an outbreak, the reporting path to the health department is prepared, the list of measures is ready, and the KISS data connection is running.

Anyone who only checks hygiene management during the supervisory process has lost out. Anyone who keeps it in an auditable file with a reporting line significantly reduces the risk of fines according to Section 73 IfSG and the liability risk according to Sections 222 and 229 StGB. Turn reading into a mandate.: Write to info@civac.de or use the contact form on civac.de to initiate the appointment of an external hygiene officer or the licensing of the workspace. We will send you a sample folder with a hygiene plan, training templates and outbreak management, tailored to your care level and specialist department structure. Others run compliance like a filing cabinet. We run it like software. A 30-minute initial consultation with the hospital hygienist or a hygiene specialist is part of the initial contact. For the first 90 days, new mandates receive a fixed onboarding plan with a risk inventory, version status of the KRINKO recommendations and gap analysis for the state hygiene regulations.

FAQ

Which KRINKO recommendations are relevant for every hospital?

At least eleven subject areas are universal: hand hygiene, surface disinfection, reprocessing of medical devices, personal protective equipment, waste management, laundry hygiene, food hygiene, water hygiene, structural requirements, personnel hygiene and patient isolation. There are also risk area-specific recommendations for the operating room, intensive care unit, endoscopy and dialysis. The Robert Koch Institute has a complete list on its website.

Who has to appoint a hygiene representative in a clinic?

The hospital management. It is mandatory to appoint a hospital hygienist (specialist in hygiene and environmental medicine or microbiology with additional qualifications), hygiene specialists in accordance with state regulations and hygiene officers in each specialist department. The number depends on the number of beds and level of care. An external order via CIVAC is possible provided qualifications and availability are guaranteed.

How quickly must a suspected outbreak be reported?

Immediately, at the latest within 24 hours of becoming aware of it. The report is made in accordance with Section 6 Paragraph 3 IfSG to the responsible health authority, and additionally in accordance with Section 7 IfSG by the laboratory. An outbreak occurs when there are three or more nosocomial infections with the same pathogen in a temporal and spatial connection. Electronic reporting via DEMIS is mandatory.

How often does the hygiene plan need to be updated?

At least annually, and when there are significant changes as needed: new procedures, new pathogens, new devices, new KRINKO recommendations or new state regulations. The version history must be traceable and proof must be provided that it has been handed over to employees. An electronic platform with read confirmation makes proof considerably easier and is regularly accepted in audits.

What fines are there for violations of the IfSG?

Administrative offenses according to Section 73 IfSG are punished with fines of up to 25,000 euros, depending on the regulations. In the case of qualified violations, the clinic management may be held criminally liable according to Section 222 of the Criminal Code (negligent homicide) or Section 229 of the Criminal Code (negligent bodily harm). In addition, there is a risk of civil liability claims from patients based on the principles of reversal of the burden of proof when risks are fully controllable.

What does a compliance platform do for hospital hygiene?

It brings together hygiene plans, risk analyses, proof of training, surveillance data and reporting protocols in a versioned file. KRINKO updates are automatically linked to the in-house procedural instructions, reminders for annual reviews run automatically, and in the audit the complete documentation is available as a PDF export within minutes. CIVAC offers this platform with 37 audit templates.

No obligation

Sounds like a lot of work?

Officer duties, deadlines, paperwork — that's exactly what we take off your hands. Say hello and we'll show you how.

Turn this into a mandate.

Let us carry the operational weight. External officer, templates and documentation in one workspace. No obligation.

Related articles