Registration Number: {{org_field_registration_no}}

Record Keeping and Documentation Policy

1. Purpose

At {{org_field_name}}, we recognise that accurate and comprehensive record-keeping is fundamental to delivering safe, effective, and high-quality domiciliary care. Proper documentation ensures continuity of care, legal compliance, and the protection of both service users and staff. This policy sets out our expectations, procedures, and legal requirements for maintaining clear, secure, and reliable records.

The objectives of this policy are to:

Ensure all care records are complete, accurate, and up to date.
Comply with CQC regulations, the Health and Social Care Act 2008 (Regulated Activities) Regulations 2014, and current UK data protection law (UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018).
Protect service users’ confidentiality and privacy.
Provide a clear framework for staff on how to record and maintain documentation.
Reduce the risk of errors and promote accountability in care delivery.

2. Scope

This policy applies to:

All care staff responsible for recording service user information.
Managers and supervisors overseeing record-keeping practices.
Service users and their families, ensuring transparency in documentation.
Healthcare professionals and external agencies involved in care planning.

All documentation related to service users must be accurate, legible, and completed in real-time to ensure continuity and quality of care.

3. Legal and Regulatory Framework

At {{org_field_name}}, we adhere to the following laws and regulatory requirements for record-keeping and documentation:

Health and Social Care Act 2008 (Regulated Activities) Regulations 2014:
- Regulation 9: Person-Centred Care
- Regulation 12: Safe Care and Treatment
- Regulation 17: Good Governance
- Regulation 20: Duty of Candour
UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018: Together forming the current UK data protection regime, governing the lawful, fair and transparent processing of personal data, including special category health information, and ensuring confidentiality, security and data subject rights.
Data Protection Act 2018: Governing the lawful handling of service user records.
CQC’s Fundamental Standards: Ensuring compliance with best practices for documentation.

In line with Regulation 17 (Good governance) of the Health and Social Care Act 2008 (Regulated Activities) Regulations 2014, {{org_field_name}} maintains securely accurate, complete and contemporaneous records for each person using the service, including the care and treatment provided and decisions made about their care. We also maintain securely such other records as are necessary in relation to persons employed and the overall management of the regulated activity.

Records Management Code of Practice for Health and Social Care 2021 and the ‘Records Management – Abbreviated Code of Practice and Guidance for Adult Social Care Providers’ (Digital Care Hub, 2024): Used as the basis for our retention, storage and disposal of records, including minimum retention periods for care, staff and corporate records.

4. Types of Records Maintained

To ensure continuity, safety, and high standards of care, {{org_field_name}} maintains the following records:

4.1. Service User Records

Care Plans: These documents provide a comprehensive overview of the service user’s individual needs, preferences, medical conditions, and risk factors. They outline the specific care interventions required, including dietary needs, mobility support, and medication management, ensuring a personalised approach to care.
Risk Assessments: Conducted regularly and updated as needed, these assessments identify potential hazards such as fall risks, home environment safety, or risks related to medical conditions. The purpose is to implement preventative measures that enhance safety and well-being.
Medication Administration Records (MAR Charts): These records ensure that medication is administered accurately and safely, documenting details such as dosages, times, administration routes, and any observed side effects. This supports compliance with medication policies and regulatory standards.
Daily Care Logs: These logs provide a detailed account of daily activities, personal care tasks, meal intakes, mood observations, and any significant changes in the service user’s condition. Care staff must record all interactions and care provided to ensure continuity and effective communication between care teams.
Incident and Accident Reports: Any unexpected incidents, injuries, or safeguarding concerns must be immediately documented and reported. These records support investigations, risk mitigation, and compliance with safeguarding policies to ensure service users’ safety.
Duty of Candour Records: For any notifiable safety incident, records will be kept of: the incident; all meetings and communications with the relevant person; the information and apology provided; any agreed actions; and all follow-up correspondence, in line with Regulation 20 (Duty of Candour). These records will be stored securely and retained in accordance with our retention schedule.
Communication Logs: Maintaining clear records of discussions with family members, GPs, district nurses, and other external professionals is essential for coordinated care planning. These logs ensure that service users’ care is continuously monitored and adjusted based on multidisciplinary input.

