{{org_field_logo}}

{{org_field_name}}

Registration Number: {{org_field_registration_no}}

---

Incident and Accident Reporting Policy

1. Purpose

The purpose of this Incident and Accident Reporting Policy is to ensure that all incidents, accidents, near misses, safeguarding concerns, work-related injuries, data-security incidents and other reportable events involving temporary workers supplied by {{org_field_name}} are reported, recorded, investigated, escalated and managed effectively and consistently. This policy is designed to support compliance with the Health and Safety at Work etc. Act 1974, the Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013, the Management of Health and Safety at Work Regulations 1999, the Social Security (Claims and Payments) Regulations 1979, UK GDPR and the Data Protection Act 2018, the Agency Workers Regulations 2010, the Conduct of Employment Agencies and Employment Businesses Regulations 2003, and relevant safeguarding legislation and guidance. {{org_field_name}} is a temporary staffing agency and does not itself provide regulated care or carry on regulated activities requiring CQC registration. Where an incident occurs in a client’s regulated service, {{org_field_name}} will cooperate with the client so that the client can meet its own regulatory, safeguarding, contractual and notification duties.

This policy provides guidance for all staff, including registered nurses, healthcare assistants, temporary workers, agency workers, office staff, directors and any other workers engaged or supplied by {{org_field_name}}, on their duties when reporting and managing incidents connected with their work or assignments.

2. Scope

This policy applies to all temporary workers employed, engaged or supplied by {{org_field_name}}, including registered nurses, healthcare assistants and other agency workers; all directors, supervisors, consultants, payroll, compliance and administrative staff involved in receiving, recording, escalating or investigating incidents; all incidents, accidents, near misses, work-related injuries, safeguarding concerns, allegations, complaints involving safety, data-security incidents and incidents affecting workers during assignments; and incidents occurring at client premises, during travel undertaken as part of work duties, during training, or while carrying out activities connected with {{org_field_name}}’s business.

Where an incident occurs at a client’s premises, the worker must follow both the client’s local reporting procedure and {{org_field_name}}’s internal reporting procedure.

3. Related Policies

• Health and Safety Policy
• Whistleblowing Policy
• Safeguarding Adults and Children Policy
• Complaints Policy
• Clinical Governance and Quality Assurance Policy
• Code of Conduct

3.1 Legal and Regulatory Framework

This policy is informed by the following legislation and guidance, where applicable to {{org_field_name}} as a temporary staffing agency and employment business:

• Health and Safety at Work etc. Act 1974;
• Management of Health and Safety at Work Regulations 1999;
• Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013;
• Social Security (Claims and Payments) Regulations 1979;
• Health and Safety (First-Aid) Regulations 1981; Employment Agencies Act 1973;
• Conduct of Employment Agencies and Employment Businesses Regulations 2003;
• Agency Workers Regulations 2010;
• Employment Rights Act 1996;
• Equality Act 2010;
• Working Time Regulations 1998;
• UK GDPR and Data Protection Act 2018;
• Safeguarding Vulnerable Groups Act 2006;
• Police Act 1997;
• Rehabilitation of Offenders Act 1974 and Exceptions Order 1975;
• Modern Slavery Act 2015;
• and any applicable professional regulatory requirements, including NMC referral requirements where relevant.

{{org_field_name}} does not provide regulated care and does not carry on regulated activities requiring CQC registration. CQC notification duties will normally rest with the CQC-registered client provider. {{org_field_name}} will cooperate with clients and regulators by sharing relevant factual information lawfully and promptly.

4. Policy Statement

{{org_field_name}} is committed to the safety and wellbeing of its staff, clients, and service users. All incidents and accidents, including near misses, must be reported promptly and managed professionally to ensure compliance with legal and regulatory requirements, to promote a learning culture, and to prevent recurrence. Incident reporting is essential for:

• Ensuring appropriate support and intervention for those affected
• Protecting service users, staff, and the public from harm
• Ensuring compliance with applicable health and safety, RIDDOR, data protection, safeguarding, employment business and agency worker obligations, and supporting client organisations with their own regulatory duties where applicable.
• Facilitating learning and continuous improvement
• Maintaining accurate records for legal, regulatory, and quality assurance purposes

{{org_field_name}} promotes a fair, open and learning-focused reporting culture. Staff will not be treated unfairly for reporting genuine concerns, incidents or near misses. However, deliberate concealment, failure to report, dishonesty, wilful neglect, unsafe practice, abuse, discrimination, breach of confidentiality or other serious misconduct may be managed under the relevant disciplinary, safeguarding or referral procedures

5. Definitions

An incident is any unplanned event which causes, or has the potential to cause, injury, harm, damage, loss, or disruption. Incidents may involve staff, service users, visitors, or property.

