{{org_field_logo}}

{{org_field_name}}

Registration Number: {{org_field_registration_no}}

---

DC25-Notification of Other Incidents Policy

1. Purpose

The purpose of this policy is to establish a clear and structured approach for the notification, reporting, and management of incidents that may impact service users, staff, visitors, and the overall operation of {{org_field_name}}. Ensuring timely and accurate reporting allows for appropriate investigations, risk mitigation, and regulatory compliance with the Care Quality Commission (CQC), Health and Safety Executive (HSE), and local authorities.

This policy implements the statutory notification duties in the Care Quality Commission (Registration) Regulations 2009 — Regulations 16 (deaths), 17 (MHA-related), 18 (other incidents) and 22A (form of notifications) — and the Duty of Candour (Regulation 20). It also embeds RIDDOR 2013 reporting to the HSE, UK GDPR breach reporting to the ICO, outbreak escalation to UKHSA and safeguarding duties under the Care Act 2014 (adults) and Working Together to Safeguard Children (2023) (where applicable).

By implementing this policy, we aim to foster a culture of transparency, accountability, and continuous improvement, ensuring that all reportable incidents are addressed effectively and preventatively.

2. Scope

This policy applies to:

• All employees, including care workers, administrative staff, and management.
• Service users and their families, ensuring their rights and safety.
• Visitors, contractors, and third-party service providers.
• Regulatory bodies and local authorities, ensuring compliance and cooperation in investigations.

It covers:

• What constitutes a reportable incident.
• The process of notification and reporting.
• Investigation and follow-up procedures.
• Corrective actions and risk prevention.
• Compliance monitoring and continuous improvement.

3. Legal and Regulatory Framework

This policy aligns with the following legal and regulatory requirements:

• Care Quality Commission (Registration) Regulations 2009 – Regs 16, 17, 18 and 22A (form and timeliness of statutory notifications).
• Health and Social Care Act 2008 (Regulated Activities) Regulations 2014 – incl. Regulation 20 (Duty of Candour).
• Reporting of Injuries, Diseases and Dangerous Occurrences Regulations (RIDDOR) 2013 – employer duties and reporting time limits.
• Data Protection Act 2018 & UK GDPR – personal data breach reporting to the ICO within 72 hours where reportable, and prompt communication to affected individuals where there is high risk. (Update “GDPR” to “UK GDPR” throughout this policy.)
• Care Act 2014 (s42) – safeguarding enquiries (adults).
• Working Together to Safeguard Children (2023) – statutory multi-agency requirements (children/young people, where applicable).
• Mental Capacity Act 2005 & DoLS – notification to CQC of outcomes of DoLS/Court of Protection applications.
• CQC Single Assessment Framework (2023–25) – quality statements for Safe/Well-led (learning from incidents and notifications).
• UKHSA communicable disease outbreak management guidance (2025) – immediate contact with local Health Protection Team for outbreaks/serious incidents.

4. Definition of Reportable Incidents

Incidents that must be reported include but are not limited to:

• Service User Safety Incidents:
  • Unexplained injuries, significant changes in condition, or unexpected hospitalisation.
  • Medication errors leading to harm or risk.
  • Falls, burns, or other accidents occurring during care provision.
  • Any safeguarding concerns or suspected abuse.
  • Development after starting to use our service of a pressure ulcer of grade 3 or above.
  • Use of restraint resulting in, or with potential to cause, injury that meets Regulation 18 thresholds (for example, fractures or prolonged pain/psychological harm).
• Staff-Related Incidents:
  • Workplace injuries, assaults, or significant health concerns.
  • Allegations of misconduct or breaches of professional conduct.
  • Exposure to infectious diseases or hazardous materials.
• Environmental and Operational Incidents:
  • Power outages, equipment failures, or disruptions affecting service delivery.
  • Breaches of security, including unauthorised access to service users’ homes.
  • Fire incidents, flooding, or structural hazards in service locations.
• Personal Data Breaches (UK GDPR):
• Assess and log all personal data breaches; notify the ICO within 72 hours of becoming aware if the breach risks individuals’ rights and freedoms (you may submit details in phases).
• Where there is high risk to individuals, inform affected people without undue delay and record decisions/actions taken.

Incidents requiring CQC notification under Regulation 18

• Serious injury in the reasonable opinion of a healthcare professional, resulting in: permanent or ≥28-day sensory/motor/intellectual impairment; structural changes to the body; prolonged pain or psychological harm (≥28 days); or shortened life expectancy.
• Injury requiring treatment by a healthcare professional to prevent death or any of the harms listed above.
• Any abuse or allegation of abuse linked to our regulated activity.
• Any incident reported to, or investigated by, the police.
• Events that prevent or threaten safe operation of the regulated activity, including:
• insufficient suitably qualified/skilled staff;
• interruption of electricity/gas/water/sewerage >24 hours;
• physical damage to premises affecting care;
• failure/malfunction of fire alarms or other safety devices >24 hours.

Mental Capacity and DoLS (adults)

• Notify CQC of the outcome (or withdrawal) of any DoLS request or Court of Protection application once known. (Do not notify intention to apply.)

Medicines and Medical Devices

Report suspected adverse drug reactions or medical device incidents via the MHRA Yellow Card scheme; also follow local clinical governance routes.

