Emerging concerns protocol

Health and social care regulators, and others with a role in the quality and safety of care provision, have an essential role in ensuring that services and educational environments promote, protect and maintain the health, safety and wellbeing of people who use services.

As a group of organisations, we expect providers and professionals to work together to provide the best possible care. We hold ourselves to the same standards. We know that sharing concerns at the right time can make it easier to make links between pieces of information, which individually might seem small and insignificant, but that joined together can tell us a problem is emerging. Information sharing between organisations does happen. However, at times this sharing can be inconsistent and too slow to prevent people receiving poor care.

We believe that we can strengthen the systems that allow this information to be shared and improve the transparency about our work for people receiving care, as well as for professionals and health and care providers. Doing so will allow us to fulfil our collective role better, as well as improve our ability to fulfil our individual roles. We also believe that working together more effectively can reduce unnecessary burden. For example, we can do this by encouraging our organisations to develop joint plans when we share similar concerns, or by taking assurance from each other’s actions.

---

Contents

• Background
• Purpose of the protocol
• Principles of the protocol
• Organisational roles and responsibilities
• Who is involved and when?
• Emerging concerns protocol summary process
• Recording requirements
• Sharing personal data
• Annex A: Organisations involved
• Annex B: An example of protocol use
• Annex C: Sharing personal data
• Annex D: Questions to consider when determining whether to use the protocol
• Annex E: Information for regulatory review panel chair
• Annex F: Template agenda for a regulatory review panel

---

Background

This protocol was developed under the governance of the Health and Social Care Regulators Forum (the forum). All of the partners who have signed up to this protocol share the common objective of ensuring that health and social care professionals and systems across the UK serve to protect the public, while maintaining the health, safety and wellbeing of the professionals themselves, those using services, families and carers.

In October 2016, the forum convened a meeting of professional regulators, system regulators and other partners to discuss how working together as a safety system could support the delivery of high-quality care. One action from the meeting was to develop a protocol for regulators, which would help them share information about emerging concerns with each other and system partners in a timely fashion. This would include information that might undermine or harm the reputation of the professions or the regulators and their registrants, and particularly information that caused ongoing concern but may not be shared under existing arrangements.

The following organisations are signatories of this protocol:

• Care Quality Commission
• General Dental Council
• General Medical Council
• General Osteopathic Council
• General Pharmaceutical Council
• General Chiropractic Council
• General Optical Council
• Health and Care Professions Council
• Health Education England
• Local Government and Social Care Ombudsman
• Nursing and Midwifery Council
• Parliamentary and Health Service Ombudsman
• Social Work England

The interests of these organisations, along with their key activities and responsibilities, are described in Annex A.

In addition, NHS England and Improvement are working with our emerging concerns working group and support the use of the protocol. NHS England and Improvement agrees strongly with the principles of the protocol; that emerging quality concerns must be acted on in a timely manner, with all relevant stakeholders round the table. NHS England and Improvement are currently updating the National Quality Board’s guidance on Quality Surveillance Groups and Risk Summits and will work with the emerging concerns working group to enable alignment between the protocol and refreshed quality oversight and governance arrangements.

Purpose of the protocol

The purpose of the protocol is to provide a clearly defined mechanism for organisations which have a role in the quality and safety of care provision, to share information that may indicate risks to people who use services, their carers, families or professionals. No piece of information is too small to invoke the protocol.

Information might include, but is not limited to:

• situations that may not be seen as an emergency, but which may indicate future risks
• cultural issues within health and social care settings (including educational environments) that would not necessarily be raised through alternative formal systems

The objective of the protocol is to be flexible and empowering, supporting regulators to understand how they can share information. This protocol is designed to work alongside protocols that already exist (see examples of some protocols, structures and arrangements that are currently in place). However, it is specifically aimed at helping staff across the signatory organisations to make decisions about when to escalate information of concern with one or more organisations. It is not intended to work against good working relationships and existing informal mechanisms that already exist, but to strengthen and encourage good practice. Nor is it intended to override the autonomy of existing organisations.

The signatories to the protocol are aware that it may need to be updated as the 2021 Health and Care Bill is put into practice.

Principles of the protocol

The following principles – which underpin the protocol – have been agreed across all organisations acting as signatories:

• The organisations involved should work to model an open culture in which staff can speak up about concerns
• The organisations involved should be transparent about how the protocol is used, while maintaining confidentiality of content (in all directions, including the National Quality Board, providers, public, registrants)
• The organisations are explicit about confidentiality agreements and parameters (including working with information shared by third parties)
• The organisations involved shall maintain and respect each individual organisation’s executive autonomy
• The protocol must work within the law, including any restrictions on information sharing that are included in each signatory’s statutory role
• The protocol should be short and simple, with a focus on feasibility
• The protocol will be developed through a collaborative, partnership approach between organisations
• No issue will be too small for an organisation to consider using the protocol
• The model developed should be linked to other tools in the system, such as the Quality Risk Profiling Tool and existing Memoranda of Understanding

Organisational roles and responsibilities

Each of the organisations signed up to the protocol has a responsibility for responding to concerns about care provision and health professional education. These organisations all have an interface across health and social care (including health and social care professional education) and a role in ensuring that those who use services, their carers and families receive high-quality services from professional staff and registered health and social care organisations.

