{{org_field_logo}}

{{org_field_name}}

Registration Number: {{org_field_registration_no}}

---

CQC Notifications Policy

1. Purpose

At {{org_field_name}}, we are committed to ensuring compliance with Care Quality Commission (CQC) regulations by promptly and accurately reporting notifiable incidents. This policy outlines our procedures for notifying the CQC about significant events that may affect the well-being, safety, or quality of care provided to individuals we support.

This policy supports compliance with the Health and Social Care Act 2008, the Care Quality Commission (Registration) Regulations 2009, including Regulations 12, 14, 15, 16, 17, 18, 21 and 22A where applicable, and the Health and Social Care Act 2008 (Regulated Activities) Regulations 2014, including Regulation 17 Good Governance, Regulation 20 Duty of Candour, Regulation 12 Safe Care and Treatment, and Regulation 13 Safeguarding Service Users from Abuse and Improper Treatment. The policy must be read alongside CQC’s current statutory notification guidance and the current notification forms or online provider portal.

2. Scope

This policy applies to all staff, management, and designated responsible persons within our Supported Living service. It covers the types of incidents that must be reported, the process for submitting notifications, and the timeframes for compliance with CQC requirements.

For supported living, CQC notification duties apply where the event occurred while a regulated activity was being provided, or where the event may have occurred as a consequence of the carrying on of a regulated activity. Incidents that occur in a person’s own tenancy or home are not automatically notifiable to CQC unless they meet the relevant statutory notification criteria. Where an incident is not notifiable to CQC, it must still be recorded, investigated, escalated internally, and reported to other relevant bodies where required, such as the local authority safeguarding team, police, commissioner, coroner, Health and Safety Executive, UKHSA or local Health Protection Team.

3. Related Policies

• SL12 – Safe Care and Treatment Policy
• SL07 – Person-Centred Care Policy
• SL13 – Safeguarding Adults from Abuse and Improper Treatment Policy
• SL16 – Infection Prevention and Control Policy
• SL21 – Medication Management and Administration Policy
• SL34 – Confidentiality and Data Protection (GDPR) Policy
• SL42 – Communication and Engagement with Service Users and Families Policy
• Duty of Candour Policy
• Incident Reporting and Investigation Policy
• Mental Capacity Act and Deprivation of Liberty Safeguards Policy
• Business Continuity Policy
• Missing Person / Unauthorised Absence Policy
• Whistleblowing Policy
• Learning from Incidents and Lessons Learned Policy
• Records Management Policy
• Registered Manager Absence and CQC Registration Changes Procedure

4. Notifiable Incidents to CQC

The Registered Person must notify CQC of statutory notifications in line with the relevant CQC Registration Regulations and CQC’s current notification guidance. Where CQC states that a notification must be made “without delay” or “as soon as possible”, staff must escalate the incident immediately to the Registered Manager or delegated senior person so the notification can be made promptly. Internal target times must not delay the statutory notification.

4.1 Death of a Person Using the Service

CQC must be notified as soon as possible of the death of a person using the service where:

• the person died while a regulated activity was being provided; or
• the death may have resulted from the regulated activity or how it was provided.

The notification must include a description of the circumstances of the death. Where the person was detained or liable to be detained under the Mental Health Act 1983, the specific CQC notification process for death of a detained mental health patient must be followed instead.

The Registered Manager, or delegated senior person in their absence, must also consider whether the death requires notification to the coroner, police, local authority safeguarding team, commissioner, family/representative, HSE under RIDDOR, or other relevant bodies. A full internal incident review must be completed and any duty of candour requirements must be considered.

4.2 Serious Injury to a Person Using the Service

CQC must be notified without delay/as soon as possible of a serious injury to a person using the service where the person was seriously injured while a regulated activity was being provided, or where the injury may have resulted from the regulated activity or how it was provided.

A serious injury includes an injury which, in the reasonable opinion of a health care professional, has resulted in:

• an impairment of sensory, motor or intellectual functions that is not likely to be temporary;
• changes to the structure of the person’s body;
• prolonged pain;
• prolonged psychological harm; or
• shortening of the person’s life expectancy.

