DC101-Safe Key Holding and Access Management Policy

Registration Number: {{org_field_registration_no}}

Safe Key Holding and Access Management Policy

1. Purpose

The purpose of this policy is to ensure the safe and responsible management of keys and access to service users’ homes and facilities within {{org_field_name}}. The secure handling, storage, and usage of keys are critical to safeguarding service users, preventing unauthorised access, and ensuring compliance with Care Quality Commission (CQC) Fundamental Standards and data protection regulations.

This policy provides a structured approach to key holding, ensuring that service users feel safe and confident in the integrity of our care workers while maintaining strict security protocols.

2. Scope

This policy applies to all employees, care workers, agency staff, management, and any third parties authorised to hold or access keys. It covers:

Procedures for key allocation and storage.
Security protocols for key handling and return.
Access management and authorisation.
Incident reporting for lost, stolen, or unauthorised key use.
Compliance with legal and regulatory requirements.
Staff training and responsibilities.
Auditing and monitoring procedures.

3. Legal and Regulatory Framework

This policy aligns with the following legislation and regulatory standards:

Health and Social Care Act 2008 (Regulated Activities) Regulations 2014 – Ensures the safe and effective management of domiciliary care services.
Care Quality Commission (CQC) Guidance – Requires care providers to maintain service user safety and security.
Data Protection Act 2018 (UK GDPR) – Governs how access and security information is stored and handled.
Mental Capacity Act 2005 – Ensures service users who lack capacity have their rights protected in key access decisions.
Health and Safety at Work Act 1974 – Ensures safety measures for employees managing keys and access.
The Theft Act 1968 – Provides legal guidance on handling lost or stolen property.

4. Key Allocation and Access Authorisation

To ensure secure and controlled access to service users’ homes, key allocation follows these steps:

Service User Consent: Before key-holding is authorised, written consent from the service user (or their legal representative) must be obtained.
Risk Assessment: A risk assessment is conducted to evaluate security risks, the service user’s needs, and access preferences.
Authorisation Records: A log is maintained recording the allocation of keys, listing:
- The service user’s name and address.
- The key holder’s name and role.
- The reason for key-holding.
- Date of issue and expected return (if applicable).
Secure Key Tagging: Keys are labelled using non-identifiable codes rather than personal details to maintain confidentiality.
Key Holder Accountability: Only authorised staff are allowed to hold keys, and their responsibilities are clearly outlined.

5. Key Security, Storage, and Handling

To prevent unauthorised access or loss, key security measures include:

Secure Storage: Keys are stored in a locked, access-controlled key cabinet at the office when not in use.
Minimum Key Holding: Only essential personnel may carry service user keys to reduce security risks.
No Key Duplication: Staff are strictly prohibited from making copies of service user keys.
No Personal Storage: Keys must not be stored in personal bags, homes, or vehicles overnight unless explicitly authorised.
Key Check-Out/Check-In System: Staff must sign keys in and out, providing an accountability trail.

6. Access Management and Entry Procedures

To ensure professional and ethical use of service user keys:

Identification Verification: Staff must always carry their ID badge and present it before entering a service user’s home.
Announced Entry: Where possible, staff must knock or call before using the key to enter.
Minimised Intrusion: Staff must only access areas required to provide care and respect service users’ privacy.
Key Return on Termination of Service: If a service user cancels care, keys must be returned immediately, and records updated.

7. Reporting Lost, Stolen, or Misused Keys

In the event of lost, stolen, or unauthorised use of keys, the following actions must be taken:

Immediate Notification: The staff member must inform their line manager and the service user (or their representative) immediately.
Incident Report Submission: A formal incident report must be completed, documenting:
- The time, location, and circumstances of the loss/theft.
- Actions taken to recover or secure the property.
- Any impact on the service user’s safety.
Emergency Security Measures: If necessary, the service user will be advised to change their locks to prevent unauthorised access.
Investigation and Disciplinary Actions: If negligence or misconduct is suspected, an internal investigation will be conducted, and appropriate disciplinary actions may follow.

8. Compliance with Confidentiality and Data Protection

As key-holding involves handling sensitive security information, all staff must:

Keep access information confidential and not share it with unauthorised persons.
Store written records securely in compliance with GDPR regulations.
Ensure any electronic records related to key access are password-protected and encrypted where applicable.

9. Staff Training and Responsibilities

To ensure the safe handling of keys, all staff must undergo:

Mandatory key-holding and access training during induction.
Regular refresher training on security and safeguarding protocols.
Scenario-based training on handling key-related incidents (e.g., lost keys, security breaches).
Accountability Awareness – Staff must acknowledge and sign a key-holding agreement outlining their responsibilities.

10. Monitoring, Auditing, and Policy Enforcement

To maintain security and compliance:

Quarterly audits are conducted to track key usage and adherence to policy.
Spot checks are carried out to ensure staff are following procedures.
Feedback from service users is gathered to assess whether staff adhere to security protocols.
Policy reviews occur annually to reflect changes in security best practices and regulatory updates.
Non-compliance is taken seriously, and disciplinary actions may be applied where policy violations occur.

11. Policy Review and Updates

This policy is reviewed annually or sooner if significant regulatory changes occur. Any updates will be communicated to all staff, and additional training will be provided as necessary.

Responsible Person: {{org_field_registered_manager_first_name}} {{org_field_registered_manager_last_name}}
Reviewed on: {{last_update_date}}
Next Review Date: {{next_review_date}}
Copyright © {{current_year}} – {{org_field_name}}. All rights reserved.