Healthcare Compliance You Can Trust

The CQC's single assessment framework, introduced from 2023, replaced the previous approach with a continuous evidence model. Instead of preparing for a periodic themed inspection, providers are assessed against 34 quality statements (grouped under Safe, Effective, Caring, Responsive, and Well-led) on an ongoing basis. CQC collects evidence through regulatory data submissions, feedback from people using services, staff surveys, and both announced and unannounced site visits. Assistant Manager helps you maintain a live evidence base mapped to each quality statement — including completed audit records, training data, incident reports, and governance meeting minutes — so you are inspection-ready at all times rather than scrambling to prepare.

Under the Misuse of Drugs Regulations 2001 and associated NHS England guidance, controlled drugs (Schedule 2 in particular) must be recorded in a bound, paginated controlled drugs register with entries made at the time of each transaction. Each entry must include the date, patient name, drug, strength, quantity obtained or supplied, and running balance. Two registered practitioners should witness administration, and the balance must be reconciled at each shift change. In NHS settings, a Controlled Drugs Accountable Officer (CDAO) oversees the system. Assistant Manager provides digital controlled drugs checklists with dual-authorisation workflows, automatic balance tracking, and tamper-evident audit logs — with instant alerts when a discrepancy is identified.

Healthcare providers must maintain records of mandatory and statutory training (MAST) covering topics including: basic life support (annual), manual handling (annual), fire safety (annual), safeguarding adults and children (levels 1–3 depending on role, refreshed every 1–3 years), IPC (annual), information governance, and medicines management (where applicable). For regulated professionals, you must also record and verify ongoing professional registration with the NMC, GMC, HCPC, or other relevant body. DBS checks must be enhanced level for all patient-facing roles, with renewal policies documented. Assistant Manager's training matrix tracks all of these with automated expiry alerts, so no individual — including bank and agency workers — is deployed without current certification.

CQC can inspect without notice at any time, so the only reliable preparation is a culture of continuous compliance. Practically, this means: keeping care records contemporaneous and complete; maintaining a current training matrix with no critical gaps; ensuring controlled drug registers are balanced and up to date; having your IPC audit results, hand hygiene audit scores, and environmental audit records readily accessible; and being able to produce the registered manager's CQC registration certificate and current DBS immediately. Inspector simulations — where a senior manager walks through the service as an inspector would — are valuable. Assistant Manager's compliance dashboard gives you a real-time view of any gaps so they can be addressed before, not during, an inspection visit.

All CQC-registered providers must comply with the Health and Social Care Act 2008 Code of Practice on the Prevention and Control of Infections (the hygiene code). Key requirements include: designating an IPC lead; an annual IPC programme with audit schedule; hand hygiene audits at least quarterly with results shared and acted upon; environmental and equipment cleaning audits; a policy for isolation of patients with infectious conditions; staff training on standard and transmission-based precautions; and antibiotic stewardship policies. The National Infection Prevention and Control Manual (NIPCM) published by UK Health Security Agency provides detailed technical guidance. CQC assesses IPC compliance under both the Safe and Well-led quality statements.

The statutory duty of candour (Regulation 20 of the Health and Social Care Act 2008 (Regulated Activities) Regulations 2014) requires providers to be open and honest when things go wrong. When a notifiable safety incident occurs (unexpected or unintended harm resulting in moderate harm, prolonged psychological harm, or death), the provider must: notify the affected person (or their representative) in person as soon as reasonably practicable; provide a written apology; offer a full investigation and explanation; and keep a written record of all steps taken. Assistant Manager provides incident reporting workflows with duty of candour prompts, letter templates, and a complete audit trail of every notification and communication — giving you defensible evidence of compliance if CQC or a court reviews the case.

The Safeguarding Children and Young People: Roles and Competencies for Healthcare Staff (Royal Colleges intercollegiate document, updated 2019) and equivalent adult safeguarding frameworks define training levels by role. Level 1 (awareness) is required for all staff including non-clinical. Level 2 is required for all clinical staff. Level 3 is required for those who could be first-point-of-contact for safeguarding disclosures or who supervise others. Level 4 (specialist) is for designated named professionals. Refresher periods range from one to three years depending on level and role. Assistant Manager tracks each staff member's training level against their role requirements and flags expiries with sufficient lead time for renewal to be organised.

Since April 2024, NHS providers must report patient safety events through the Learn from Patient Safety Events (LFPSE) service, which replaced the National Reporting and Learning System (NRLS). Independent healthcare providers are encouraged to use LFPSE or a compatible local system. Internally, all incidents — including near misses — should be captured, graded by severity, investigated proportionately (Serious Incidents require a structured investigation), and reviewed for learning. Certain incidents trigger mandatory external reporting: deaths and serious injuries to CQC within three days; RIDDOR-reportable incidents to the HSE; Never Events to NHS England immediately. Assistant Manager's incident reporting module captures events at the point of occurrence via mobile, routes them for review, triggers the appropriate notification checklists, and maintains a searchable incident log for trend analysis.