{{org_field_logo}}

{{org_field_name}}

Registration Number: {{org_field_registration_no}}

---

Record Keeping and Documentation Policy

1. Purpose

At {{org_field_name}}, we recognise that accurate and comprehensive record-keeping is fundamental to delivering safe, effective, and high-quality supported living services. Proper documentation ensures continuity of care, legal compliance, and the protection of both service users and staff. This policy sets out our expectations, procedures, and legal requirements for maintaining clear, secure, and reliable records.

The objectives of this policy are to:

• Ensure all care records are complete, accurate, and up to date.
• Comply with the Health and Social Care Act 2008 (Regulated Activities) Regulations 2014, relevant CQC guidance, the UK GDPR, the Data Protection Act 2018, the Mental Capacity Act 2005, and other applicable legal and professional record-keeping requirements.
• Protect service users’ confidentiality and privacy.
• Provide a clear framework for staff on how to record and maintain documentation.
• Reduce the risk of errors and promote accountability in care delivery.

2. Scope

This policy applies to:

• All care staff responsible for recording service user information.
• Managers and supervisors overseeing record-keeping practices.
• Service users and their families, ensuring transparency in documentation.
• Healthcare professionals and external agencies involved in care planning.

All documentation related to service users must be accurate, legible, and completed in real-time to ensure continuity and quality of care.

3. Legal and Regulatory Framework

At {{org_field_name}}, record keeping and documentation will comply with all applicable legal, regulatory, and professional requirements relevant to supported living services in England. These include, but are not limited to:

• Health and Social Care Act 2008 (Regulated Activities) Regulations 2014, in particular:
  • Regulation 9 – Person-centred care
  • Regulation 11 – Need for consent
  • Regulation 12 – Safe care and treatment
  • Regulation 16 – Receiving and acting on complaints
  • Regulation 17 – Good governance
  • Regulation 18 – Staffing
  • Regulation 19 – Fit and proper persons employed
  • Regulation 20 – Duty of candour
• UK GDPR and the Data Protection Act 2018, including requirements relating to lawful processing, confidentiality, security, retention, accountability, individual rights, and breach management.
• Mental Capacity Act 2005, including the requirement to record capacity assessments, best-interest decisions, and the least restrictive option where applicable.
• Accessible Information Standard (DAPB1605), where applicable, including the requirement to identify, record, flag, share, meet and review the information and communication needs of people with a disability, impairment or sensory loss.
• Records Management Code of Practice 2021 for Health and Social Care, which should be used as the basis for the organisation’s retention, storage, disposal, governance and records management arrangements.
• CQC Fundamental Standards and any associated guidance relevant to record keeping, governance, medicines, staffing, complaints, consent, safeguarding, and quality assurance.

This policy must be read alongside the organisation’s policies on confidentiality and data protection, consent, safeguarding, medicines, complaints, incident reporting, equality and diversity, and governance.

4. Types of Records Maintained

To ensure continuity, safety, and high standards of care, {{org_field_name}} maintains the following records:

4.1. Service User Records

• Care Plans: These documents provide a comprehensive overview of the service user’s individual needs, preferences, medical conditions, and risk factors. They outline the specific care interventions required, including dietary needs, mobility support, and medication management, ensuring a personalised approach to care.
• Risk Assessments: Conducted regularly and updated as needed, these assessments identify potential hazards such as fall risks, home environment safety, or risks related to medical conditions. The purpose is to implement preventative measures that enhance safety and well-being.
• Medication Administration Records (MAR Charts): These records ensure that medication is administered accurately and safely, documenting details such as dosages, times, administration routes, and any observed side effects. This supports compliance with medication policies and regulatory standards.
• Daily Care Logs: These logs provide a detailed account of daily activities, personal care tasks, meal intakes, mood observations, and any significant changes in the service user’s condition. Care staff must record all interactions and care provided to ensure continuity and effective communication between care teams.
• Incident and Accident Reports: Any unexpected incidents, injuries, or safeguarding concerns must be immediately documented and reported. These records support investigations, risk mitigation, and compliance with safeguarding policies to ensure service users’ safety.
• Communication Logs: Maintaining clear records of discussions with family members, GPs, district nurses, and other external professionals is essential for coordinated care planning. These logs ensure that service users’ care is continuously monitored and adjusted based on multidisciplinary input.

Additional service user records may include, where relevant:

• Mental capacity assessments, best-interest decisions, consent records, and records of how choices and decisions have been supported.
• Safeguarding referrals, strategy discussions, outcomes, and actions taken.
• Body maps, behaviour monitoring records, positive behaviour support records, and restriction or restraint monitoring where relevant.
• Appointment records, hospital discharge summaries, professional correspondence, and referral documentation.
• Information and communication needs records, including any reasonable adjustments and communication support required under the Accessible Information Standard.
• Records of complaints, compliments, concerns, outcomes, learning, and changes made as a result.
• Records of service user involvement, reviews, goals, outcomes, and evidence of co-production.