An accident is a specific type of incident that results in actual injury or damage.

A near miss is an unplanned event that did not result in injury, damage, or loss but had the potential to do so.

A RIDDOR-reportable incident is a work-related accident, occupational disease or dangerous occurrence that must be reported to the relevant enforcing authority under RIDDOR 2013. Not all accidents are reportable; an incident must be work-related and fall within a reportable category.

A safeguarding concern is any concern that an adult or child is experiencing, has experienced, or is at risk of abuse, neglect, exploitation or improper treatment.

A personal data breach is a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.

A client or hirer means the organisation to which {{org_field_name}} supplies temporary workers.

A service user means a person receiving care, treatment or support from the client organisation, not from {{org_field_name}} unless a separate regulated service is provided.

A serious incident is an event which results in serious harm or death, or where there is significant risk to safety or wellbeing.

Examples include:

• Medication errors
• Slips, trips, and falls
• Aggression or violence
• Safeguarding concerns
• Incidents during an assignment involving care, treatment, medication, moving and handling, infection prevention, health and safety or client service-user safety, where the worker was involved or witnessed the event.
• Health and safety breaches
• Equipment failure
• Road traffic accidents whilst on duty
• Allegations of abuse, neglect, exploitation, discrimination, harassment, violence or professional misconduct.
• Loss, theft, unauthorised access to, or inappropriate disclosure of personal data, care records, DBS information or worker records.
• Concerns that a worker may be unfit to practise, unsafe to work, or may pose a risk to adults or children.

6. Responsibilities

Directors

Since {{org_field_name}} does not have a registered manager, the Director will:

• Assume full responsibility for the implementation, monitoring, and annual review of this policy
• Ensure that systems for incident reporting, investigation, and analysis are effective and maintained
• Review all reported incidents, including trends and patterns, as part of governance, compliance, health and safety and quality assurance arrangements.
• Ensure that potential RIDDOR-reportable incidents are assessed promptly and that the correct responsible person makes any required report. Where {{org_field_name}} is the responsible person, it will submit the report to the HSE or relevant enforcing authority. Where the client or premises controller is the responsible person, {{org_field_name}} will promptly provide relevant information, confirm that the client has considered its reporting duty, and keep an internal record of the decision and any report reference.
• Inform or liaise with relevant bodies where applicable, including the client/hirer, local authority safeguarding teams, the police, DBS, professional regulators such as the NMC, insurers, the ICO, the HSE or local authority enforcing authority, and CQC only where {{org_field_name}} is legally required to do so or where information is needed to support a CQC-registered client’s own notification duties.
• Promote a learning culture where staff are encouraged to report incidents without fear of blame

All Staff

All staff are required to:

• Report all incidents, accidents, and near misses immediately, regardless of perceived severity
• Follow local procedures within the client organisation as well as {{org_field_name}}’s reporting procedure
• Complete all required documentation accurately and truthfully
• Participate in investigations when required
• Cooperate with Directors and client organisations during the incident management process

Where an incident occurs on assignment, the worker must report it immediately to the senior person on duty at the client site and to {{org_field_name}}. Reporting to the client alone is not sufficient.

6.1 Client / Hirer Responsibilities

Where incidents occur at a client’s premises or during a client assignment, the client or hirer is normally responsible for site safety arrangements, immediate local response, first aid arrangements, local incident documentation, safeguarding referrals linked to people using the client’s service, and regulatory notifications arising from its regulated service.

{{org_field_name}} will cooperate with the client by providing worker statements, assignment details, training and compliance records, and any other relevant information.

The Director will ensure that serious incidents are followed up with the client and that responsibility for any RIDDOR, safeguarding, CQC, police, professional regulator or other external notification is clearly recorded.

7. Reporting Procedure

Immediate Action

• Ensure the safety of the injured party and others
• Seek medical attention where necessary
• Remove or control any immediate hazards
• Inform the senior person on duty at the client setting immediately
• If there is immediate danger, serious injury, suspected crime, abuse, medical emergency or risk to life, call 999 and follow the client’s emergency procedure.

Internal Reporting

• Notify {{org_field_name}} immediately by telephone for any serious incident, accident, safeguarding concern, allegation, RIDDOR-potential event, data breach, death, serious injury, police involvement, medication error, assault, violence, restraint-related incident or incident likely to attract regulatory, legal, media or client concern.
• A written Incident Reporting Form must be completed as soon as reasonably practicable and no later than 24 hours after the incident. Less serious incidents and near misses must still be reported within 24 hours.
• Submit the completed form to the Director for review.

