Emerging concerns protocol

Page last updated: 14 February 2024

Health and social care regulators, and others with a role in the quality and safety of care provision, have an essential role in ensuring that health and care services and educational environments promote, protect and maintain the health, safety and wellbeing of people who use services.

The purpose of the Emerging Concerns Protocol (Protocol)

The purpose of the Protocol is to provide a clear mechanism for signatories to share information that may indicate risk. This could include risks to people who use services, their carers, families, learners or professionals. Primarily it is a mechanism to triangulate information to support decision making. It aims to enable:

  • safe and timely sharing of information, which individually might seem small or insignificant, but when joined together can tell us a problem is emerging
  • consideration of any collaborative support, decisions or regulatory activity to address concerns in a proactive way.

This will allow signatories to fulfil our collective role better, as well as improve our ability to fulfil our individual roles. We also believe that working together more effectively can reduce unnecessary burden. For example, we can do this by encouraging our organisations to develop joint plans when we share similar concerns, or by taking assurance from each other’s actions.



This protocol was developed under the governance of the Health and Social Care Regulators Forum (the Forum).

In October 2016, the Forum convened a meeting of professional regulators, system regulators and other partners to discuss how working together as a safety system could support the delivery of high-quality care. One action from the meeting was to develop a protocol for regulators, which would help them share information about emerging concerns with each other and system partners in a timely fashion. This would include information that might undermine or harm the reputation of the professions or the regulators and their registrants, and particularly information that caused ongoing concern but may not be shared under existing arrangements.

Since its introduction, the Protocol has been amended to include new signatories and to ensure it remains up to date and is user friendly.

There are no legal requirements underpinning the Protocol. It has been developed by a voluntary group established by the signatories. Individual signatories retain their respective powers and restrictions under their own legislation, which allows members of the Protocol to take appropriate action.

The Emerging Concerns Protocol is designed to complement the National Quality Board's (NQB) guidance on quality governance and oversight. The NQB's Guidance reflects the introduction of Integrated Care Systems (ICSs), which are partnerships of NHS bodies and local authorities, working with other relevant local organisations, to plan and deliver joined up health and care services. System Quality Groups exist in all ICSs and all NHS England regions, as a partnership forum to share intelligence and coordinate action to improve services and manage risks. The NQB has also published a framework for how quality concerns and risks should be managed across the new landscape.

The Protocol complements the NQB's Guidance by providing a safe space for signatories to discuss emerging concerns that have regulatory implications. The Protocol process includes referring concerns to System Quality Groups where appropriate and disclosing discussions to those with key responsibilities under the ICS quality governance arrangements. NHS England works with the Protocol signatories in the interest of ensuring mutual alignment of the Protocol and the NQB Guidance.

Participating organisations

The following organisations are signatories of this Protocol:

  • Care Quality Commission (including the Maternity and Newborn Safety Investigations programme, hosted by Care Quality Commission)
  • General Dental Council
  • General Medical Council
  • General Osteopathic Council
  • General Pharmaceutical Council
  • General Chiropractic Council
  • General Optical Council
  • Health and Care Professions Council
  • Health Services Safety Investigations Body
  • Local Government and Social Care Ombudsman
  • Nursing and Midwifery Council
  • Parliamentary and Health Service Ombudsman
  • Social Work England.

The interests of these organisations, along with their key activities and responsibilities, are described in Annex A.

The signatories regularly hold Emerging Concerns Protocol meetings to ensure the oversight of the Protocol. At these meetings intelligence of emerging risks may also be shared, and in these cases the Protocol will be followed.

The National Guardian's Office is affiliated to the Protocol. In cases where concerns have been raised to Freedom to Speak Up Guardians and it is either not possible to resolve these internally within a service, or these routes have been exhausted, the Protocol offers an escalation route. Any Freedom To Speak Up Guardians who are seeking to escalate an issue should contact The National Guardian's Office who will facilitate escalation.

NHS England is working with our emerging concerns working group and support the use of the Protocol. NHS England agrees strongly with the principles of the Protocol; that emerging quality concerns must be acted on in a timely manner, with all relevant stakeholders round the table.

