What good looks like for digital records in adult social care

Page last updated: 12 May 2022
Organisations we regulate

Good quality records underpin safe, effective, compassionate, high-quality care. They communicate the right information clearly, to the right people, when they need it. They are an essential part of achieving good outcomes for people.

This guide clarifies what good digital records look like and how providers can achieve this. It also covers the commitments CQC makes to support providers’ use of digital record systems and what we will look at on inspection.

Interim guidance - September 2020

What are the benefits of digital records systems?

We know that digital systems can mean good outcomes for people who use services, for providers and for the broader health and care system. They can:

  • provide ‘real time’ information recording about the care and support people need and receive
  • help providers and carers to be more aware when people’s needs change, and respond to them more quickly
  • offer the ability to use and compare data to improve people’s care
  • help information to be shared quickly, accurately and safely to support the provision of health and care services
  • help to minimise risks such as medication errors, dehydration or missed visits
  • help to support other important health and care functions, such as service management, planning and research
  • make it easier for people who use services to access their own records
  • help to manage and support staff to do their job effectively and efficiently
  • be easier to store, requiring less physical space
  • support better use of resources across the health and care system.

However, as with all systems and technologies, these benefits will only be realised if they are implemented in the right way. This guide aims to clarify how to do that for providers. It also aims to show CQC inspectors what they should look for when assessing how well these systems support high-quality care.

What does a good digital records system look like?

A good records system delivers good outcomes from the point of view of people who use services. These outcomes are the same whether the records are kept digitally or on paper, although what providers need to do to deliver them might vary. Good outcomes for people using services are captured by the following “I statements”. These are worded from the perspective of someone using services, and are not just for providers and managers, but for all of us.

I have records that:

  • are person-centred. They describe what is important to me, including my needs, preferences and choices
  • are accessible. I can see the information that is important to me, in a way that I choose, and I can understand
  • are legible. Information about me is recorded clearly and can be easily read by the people who support me    
  • are accurate. Information about me is correct and does not contain errors
  • are complete. There is no relevant or essential information about me that is missing
  • are up to date. They contain the latest relevant and essential information about me 
  • are always available to the people who need to see them when they need them 
  • are secure. My privacy and confidentiality are protected. Only the people who should see my records can see them (records are kept in line with Data Protection legislation, including General Data Protection Regulation (GDPR) requirements)
  • help the service that supports me to have good quality assurance systems and processes. They help the provider to assess, monitor and minimise the risks to my health, safety and wellbeing. They help the service that supports me to keep improving. 

What standards do digital records need to meet?

The fundamental standards do not set out what provider records must look like or what format they should be in. It is the provider’s choice if they use paper or digital records systems, or a mixture of the two.

We assess digital records systems against the relevant key lines of enquiry and the characteristics of ratings, just like paper records. The section above, What does a good digital record system look like?, set out the main points to consider.

All records must also comply with:

How does our approach to Coronavirus (COVID-19) impact this guidance?

COVID-19 requires all of us to work differently. This includes CQC inspectors spending more time on virtual activity and less time on physical site visits. Our transitional regulatory approach may mean that we will request more information from providers in a digital format. This includes inspectors asking for access to digital care records when not on site.

What can providers do to establish and maintain good digital records?

We want to see that providers that are already using a digital records system, or considering introducing a digital records system, or moving to a new system:

  • Focus on outcomes. Providers:
    • can describe how the system they are setting up will improve the quality of care they provide, support their organisation’s objectives and deliver better outcomes for people who use their service
    • have clear objectives linked to outcomes for people who use services. They have a plan to monitor, measure and evaluate against them, and engage with people who use services and staff to monitor, give feedback and improve the system
  • Involve the right people. Providers:
    • have involved their staff in setting up the systems and any piloting. All staff who have access to records have appropriate training and support in place
    • have involved people using their service and the people who matter to them. They can demonstrate how consent and individual preferences are captured and that they understand the benefits
    • will work with suppliers to continuously improve how the system works. This includes maintaining software and hardware, and updates across all devices consistently and at the right time to make sure the system is fit for purpose.
  • Manage the change successfully. Providers:
    • have an appropriate level of planning and governance in place to pilot and implement the new system. This includes migrating information and stopping the project safely if it is not successful. We would expect the scale and formality of governance to depend on the size of the organisation and the scale of the change
    • have reviewed their processes and made any changes needed to maximise the benefits of the new system – it may not just be a case of digitising what they currently do
    • are confident of how information will be accessed and shared with others. This includes people using services, family members and other health and social care providers. Providers should be clear about how long they will keep records and how they will destroy them (in accordance with relevant standards)
    • have backup and contingency arrangements in case the system is offline or mis-shared. Providers should test these arrangements.
  • Understand and meet relevant standards and regulations. Providers:
    • understand data protection and data security requirements and can demonstrate how they are meeting them. They have clear and robust policies about consent, privacy and equality 