External Reporting

• Follow the client’s incident reporting and escalation procedures where the incident occurs during an assignment.
• The Director will assess whether any external notification or referral is required by {{org_field_name}}. This may include the HSE or local authority enforcing authority under RIDDOR, the local authority safeguarding team, the police, DBS, NMC or other professional regulator, the ICO, insurers, or other relevant bodies.
• CQC notifications will normally be the responsibility of the CQC-registered client provider. {{org_field_name}} will support the client with factual information where required, but will not present itself as the registered provider unless it is legally registered for the relevant regulated activity.

Potential RIDDOR-reportable events include:

• Work-related deaths.
• Specified injuries to workers, including fractures other than fingers, thumbs and toes, amputations, serious burns, crush injuries to the head or torso, scalping requiring hospital treatment, loss of consciousness caused by head injury or asphyxia, and certain injuries from working in enclosed spaces.
• Over-seven-day incapacitation of a worker caused by a work-related accident.
• Reportable occupational diseases diagnosed by a medical practitioner and linked to work exposure.
• Dangerous occurrences listed under RIDDOR.
• Non-fatal injuries to people not at work where the injury arises from work activity and the person is taken directly from the scene to hospital for treatment.

Road traffic accidents on public roads are not normally reportable under RIDDOR, unless a specific RIDDOR exception applies. They must still be reported internally, to the client where relevant, to the police where legally required, and to insurers where applicable.

7.1 RIDDOR Decision-Making and Deadlines

The Director will review all potentially reportable incidents promptly. The RIDDOR assessment must consider whether the incident was work-related, whether it falls into a reportable category, who the responsible person is, and whether the report should be made by {{org_field_name}}, the client, the premises controller or another duty holder.

Fatalities, specified injuries, dangerous occurrences and non-worker hospital-treatment cases must be notified without delay where reportable.

Over-seven-day incapacitation of a worker must be reported within 15 days of the accident.

Over-three-day incapacitation must be recorded but is not reportable under RIDDOR unless it later becomes over-seven-day incapacitation.

The decision, rationale, date, person making the decision, and any report reference must be recorded.

8. Recording of Incidents

Incident records must include:

• Date, time, and location of the incident
• Names and roles of those involved
• Detailed description of what happened
• Immediate action taken
• Witness statements where available
• Outcomes or injuries sustained
• Whether external bodies were informed
• Signature of the person reporting

All records must be legible, factual, signed, and dated. Records will be retained securely in line with the Data Protection Act 2018 and UK GDPR.

Where required, {{org_field_name}} will maintain an Accident Book or equivalent secure accident recording system. If {{org_field_name}} has more than 10 employees, accident records must be kept in accordance with social security law. Accident records must be kept confidential, with completed records removed or protected from general access.

For RIDDOR-reportable or RIDDOR-assessed incidents, the record must also include the RIDDOR assessment, whether a report was made, the responsible person, date of report, enforcing authority, report reference number, and any communication with the client or enforcing authority.

All records must be legible, factual, signed and dated. Records will be retained securely, accessed only by authorised persons, and kept for no longer than necessary in accordance with the Records Retention Policy, UK GDPR and the Data Protection Act 2018. Where records contain special category data, criminal offence data, safeguarding information or DBS-related information, additional confidentiality and access controls must be applied.

9. Investigation Process

All incidents will be investigated by the Director or an appointed investigator to:

• Establish the facts and sequence of events
• Determine immediate causes and contributory factors
• Identify whether policies, procedures, or training were followed
• Assess the effectiveness of immediate responses
• Identify any learning and recommend actions to prevent recurrence
• Produce a written investigation report which will be reviewed by the Director

Staff are expected to cooperate fully and provide honest, factual accounts.

The level of investigation will be proportionate to the seriousness, risk, recurrence and legal or regulatory significance of the incident. Where the incident occurred at a client site, {{org_field_name}} will coordinate with the client’s investigation while maintaining its own record and taking any action required in relation to the worker, assignment, training, supervision, fitness to work, safeguarding, disciplinary or referral matters.

Investigations must be fair, timely and evidence-based. Staff involved in an incident should be given an opportunity to provide an account. Investigation records must distinguish between fact, allegation, opinion and conclusion.

10. Learning, Feedback, and Continuous Improvement

Following each incident, {{org_field_name}} will:

• Implement any necessary immediate remedial actions
• Share learning with staff through briefings, supervision, or training
• Update policies, risk assessments, or procedures as needed
• Monitor trends and patterns through regular review of incident data
• Use findings to continuously improve service delivery and staff safety

Where trends involve a specific client, role, location, shift pattern, worker group, training need or recurring hazard, the Director will consider whether additional controls are required, including client escalation, temporary suspension of placements, additional training, review of assignment information, or changes to recruitment and compliance checks.