4.2. Staff and Operational Records

• Staff Training Records: Documenting all completed training, including mandatory courses such as safeguarding, medication handling, and manual handling. This ensures that all care staff are competent and up to date with professional development requirements.
• Supervision and Appraisal Records: Tracking individual staff performance, professional development needs, and ongoing support requirements. These records help maintain a high standard of service and staff accountability.
• Complaints and Concerns Log: Every complaint must be documented, investigated, and responded to in line with company policy. This log includes the nature of the complaint, actions taken, and resolutions implemented, ensuring transparency and compliance with Regulation 16 of the Health and Social Care Act.
• Audits and Quality Assurance Reports: Regular internal and external audits are conducted to assess compliance with policies, identify areas for improvement, and ensure best practices. Quality assurance reports help maintain high standards of care and regulatory adherence.

The organisation will also maintain records relating to the management of the regulated activity, including:

• Policy review logs and version control records.
• Governance meeting minutes, action plans, tracker logs, and evidence of completed actions.
• Service user feedback, surveys, consultation outcomes, and lessons learned.
• Complaints analysis, incident trend analysis, audit outcomes, and improvement plans.
• Data breach logs, subject access request logs, and information governance incident records.
• Staff recruitment and vetting records as required by Schedule 3 and Schedule 4 of the Regulations, including references, right to work checks, DBS status where applicable, and records demonstrating staff suitability for role.

5. Principles of Record Keeping

All staff must adhere to the 5 Key Principles of Record Keeping at {{org_field_name}}:

1. Accuracy: All entries must be precise, clear, and factual, avoiding any assumptions or vague terminology. Information must reflect actual events and be written in a neutral, professional tone.
2. Completeness: Documentation must be comprehensive and include all relevant details. Any missing or incomplete records could result in gaps in care, misunderstandings, or safety risks.
3. Timeliness: Care records must be completed at the time of care delivery or as soon as possible thereafter. Delays in documentation could lead to errors, confusion, or legal non-compliance.
4. Confidentiality: Service user data must be protected at all times, in compliance with GDPR and Data Protection Act 2018. Records should be securely stored, and only authorised personnel should have access.
5. Legibility and Professionalism: Handwritten records must be clear and readable, while digital records must be free from spelling errors, abbreviations (unless approved), and ambiguous phrasing. Professional language must be used at all times.
6. Accessibility: Records must clearly identify any information or communication needs, required reasonable adjustments, preferred format, interpreter or advocate needs, and how these will be met and reviewed.
7. Accountability and Traceability: Every entry must be attributable to the person making it and, where appropriate, must show the date, time, designation, rationale for decisions, escalation taken, and any follow-up action required.

By maintaining high-quality record-keeping practices, {{org_field_name}} ensures that service users receive safe, coordinated, and legally compliant care while protecting their privacy and dignity.

6. Procedures for Record Keeping

To ensure continuity of care, legal compliance, and accountability, all records at {{org_field_name}} must be completed, stored, and reviewed in accordance with best practice guidelines.

6.1. Completing Records

• All records must be completed at the time of care delivery or immediately after to ensure accuracy and prevent any loss of crucial information.
• Use black ink for paper records, ensuring they are clear, legible, signed, and dated. If an error occurs, a single line must be drawn through the incorrect entry, and it must be initialled and dated—erasing or using correction fluid is strictly prohibited.
• Digital records must be securely logged, timestamped, and attributed to the responsible staff member to maintain accountability and traceability.
• Abbreviations and jargon should be avoided unless standardised within the organisation. All entries must be professional, factual, and objective.
• Records must be person-centred, reflecting the individual needs and preferences of the service user, and must be written in a respectful and non-discriminatory manner.
• Observational language should be used, focusing on what was seen, heard, or reported, rather than assumptions or opinions.
• Any care interventions, refusals of care, changes in service user condition, or incidents must be recorded immediately to ensure a complete and accurate account of events.
• If a service user refuses medication or any form of care, this must be documented along with the actions taken to escalate or resolve the issue.
• Entries must distinguish clearly between fact, professional opinion, and information reported by another person. Where professional judgement is recorded, the rationale for that judgement must be documented.
• Where staff escalate a concern to a manager, healthcare professional, safeguarding authority, family member, or emergency service, the record must include who was contacted, when, what information was shared, advice received, and any action taken.
• Entries must be contemporaneous wherever possible. Where a late entry is unavoidable, it must be clearly marked as a late entry, include the date and time of the event being recorded, the date and time of the actual entry, and the reason for the delay.
• Records must be completed in a way that supports continuity of care across shifts, teams and partner professionals, and must reflect the service user’s voice, wishes, choices, strengths, goals and outcomes wherever possible.