One of the aims of establishing this protocol is to provide guidelines on how to raise and escalate concerns that may seem small and may not be seen as an emergency, but which could indicate a future risk. It aims to enable discussions to take place safely and without judgement, and decisions to be made as to how relevant concerns can be addressed in a proactive rather than a reactive way. It does not replace existing responsibilities and arrangements for taking emergency action, including arrangements for whistleblowing and responsibilities under Duty of Candour and Fit and Proper Persons Regulations.

Details of the key interests, activities and responsibilities of each organisation are contained in Annex A. Any organisation wishing to call a Regulatory Review Panel should use the key interests outlined here as a guide as to which other organisations to invite.

Who is involved and when?

What is the process?

This protocol establishes a process for earlier sharing of concerns, no matter how small, and for discussions between partners that might be of relevance to them. It aims to facilitate sharing of this information at an early stage so that, where they exist, links between concerns can be made, and a wider system view of the issue can be established.

These concerns may fall into three categories:

• concerns about individual or groups of professionals
• concerns about healthcare systems and the healthcare environment (including the learning environments of professionals)
• concerns that might have an impact on trust and confidence in professionals or the professions overall

The process of using the protocol is set out here.

Any organisation that is a partner in the protocol can initiate use of the protocol. The protocol deliberately does not set out an exhaustive list of the situations in which it should be used. However, in deciding whether a concern fits the purpose, Annex D proposes a series of questions to support the decision. Once a decision is made that information of concern appropriate for the protocol is to be shared, the organisation holding the information contacts other relevant partners (which may be some or all of the signatories), records the relevant information and arranges a Regulatory Review Panel (RRP).

This panel is a newly established panel, which uses a template agenda given later in this protocol. It is an opportunity for key persons from each organisation to hear and share information. The intention is that this conversation helps to develop a picture of the concern, and also to facilitate a shared understanding of the appropriate, coordinated intervention. The RRP does not have specific legal powers and is instead a voluntary group established by the signatories. Individual signatories retain their respective powers and restrictions under their own legislation, which allows members of the RRP to take appropriate action. An example agenda for an RRP, including issues that should be considered, is contained in Annex F.

Safeguarding

Any organisation may receive information that indicates that abuse, harm or neglect has taken place. Any form of abuse, avoidable harm or neglect is unacceptable. Each organisation has procedures for managing these types of concerns and they must be followed. Each organisation remains responsible for ensuring they follow their own internal safeguarding procedures. Nobody should wait to activate the protocol instead of acting on safeguarding concerns – immediate action should always be taken where necessary.

Learning environments

Professional education is delivered in clinical learning environments within a broad range of health and social care settings and involves partnerships with service deliverers themselves, higher education institutions and other training providers. Assuring the quality of education for both undergraduate and postgraduate learners therefore brings the professional regulators into contact with health and care settings. Although the professional regulators are looking at the quality of the clinical learning environment and the quality of care, they should pass on any wider concerns about a setting to other professional regulators, the system regulators, or other partners where relevant. Similarly, where an organisation receives a rating of inadequate or requires improvement, CQC should ensure the professional regulators and other partners, where relevant, are aware of this, so consideration can be given to the adequacy of the education and learning arrangements and environment.

How does this fit with other structures and arrangements in place?

This protocol does not prevent the continued work of other agreements and arrangements in place between its signatories. For example, organisations will continue to use specific Memoranda of Understanding they may share. Specific meetings and agreements between signatories will also continue to function as they have previously, including but not limited to:

• Joint Strategic Oversight Group (at national and regional levels)
• Dental Services Programme Board
• GMC/CQC Joint Working Group
• General Practice Board
• Quality Surveillance Groups
• NMC/ CQC Joint Working Group

This protocol provides a support mechanism and agreement that enables each organisation to share emerging concerns and pull together a Regulatory Review Panel when:

• this is the most appropriate response, and
• there are no other mechanisms in place to ensure the right people are able to have the right conversation at the right time, and
• the emerging concern is not being sufficiently managed via other arrangements or structures.

What happens in the case of a cross-border concern?

There may be occasions where there are concerns that cross the borders between the four nations in the United Kingdom. For the majority of the professional regulators this would not be an issue. However, for the system regulators it will be important that the relevant system regulators across both sides of the border are engaged in any Regulatory Review Panel. For example, Healthcare Improvement Scotland (who have generated their own Emerging Concerns Protocol) may have a cross-border issue that relates to CQC or vice-versa.

Emerging concerns protocol summary process

1. Organisation A has a concern

2. Evaluate information

• Evaluate information and source
• Does the protocol need to be triggered?
  Note: no piece of information is too small to invoke the protocol

At this stage it may be decided that the Protocol does not need to be triggered and the information can be dealt with through other routes.