The scope of the Protocol

No piece of information is too small to use the Protocol. The Protocol deliberately does not set out an exhaustive list of the situations in which it should be used. Generally, however, the following information falls under the scope of the Protocol:

  • information which is relevant to professional or system regulation
  • information which may help to identify system issues with cross profession implications
  • information which may indicate a possibility of emerging risks to the public.

Information might include, but is not limited to, the following issues within health and social care settings (including educational environments):

  • clinical and care performance
  • culture
  • leadership or governance
  • financial performance
  • workforce and professional engagement
  • the adequacy of the education and learning arrangements and environment.

Concerns may fall into three categories:

  • concerns about an individual or groups of professionals
  • concerns about health and care systems and the health and care environment (including the learning environments of professionals)
  • concerns that might have an impact on trust and confidence in professionals or the professions overall.

Principles of the Protocol

The following principles - which underpin the Protocol - have been agreed across all organisations acting as signatories.

The Protocol is:

  • open to use irrespective of how small an issue may appear to be
  • flexible and empowering, supporting signatories to understand how they can share information
  • developed through a collaborative, partnership approach between organisations
  • linked to other governance arrangements and tools in the system, such as the National Quality Board's quality governance and oversight guidance
  • not a replacement of existing responsibilities and arrangements for taking emergency action, including arrangements for whistleblowing and responsibilities under Duty of Candour and Fit and Proper Persons Regulations.

Organisations that have signed up to the Protocol commit to:

  • promoting the use of the Protocol and considering its use for relevant issues no matter how small
  • considering how issues may have implications for system and professional regulators, including in relation to learning environments
  • modelling an open culture and encouraging others to openly share information
  • being transparent about how the Protocol is used, while maintaining confidentiality of content (in all directions, including the National Quality Board, providers, public, registrants)
  • being explicit about confidentiality agreements and parameters (including working with information shared by third parties)
  • using the Protocol within the law, including any restrictions on information sharing that are included in each signatory's statutory role
  • respecting the executive autonomy of each individual signatory
  • acting in support of good working relationships and existing formal and informal mechanisms that already exist, for example, signatories will continue to use specific Memoranda of Understanding they may share.

The process

The following sets out the full process, but at any stage it may be decided that it is not necessary to hold a Regulatory Review Panel.

1. A concern is identified by one or more signatories.

This may be following an observation by an organisation or a discussion between organisations, for example at the regular Emerging Concerns Protocol meetings where general intelligence is shared.

2. Immediate actions

  • Take necessary actions to mitigate any immediate risks, including following any safeguarding processes
  • Consider whether the information should be shared more widely by calling a Regulatory Review Panel. To establish this, consider the scope of the Protocol. An initial discussion between organisations may also take place (in accordance with guidance on confidentiality and data sharing)
  • If more than one organisation is involved at this stage, establish who the lead organisation will be for overseeing the use of the Protocol.

3. Consider the interests of partner organisations

4. The lead organisation to contact relevant organisations to arrange a regulatory review panel (RRP) meeting, prioritising timeliness.

  • Invitees should be made aware if personal data will be discussed and if that is the case, only those partners who need to know this information should attend
  • Those who attend the RRP should have appropriate authority to act on behalf of their organisation and agree any necessary actions to be taken
  • The meeting invite should include:
    • a brief overview/summary of the background information regarding the organisation's involvement to date
    • details of the emerging concern(s) identified - this should include sufficient detail to enable invitees to determine whether they should attend the RRP either to share or receive relevant information
    • explicit confirmation as to whether personal data shall be discussed (see above)
    • a list of the proposed invitees.

5. Hold RRP

  • RRP to be arranged, chaired and recorded by the organisation that identified the issue/information
  • The meeting should:
    • set out the emerging concern and any action taken to date
    • give an opportunity for other organisations to share any further information and actions that they have taken
    • explore options for further action
    • make decisions on next steps (including referrals to other forums or bodies)
    • agree whether to set up a subsequent meeting.
  • The lead organisation records the necessary information in the central Emerging Concern Protocol log and stores minutes securely. All attending organisations to ensure that they have the information needed to fulfil any individual recording requirements.
  • The chair of the RRP has 4 options for outcomes for an RRP.