6.2. Storing and Securing Records

• Paper records must be stored in locked cabinets, accessible only to authorised personnel. Records must never be left unattended in open areas to prevent unauthorised access.
• Digital records must be protected by secure passwords, encryption, and access control measures to ensure confidentiality and compliance with GDPR.
• Service user information must never be discussed in public or shared inappropriately. Staff must ensure that any discussions regarding service users take place in a secure and confidential environment.
• Data breaches must be reported immediately to the manager or Data Protection Officer (DPO). Any suspected or actual breaches must be investigated promptly in line with data protection policies.
• Records must be retained, archived, reviewed and securely disposed of in accordance with the organisation’s retention schedule, which must be based on the Records Management Code of Practice 2021 for Health and Social Care and any other applicable legal or commissioning requirements. Staff must not destroy records unless this is authorised and documented in line with the organisation’s retention and disposal procedure.
• The organisation will maintain a documented retention schedule covering service user records, staff records, governance records, complaints, incidents, safeguarding records, medicines records, and electronic communications used for care delivery or service management.
• Secure disposal must include confidentiality-preserving destruction methods for paper records and permanent deletion or secure destruction arrangements for digital records and devices.
• Where records are shared electronically, staff must use approved systems and secure methods only. Personal data must be shared on a lawful, proportionate, need-to-know basis and only where there is a clear care, safeguarding, legal, contractual or regulatory justification.
• All personal data breaches, suspected breaches and near misses must be recorded, risk assessed, investigated and escalated in line with the organisation’s data breach procedure. Where required, the ICO must be notified within 72 hours of the organisation becoming aware of a notifiable personal data breach, and affected individuals must be informed without undue delay where the breach is likely to result in a high risk to their rights and freedoms.
• Electronic records should have regular backups to prevent data loss in the event of system failures.
• Staff must follow access control policies, ensuring that only those with authorisation can access specific records.

6.3. Reviewing and Updating Records

• Care plans and risk assessments must be reviewed regularly (at least every six months or sooner if significant changes occur in the service user’s condition, medication, or care needs).
• Staff must be vigilant in updating records following changes in care interventions, new risk factors, or significant incidents. Any changes must be documented, dated, and signed off by the appropriate person to ensure traceability and accountability.
• Audits will be conducted periodically to ensure compliance with documentation standards, identify areas for improvement, and promote best practices in record-keeping.
• Management will regularly monitor records for completeness, accuracy, and adherence to policies, offering training and support where necessary.
• Service users and/or their legal representatives must be involved in reviewing their care plans where possible, ensuring they remain up to date and reflect their needs and preferences.
• Where changes to a service user’s condition occur suddenly (e.g., hospitalisation, safeguarding concerns, medication changes), records must be updated immediately, and relevant staff must be informed promptly.
• Record-keeping audits must be scheduled, documented, analysed and reported through the governance system. Audit findings must result in clear action plans, named leads, target dates and follow-up review to confirm whether improvements have been achieved.
• The organisation must seek and act on feedback from service users, families, advocates, staff, visiting professionals and commissioners, where relevant, to evaluate the quality, accuracy, usefulness and accessibility of records and documentation processes.
• Where recurring gaps, omissions, delays or poor-quality entries are identified, managers must take prompt corrective action, which may include supervision, competency assessment, reflective discussion, retraining, disciplinary action, or review of systems and processes.

7. Consent, Information Sharing and Confidentiality

At {{org_field_name}}, all personal data and care information will be handled lawfully, fairly, securely and confidentially. Information will only be accessed, used or shared by authorised persons where there is a lawful basis and a clear need to do so for care delivery, safeguarding, service management, legal compliance, quality assurance, or other legitimate and proportionate purpose.

Consent to care and treatment must be obtained and recorded in line with Regulation 11 and the Mental Capacity Act 2005 where applicable. Staff must distinguish between:

• consent to care or treatment,
• consent to share information where consent is the appropriate lawful basis,
• and circumstances where information may be shared without consent because there is another lawful basis or an overriding safeguarding, legal, regulatory or public interest justification.

Where a person may lack capacity to make a specific decision, staff must record the capacity assessment undertaken, the steps taken to support decision-making, the outcome of the assessment, and, where applicable, the best-interest decision and why the action taken is considered proportionate and least restrictive.

Service users have the right to request access to their personal data in accordance with the UK GDPR and Data Protection Act 2018. Subject access requests must be logged and responded to without undue delay and in any event within one month, unless a lawful extension or exemption applies.