3. Consider the interests of partner organisations

• Who do we need to share with?
• Who do we need information from? (See annex A: Organisations involved)

At this stage it may be decided that the Protocol does not need to be triggered and the information can be dealt with through other routes.

4. Contact organisations B, C & D to share (and request information)

• All organisations store information in their own systems
• Organisation A responsible for formal recording of the use of the protocol

See sections:

• Recording requirements
• Sharing personal data

5. Hold regulatory review panel (RRP)

• RRP convened, coordinated, chaired and minuted by Organisation A.
• Use the template agenda for a regulatory review panel

6. Share outcomes

• RRP record shared with all partners and Health and Social Care Regulators Forum secretariat for monitoring and report at next Forum (inc. if no further action)
• Use of protocol reviewed for learning every time

Recording requirements

Each organisation is expected to record within their own systems.

Each organisation should be able to report on:

• Number of times they have initiated the protocol
• Anonymised information about information shared
• Regulatory review panels convened
• Regulatory review panels attended
• Actions as a result of the protocol

The minimum information expected to be stored is:

• Dates
• Providers, professionals, others involved
• Partners contacted
• Actions agreed and taken
• Decisions to call / not call RRP

Sharing personal data

In most uses of the protocol, there should not be a need to share personal data about individuals.

Organisations convening a regulatory review panel should be aware that if the information they need to share contains personal data, they must ensure that only those who need to know the information should attend. Any processing of personal data is subject to the requirements of the UK General Data Protection Regulation (UK GDPR), and each organisation handling personal data must have procedures in place to keep a record of processing activities for personal data.

All organisations signing up to this protocol understand that they are responsible for ensuring their organisation’s adherence to the UK GDPR, the Data Protection Act and other UK data protection legislation at all times. They agree that, when exchanging personal data under this protocol, the provisions set out in Annex C: Sharing personal data will apply where they do not already have a Memorandum of Understanding and/or an Information Sharing Agreement.

---

Annex A: Organisations involved

The following information summarises the key interests, activities and responsibilities of each signatory to the protocol.

If Organisation A wishes to invoke the protocol, it reviews the list of interests of each partner and identifies those that are relevant. This may, in some cases, be all partners.

Care Quality Commission (CQC)

Key interests

CQC would request contact about:

• Any concerns and relevant information about a health or adult social care organisation in England which may call into question its registration with CQC
• Any concerns and relevant information about a health or adult social care organisation with regard to the quality of care or safety for people using services
• Information from any investigation that raises concerns about poor team working, leadership, record keeping, appraisal systems or general failures at a health or adult social care organisation in England

Key activities and responsibilities

CQC’s powers are derived from the Health and Social Care Act 2008 and it is responsible for monitoring, inspecting and regulating care services to ensure they meet fundamental standards of quality and safety.

CQC’s purpose is to make sure health and social care services provide people with safe, effective, compassionate, high-quality care and we encourage care services to improve.

In all our inspections, we ask five key questions. Are services:

• Safe?
• Caring?
• Effective?
• Responsive?
• Well-led?

General Chiropractic Council (GCC)

Key interests

The GCC would like to be informed of emerging or urgent concerns that may present a risk of harm to patient safety, or undermine the public’s confidence in the chiropractic profession, including within clinical settings where chiropractic education is delivered.

The nature of concerns we are interested in include:

• Concerns about an individual chiropractor’s fitness to practise
• Concerns about an individual chiropractor’s registration
• Concerns about the quality of chiropractic education

Key activities and responsibilities

The GCC is the independent statutory healthcare regulator, established as a result of the Chiropractors Act 1994, to regulate and develop the chiropractic profession. The Health and Social Care (Safety and Quality) Act 2015 implemented over-arching objectives across health and care regulators, which reinforced the role of regulators to:

• protect, promote and maintain the health, safety and well-being of the public
• promote and maintain public confidence in the profession of chiropractice
• promote and maintain proper professional standards and conduct for members of that profession. The GCC has a duty within its Act to develop the profession

What we do

• We maintain a UK-wide register of qualified chiropractors
• We set the standards of education for individuals training to become chiropractors
• We set the standards of chiropractic practice and professional conduct for individuals working as chiropractors
• We investigate complaints against chiropractors and take action against them where necessary

General Dental Council (GDC)

Key interests

The GDC would like to be informed of emerging or urgent concerns in relation to members of the dental team which may present a risk to patient safety or undermine public confidence in the dental profession. The dental team comprises dentists, dental hygienists, dental therapists, dental nurses, dental technicians, clinical dental technicians and orthodontic therapists.