It may well be that the outcome could be a combination of two or more of these. The decisions should be reached through debate between the attendees and a consensus reached.

1. Take no further action: The intelligence is now shared. Those attending believe sufficient / appropriate action has been taken by the relevant authorities / regulators to address the risks identified and no further action is required, or a watching brief is sufficient to manage any risks.

2. Referral to another group or non-signatory body. The group may agree that the issues identified in the RRP meeting can be referred to the provider and local system partners for information via their quality governance structures (the relevant System Quality Group) or other key organisations, for example the Police Service or Controlled Drugs Intelligence Network.

3. Further intelligence work required: Those present agree to go away and further triangulate the intelligence / information.

  • The chair can agree some parameters for the additional work so that each attendee knows clearly what others are committing to do. It is highly likely that a follow up meeting will be required to allow for further intelligence sharing. A date should be agreed before closing the initial meeting.
  • The process for sharing further information and intelligence should be agreed before the meeting ends.

4. Regulatory intervention / action is required / agreed: During the meeting it may be clear that regulatory action is or may be planned / required.

  • The chair will ensure that all attendees are clear about what steps are being taken by whom and when.
  • If necessary, the attendees may agree to co-ordinate their regulatory activities to increase insight but also reduce the burden on the provider concerned.
  • If possible, the chair should consider if there would be any benefit from a shared / joint regulatory visit or inspection.
  • It is likely that those taking regulatory action might ask others to keep all or some of this information confidential to key individuals within the attendees' organisation. This will be respected and confidentiality will be maintained until an agreed future date unless there is an urgent need to breach confidentiality in order to protect a person's safety.
  • It will also be agreed who should disclose details of the RRP to whom once that is feasible. Where appropriate, the panel will disclose details to those with key responsibilities under the Integrated Care System quality governance arrangements (for example Integrated Care Board Chief Nurse and the Regional Quality Director). Disclosure arrangements would be made clear at the end of the RRP or a review date agreed.

5. Carry out any necessary actions (including referrals to other forums).

6. Share outcomes and learning

  • RRP record shared with all partners and the Forum secretariat for monitoring and report at next Forum (including if no further action).
  • Use of Protocol reviewed for learning every time at the following regular Emerging Concerns Protocol meeting.

7. Update the Forum of any RRP meetings held and actions agreed.


Any organisation may receive information that indicates that abuse, harm or neglect has taken place. Any form of abuse, avoidable harm or neglect is unacceptable. Each organisation has procedures for managing these types of concerns and they must be followed. Each organisation remains responsible for ensuring they follow their own internal safeguarding procedures.

Recording requirements

Each organisation should be able to report on the panels that they initiated:

  • number of times they have initiated the Protocol
  • attendees at the panel
  • anonymised information about information shared
  • actions as a result of the Protocol.

Sharing personal data

In most uses of the Protocol, there should not be a need to share personal data about individuals.

Organisations convening a RRP meeting should be aware that if the information they need to share contains personal data, they must ensure that only those who need to know the information should attend. Any processing of personal data is subject to the requirements of the UK General Data Protection Regulation (UK GDPR), and each organisation handling personal data must have procedures in place to keep a record of processing activities for personal data.

All organisations signing up to this Protocol understand that they are responsible for ensuring their organisation's adherence to the UK GDPR, the Data Protection Act and other UK data protection legislation at all times. They agree that, when exchanging personal data under this Protocol, the provisions set out here will apply where they do not already have a Memorandum of Understanding and/or an Information Sharing Agreement.

What happens in the case of a cross-border concern?

There may be occasions where there are concerns that cross the borders between the four nations in the United Kingdom. For the majority of the professional regulators this would not be an issue. However, for the system regulators it will be important that the relevant system regulators across both sides of the border are engaged in any RRP meeting. For example, Healthcare Improvement Scotland (who have generated their own Emerging Concerns Protocol) may have a cross-border issue that relates to CQC or vice-versa.

Annex A: Organisations involved

The following information summarises the key interests, activities and responsibilities of each signatory to the Protocol.

If a signatory wishes to invoke the Protocol, it reviews the list of interests of each partner and identifies those that are relevant. This may, in some cases, be all partners.