4.2. Staff and Operational Records

Staff Training Records: Documenting all completed training, including mandatory courses such as safeguarding, medication handling, and manual handling. This ensures that all care staff are competent and up to date with professional development requirements.
Supervision and Appraisal Records: Tracking individual staff performance, professional development needs, and ongoing support requirements. These records help maintain a high standard of service and staff accountability.
Complaints and Concerns Log: Every complaint must be documented, investigated, and responded to in line with company policy. This log includes the nature of the complaint, actions taken, and resolutions implemented, ensuring transparency and compliance with Regulation 16 of the Health and Social Care Act.
Audits and Quality Assurance Reports: Regular internal and external audits are conducted to assess compliance with policies, identify areas for improvement, and ensure best practices. Quality assurance reports help maintain high standards of care and regulatory adherence.

5. Principles of Record Keeping

All staff must adhere to the 5 Key Principles of Record Keeping at {{org_field_name}}:

Accuracy: All entries must be precise, clear, and factual, avoiding any assumptions or vague terminology. Information must reflect actual events and be written in a neutral, professional tone. Records must be indelible, so that entries cannot be removed or altered without a clear audit trail.
Completeness: Documentation must be comprehensive and include all relevant details. Any missing or incomplete records could result in gaps in care, misunderstandings, or safety risks.
Timeliness: Care records must be completed at the time of care delivery or as soon as possible thereafter. Delays in documentation could lead to errors, confusion, or legal non-compliance. This ensures that records remain up to date and reflect the person’s current needs and risks.
Confidentiality: Service user data must be protected at all times, in line with UK data protection law (UK GDPR and the Data Protection Act 2018). Records should be securely stored, and only authorised personnel should have access.
Legibility and Professionalism: Handwritten records must be clear and readable, while digital records must be free from spelling errors, abbreviations (unless approved), and ambiguous phrasing. Professional language must be used at all times.

By maintaining high-quality record-keeping practices, {{org_field_name}} ensures that service users receive safe, coordinated, and legally compliant care while protecting their privacy and dignity.

6. Procedures for Record Keeping

To ensure continuity of care, legal compliance, and accountability, all records at {{org_field_name}} must be completed, stored, and reviewed in accordance with best practice guidelines.

6.1. Completing Records

All records must be completed at the time of care delivery or immediately after to ensure accuracy and prevent any loss of crucial information.
Use black ink for paper records, ensuring they are clear, legible, signed, and dated. If an error occurs, a single line must be drawn through the incorrect entry, and it must be initialled and dated—erasing or using correction fluid is strictly prohibited.
Digital records must be securely logged, timestamped, and attributed to the responsible staff member to maintain accountability and traceability.
Abbreviations and jargon should be avoided unless standardised within the organisation. All entries must be professional, factual, and objective.
Records must be person-centred, reflecting the individual needs and preferences of the service user, and must be written in a respectful and non-discriminatory manner.
Observational language should be used, focusing on what was seen, heard, or reported, rather than assumptions or opinions.
Any care interventions, refusals of care, changes in service user condition, or incidents must be recorded immediately to ensure a complete and accurate account of events.
If a service user refuses medication or any form of care, this must be documented along with the actions taken to escalate or resolve the issue.

6.2. Storing and Securing Records

Paper records must be stored in locked cabinets, accessible only to authorised personnel. Records must never be left unattended in open areas to prevent unauthorised access.
Digital records must be protected by secure passwords, encryption, and access control measures to ensure confidentiality and compliance with GDPR.
Service user information must never be discussed in public or shared inappropriately. Staff must ensure that any discussions regarding service users take place in a secure and confidential environment.
Data breaches must be reported immediately to the manager or Data Protection Officer (DPO). Any suspected or actual breaches must be investigated promptly in line with data protection policies.
Records will be retained in line with the Records Management Code of Practice for Health and Social Care 2021 and the adult social care retention schedules (for example, adult care records are normally kept for a minimum of 8 years after the end of care, or longer where required for legal, safeguarding or regulatory reasons). When retention periods have expired, records will be reviewed and securely destroyed or archived in accordance with this guidance.
Electronic records should have regular backups to prevent data loss in the event of system failures.
Staff must follow access control policies, ensuring that only those with authorisation can access specific records.

6.3. Reviewing and Updating Records

Care plans and risk assessments must be reviewed regularly (at least every six months or sooner if significant changes occur in the service user’s condition, medication, or care needs).
Staff must be vigilant in updating records following changes in care interventions, new risk factors, or significant incidents. Any changes must be documented, dated, and signed off by the appropriate person to ensure traceability and accountability.
Audits will be conducted periodically to ensure compliance with documentation standards, identify areas for improvement, and promote best practices in record-keeping.
Management will regularly monitor records for completeness, accuracy, and adherence to policies, offering training and support where necessary.
Service users and/or their legal representatives must be involved in reviewing their care plans where possible, ensuring they remain up to date and reflect their needs and preferences.
Where changes to a service user’s condition occur suddenly (e.g., hospitalisation, safeguarding concerns, medication changes), records must be updated immediately, and relevant staff must be informed promptly.