Such concerns include:

• Concerns about an individual dental professional’s fitness to practise
• Concerns about the quality of dental education and training or the systems in which dental professionals are trained (including supervision of trainees)

Key activities and responsibilities

The GDC is the UK-wide statutory, independent regulator of the dental profession. Our purpose is to protect patient safety and maintain public confidence in dental services. The Dentists Act 1984 provides our legislative framework. We:

• Register dental professionals who meet our requirements on education, training, health and good character
• Set standards for dental education and training in the UK
• Set standards of conduct, performance and ethics for the dental team
• Investigate allegations that a dental professional may not be fit to practise and take action to restrict their ability to practise where necessary

General Medical Council (GMC)

Key interests

The GMC would like to be informed of emerging or urgent concerns that may present a risk of harm to patient safety or undermine the public’s confidence in the medical profession.

The nature of concerns we are interested in include:

• Concerns about an individual doctor’s fitness to practise
• Concerns about an individual doctor’s registration and revalidation
• Concerns about the quality of medical education or the healthcare systems or environment in which doctors are trained

System concerns which may be of interest to the GMC include the following:

• Staffing levels and supervision of trainees
• Management / leadership
• Equipment and premises
• Patient safety reporting systems

Further details and examples of the types of issue the GMC is interested in hearing about can be found in the GMC’s operational protocol with CQC. A copy can be found on the GMC / CQC websites or upon request by emailing the GMC’s single point of contact.

Key activities and responsibilities

The GMC is an independent organisation that helps to protect patients and improve medical education and practice across the UK. The GMC’s powers and statutory functions are derived from the Medical Act 1983.

• We decide which doctors are qualified to work here and we oversee UK medical education and training
• We set the standards that doctors need to follow, and make sure that they continue to meet these standards throughout their careers
• We take action to prevent a doctor from putting the safety of patients, or the public's confidence in doctors, at risk

Doctors must be registered with a licence to practise with the GMC, to practise medicine in the UK. We manage the UK medical register.

General Optical Council (GOC)

Key interests

The GOC would like to be informed of emerging or urgent concerns about optometrists / ophthalmic opticians, dispensing opticians, contact lens opticians and optical businesses, that may present a risk of harm to patient safety or undermine the public’s confidence in the optical professions. This includes concerns about:

• An individual registrant’s fitness to practise
• An individual’s registration
• Concerns about optical businesses

Key activities and responsibilities

We are the regulator for optometrists, dispensing opticians, student opticians and optical businesses in the UK. Our purpose is to protect the public by promoting high standards of education, performance and conduct within optics.

We have four core functions:

1. Setting standards for optical education and training, performance and conduct
2. Approving qualifications leading to registration
3. Maintaining a register of individuals who are qualified and fit to practise, train or carry on business as optometrists and dispensing opticians
4. Investigating and acting where registrants’ fitness to practise, train or carry on business is impaired

General Osteopathic Council (GOsC)

Key interests

The GOsC would like to be informed of emerging or urgent concerns that may present a risk of harm to patient safety or undermine the public’s confidence in the osteopathy profession.

The nature of concerns we are interested in include:

• Concerns about an individual osteopath’s fitness to practise
• Concerns about an individual osteopath’s registration
• Concerns about the quality of osteopathic education

Key activities and responsibilities

The GOsC is the independent statutory healthcare regulator, established by the Osteopaths Act 1993, to regulate and develop the profession of osteopathy. By law, osteopaths must be registered with the GOsC in order to practice in the UK.

The overarching objective of the GOsC is the protection of the public. This involves the pursuit of the following objectives:

• protecting, promoting and maintaining the health, safety and well-being of the public
• promoting and maintaining public confidence in the profession of osteopathy; and
• promoting and maintaining proper professional standards and conduct for members of that profession

What we do

• The GOsC keeps the Register of all those permitted to practise osteopathy in the UK
• We work with the public and osteopathic profession to promote patient safety by registering qualified professionals and we set, maintain and develop standards of osteopathic practice and conduct
• We help patients with any concerns or complaints about an osteopath and have the power to remove from the Register any osteopaths who are unfit to practise
• We also assure the quality of osteopathic education and ensure that osteopaths undertake continuing professional development

General Pharmaceutical Council (GPhC)

Key interests

We would like to be informed of concerns, including emerging concerns, about pharmacists, pharmacy technicians and registered pharmacies that could suggest there is a risk to patient safety or could affect the public’s confidence in pharmacy. This includes:

• concerns about an individual pharmacist or pharmacy technician’s fitness to practise
• concerns about an individual pharmacist or pharmacy technician’s registration
• concerns about registered pharmacies
• concerns about the quality of pharmacy education and training, including concerns about an accredited course or an approved pre-registration training placement
• any other potential systemic and/or thematic issues in a registered pharmacy, which could impact on patient safety

You can find out more about what we investigate on our website.

Key activities and responsibilities

The GPhC is the regulator for pharmacists, pharmacy technicians and registered pharmacy premises in England, Scotland and Wales. It is our job to protect, promote and maintain the health, safety and wellbeing of members of the public by upholding standards and public trust in pharmacy.