Care Quality Commission (CQC)

Key interests

CQC would request contact about:

  • any concerns and relevant information about a health or adult social care organisation in England which may call into question its registration with CQC
  • any concerns and relevant information about a health or adult social care organisation with regard to the quality of care or safety for people using services
  • information from any investigation that raises concerns about poor team working, leadership, record keeping, appraisal systems or general failures at a health or adult social care organisation in England.

Key activities and responsibilities

CQC's powers are derived from the Health and Social Care Act 2008 and it is responsible for monitoring, inspecting and regulating care services to ensure they meet fundamental standards of quality and safety.

CQC's purpose is to make sure health and social care services provide people with safe, effective, compassionate, high-quality care and we encourage care services to improve.

In all our inspections, we ask five key questions. Are services:

  • Safe?
  • Caring?
  • Effective?
  • Responsive?
  • Well-led?

CQC hosts the Maternity and Newborns Safety Investigation programme, which can feed intelligence and expertise into the use of the ECP, subject to data sharing agreements and legislation.

General Chiropractic Council (GCC)

Key interests

The GCC would like to be informed of emerging or urgent concerns that may present a risk of harm to patient safety, or undermine the public's confidence in the chiropractic profession, including within clinical settings where chiropractic education is delivered.

The nature of concerns we are interested in include concerns about:

  • an individual chiropractor's fitness to practise
  • an individual chiropractor's registration
  • the quality of chiropractic education.

Key activities and responsibilities

The GCC is the independent statutory healthcare regulator, established as a result of the Chiropractors Act 1994, to regulate and develop the chiropractic profession. The Health and Social Care (Safety and Quality) Act 2015 implemented over-arching objectives across health and care regulators, which reinforced the role of regulators to:

  • protect, promote and maintain the health, safety and well-being of the public
  • promote and maintain public confidence in the profession of chiropractice
  • promote and maintain proper professional standards and conduct for members of that profession. The GCC has a duty within its Act to develop the profession.

What we do

  • We maintain a UK-wide register of qualified chiropractors.
  • We set the standards of education for individuals training to become chiropractors.
  • We set the standards of chiropractic practice and professional conduct for individuals working as chiropractors.
  • We investigate complaints against chiropractors and take action against them where necessary.

General Dental Council (GDC)

Key interests

The GDC would like to be informed of emerging or urgent concerns in relation to members of the dental team which may present a risk to patient safety or undermine public confidence in the dental profession. The dental team comprises dentists, dental hygienists, dental therapists, dental nurses, dental technicians, clinical dental technicians and orthodontic therapists.

Such concerns include concerns about:

  • an individual dental professional's fitness to practise
  • the quality of dental education and training or the systems in which dental professionals are trained (including supervision of trainees).

Key activities and responsibilities

The GDC is the UK-wide statutory, independent regulator of the dental profession. Our purpose is to protect patient safety and maintain public confidence in dental services. The Dentists Act 1984 provides our legislative Protocol. We:

  • register dental professionals who meet our requirements on education, training, health and good character
  • set standards for dental education and training in the UK
  • set standards of conduct, performance and ethics for the dental team
  • investigate allegations that a dental professional may not be fit to practise and take action to restrict their ability to practise where necessary.

General Medical Council (GMC)

Key interests

The GMC would like to be informed of emerging or urgent concerns that may present a risk of harm to patient safety or undermine the public's confidence in the medical profession.

The nature of concerns we are interested in include concerns about:

  • an individual doctor's fitness to practise
  • an individual doctor's registration and revalidation
  • the quality of medical education or the healthcare systems or environment in which doctors are trained.

System concerns which may be of interest to the GMC include the following:

  • staffing levels and supervision of trainees
  • management / leadership
  • equipment and premises
  • patient safety reporting systems.

Further details and examples of the types of issue the GMC is interested in hearing about can be found in the GMC's operational Protocol with CQC. A copy can be found on the GMC / CQC websites or upon request by emailing the GMC's single point of contact.

Key activities and responsibilities

The GMC is an independent organisation that helps to protect patients and improve medical education and practice across the UK. The GMC's powers and statutory functions are derived from the Medical Act 1983.

