CQC Quality Statement

Theme 4 – Leadership: Learning, improvement and innovation 

We statement

We focus on continuous learning, innovation and improvement across our organisation and the local system. We encourage creative ways of delivering equality of experience, outcome and quality of life for people. We actively contribute to safe, effective practice and research.

1. Introduction

This chapter summarises the Emerging Concerns Protocol which was developed via the Health and Social Care Regulators Forum, to enable organisations and partners to act early and share information with regulators where there are concerns about risks to people using services, their carers, families or professionals.

The protocol was first published in 2016 and revised in 2021 to strengthen the arrangements previously in place and ensure a shared approach to any proposed actions.

Partners to the protocol  share a common objective of making sure that health and social care professionals and systems across the UK serve to protect the public, whilst maintaining the health, safety and wellbeing of professionals, people using services and also their families and carers.

They expect providers  and professionals to work together to provide the best possible care. The importance of sharing concerns at the right time is emphasised as this makes it easier to understand the links between pieces of information, which can indicate a problem is emerging. They note that working together more effectively can reduce unnecessary burdens; the aim of the protocol is to strengthen and encourage good practice by enabling the sharing of information about emerging quality concerns in a timely fashion.

Each of the organisations signed up to the protocol has a responsibility for responding to concerns about care provision and health professional education / learning environments and a role in ensuring that those who use services, their carers and families receive high-quality services from professional staff and registered health and social care organisations.

2. Purpose of the Protocol

The Protocol states:

‘The purpose of the protocol is to provide a clearly defined mechanism for organisations which have a role in the quality and safety of care provision, to share information that may indicate risks to people who use services, their carers, families or professionals. No piece of information is too small to invoke the protocol.

Information might include, but is not limited to:

  • situations that may not be seen as an emergency, but which may indicate future risks;
  • cultural issues within health and social care settings (including educational environments) that would not necessarily be raised through alternative formal systems.

The objective of the protocol is to be flexible and empowering, supporting regulators to understand how they can share information. This protocol is designed to work alongside protocols that already exist, however, it is specifically aimed at helping staff across the partner organisations to make decisions about when to escalate information of concern with one or more organisations. It is not intended to work against good working relationships and existing informal mechanisms that already exist, but to strengthen and encourage good practice. Nor is it intended to override the autonomy of existing organisations.’

One of the aims of the protocol is to provide guidelines on how to raise and escalate concerns that may seem small and not urgent, but which could point to a future risk. It intends to support a process of discussions taking place safely and without judgement, and decisions being made as to how relevant concerns can be addressed proactively rather than reactively. It does not replace existing responsibilities and arrangements for taking emergency action.

3. Principles

The following principles are laid down in the protocol:

  • organisations should have an open culture where staff can speak up about their concerns;
  • organisations should be transparent about how the protocol is used, whilst maintaining confidentiality;
  • organisations should be open about confidentiality agreements and limitations (including working with information shared by third parties);
  • organisations involved should maintain and respect the executive autonomy of each individual organisation involved;
  • the protocol must operate within the law, including any restrictions on sharing information;
  • it should be short and simple, with a focus on practicality;
  • it should be developed through a collaborative, partnership approach between the organisations involved;
  • no issue should be too small for an organisation to consider using the protocol;
  • the model should be linked to other system tools such as the Quality Risk Profiling Tool and existing Memoranda of Understanding.

4. The Process for Responding to Emerging Concerns

4.1 Categories of concern

Concerns may come into three categories:

  1. concerns about individual or groups of professionals;
  2. concerns about healthcare systems and the healthcare environment (including the learning environments of professionals);
  3. concerns that might have an impact on trust and confidence in professionals or the professions overall.

4.2 How to use the protocol

This is a summary of the process. See the Annexes for more detailed information about each stage.

4.2.1 Organisation A has a concern

4.2.2 Evaluate information

  • Evaluate information and source;
  • Does the protocol need to be triggered?

REMEMBER: no piece of information is too small to invoke the protocol.

At this stage it may be decided that the Protocol does not need to be triggered and the information can be dealt with through other routes.

4.2.3 Consider the interests of partner organisations

  • Who do we need to share with?
  • Who do we need information from? (See Annex A: Organisations Involved).

At this stage it may be decided that the Protocol does not need to be triggered and the information can be dealt with through other routes.

4.2.4 Contact organisations B, C & D to share (and request information)

  • All organisations store information in their own systems;
  • Organisation A responsible for formal recording of the use of the protocol.

See Section 6, Recording Requirements and Section 7, Sharing Personal Data

4.2.5 Hold regulatory review panel (RRP)

  • RRP convened, coordinated, chaired and minuted by Organisation A;
  • Use the template agenda for a regulatory review panel.

4.2.6 Share outcomes

  • RRP record shared with all partners and Health and Social Care Regulators Forum secretariat for monitoring and report at next Forum (including if there is no further action);
  • Use of protocol reviewed for learning every time.

5. Safeguarding

Any organisation may receive information that indicates that abuse, harm or neglect has taken place. Any form of abuse, avoidable harm or neglect is unacceptable. Each organisation has procedures for managing these types of concerns and they must be followed (see Safeguarding Procedures for Responding to Concerns in Individual Cases chapter). Each organisation remains responsible for ensuring they follow their own internal safeguarding procedures. Nobody should wait to activate the protocol instead of acting on safeguarding concerns – immediate action should always be taken where necessary (see Adult Safeguarding chapter).

6. Recording Requirements

See also Case Recording Standards and Information Sharing chapter

Each organisation involved in the use of the protocol should ensure records are made on their own system.

Each organisation should be able to report on:

  • the number of times they have initiated use of the protocol;
  • anonymised information about information shared;
  • RRPs convened;
  • RRPs attended;
  • actions as a result of the protocol.

The minimum information expected to be stored includes:

  • dates;
  • providers, professionals, others involved;
  • partners contacted;
  • actions agreed and taken;
  • decisions to call / not call RRP.

7. Sharing Personal Data

See also Annex C Sharing of Personal Data and Case Recording Standards and Information Sharing chapter

When using the protocol, mostly there should not be a need to share personal data about individuals. Organisations convening an RRP must ensure however that only those who need to know the information should attend if personal information is to be shared in the panel.

Any processing of personal data is subject to the requirements of the Data Protection Act 2018 and the UK General Data Protection Regulation (see Data Protection: Legislation and Practice chapter).

8. Further Reading

8.1 Relevant chapter


8.2 Relevant information

Emerging Concerns Protocol (Care Quality Commission and partners) 

Annex A: Organisations Involved

Organisations Involved

Annex B: An example of Protocol Use

An Example of Protocol Use

Annex C: Sharing of Personal Data

Sharing of Personal Data

Annex D: Questions to Consider when Determining whether to use the Protocol

Questions to Consider when Determining Whether to use the Protocol  

Annex E: Information for Regulatory Review Panel Chair

nformation for Regulatory Review Panel Chair

Annex F: Template Agenda for a Regulatory Review Panel

Template Agenda for a Regulatory Review Panel

Was this helpful?
Thanks for your feedback!