It also includes an injury requiring treatment by a health care professional to prevent the person’s death or to prevent one of the outcomes listed above.

If the serious injury resulted from an assault, abuse or alleged abuse, the CQC abuse/allegation of abuse notification route must be used rather than the serious injury form. Immediate steps must be taken to obtain medical support, protect the person from further harm, preserve evidence where relevant, inform safeguarding/police where required, and record actions taken.

4.3 Abuse or Allegations of Abuse

CQC must be notified without delay/as soon as possible of any abuse or allegation of abuse concerning a person using the service where the person:

• is affected by abuse;
• is affected by alleged abuse;
• is an abuser; or
• is an alleged abuser.

Abuse includes, but is not limited to, physical abuse, sexual abuse, emotional or psychological abuse, financial or material abuse, discriminatory abuse, domestic abuse, organisational abuse, neglect, acts of omission, self-neglect where linked to service failure, modern slavery, and inappropriate or unlawful restraint.

The local authority safeguarding procedures must be followed immediately. Where a crime may have been committed, the police must be contacted. The person must be protected from further risk, evidence must be preserved where relevant, and all actions, decisions and outcomes must be recorded. The CQC notification does not replace safeguarding, police, commissioner or internal reporting duties.

4.4 Infection Outbreaks and Communicable Diseases

Infection outbreaks are not a standalone CQC statutory notification category unless they meet another CQC notification threshold. The Registered Manager must consider whether an infection outbreak or communicable disease event requires CQC notification because it has:

• caused or contributed to a death that is notifiable to CQC;
• caused a serious injury or serious deterioration that is notifiable to CQC;
• resulted in abuse, neglect, unsafe care or safeguarding concerns; or
• stopped, or may stop, the service from running safely and properly.

Outbreaks and suspected outbreaks must be escalated in line with the Infection Prevention and Control Policy and reported to the UK Health Security Agency/local Health Protection Team, commissioners, local authority or other relevant bodies where required. Records must include the number of people affected, symptoms, onset dates, control measures, advice received, communications made, staffing impact, and ongoing risk assessment.

4.5 Events That Stop or May Stop the Service Running Safely and Properly

CQC must be notified as soon as possible of any event that prevents, or appears likely to threaten, the provider’s ability to continue carrying on the regulated activity safely or in accordance with registration requirements. This includes, but is not limited to:

• insufficient numbers of suitably qualified, skilled and experienced staff to meet people’s assessed needs safely;
• interruption to electricity, gas, water or sewerage at premises used for the regulated activity lasting more than 24 continuous hours;
• failure or malfunction of fire alarms, call systems or other safety equipment lasting more than 24 continuous hours;
• physical damage to premises that has, or is likely to have, a detrimental effect on care or treatment;
• IT, electronic care planning, rostering, medication administration or record system failure where this prevents or may prevent safe care;
• severe weather, flood, fire, cyber incident, outbreak, transport disruption or other emergency that affects safe service delivery.

The Business Continuity Plan must be activated where required. The notification must explain the event, people affected, immediate risk controls, staffing arrangements, communication with people and representatives, and the expected recovery plan.

4.6 Missing Person / Unauthorised Absence

Where a person receiving support is missing, absent without expected contact, or cannot be located, staff must follow the Missing Person / Unauthorised Absence Procedure immediately, taking account of the person’s risk assessment, capacity, known routines, communication needs, vulnerability, and any safeguarding concerns.

A missing person incident in supported living is not automatically a CQC statutory notification. The Registered Manager must consider whether a CQC notification is required because the incident involves:

• police involvement in an incident affecting the person’s health, safety or welfare;
• abuse, alleged abuse, neglect or safeguarding concerns;
• serious injury or death;
• an event that stopped or threatened safe running of the service; or
• unauthorised absence of a person detained or liable to be detained under the Mental Health Act 1983, where the specific Regulation 17 criteria apply.

The police, family/representative, local authority safeguarding team, commissioner and other relevant parties must be informed in line with the person’s care plan, risk assessment and safeguarding procedures. All decisions and actions must be recorded.