  • We decide which doctors are qualified to work here and we oversee UK medical education and training.
  • We set the standards that doctors need to follow, and make sure that they continue to meet these standards throughout their careers.
  • We take action to prevent a doctor from putting the safety of patients, or the public's confidence in doctors, at risk.

Doctors must be registered with a licence to practise with the GMC, to practise medicine in the UK. We manage the UK medical register.

General Optical Council (GOC)

Key interests

The GOC would like to be informed of emerging or urgent concerns about optometrists / ophthalmic opticians, dispensing opticians, contact lens opticians and optical businesses, that may present a risk of harm to patient safety or undermine the public's confidence in the optical professions. This includes concerns about:

  • an individual registrant's fitness to practise
  • an individual's registration
  • optical businesses.

Key activities and responsibilities

We are the regulator for optometrists, dispensing opticians, student opticians and optical businesses in the UK. Our purpose is to protect the public by promoting high standards of education, performance and conduct within optics.

We have four core functions:

  1. setting standards for optical education and training, performance and conduct
  2. approving qualifications leading to registration
  3. maintaining a register of individuals who are qualified and fit to practise, train or carry on business as optometrists and dispensing opticians
  4. investigating and acting where registrants' fitness to practise, train or carry on business is impaired.

General Osteopathic Council (GOsC)

Key interests

The GOsC would like to be informed of emerging or urgent concerns that may present a risk of harm to patient safety or undermine the public's confidence in the osteopathy profession.

The nature of concerns we are interested in include concerns about:

  • an individual osteopath's fitness to practise
  • an individual osteopath's registration
  • the quality of osteopathic education.

Key activities and responsibilities

The GOsC is the independent statutory healthcare regulator, established by the Osteopaths Act 1993, to regulate and develop the profession of osteopathy. By law, osteopaths must be registered with the GOsC in order to practice in the UK.

The overarching objective of the GOsC is the protection of the public. This involves the pursuit of the following objectives:

  • protecting, promoting and maintaining the health, safety and well-being of the public
  • promoting and maintaining public confidence in the profession of osteopathy
  • promoting and maintaining proper professional standards and conduct for members of that profession.

What we do

  • The GOsC keeps the Register of all those permitted to practise osteopathy in the UK.
  • We work with the public and osteopathic profession to promote patient safety by registering qualified professionals and we set, maintain and develop standards of osteopathic practice and conduct.
  • We help patients with any concerns or complaints about an osteopath and have the power to remove from the Register any osteopaths who are unfit to practise.
  • We also assure the quality of osteopathic education and ensure that osteopaths undertake continuing professional development.

General Pharmaceutical Council (GPhC)

Key interests

The GPhC would like to be informed of concerns, including emerging concerns, about pharmacists, pharmacy technicians and registered pharmacies that could suggest there is a risk to patient safety or could affect the public's confidence in pharmacy. This includes concerns about:

  • an individual pharmacist or pharmacy technician's fitness to practise
  • an individual pharmacist or pharmacy technician's registration
  • registered pharmacies
  • the quality of pharmacy education and training, including concerns about an accredited course or an approved pre-registration training placement
  • any other potential systemic and/or thematic issues in a registered pharmacy, which could impact on patient safety.

You can find out more about what we investigate on our website.

Key activities and responsibilities

The GPhC is the regulator for pharmacists, pharmacy technicians and registered pharmacy premises in England, Scotland and Wales. It is our job to protect, promote and maintain the health, safety and wellbeing of members of the public by upholding standards and public trust in pharmacy.

Our main work includes:

  • setting standards for the education and training of pharmacists and pharmacy technicians, and approving and accrediting their qualifications and training
  • maintaining a register of pharmacists, pharmacy technicians and pharmacies
  • setting the standards that pharmacy professionals have to meet throughout their careers
  • investigating concerns that pharmacy professionals are not meeting our standards, and taking action to restrict their ability to practise when this is necessary to protect patients and the public
  • setting standards for registered pharmacies which require them to provide a safe and effective service to patients
  • inspecting registered pharmacies to check if they are meeting our standards.

Health and Care Professions Council (HCPC)

Key interests

The HCPC is an independent regulator set up to protect the public. We regulate 15 health and care professions.