11. Confidentiality

All information relating to incidents will be treated as confidential and shared only where there is a lawful basis and legitimate need to know. Information may be shared with clients, safeguarding authorities, police, HSE, local authority enforcing authorities, DBS, professional regulators, insurers, legal advisers, the ICO or other relevant bodies where necessary for safety, legal compliance, safeguarding, regulatory reporting, investigation, insurance or the prevention of harm.

Confidentiality must never be used as a reason to avoid reporting a safeguarding concern, serious safety risk, personal data breach or legal reporting obligation.

11.1 Personal Data Breaches and Information Security Incidents

Any actual or suspected loss, theft, unauthorised disclosure, unauthorised access, alteration or destruction of personal data must be reported immediately to the Director. This includes incidents involving staff files, assignment records, health information, DBS information, payroll data, service-user information, emails, mobile phones, laptops, paper records or messaging apps.

The Director will assess whether the incident is a personal data breach under UK GDPR and the Data Protection Act 2018, whether it is notifiable to the ICO, whether affected individuals must be informed, and what containment or remedial action is required.

Where notification to the ICO is required, this must be done without undue delay and, where feasible, within 72 hours of {{org_field_name}} becoming aware of the breach.

All data-security incidents must be recorded, including the facts, effects, risk assessment, decisions, actions taken and reasons for any decision not to notify.

12. Whistleblowing

All staff have the right and responsibility to report incidents, unsafe practices, or concerns without fear of detriment. The Whistleblowing Policy must be used where staff feel unable to report through normal channels. The Director will ensure that all concerns raised in good faith are treated seriously and investigated appropriately.

Nothing in this policy prevents a worker from making a protected disclosure under whistleblowing legislation or from raising concerns directly with an appropriate regulator, enforcing authority, safeguarding body or professional body where legally permitted.

13. Supporting Staff after Incidents

{{org_field_name}} recognises the potential emotional impact of incidents on staff and will provide support, including:

• Formal or informal debriefing sessions
• Access to further supervision
• Referral to counselling or occupational health services (where available)
• Ongoing support during any investigation process

Where there is a potential safety, safeguarding, fitness to practise or professional conduct concern, {{org_field_name}} may remove or suspend a worker from an assignment, restrict future placements, seek further information, require retraining, refer to an external body, or take other proportionate action while the matter is reviewed.

14. Director’s Role in Governance

The Director is responsible for:

• Ensuring full implementation of this policy
• Reviewing all incidents quarterly as part of governance reporting
• Auditing the quality of incident reporting and investigation records
• Ensuring staff receive feedback and lessons learnt
• Ensuring serious incidents are escalated to the correct external body where required, which may include the client, local authority safeguarding team, police, HSE or local authority enforcing authority, DBS, NMC or other professional regulator, ICO, insurers or CQC where legally applicable. Where the client is the CQC-registered provider, {{org_field_name}} will support the client’s notification process but will not assume the client’s registered-provider duties.
• Ensuring all staff receive relevant training on incident and accident reporting during induction and via annual updates

Governance reviews must include incident numbers, themes, RIDDOR assessments, safeguarding concerns, data breaches, client-specific issues, worker-specific concerns, action completion, training needs and lessons learned.

15. Training

All staff will receive training during induction and annual refresher training on:

• The importance of incident and accident reporting
• How to recognise and respond to incidents
• How to complete incident forms correctly
• The RIDDOR reporting requirements
• Their roles and responsibilities under this policy
• How to report both to the client and to {{org_field_name}}.
• Recognising safeguarding concerns and allegations.
• Recognising potential RIDDOR incidents.
• Personal data breach reporting.
• Confidentiality and lawful information sharing.
• Violence, aggression and lone-working escalation.
• The difference between the client’s regulatory duties and {{org_field_name}}’s duties as a temporary staffing agency.

16. Policy Review

This policy will be reviewed annually by the Director, or earlier following changes in legislation, HSE guidance, ICO guidance, safeguarding requirements, agency-worker or employment-business regulation, client contractual requirements, serious incidents, recurring trends, enforcement action or operational changes.

---

Responsible Person: {{org_field_registered_manager_first_name}} {{org_field_registered_manager_last_name}}
Reviewed on: {{last_update_date}}
Next Review Date: {{next_review_date}}
Copyright © {{current_year}} – {{org_field_name}}. All rights reserved.