Our main work includes:

• setting standards for the education and training of pharmacists and pharmacy technicians, and approving and accrediting their qualifications and training
• maintaining a register of pharmacists, pharmacy technicians and pharmacies
• setting the standards that pharmacy professionals have to meet throughout their careers
• investigating concerns that pharmacy professionals are not meeting our standards, and taking action to restrict their ability to practise when this is necessary to protect patients and the public
• setting standards for registered pharmacies which require them to provide a safe and effective service to patients
• inspecting registered pharmacies to check if they are meeting our standards

Health and Care Professions Council (HCPC)

Key interests

The HCPC is an independent regulator set up to protect the public. We regulate 16 health and care professions.

We would like to be informed of any emerging concerns in relation to the following professions:

• Arts therapists
• Biomedical scientists
• Chiropodists / Podiatrists
• Clinical scientists
• Dietitians
• Hearing aid dispensers
• Occupational therapists
• Operating department practitioners
• Orthoptists
• Paramedics
• Physiotherapists
• Practitioner psychologists
• Prosthetists / Orthotists
• Radiographers
• Speech and language therapists

Key activities and responsibilities

The HCPC is an independent regulator set up to protect the public. We regulate 15 health and care professions. Our key functions are:

• To maintain and publish a Register of health and care professionals who meet HCPC standards for their training, professional skills, behaviour and health
• To approve education and training programmes within the UK. An individual who successfully completes an approved programme is eligible to apply to the HCPC Register
• To make sure that someone who has trained outside of the UK has met our standards before we register them
• To protect the public from those who are not fit to practise. The HCPC will take action against professionals who do not meet these standards or who use a protected title illegally

Health Education England (HEE)

Key interests

HEE would like to be informed of emerging or urgent concerns that may present risk of harm to patient or learner safety and need to be shared more quickly than through routine channels. For HEE, learners include both medical and non-medical students, trainees and potentially members of an organisation’s staff on an HEE sponsored education and training programme.

Urgent concerns regarding learners, systems and clinical learning environments where learners are trained fall into the following categories:

• Concerns about an individual learner’s fitness to practise
• Concerns about the quality of the education, system or environment

A system concern is about the systems that should be in place to safeguard patients and may include the following issues:

• Inappropriate clinical staffing levels, resources or support
• Confirmed and continued behaviours that undermine professional self esteem
• Management and leadership issues, poor or inadequate clinical supervision
• Equipment and premises
• Persistent or immediate patient safety concerns
• Service reconfiguration plans that would result in risk to fulfilling the requirements of the trainee curriculum

Key activities and responsibilities

The Care Act 2014 sets out Health Education England’s remit and range of roles and responsibilities in detail. Health Education England (HEE) exists for one reason only: to support the delivery of excellent healthcare and health improvement to the patients and public of England by ensuring that the workforce of today and tomorrow has the right numbers, skills, values and behaviours, at the right time and in the right place.

There are five overarching objectives for HEE:

• Thinking and leading – we will lead thinking on new workforce policy solutions in partnership with the Department of Health and others as appropriate to support high quality and sustainable services
• Analysing and influencing – we will use high quality data, evidence, advice and workforce expertise to influence the delivery of NHS priorities
• Changing and improving – we will design and respond positively to innovative recruitment, retention, development and transformation initiatives locally, regionally and nationally which change and improve NHS services and quality of care
• Delivering and implementing – we will deliver high quality education and training, implement our Mandate and support partner-led programmes to improve the quality of care and services
• Focusing on tomorrow – we will strategically focus on the future including new roles and pathways to the professions and helping the NHS workforce embrace new technology

Local Government and Social Care Ombudsman

Key interests

The Local Government and Social Care Ombudsman is the final stage for complaints about local authorities and all adult social care providers (including care homes, and domiciliary care agencies) in England. The Ombudsman looks at complaints about all forms of adult social care, both local authority and privately funded.

The twin aims of the Ombudsman are to remedy individual injustice, and to use what we learn from complaints to improve local services. We are a free service for the public, and we investigate complaints impartially.

The Ombudsman also works in close partnership with the Parliamentary and Health Service Ombudsman to investigate complaints spanning the health and social care sector in England.

The Ombudsman would like to be informed of concerns about ineffective complaint handling processes and practices within local authorities and social care providers.

Key activities and responsibilities

The Local Government and Social Care Ombudsman is the final stage for complaints about local authorities, and all adult social care providers (including care homes, and home care agencies). The Ombudsman can investigate all adult social care complaints, including complaints about care that is funded privately without local authority involvement. The Local Government and Social Care Ombudsman works in close partnership with the Parliamentary and Health Service Ombudsman to investigate complaints spanning the health and social care sector.

Nursing and Midwifery Council (NMC)

Key interests

The purpose of the NMC is to promote and uphold the highest professional standards in nursing and midwifery to protect the public and inspire confidence in the professions. As such we would like to hear about:

• Any fitness to practise concerns relating to individual nurses, midwives and nursing associates in England, including those in leadership positions
• Any potential systemic/thematic issues in a health or social care setting which could impact upon the fitness to practise of nurses, midwives and nursing associates in England
• Any information which suggests a nurse/midwife may still be practising without valid registration
• Any concerns in relation to the standard of education provided by an Approved Education Institution (AEI)

Key activities and responsibilities

We are the professional regulator for nurses and midwives in the UK, and nursing associates in England.