4.7 Outcome of an Application to Deprive a Person of Their Liberty

CQC must be notified as soon as the Registered Person knows the outcome of an application to deprive a person of their liberty. This includes:

• the outcome of a DoLS application;
• the outcome of any application to the Court of Protection, including where the application was made by another body such as the local authority; and
• withdrawal of an application.

CQC must not be notified merely because an application has been made. The notification is required when the outcome is known or the application is withdrawn. Care plans, risk assessments and mental capacity records must be updated to reflect any authorised restrictions, conditions, review dates and least restrictive practice requirements.

4.8 Police Involvement in an Incident

CQC must be notified as soon as possible of an incident relating to the service that is reported to, or investigated by, the police and which may affect the health, safety or welfare of a person using, visiting or working at the service.

The police involvement notification form must not be used where the incident is more appropriately notified using a specific CQC notification route, such as death, serious injury, or abuse/allegation of abuse. In those cases, the specific notification form must be used.

Examples include police investigation of theft, assault, unexplained injury, exploitation, missing person incidents, criminal damage, drug-related incidents, hate crime, domestic abuse incidents linked to the service, or allegations involving staff, where the incident may affect health, safety or welfare. All police reference numbers, safeguarding referrals, immediate actions and risk management measures must be recorded.

4.9 Changes to Registration, Registered Details and Service Provision

The Registered Person must notify CQC of changes to registered details and service provision in line with CQC’s current registration and notification guidance. This includes, where applicable:

• changes to the Statement of Purpose;
• changes involving the Registered Manager for a regulated activity;
• absence of a registered individual for 28 days or more and their return from absence;
• changes to nominated individuals, officers or directors;
• changes to the provider’s name, address or contact details;
• provider stopping or intending to stop regulated activities;
• insolvency, liquidation or trustee arrangements;
• death of a registered provider and plans for the service; and
• any other change listed in CQC’s current notifications guidance.

The Registered Manager and nominated individual/responsible individual must check the current CQC notification page before submitting the notification, because different changes have different forms, routes and timescales. Evidence of the notification, acknowledgement/reference number and any follow-up correspondence must be retained.

4.10 Absence and Return of a Registered Individual

CQC must be notified where a registered individual, such as the Registered Manager or other registered person, is absent or is expected to be absent for 28 days or more. CQC must also be notified when that registered individual returns from absence. The notification must include interim management arrangements, the person responsible for day-to-day oversight, how risks will be managed, and how continuity of regulated activity will be maintained.

4.11 Duty of Candour and Notifications

Where an incident is notifiable to CQC, the Registered Manager must also consider whether the incident meets the threshold for Regulation 20 Duty of Candour. Where Duty of Candour applies, the organisation must act in an open and transparent way, provide a truthful account of what is known, apologise, explain further enquiries or investigations, provide written follow-up where required, and keep a clear record of all communications. A CQC statutory notification does not replace Duty of Candour requirements.

4.12 Personal Information in CQC Notifications

When submitting a statutory notification, staff must share only the personal information required by CQC. In most cases the person must not be identified by name, date of birth, NHS number, room number or other directly identifying detail. A unique identifier or code must be used, and the organisation must keep a secure internal record of who the code refers to.

The exception is where CQC specifically requires identification, such as a notification of the death of a person detained under the Mental Health Act 1983. All notifications must comply with UK GDPR, the Data Protection Act 2018, confidentiality requirements and CQC’s current notification instructions.

5. Process for Submitting Notifications

5.1 Responsibility and Accountability for Reporting

The registered person is responsible and accountable for ensuring CQC statutory notifications are submitted correctly and within the required timescale. Registered persons include the registered provider and any Registered Manager registered for the regulated activity.

The Registered Manager normally leads the notification process. Where the Registered Manager is unavailable, the deputy manager, nominated individual, responsible individual, director or delegated senior person must submit or arrange the notification without delay. Delegation of the task does not remove the registered person’s accountability.

The organisation must maintain a clear delegation arrangement showing who may submit notifications, who checks the notification category, who keeps records, and who follows up any CQC queries.