5. Notification and Reporting Procedures

To ensure immediate action and regulatory compliance, all incidents must be:

• Reported as soon as possible to the Registered Manager or designated Incident Lead.
• Recorded in the Incident Report Log, detailing date, time, location, individuals involved, and a factual account of the event.
• External notifications (make “without delay” submissions via the current CQC provider portal/forms):
• CQC Regulation 18 – submit notifications without delay for: serious injuries; abuse/allegations of abuse; police-reported/investigated incidents; events threatening safe operation (e.g., staffing insufficiency, >24h utility failure, premises damage, >24h failure of fire alarms/safety devices); and grade 3+ pressure ulcers developed after admission/use of the service. (NHS trusts may use LFPSE for some Reg 18 categories; all other providers must notify CQC directly.)
• CQC – DoLS outcomes – notify when the outcome is known (or if withdrawn). Do not notify intention to apply.
• Safeguarding – make immediate referrals to the Local Authority under Care Act 2014 s42 (adults) or Working Together 2023 (children/young people) and liaise with police where a crime is suspected. Use local details: {{org_field_local_authority_authority_name}}, {{org_field_local_authority_phone_number}}, {{org_field_children_safeguarding_local_authority_authority_name}}, etc.
• RIDDOR (HSE) – notify without delay (online or by phone for fatalities/specified injuries) and submit the statutory report within 10 days; report over-7-day worker incapacitation within 15 days; report non-fatal accidents to non-workers requiring hospital treatment and dangerous occurrences without delay.
• UKHSA (Outbreaks) – immediately contact the local Health Protection Team for suspected/confirmed outbreaks or situations of concern; keep {{org_field_outbreaks_support_local_health_protection_team_phone_number}} / {{org_field_outbreaks_support_local_health_protection_team_email}} / {{org_field_outbreaks_support_local_health_protection_team_website}} accessible.
• ICO (UK GDPR personal data breaches) – notify within 72 hours where reportable; inform affected individuals without undue delay if high risk; record all breaches.
• MHRA Yellow Card – report suspected adverse reactions/device incidents.
• Triage within 24 hours to confirm regulatory reporting routes and submission deadlines; the Registered Manager (or on-call lead {{out_of_hours}}) ensures statutory notifications are submitted on the same working day where practicable, and always within external time limits.

Duty of Candour (Regulation 20) – what we do when harm meets the threshold

When an incident meets the notifiable safety incident threshold, we tell the person/family as soon as reasonably practicable, offer an apology, provide written follow-up, and keep a record of all steps taken. (The overarching duty to be open and transparent applies in all cases.)

6. Investigation and Follow-Up Procedures

Each incident undergoes a structured investigation process to ensure root causes are identified and preventive actions are taken. The investigation follows these steps:

• Step 1: Initial Response and Containment
  • Immediate actions taken to ensure the safety of service users and staff.
  • Temporary control measures implemented if ongoing risks exist.
• Step 2: Gathering Evidence
  • Collection of statements from witnesses and affected individuals.
  • Review of CCTV (if applicable), records, and environmental conditions.
  • Analysis of related care plans, risk assessments, or medication logs.
• Step 3: Root Cause Analysis
  • Identification of the contributing factors leading to the incident.
  • Assessment of whether procedural failures, environmental hazards, or human error played a role.
• Step 4: Reporting Findings and Actions
  • Compilation of an incident report detailing findings and recommended actions.
  • Submission of reports to external regulatory bodies where necessary.
  • Communication of outcomes to affected service users, families, and staff.
  • Include statutory notifications and candour actions in the report. Record CQC notification reference(s), HSE/ICO/MHRA submissions where relevant, and evidence of Duty of Candour discussions and written correspondence.

7. Corrective Actions and Risk Prevention

To prevent recurrence of incidents, corrective actions may include:

• Policy or procedural amendments to address gaps in care delivery.
• Staff retraining or competency assessments.
• Implementation of additional safety measures such as enhanced risk assessments.
• Equipment maintenance and improvements to eliminate hazards.
• Supervision or disciplinary actions where negligence or misconduct is identified.

Share learning and track it (de-identified) through team meetings and the risk register; cross-reference to the CQC Single Assessment Framework quality statements for Safe and Well-led.

8. Compliance Monitoring and Continuous Improvement

To maintain high safety standards and regulatory compliance, {{org_field_name}}:

• Quarterly audits of all statutory notifications (CQC/HSE/ICO/UKHSA/MHRA): check completeness, timeliness (“without delay”, 72-hour/10-day/15-day rules) and evidence of feedback/learning; report outcomes to the Nominated Individual and governance meetings.
• Implements corrective measures based on investigation findings.
• Engages with staff, service users, and regulatory agencies to gather feedback for continuous improvement.
• Regularly updates this policy in response to regulatory changes and best practices.
• Maintain up-to-date access to the CQC provider portal and current forms/templates (Reg 22A), and keep local outbreak contact details current.

9. Policy Review and Updates

This policy is reviewed annually or sooner if:

• New legislation or CQC requirements necessitate amendments.
• Incident data suggests policy improvements are required.
• Internal or external audits recommend procedural changes.

This policy will be reviewed immediately following changes to CQC notification guidance/portal, RIDDOR reporting instructions, UKHSA outbreak guidance, or ICO breach-reporting rules, and at least annually thereafter.

---

Responsible Person: {{org_field_registered_manager_first_name}} {{org_field_registered_manager_last_name}}
Reviewed on: {{last_update_date}}
Next Review Date: {{next_review_date}}
Copyright © {{current_year}} – {{org_field_name}}. All rights reserved.