1. We maintain the register of nurses and midwives who meet the requirements for registration in the UK, and nursing associates who meet the requirements for registration in England.
2. We set the requirements of the professional education that supports people to develop the knowledge, skills and behaviours required for entry to, or annotation on, our register
3. We shape the practice of the professionals on our register by developing and promoting standards including our Code, and we promote lifelong learning through revalidation

Where serious concerns are raised about a nurse, midwife or nursing associate’s fitness to practise, we can investigate and, if needed, take action.

Parliamentary and Health Service Ombudsman (PHSO)

Key interests

The PHSO is statutorily independent and accountable directly to Parliament. We make final decisions on complaints that have not been resolved by the NHS in England and UK government departments and other public organisations.

Due to our position as the complaint handler of last resort, most of the issues that will be raised via this protocol should be identified before they reach us. We are bound by strict statutory rules about how we can share information before any investigation we conduct has concluded. Before attending any RRP, PHSO will need to decide whether to attend based on the likelihood that the issue being raised may come to us as a future complaint. Our policy on sharing information under the protocol is available in the section of our website on our Service Model. However, we recognise the importance of multi-agency co-operation to identify serious issues as early as possible to protect patients and their families from the harm that happens when things are allowed to repeatedly go wrong.

Key activities and responsibilities

The PHSO makes final decisions on complaints that have not been resolved by the NHS in England and UK government departments and other public organisations. It does this fairly and without taking sides. Its service is free.

Social Work England

Key interests

Social Work England would like to be informed of any concern about a social worker that could suggest there is a risk to the public or one that could affect the public’s confidence in the social work profession. This includes:

• concerns about an individual social worker’s fitness to practise
• concerns about an individual social worker’s registration
• concerns about the quality of social work education and training

Key activities and responsibilities

We are a specialist body taking a unique approach to regulating social workers in their vital roles. We believe in the power of collaboration and share a common goal with those we regulate – to protect the public, enable positive change and ultimately improve people’s lives.

Social work is about people. Our purpose is to regulate social workers in England so that people receive the best possible support whenever they might need it in life. We are committed to raising standards through collaboration with everyone involved in social work.

Our work includes:

• setting the professional standards that social workers have to meet throughout their careers
• setting education and training standards which outline the requirements that we expect social workers and social work courses to meet
• maintaining a register of over 100,000 social workers
• investigating concerns when social workers do not meet our standards, and taking action to restrict their ability to practise when this is necessary to protect the public

Annex B: An example of protocol use

The following text is an example of how the protocol has already been used. This stopped an issue becoming even bigger and prevented potential harm to patients nationally.

Annex C: Sharing personal data

In this protocol, the terms below have the following meanings:

DPA

The Data Protection Act 2018 and all other UK data protection legislation

FOIA

The Freedom of Information Act 2000

Controller

Has the meaning set out in section 6 of the DPA

UK GDPR

Means Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the General Data Protection Regulation), as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018, as defined in section 3(10) of the DPA

Information Provider

The Party providing information under the Protocol

Information Recipient

The Party or Parties receiving information under the Protocol

Personal Data

Has the meaning set out in section 3(2) of the DPA

Purpose

Personal Data shall only be provided by the Information Provider to the Information Recipient where such Data is relevant to each Information Recipient’s statutory functions, as described in Section 3 of this Protocol (the Purpose).

Any Personal Data shared under this Protocol shall only be used by the Information Recipients for the Purpose and may not be used by the Information Recipient for any other purpose.

The Information Provider may only share Personal Data with the Information Recipient where such sharing complies with the UK GDPR, the DPA, the Human Rights Act 1998, the common law duty of confidence and all other applicable laws.

Responsibilities of the Parties

The Parties to this Protocol agree that each shall act as an independent Controller for any Personal Data shared under this Protocol.

In respect of any Personal Data shared under this Protocol, each Information Recipient shall:

• ensure that such Personal Data is processed in accordance with the UK GDPR, the DPA and all other applicable law; and
• comply at all times with the information governance arrangements set out below

Sharing of information

In all cases where Personal Data is being shared under this Protocol, and in the case of other information where agreed between the Parties, the Information Provider must ensure that the information to be shared is suitably encrypted and/or sent by other secure means.

The Information Provider gives no warranty that the information being shared meets any quality standard or is free from errors. Nothing in this Protocol shall be interpreted as compelling the Information Provider to disclose any Personal Data to the Information Recipient.

Security

The Information Recipient shall ensure that appropriate technical and organisational measures are taken against unauthorised or unlawful processing of the Personal Data and against accidental loss or destruction of, or damage to, the Personal Data.

The Parties agree to comply with all their own policies on data protection and records management in respect of all information shared under this Protocol.