6.4. Digital Record Systems

Where {{org_field_name}} uses digital systems to record and store information, these systems must:

Provide clear audit trails showing who made each entry, and when, and any subsequent amendments.
Be accessible to authorised staff at the point of care to support safe, timely and person-centred decision-making.
Meet UK GDPR and Data Protection Act 2018 requirements, with appropriate technical and organisational security measures (for example, role-based access controls, encryption, secure backup and disaster-recovery).
Be configured and used in line with CQC guidance on digital records in adult social care and the Records Management Code of Practice for Health and Social Care 2021.

When digital and paper records both exist, staff must ensure that information is consistent across formats and that the digital record remains the primary, up-to-date source.

7. Consent and Confidentiality

At {{org_field_name}}, we uphold the highest standards of data protection, confidentiality, and informed consent in line with UK data protection law (UK GDPR and the Data Protection Act 2018). All service user information must be handled lawfully, securely, and with respect for the individual’s rights.

Informed consent must be obtained before sharing any service user information with external agencies. This includes communication with healthcare professionals, social services, legal representatives, and family members unless legally required or in the case of safeguarding concerns.
Consent must be recorded and signed by the service user or their legal representative. If the service user lacks capacity, decisions must follow the principles of the Mental Capacity Act 2005, ensuring that information is shared in the service user’s best interests.
Service users have the right to access their records upon request, in line with UK GDPR. Requests should be handled promptly and, in any event, a response must be provided without undue delay and within one month of receipt, unless an extension is permitted by law and the person is informed.
Staff must follow strict confidentiality protocols, ensuring that personal data is handled lawfully. Information should only be accessed by authorised personnel and must not be discussed in public or shared inappropriately.
Paper records must be kept securely in locked storage, and digital records must be protected with passwords and encryption. Unauthorised access or disclosure of service user records may result in disciplinary action.
If a service user withdraws consent for information sharing, this must be clearly documented, and staff must ensure compliance unless legal obligations dictate otherwise.
Staff must be trained regularly on confidentiality policies, GDPR compliance, and data protection best practices to ensure ongoing adherence to legal and ethical standards.

8. Managing Record Errors and Amendments

Ensuring accuracy and integrity in record-keeping is essential to maintaining high standards of care and compliance at {{org_field_name}}. All staff must adhere to best practices when correcting errors in both paper and digital records.

Errors must not be erased or altered. If an error is identified in a paper record, a single line must be drawn through the incorrect entry, and the correction must be clearly written, initialled, and dated. The original entry must remain legible to maintain transparency.
For digital records, an audit trail must be maintained to show any changes made. Amendments should be recorded with timestamps, staff initials, and reasons for modification, ensuring a clear history of documentation updates.
If incorrect information has been recorded, staff must notify the appropriate supervisor or manager immediately. Any necessary corrections should be made as soon as possible to prevent misinformation from affecting care delivery.
Missing information must be documented and reported to the manager. If essential data is not recorded at the time of care, staff must provide an explanation and complete the record appropriately.
Records must never be falsified, backdated, or modified in a way that misrepresents care delivery. Any suspicion of deliberate misrecording will be investigated and may lead to disciplinary action.
Staff should regularly review their documentation practices to ensure compliance with legal and organisational guidelines. Where additional training is required, managers must provide support to improve accuracy in record-keeping.

By maintaining high standards of documentation integrity, {{org_field_name}} ensures that records remain trustworthy, legally compliant, and reflective of the care provided.

9. Training and Staff Responsibilities

All staff will receive training on record-keeping procedures, data protection laws, the Records Management Code of Practice for Health and Social Care 2021, Regulation 17 (Good governance) expectations, and the record-keeping aspects of Regulation 20 (Duty of Candour).
Managers will monitor documentation quality and provide additional training where necessary.
Staff members are personally accountable for the accuracy and integrity of records they complete.

10. Policy Review

This policy will be reviewed annually or in response to changes in legislation, CQC requirements, or organisational practices.

Responsible Person: {{org_field_registered_manager_first_name}} {{org_field_registered_manager_last_name}}
Reviewed on: {{last_update_date}}
Next Review Date: {{next_review_date}}
Copyright © {{current_year}} – {{org_field_name}}. All rights reserved.

DC47-Record Keeping and Documentation Policy