Staff must identify, record, flag, share, meet and review any information or communication support needs in line with the Accessible Information Standard. This includes recording preferred communication methods, accessible formats, interpreter requirements, hearing or visual support needs, and any reasonable adjustments required.

Confidential information must not be discussed in public areas, disclosed to unauthorised persons, or stored or transmitted using unapproved systems. The minimum necessary information must be shared, and the reasons for significant information-sharing decisions must be recorded.

If consent for information sharing is refused or withdrawn, the decision must be recorded together with any discussion, risks identified, and any lawful reasons why limited sharing may still be necessary.

Any breach, suspected breach or inappropriate disclosure of confidential information must be reported immediately in line with the organisation’s data breach reporting procedure.

8. Managing Record Errors and Amendments

Ensuring accuracy and integrity in record-keeping is essential to maintaining high standards of care and compliance at {{org_field_name}}. All staff must adhere to best practices when correcting errors in both paper and digital records.

• Errors must not be erased or altered. If an error is identified in a paper record, a single line must be drawn through the incorrect entry, and the correction must be clearly written, initialled, and dated. The original entry must remain legible to maintain transparency.
• For digital records, an audit trail must be maintained to show any changes made. Amendments should be recorded with timestamps, staff initials, and reasons for modification, ensuring a clear history of documentation updates.
• If incorrect information has been recorded, staff must notify the appropriate supervisor or manager immediately. Any necessary corrections should be made as soon as possible to prevent misinformation from affecting care delivery.
• Missing information must be documented and reported to the manager. If essential data is not recorded at the time of care, staff must provide an explanation and complete the record appropriately.
• Records must never be falsified, backdated, or modified in a way that misrepresents care delivery. Any suspicion of deliberate misrecording will be investigated and may lead to disciplinary action.
• Staff should regularly review their documentation practices to ensure compliance with legal and organisational guidelines. Where additional training is required, managers must provide support to improve accuracy in record-keeping.

By maintaining high standards of documentation integrity, {{org_field_name}} ensures that records remain trustworthy, legally compliant, and reflective of the care provided.

Where an amendment relates to a significant event, safeguarding matter, medicine issue, complaint, allegation, accident, or incident, the organisation must ensure that any linked records, action plans, notifications and governance logs are also reviewed and updated as necessary, while preserving the original audit trail.

9. Training, Competence and Staff Responsibilities

All staff must receive induction and ongoing training in record keeping, confidentiality, information governance, data protection, consent, mental capacity, safeguarding, incident reporting, and any digital systems used within the service, insofar as these are relevant to their role.

Training must be supported by supervision, observation, competency checks, reflective discussion and, where appropriate, appraisal. The organisation must be able to demonstrate that staff are competent to create, update, share and store records appropriately.

Managers are responsible for:

• monitoring the quality, accuracy, timeliness and completeness of records;
• carrying out regular audits and spot checks;
• addressing poor recording practice promptly;
• ensuring staff receive supervision, support and refresher training where required;
• escalating repeated or serious concerns through the governance and disciplinary process where appropriate.

Staff are personally accountable for the entries they make and must record care, support, decisions, incidents and communications accurately, contemporaneously, respectfully and in accordance with this policy.

Failure to maintain appropriate records may place service users at risk and may result in additional supervision, competency review, disciplinary action, referral to safeguarding processes, or referral to a professional regulator where appropriate.

10. Records Management Governance and Retention

{{org_field_name}} will maintain a formal records management framework to ensure records are created, stored, used, shared, retained, archived and disposed of in a lawful, secure and consistent manner.

A designated senior person will have lead responsibility for records management and information governance. This role will be formally assigned and communicated within the organisation.

The organisation will maintain:

• a records retention and disposal schedule;
• a data breach log;
• a subject access request log;
• a governance action tracker;
• a policy version control register;
• and audit schedules relevant to record keeping and documentation.

Retention periods must be based on the Records Management Code of Practice 2021 for Health and Social Care and any additional contractual, regulatory or legal requirements relevant to the organisation’s services.

Records due for disposal must be reviewed and authorised before destruction. The disposal process must be secure, proportionate and documented.

11. Policy Review

This policy will be reviewed at least annually, and sooner if there are changes in legislation, regulation, CQC guidance, information governance requirements, digital systems, service delivery models, or lessons learned from audits, complaints, incidents, safeguarding concerns, or data breaches.

All reviews must be version controlled and recorded, with the date of review, summary of amendments, and authorising manager clearly documented.

---

Responsible Person: {{org_field_registered_manager_first_name}} {{org_field_registered_manager_last_name}}
Reviewed on: {{last_update_date}}
Next Review Date: {{next_review_date}}
Copyright © {{current_year}} – {{org_field_name}}. All rights reserved.