Regulation 17: Good governance

Page last updated: 9 July 2024

​

Health and Social Care Act 2008 (Regulated Activities) Regulations 2014: Regulation 17

The intention of this regulation is to make sure that providers have systems and processes that ensure that they are able to meet other requirements in this part of the Health and Social Care Act 2008 (Regulated Activities) Regulations 2014 (Regulations 4 to 20A). To meet this regulation; providers must have effective governance, including assurance and auditing systems or processes. These must assess, monitor and drive improvement in the quality and safety of the services provided, including the quality of the experience for people using the service. The systems and processes must also assess, monitor and mitigate any risks relating the health, safety and welfare of people using services and others. Providers must continually evaluate and seek to improve their governance and auditing practice.

In addition, providers must securely maintain accurate, complete and detailed records in respect of each person using the service and records relating to the employment of staff and the overall management of the regulated activity.

As part of their governance, providers must seek and act on feedback from people using the service, those acting on their behalf, staff and other stakeholders, so that they can continually evaluate the service and drive improvement.

When requested, providers must provide a written report to CQC setting out how they assess, monitor, and where required, improve the quality and safety of their services.

CQC can prosecute for a breach of part of this regulation (17(3)) if a provider fails to submit such a report when requested. CQC may consider that this failure could prevent the provider from taking appropriate, timely action. CQC could therefore move directly to prosecution for a breach of this part of the regulation without first serving a Warning Notice.

 

Highlights of the CVC guidance

​

CVC Website: https://www.cqc.org.uk/guidance-providers/regulations/regulation-17-good-governance

​

• Providers must operate effective systems and processes to make sure they assess and monitor their service against Regulations 4 to 20A of Part 3 of the Health and Social Care Act 2008 (Regulated Activities) Regulations 2014 (as amended). The provider must have a process in place to make sure this happens at all times and in response to the changing needs of people who use the service.

• The system must include scrutiny and overall responsibility at board level or equivalent.

• Providers must have systems and processes such as regular audits of the service provided and must assess, monitor and improve the quality and safety of the service. 

• Information should be up to date, accurate and properly analysed and reviewed by people with the appropriate skills and competence to understand its significance. When required, results should be escalated and appropriate action taken.

• Providers should have effective communication systems to ensure that people who use the service, those who need to know within the service and, where appropriate, those external to the service, know the results of reviews about the quality and safety of the service and any actions required following the review.

• Providers should actively seek the views of a wide range of stakeholders, including people who use the service, staff, visiting professionals, professional bodies, commissioners, local groups, members of the public and other bodies, about their experience of, and the quality of care and treatment delivered by the service. Providers must be able to show how they have:

  • analysed and responded to the information gathered, including taking action to address issues where they are raised, and

  • used the information to make improvements and demonstrate that they have been made

• Providers must seek professional/expert advice as needed and without delay to help them to identify and make improvements.

• Providers must monitor progress against plans to improve the quality and safety of services, and take appropriate action without delay where progress is not achieved as expected.

• Subject to statutory consent and applicable confidentiality requirements, providers must share relevant information, such as information about incidents or risks, with other relevant individuals or bodies. These bodies include safeguarding boards, coroners, and regulators. Where they identify that improvements are needed these must be made without delay.

• Providers should read and implement relevant nationally recognised guidance and be aware that quality and safety standards change over time when new practices are introduced, or because of technological development or other factors.

• Providers must have systems and processes that enable them to identify and assess risks to the health, safety and/or welfare of people who use the service.

• Where risks are identified, providers must introduce measures to reduce or remove the risks within a timescale that reflects the level of risk and impact on people using the service.

• Providers must have processes to minimise the likelihood of risks and to minimise the impact of risks on people who use services.

• Risks to the health, safety and/or welfare of people who use services must be escalated within the organisation or to a relevant external body as appropriate.
  Identified risks to people who use services and others must be continually monitored and appropriate action taken where a risk has increased.

• Records relating to the care and treatment of each person using the service must be kept and be fit for purpose. Fit for purpose means they must:

  • Be complete, legible, indelible, accurate and up to date, with no undue delays in adding and filing information, as far as is reasonable. This includes results of diagnostic tests, correspondence and changes to care plans following medical advice.

  • Include an accurate record of all decisions taken in relation to care and treatment and make reference to discussions with people who use the service, their carers and those lawfully acting on their behalf. This includes consent records and advance decisions to refuse treatment. Consent records include when consent changes, why the person changed consent and alternatives offered.

  • Be accessible to authorised people as necessary in order to deliver people's care and treatment in a way that meets their needs and keeps them safe. This applies both internally and externally to other organisations.

  • Be created, amended, stored and destroyed in line with current legislation and nationally recognised guidance.

  • Be kept secure at all times and only accessed, amended, or securely destroyed by authorised people.

• Both paper and electronic records can be held securely providing they meet the requirements of the Data Protection Act 2018.

• Decisions made on behalf of a person who lacks capacity must be recorded and provide evidence that these have been taken in line with the requirements of the Mental Capacity Act 2005 or, where relevant, the Mental Health Act 1983, and their associated Codes of Practice.

• Information in all formats must be managed in line with current legislation and guidance.

• Systems and processes must support the confidentiality of people using the service and not contravene the Data Protection Act 2018.

• Records relating to people employed and the management of regulated activities must be created, amended, stored and destroyed in accordance with current legislation and guidance.

• Records relating to people employed must include information relevant to their employment in the role including information relating to the requirements under Regulations 4 to 7 and Regulation 19 of this part (part 3) of the Health and Social Care Act 2008 (Regulated Activities) Regulations 2014. This applies to all staff, not just newly appointed staff. Providers must observe data protection legislation about the retention of confidential personal information.

• Records relating to the management of regulated activities means anything relevant to the planning and delivery of care and treatment. This may include governance arrangements such as policies and procedures, service and maintenance records, audits and reviews, purchasing, action plans in response to risk and incidents.

• Records must be kept secure at all times and only accessed, amended or destroyed by people who are authorised to do so.

• Information in all formats must be managed in line with current legislation and guidance.

• Systems and processes must support the confidentiality of people using the service and not contravene the Data Protection Act 2018.

• Providers should actively encourage feedback about the quality of care and overall involvement with them. The feedback may be informal or formal, written or verbal. It may be from people using the service, those lawfully acting on their behalf, their carers and others such as staff or other relevant bodies.

• All feedback should be listened to, recorded and responded to as appropriate. It should be analysed and used to drive improvements to the quality and safety of services and the experience of engaging with the provider.

• Improvements should be made without delay once they are identified, and the provider should have systems in place to communicate how feedback has led to improvements.

• Where relevant, the provider should also seek and act on the views of external bodies such as fire, environmental health, royal colleges and other bodies who provide best practice guidance relevant to the service provided.

• Providers must ensure that their audit and governance systems remain effective.

• This information could include a request for an action plan or a Provider Information Return for adult social care service

​

​How Localcom can support:

​​​

Localcom is an approved BT partner, giving us access to their cutting-edge Cloud Voice solution.

BT Cloud Voice offers the best features in cloud telephony, including advanced analytics, which are crucial for care organisations aiming to meet and exceed CQC regulations. Whether it's ensuring seamless communication or gaining insightful data to enhance service quality, BT Cloud Voice provides the tools and reliability you need. Here is a video which show cases the BT Cloud Voice analytics:

​

​