What can providers expect from CQC?

For providers that are already using a digital records system, or considering introducing a digital records system, or moving to a new system, CQC commits to:

    • be transparent in our expectations of providers using digital records systems. We will apply the principles set out in this guidance and keep them updated if anything changes
    • be consistent in our approach to providers’ digital records systems. We will do this by working to ensure our staff are familiar with the principles set out here and apply them consistently
    • be clear about how we use information from providers about their records system to prepare for inspections
    • be open to discussing digital records systems with providers
    • making sure our inspectors and advisors have a good understanding of the main digital records systems available. And that they understand data protection law, including GDPR
    • making sure our inspectors know how to access the information they need on inspection. And that they bring the right Expert by Experience or specialist colleague to support that inspection.

CQC is developing our next five-year strategy from 2021 onwards. This will have a key focus on driving improvement and innovation. This guidance will be reviewed to reflect any new commitments made in our future strategy.

How will CQC inspectors access digital records on site visits?

CQC inspectors routinely look at the records used and held by providers during inspection. This includes records that relate to people using the service and staff. Read more in our guidance on accessing medical and care records using CQC’s powers. There is also more information on our transitional regulatory approach.

We expect providers to give inspectors access to the records that they request, in a way that meets their own governance requirements. This should be by:

  • Giving the inspector guest log-in details if the provider and the inspector are confident they can use the system correctly. CQC inspectors will not ask to use log-in details (including smart cards) of anyone who is not there with them.
  • Supporting the inspector to access any records they need to see. CQC cannot insist on unsupervised or direct access to digital records. Providers could make sure a member of their staff is there with the inspector or operate the system for them.

Providers cannot refuse to show CQC inspectors records when requested or stop them accessing digital records without a valid reason. This is an obstruction of our inspection powers and a criminal offence under:

CQC inspectors are not experts in the digital records systems used by providers. There is a wide range of systems on the market, which will continue to grow. Our inspectors may be familiar with the provider’s system or never have seen it before.

Where the inspector can access the digital records they need they will not ask for paper copies. Inspectors will only ask for specific formats where it is necessary for regulatory decision making or enforcement action. They will give a clear explanation for this request.

Where providers use both paper and digital records the information must align and be accurate.

Implementation of a new technology will have associated risks. CQC is willing to accept that risk exists, so long as these are being managed, and safeguards and processes are in place to ensure people continue to receive safe, high-quality care.

Further resources and information

The National Cyber Security Centre is the UK's independent authority on cyber security. It provides guidance on cyber security risks and how to manage them.

Digital Social Care works in partnership with NHS Digital. It is a dedicated space providing advice and support to the sector on technology and data protection.

Professional Records Standards Body works with the public and professionals to define the standards needed for good care records.

Data Security and Protection Toolkit is an online self-assessment tool. It enables organisations to measure and publish their performance against the National Data Guardian's ten data security standards.

The Records Management Code of Practice for Health and Social Care (2016) sets out what people working with, or in, NHS organisations in England need to do to manage records correctly.

NHSX is the joint unit bringing together teams from the Department of Health and Social Care, NHS England and NHS Improvement to drive the digital transformation of care.

NHSD is the national information and technology partner to the health and social care system. Their key role is around managing and supporting data. They also support providers, commissioners, and designers create products and services that are inclusive of all types of user, and accessible to those with additional needs.

If you need any further information or have any questions you can ask by emailing DL-ASCpolicy@cqc.org.uk