Supporting documents (online primary care)

Page last updated: 16 May 2022
Organisations we regulate

You must include all these documents with your application.

We will return your application if you do not do so.

Save each document as a separate file. Name each file so we know what it is. For example 'list of policies and procedures' or 'financial viability statement'.

Complaints policy and procedure

As part of your application you must include your complaints procedure. This document shows us that you have a clear process in place to handle complaints and concerns.

It should be specific to your service and include information, for example, how to::

  • make a complaint or raise a concern
  • effectively investigate, address and respond to concerns and complaints
  • protect people who raise concerns or complaints from discrimination, harassment or disadvantage
  • improve the service from feedback received
  • signpost people to next steps if they are not satisfied with the outcome

You should also consider how easy it is for people to use your complaints process and include an easy read version.

Supporting information


External sources

Consent policy and procedure

The policy and procedure should set out how you will get consent to care and treatment. It must reflect current legislation and guidance. For example, the Mental Capacity and Liberty Protection Safeguards.

Equality, diversity and human rights (EDHR) accessibility policy

Your policy must set out how you will meet the Accessible Information Standard.

It should describe how:

  • you will make reasonable adjustments so that people with a disability can access and use services on an equal basis to others
  • your technology (including telephone systems and online/digital services) will be easy to use
  • staff will understand and respect the personal, cultural, social and religious needs of people:
    • how these needs may relate to care needs
    • how staff will take these needs into account in the way they deliver services
    • how they should record this information
    • how and when they should share the information with other services or providers.

    You need this to meet Regulation 17: good governance and Regulation 9: person centred care.

Evidence of medical indemnity or insurance covering online activities

You must have insurance and suitable medical indemnity arrangements. These must cover potential liabilities arising from:

  • death, injury, or other causes
  • loss or damage to property, or other financial risks.

This helps to show us how you will meet Regulation 12(2)(h).

Financial viability statement (unless you're a corporate provider)

You must include a financial viability statement with your application.

This confirms you have the finances to provide your service and keep it running, as set out in your statement of purpose.

We recommend you use the CQC financial viability template.

Fit and proper persons (directors) policy

Your policy must explain:

Information commissioner's Office (ICO) registration certificate

Your systems and processes must support the confidentiality of the people who use your service. They must comply with the Data Protection Act 1998. Every organisation that processes personal information must pay a fee to the ICO, unless exempt. Failure to do so will result in a fixed penalty.

Information governance policy

The policy must outline the arrangements (including appropriate internal and external validation) to ensure the availability, integrity and confidentiality of identifiable data, records and data management systems, in line with data security standards.

It should detail how you will:

  • learn lessons when there are data security breaches
  • make sure you submit data or notifications to external bodies as required
  • use and analyse data. For example, if a certain drug is being over prescribed, how you would identify this (audit), learning, recording well and making available
  • use data to improve services
  • work with and share data about people with other services - including contingency or emergency plans. For example, GP out of hours, referral and discharge
  • assure people that you treat their information confidentially in a way that complies with the Data Protection Act
  • support people to make and review choices about sharing their information.

You need this to comply with Regulation 17: good governance.

Medicines management and prescribing policy

The policy must set out how you will:

  • appropriately prescribe, administer and supply medicines to people
  • do this in line with relevant legislation, national guidance or best available evidence.

It should include:

  • arrangements for monitoring patients who have been prescribed ‘high risk’ medicines
  • safe storage and administration of medical gases, controlled drugs, emergency medicines, and equipment
  • cold chain arrangements for vaccines
  • how you deal with repeat prescriptions
  • antibiotic prescribing, opioid scrutiny, and audits of these
  • how you assure yourself that independent prescribers are competent
  • your audit trail and security of prescriptions.

Your policy must set out the safety and security procedures of medicines and prescriptions during home visits. You should link this to your lone working policy.

This helps to show how you will meet Regulation 12(2)(g).

Patient pathway

This should set out the path or route a patient will follow when using your service.

Public and employer liability insurance quote or certificate

You must have insurance and suitable indemnity arrangements to cover potential liabilities arising from death, injury, or other causes, loss or damage to property, and other financial risks.

Complete the insurance supporting information request form to explain these arrangements and send it with your application.

Records management policy

The policy should set out how you will maintain secure accurate records about:

  • each service user, including:
    • the care and treatment provided
    • a record of any emergency treatment, unplanned emergency work - such as 999 or transfer off event sites.
  • people employed to carry on the activity we regulate
  • how you manage that activity.
Recruitment policy

This document shows us that you have the appropriate procedures in place. It should be specific to your service and include:

  • how you make sure recruitment is fair and complies with legislation
  • stages of recruitment
  • conditions of employment
  • what references you need for a new employee
  • how you check previous employment
  • policy for recruiting volunteers and apprentices
  • recruitment complaints policy

Supporting information


External sources:

Safeguarding policy and procedures document

You must provide information about your policy and procedures on safeguarding, and provide guidance about how people can raise concerns about abuse. Your policy must set out the specific procedures for the different types of services and age groups.

This information must be accessible to people who use your service, their advocates, those lawfully acting on their behalf and those close to them, as well as to your staff.

You need this to comply with Regulation 13: safeguarding service users from abuse and improper treatment.

Staffing structure

Your staffing structure should detail:

  • the different roles
  • numbers of staff in each role
  • qualifications for each role
  • responsibilities for each role.

This will show us how you will make sure the service is supported by a suitably qualified, competent, skilled and experienced workforce - Regulation 18.

Staff training matrix or plan

Your training matrix should identify all training you will provide for all roles within your service. The matrix should include mandatory training. It should show the frequency of the training and how you will deliver it.

It should show how you will meet Regulation 18(2)(a).

Statement of purpose

The statement of purpose is a legally required document that must include a range of information about you and the care services you will provide.

We may return, reject or refuse your application if your statement of purpose does not include all the required information and match your application.

Your statement of purpose must include at least all the information listed under Schedule 3 of the Care Quality Commission (Registration) Regulations 2009 (as amended 2012).

Find out what your statement of purpose must include.

Training and development policy

Your policy must set out how you will:

  • identify the learning needs of all staff
  • staff will have appropriate training to meet their learning needs that covers the scope of their work
  • protect time for your staff to have this training
  • encourage your staff and give them opportunities to develop
  • provide all staff at every level with the development they need
  • make sure your staff have high-quality appraisal and career development conversations.

You need this to comply with Regulation 18.

Whistleblowing policy

Your policy should encourage people to come forward and voice serious concerns. These concerns could be from:

  • employees
  • others who have concerns about any aspect of your organisation.

The policy should explain:

  • how whistleblowers can raise concerns
  • how they will be supported
  • what they can expect to happen following their disclosure
  • where they can get more support.


Register as a new provider | 5. Statement of purpose