5.2 How to Submit CQC Notifications

CQC notifications must be submitted using the current route specified by CQC for the relevant notification type. Some notifications can be submitted through the CQC provider portal. Other notifications must be submitted using the current CQC Word form and emailed to the address stated on the relevant CQC notification page.

Staff must not use saved, outdated or locally amended CQC forms. The current CQC notification page must be checked before submission. Where a Word form is used, the completed form must be emailed to the current CQC notification email address stated by CQC.

The organisation must retain the CQC portal reference number, notification ID, case ID, ENQ number or email acknowledgement. If further information is sent to CQC, the original reference number must be quoted.

5.3 Internal Documentation, Notification Register and Audit Trail

All incidents considered for CQC notification must be recorded in the incident management system and in the CQC Notification Register, whether or not a notification is ultimately submitted. The record must include:

• date and time of incident;
• date and time incident was escalated;
• person affected, using internal identifier where appropriate;
• summary of incident;
• notification category considered;
• decision to notify or not notify, with reasons;
• name and role of decision-maker;
• date and time notification submitted;
• method of submission;
• CQC reference or acknowledgement number;
• other agencies notified;
• duty of candour consideration;
• immediate risk controls;
• investigation outcome and lessons learned.

Serious incidents must be reviewed using the organisation’s incident investigation process. Root cause analysis or proportionate learning reviews must be completed where appropriate. Actions must be tracked to completion.

6. Staff Training and Compliance

All staff must receive information during induction on how to identify, respond to, record and escalate incidents that may require CQC notification. Registered Managers, deputy managers, senior staff and on-call managers must receive role-specific training on CQC statutory notification categories, thresholds, timeframes, CQC portal/email submission routes, data protection, safeguarding interface, duty of candour and audit trail requirements.

Training must be refreshed at least annually, or sooner following changes in CQC guidance, legislation, inspection feedback, missed notifications or lessons learned. Competency must be checked through supervision, team meetings, incident audits, scenario discussions and management spot checks.

7. Confidentiality and Data Protection

CQC notifications must be completed in line with UK GDPR, the Data Protection Act 2018, confidentiality duties and CQC’s current notification instructions. Staff must provide enough information for CQC to understand the incident and regulatory risk, but must avoid unnecessary personal data.

In most statutory notifications, the person must be identified using a unique internal code rather than name, date of birth, NHS number, room number or other direct identifier. The organisation must securely retain the internal key linking the code to the person.

Notification records, investigation records and correspondence with CQC must be stored securely and accessed only by authorised staff. Information may be shared with safeguarding, police, commissioners, health professionals, legal bodies or other agencies only where there is a lawful basis and it is necessary and proportionate.

8. Monitoring and Continuous Improvement

The Registered Manager must complete a monthly audit of incidents, safeguarding concerns, complaints, deaths, injuries, police involvement, DoLS/Court of Protection outcomes, business continuity events and service changes to confirm whether CQC notification was considered and, where required, submitted correctly.

The audit must check:

• whether incidents were escalated promptly;
• whether the correct notification category was selected;
• whether the correct form or portal route was used;
• whether CQC was notified without delay/as soon as possible where required;
• whether the CQC reference number was recorded;
• whether safeguarding, police, commissioner, coroner, UKHSA/HPT or HSE reporting was also considered;
• whether Duty of Candour was considered; and
• whether learning actions were completed.

Any missed, late, incomplete or incorrect notification must be reviewed by senior management. Corrective action must include staff feedback, retraining where needed, process improvement, and review of whether CQC should be informed of the omission.

9. Policy Review

This policy will be reviewed at least annually and sooner where required due to changes in legislation, CQC guidance, CQC portal or notification forms, inspection findings, enforcement action, safeguarding learning, incident trends, missed or late notifications, or organisational changes. The Registered Manager is responsible for ensuring that the current CQC notification guidance is checked whenever a notification is being considered.

---

Responsible Person: {{org_field_registered_manager_first_name}} {{org_field_registered_manager_last_name}}
Reviewed on: {{last_update_date}}
Next Review Date: {{next_review_date}}
Copyright © {{current_year}} – {{org_field_name}}. All rights reserved.