We would like to be informed of any emerging concerns in relation to the following professions:

  • Arts therapists
  • Biomedical scientists
  • Chiropodists / Podiatrists
  • Clinical scientists
  • Dietitians
  • Hearing aid dispensers
  • Occupational therapists
  • Operating department practitioners
  • Orthoptists
  • Paramedics
  • Physiotherapists
  • Practitioner psychologists
  • Prosthetists / Orthotists
  • Radiographers
  • Speech and language therapists.

Key activities and responsibilities

The HCPC is an independent regulator set up to protect the public. We regulate 15 health and care professions. Our key functions are:

  • to maintain and publish a Register of health and care professionals who meet HCPC standards for their training, professional skills, behaviour and health
  • to approve education and training programmes within the UK. An individual who successfully completes an approved programme is eligible to apply to the HCPC Register
  • to make sure that someone who has trained outside of the UK has met our standards before we register them
  • to protect the public from those who are not fit to practise. The HCPC will take action against professionals who do not meet these standards or who use a protected title illegally.

Health Services Safety Investigations Body (HSSIB)

Key interests

The HSSIB is a fully independent arm's length body of the Department of Health and Social Care. We investigate patient safety concerns across England to improve healthcare at a national level.

The HSSIB does not have any regulatory obligations so does not need to be notified about concerns to help fulfil any specific legal duties. However, sharing concerns with the HSSIB can help to provide us with insights that can impact on investigations we decide to carry out to improve patient safety.

We are bound by strict laws under the Health and Care Act 2022 prohibiting disclosure of protected materials we have gathered during our investigations, expect under specific circumstances. However, in the course of our work we may identify themes or patterns in the information being provided to us that could help identify emerging patient safety concerns.

Key activities and responsibilities

The HSSIB investigates patient safety incidents that occur in England during the provision of healthcare services. The purpose of a HSSIB investigation is to identify risks and address those by facilitating the improvement of systems and practices in NHS services, or other healthcare services where there would also be a benefit to the NHS.

Our investigations do not find blame or liability and information shared with us is confidential and protected by law. A HSSIB investigation does not replace any existing investigation or legal process that is available to patients, families, carers, or healthcare staff.

Local Government and Social Care Ombudsman

Key interests

The Local Government and Social Care Ombudsman (Ombudsman) is the final stage for complaints about local authorities and all adult social care providers (including care homes, and domiciliary care agencies) in England. The Ombudsman looks at complaints about all forms of adult social care, both local authority and privately funded.

The twin aims of the Ombudsman are to remedy individual injustice, and to use what we learn from complaints to improve local services. We are a free service for the public, and we investigate complaints impartially.

The Ombudsman also works in close partnership with the Parliamentary and Health Service Ombudsman to investigate complaints spanning the health and social care sector in England.

The Ombudsman would like to be informed of concerns about ineffective complaint handling processes and practices within local authorities and social care providers.

Key activities and responsibilities

The Ombudsman is the final stage for complaints about local authorities, and all adult social care providers (including care homes, and home care agencies). The Ombudsman can investigate all adult social care complaints, including complaints about care that is funded privately without local authority involvement. The Ombudsman works in close partnership with the Parliamentary and Health Service Ombudsman to investigate complaints spanning the health and social care sector.

Nursing and Midwifery Council (NMC)

Key interests

The purpose of the NMC is to promote and uphold the highest professional standards in nursing and midwifery to protect the public and inspire confidence in the professions. As such we would like to hear about any:

  • fitness to practise concerns relating to individual nurses, midwives and nursing associates in England, including those in leadership positions
  • potential systemic/thematic issues in a health or social care setting which could impact upon the fitness to practise of nurses, midwives and nursing associates in England
  • information which suggests a nurse/midwife may still be practising without valid registration
  • concerns in relation to the standard of education provided by an Approved Education Institution (AEI).

Key activities and responsibilities

We are the professional regulator for nurses and midwives in the UK, and nursing associates in England.

  1. We maintain the register of nurses and midwives who meet the requirements for registration in the UK, and nursing associates who meet the requirements for registration in England.
  2. We set the requirements of the professional education that supports people to develop the knowledge, skills and behaviours required for entry to, or annotation on, our register.
  3. We shape the practice of the professionals on our register by developing and promoting standards including our Code, and we promote lifelong learning through revalidation.