Personal Data shared under this Protocol shall be retained by the Information Recipient only for so long as is required for the Purpose.

Retention and disposal

At the end of the period specified above, the Information Recipient must securely dispose of all Personal Data provided for the Purpose.

Access to information

The Parties acknowledge that each is subject to the FOIA and that requests for information transferred under this Protocol may be received by any Party under either the FOIA or the DPA. The Parties shall co-operate with each other to ensure that each can comply with their respective obligations under the DPA and the FOIA.

Where the Information Recipient receives a request under either the DPA or FOIA for information that has been provided by the Information Provider, the Information Recipient shall inform the Information Provider promptly of the request.

Confidentiality

All Personal Data and any other information and materials of any Party relating to this Protocol shall not be disclosed to any third party other than a Party’s professional advisers or as may be required by law or as may be agreed between the relevant Parties. This clause shall not extend to information which was already in the lawful possession of a Party prior to any meeting of a Regulatory Review Panel under this Protocol or which is already public knowledge or becomes so subsequently (other than as a result of a breach of any duty of confidentiality) or which is required to be disclosed by law. The obligations of confidentiality under this clause shall survive any termination of this Protocol.

Annex D: Questions to consider when determining whether to use the protocol

These questions are intended to support decisions about using the protocol. The questions are not exhaustive, and the answers are intended to give guidance rather than prescriptive direction.

When is an issue appropriate for the protocol?

Is there an immediate threat?

• Yes - act to mitigate the threat before considering the protocol
• No - use the protocol if other questions suggest

Is there a public protection concern?

• Yes - use the protocol
• No - is it appropriate to share elsewhere? (eg, NHS Counter Fraud Authority, Health and Safety Executive)

Is it relevant to any other forum?

• Yes - consider taking it there first
• No - use the protocol

Is it a one-off or is it more systemic?

• One-off - less likely to be appropriate
• Unsure - use the protocol
• Systemic - use the protocol

Is it relevant to professional or system regulation?

• Yes - use the protocol
• No - is it appropriate to share elsewhere? (eg, NHS Counter Fraud Authority, Health and Safety Executive)

Is there a safeguarding risk?

• Yes - follow safeguarding procedures before the protocol
• No - use the protocol if other questions suggest

Where does the risk of harm come from?

• An organisation? - Contact CQC / use the protocol if there is an impact across professions, eg, workforce resourcing
• A specific person? - Contact specific regulator first
• From a group of people across professions? - Use the protocol
• A health or care learning environment? Use the protocol
• A learning environment? Use the protocol (include Health Education England)

Could the information bring one or more professions into disrepute?

• One - contact the relevant regulator
• Multiple - use the protocol

Are you unable to answer, or is there still a residual concern? If so, use the protocol.

Annex E: Information for regulatory review panel chair

Emerging Concerns Protocol – Regulatory Review Panel (RRP) Meeting

Draft agenda for chair

• Date and time of meeting:
• Chair’s name and organisation:
• Attendee names and organisations represented:
• Organisations who were invited but have declined to participate:

1. Welcome (Chair)

• Introductions
• Purpose of Meeting and Confidentiality (see ‘Guidance notes for Chair’)

2. Background/Summary of emergent concerns (Chair)

• Presentation of any source material
• Actions taken to date

3. Briefing from other agencies involved (All)

• Summary and origin of emergent concern
• Presentation of any source material
• Actions taken to date

4. Review of options for actions (see Actions under “Guidance notes for chair” (All)

5. Summary and next steps (Chair)

• Agree date for further RRP if required
• Date by which to circulate redacted summary of RRP to the Emerging Concerns Working Group representative for your organisation

Guidance notes for chair

Purpose of the meeting

1. Chairs should remind all that the RRP is a forum for organisations to have an open dialogue about concerns held, no matter how small; which may lead multiple regulators to discover a mutual concern.

2. The concerns outlined in the meeting agenda should align with those outlined in the meeting invitation. Any new concerns which have arisen since the meeting was called should be addressed directly and consideration given as to whether any other representatives ought now to be present/should be informed.

3. Chairs should remind attendees that, for some, the emergent concerns may be well-rehearsed, but for others, there may be useful information to be gleaned from the meeting.

4. All attendees should be encouraged to openly share information so that each participant may evaluate the relevance and consider what, if any, further action their organisation might need to take in response.

5. Participants are reminded that the purpose of the RRP is not to hold organisations to account and each retain their statutory autonomy.

6. Throughout the meeting participants are encouraged to consider whether there are any intelligence ‘gaps’ or further regulatory intervention which will require them to take further action. It is not expected that each attendee should take an action away from the meeting.

7. Attendees may conclude that the issues identified might actually be dealt with more effectively by an organisation not present or a non-signatory of the Emerging concerns protocol, i.e. the Police Service or HSE. If this happens, an agreement should be reached on who will undertake such a referral.