Where serious concerns are raised about a nurse, midwife or nursing associate's fitness to practise, we can investigate and, if needed, take action.

Parliamentary and Health Service Ombudsman (PHSO)

Key interests

The PHSO is statutorily independent and accountable directly to Parliament. We make final decisions on complaints that have not been resolved by the NHS in England and UK government departments and other public organisations.

Due to our position as the complaint handler of last resort, most of the issues that will be raised via this Protocol should be identified before they reach us. We are bound by strict statutory rules about how we can share information before any investigation we conduct has concluded. Before attending any RRP, PHSO will need to decide whether to attend based on the likelihood that the issue being raised may come to us as a future complaint. Our policy on sharing information under the Protocol is available in the section of our website on our Service Model. However, we recognise the importance of multi-agency co-operation to identify serious issues as early as possible to protect patients and their families from the harm that happens when things are allowed to repeatedly go wrong.

Key activities and responsibilities

The PHSO makes final decisions on complaints that have not been resolved by the NHS in England and UK government departments and other public organisations. It does this fairly and without taking sides. Its service is free.

Social Work England

Key interests

Social Work England would like to be informed of any concern about a social worker that could suggest there is a risk to the public or one that could affect the public's confidence in the social work profession. This includes concerns about:

  • an individual social worker's fitness to practise
  • an individual social worker's registration
  • the quality of social work education and training.

Key activities and responsibilities

We are a specialist body taking a unique approach to regulating social workers in their vital roles. We believe in the power of collaboration and share a common goal with those we regulate - to protect the public, enable positive change and ultimately improve people's lives.

Social work is about people. Our purpose is to regulate social workers in England so that people receive the best possible support whenever they might need it in life. We are committed to raising standards through collaboration with everyone involved in social work.

Our work includes:

  • setting the professional standards that social workers have to meet throughout their careers
  • setting education and training standards which outline the requirements that we expect social workers and social work courses to meet
  • maintaining a register of over 100,000 social workers
  • investigating concerns when social workers do not meet our standards, and taking action to restrict their ability to practise when this is necessary to protect the public.

Annex B: An example of protocol use

The following text is an example of how the Protocol has already been used. This stopped an issue becoming even bigger and prevented potential harm to patients nationally.


A senior doctor working in the NHS approached a GMC Regional Liaison Adviser (RLA) at a conference and disclosed that they had experienced issues for several months with the quality of surgical equipment used by their organisation.

They stated that the surgical packs were not complete and frequently contained instruments that were poorly assembled and prone to coming apart during surgery. The same supplier provides theatre equipment to other healthcare providers, both public and private. The issue was clearly an urgent patient safety concern and involved doctors, nurses and other healthcare professionals. The organisation's senior management were aware.

This disclosure was about a live and ongoing patient safety concern that went beyond the GMC's statutory functions and was potentially affecting at least three professional groups and a number of NHS and private healthcare organisations. It was determined by GMC senior managers that this information had to be shared urgently with CQC and other partners.

Action taken

  • A call between the GMC and CQC took place and agreed that a RRP meeting would be triggered in line with the 'Emerging Concerns Protocol'.
  • A redacted intelligence summary was shared with CQC and NMC.
  • All of the potential signatories were contacted by CQC.
  • Representatives attended a virtual meeting chaired by CQC.
  • Delegates were provided with a verbal synopsis of the GMC intelligence.
  • Information that CQC had learned between the initial call with the GMC and the RRP was shared.
  • The NMC updated the call with what they had learned from their own data and intelligence.
  • CQC confirmed that they were in the process of inspecting the organisation concerned and would seek additional information.
  • It was agreed that the Health and Safety Executive (HSE) and Medicines and Healthcare Products Regulatory Agency (MHRA) should be informed.


  • Regulatory action was agreed and taken swiftly by CQC.
  • Professional regulators shared intelligence and data expeditiously.
  • HSE and MHRA were briefed within days of the disclosure.
  • Other signatory organisations were sighted on the issue.
  • The meeting was over within 45 minutes.
  • Feedback was positive from all attendees.

Annex C: Sharing data

In this Protocol, the terms below have the following meanings:


The Data Protection Act 2018 and all other UK data protection legislation.


The Freedom of Information Act 2000.


Has the meaning set out in section 6 of the DPA.


Means Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the General Data Protection Regulation), as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018, as defined in section 3(10) of the DPA.

Information Provider

The Party providing information under the Protocol.

Information Recipient

The Party or Parties receiving information under the Protocol.

Personal Data

Has the meaning set out in section 3(2) of the DPA


RRPs should generally focus on systems issues and shouldn't require stakeholders to share personal data about individuals. If personal data is due to be shared, it's important that only those organisations who need to know the information should attend and those sharing the information have considered suitable redaction as necessary.

Personal Data shall only be provided by the Information Provider to the Information Recipient where such Data is relevant to each Information Recipient's statutory functions. Any Personal Data shared under this Protocol shall only be used by the Information Recipients for the Purpose and may not be used by the Information Recipient for any other purpose.

The Information Provider may only share Personal Data with the Information Recipient where such sharing complies with the UK GDPR, the DPA, the Human Rights Act 1998, the common law duty of confidence and all other applicable laws.

Responsibilities of the Parties

The Parties to this Protocol agree that each shall act as an independent Controller for any Personal Data shared under this Protocol.

Each organisation is responsible for ensuring that they follow their own internal guidance and procedures for sharing or disclosing any information in accordance with Annex C of the Protocol.

In respect of any Personal Data shared under this Protocol, each Information Recipient shall:

  • ensure that such Personal Data is processed in accordance with the UK GDPR, the DPA and all other applicable law; and
  • comply at all times with the information governance arrangements set out below.

Sharing of information

The Information Provider gives no warranty that the information being shared meets any quality standard or is free from errors. Nothing in this Protocol shall be interpreted as compelling the Information Provider to disclose any Personal Data to the Information Recipient.

Information Security

When sharing Personal Data under this protocol, the information provider must ensure that the information shared is suitably encrypted and/or sent by other secure means. Where particularly sensitive information, other than personal data, is shared under this protocol, the information provider should ensure that recipients are alerted to the need to apply appropriate measures to ensure that it is kept secure.

The Information Recipient shall ensure that appropriate technical and organisational measures are taken against unauthorised or unlawful processing of the Personal Data and against accidental loss or destruction of, or damage to, the Personal Data.

The Parties agree to comply with all their own policies on data protection and records management in respect of all information shared under this Protocol.

Retention and disposal

Personal Data shared under this Protocol shall be retained by the Information Recipient only for so long as is required for the Purpose.

At the end of the period specified above, the Information Recipient must securely dispose of all Personal Data provided for the Purpose.

Access to information

It's important to note that there may be disclosure requests for information relevant to the RRP which may include any notes taken during the meeting and those circulated thereafter.

The Parties acknowledge that each is subject to the FOIA and that requests for information transferred under this Protocol may be received by any Party under either the FOIA or the DPA. There are exemptions that may be applied when responding to FOIA or DPA requests and the Parties will consider each request on an individual basis. Each organisation is responsible for responding to any disclosure requests in line with their internal policies/procedures. The Parties shall co-operate with each other to ensure that each can comply with their respective obligations under the DPA and the FOIA. The forum secretariat will provide support to enable the Parties to work together where more than one Party is approached with a request for information.

Where the Information Recipient receives a request under either the DPA or FOIA for information that has been provided by the Information Provider, the Information Recipient shall inform the Information Provider promptly of the request.


All Personal Data and any other information and materials of any Party relating to this Protocol shall not be disclosed to any third party other than a Party's professional advisers or as may be required by law or as may be agreed between the relevant Parties. This clause shall not extend to information which was already in the lawful possession of a Party prior to any RRP meeting under this Protocol or which is already public knowledge or becomes so subsequently (other than as a result of a breach of any duty of confidentiality) or which is required to be disclosed by law. The obligations of confidentiality under this clause shall survive any termination of this Protocol.

Where dealing with information received from whistle-blowers or sources who wish to remain anonymous, utmost care must be taken to protect their identity. Careful thought should be given not to share any documentation (redacted or otherwise) or other information about the facts and circumstances relating to an incident or setting which might directly or indirectly identify the source.