Information sharing and confidentiality

8. RRPs should generally focus on systems issues and shouldn’t require stakeholders to share personal data about individuals. If personal data is due to be shared, it’s important that only those organisations who need to know the information should attend and those sharing the information have considered suitable redaction as necessary.

9. Where dealing with information received from whistle-blowers or sources who wish to remain anonymous, utmost care must be taken to protect their identity. Careful thought should be given not to share any documentation (redacted or otherwise) or other information about the facts and circumstances relating to an incident or setting which might directly or indirectly identify the source.

10. Each organisation is responsible for ensuring that they follow their own internal guidance and procedures for sharing or disclosing any information in accordance with Annex C of the protocol.

11. It shall be the responsibility of any party sharing information which contains personal data to ensure that this is shared either by suitably encrypted and/or other secure means.

12. It’s important to note that there may be disclosure requests for information relevant to the RRP which may include any notes taken during the meeting and those circulated thereafter. Each organisation is responsible for responding to any disclosure requests in line with their internal policies/procedures.

Potential RRP meeting outcomes:

13. The meeting might agree on further or future intelligence sharing arrangements, might co-ordinate planned activity or instigate the referral of matters to other non-signatory bodies. An additional meeting may be beneficial if matters are still being scoped out or the intelligence requires further triangulation before sharing with the health providers under consideration.

14. The chair of the RRP has 3 options for outcomes for an RRP.

It may well be that the outcome could be a combination of two or more of these. The decisions should be reached through debate between the attendees and a consensus reached.

• Take no further action: The intelligence is now shared. Those attending believe sufficient / appropriate action has been taken by the relevant authorities / regulators to address the risks identified and no further action is required, or a watching brief is sufficient to manage any risks.
  • The group agrees that the RRP meeting can be brought to the attention of the provider and local system partners via standing meetings, i.e. (R)QSG or RJSOG or via standing relationships with that organisation.
  • Consideration should also be given to notifying other key organisations e.g. Controlled Drugs Intelligence Network / Freedom to Speak Up Guardian. It would usually fall to the convening organisation to take on this task.
• Further intelligence work required: Those present agree to go away and further triangulate the intelligence / information shared across all / relevant attendees.
  • The chair can agree some parameters for the additional work so that each attendee knows clearly what others are committing to do. It is highly likely that a follow up meeting will be required to allow for further intelligence sharing. A date should be agreed before closing the initial meeting.
  • The process for sharing further information and intelligence should be agreed before the meeting ends.
• Regulatory intervention / action is required / agreed: During the meeting it may be clear that regulatory action is or may be planned / required.
  • If this is the case, the chair will ensure that all attendees are clear about what steps are being taken by whom and when.
  • If necessary, the attendees may agree to co-ordinate their regulatory activities to increase insight but also reduce the burden on the provider concerned.
  • If possible, the chair should consider if there would be any benefit from a shared / joint regulatory visit or inspection.
  • It is likely that those taking regulatory action might ask others to keep all or some of this information confidential to key individuals within the attendees’ organisation. This will be respected and confidentiality will be maintained until an agreed future date.
  • It will also be agreed who should disclose details of the RRP to whom once that is feasible. Ideally this would be made clear at the end of the RRP or a review date agreed.

Recording

Participants should be reminded of the recording requirements of the protocol:

15. Each organisation is expected to record within their own systems so that they can report on:

• a. Number of times they’ve initiated the Protocol
• b. Anonymised details about information shared
• c. RRPs Convened
• d. RRPs Attended
• e. Actions taken as a result of an RRP

16. The minimum information expected to be stored is:

• a. Dates
• b. Providers, Professionals, Others involved
• c. Partners contacted
• d. Actions agreed and taken
• e. Decisions to call/not call RRP.

Emerging Concerns Protocol: Checklist of considerations prior to convening RRP

Invitees

• All partners to the protocol should be considered for invitation – see Annex A of the protocol for interests of partner organisations.
• The Lead Organisation should agree attendees in conversation with other key stakeholders. If the organisation needs contact details for invitees, they may ask their organisation’s representative on the emerging concerns working group.
• Invitees should be aware that if personal data will be discussed then only those partners who need to know this information should attend.
• Those who attend the RRP should have appropriate authority to act on behalf of their organisation and agree any necessary actions to be taken.

Timeliness

• Priority should be given to timeliness of the meeting, avoiding excessive delay due to diaries.
• The meeting should be convened as soon as possible after the concern is raised (within 21 days) and 2 hours should be allowed.

Meeting Invitation

This should include the following:

• A brief overview/summary of the background information regarding the organisation’s involvement to date
• Details of the emerging concern(s) identified – this should include sufficient detail to enable invitees to determine whether they should attend the RRP either to share relevant information that they hold or to receive information which they consider might reasonably inform whether they are required to provide a regulatory response.
• Explicit confirmation as to whether personal data shall be discussed (see above).
• A list of the proposed invitees.

Annex F: Template agenda for a regulatory review panel

The following is a template agenda for any organisation wishing to call a regulatory review panel.