Blog

Practising Privileges Management UK: Governance Beyond the Spreadsheet

A consultant surgeon at a private hospital performs procedures outside the scope originally agreed at appointment. Nobody catches it because the scope-of-practice record sits in a spreadsheet that was last updated eight months ago. The hospital only discovers the mismatch when CQC requests the governance file.

That scenario is common. Private hospitals grant practising privileges to hundreds of self-employed consultants, each with their own scope of practice, indemnity arrangements, appraisal cycles, and revalidation timelines. Managing all of this through email and shared drives is how most providers still operate. It is also how governance gaps develop quietly until an inspection or a clinical incident forces them into view.

Practising privileges management in the UK carries a specific legal risk that most private hospital teams underestimate. Getting it wrong is not just a regulatory finding. Under the Health and Social Care Act 2008, failing to establish proper practising privilege protections is a criminal offence (CQC, Scope of Registration, 2015).

What practising privileges actually require from a governance perspective

CQC defines practising privileges as the mechanism that enables doctors to practise in a hospital without being directly employed by it. All aspects of the consultation and treatment must be carried out under the hospital's management and policies (CQC, Scope of Registration, 2015).

That definition sounds straightforward. In practice, it creates a governance challenge that generic HR or compliance tools are not built to handle.

Each consultant granted practising privileges requires ongoing verification across multiple dimensions:

  • Scope of practice. What procedures and treatments the consultant is authorised to perform at that specific facility. This must align with their GMC registration, their specialty, and the hospital's own clinical governance framework.
  • Professional indemnity. Valid medical defence or insurance coverage, verified at the correct level for the procedures being performed. Indemnity that covers NHS work does not automatically cover private practice.
  • Appraisal and revalidation. Annual appraisal completion and GMC revalidation status, with the hospital acting as or coordinating with the designated body.
  • Fit and Proper Person checks. Regulation 5 requirements for any consultant with a governance or leadership role, including DBS, financial, and conduct checks.
  • Schedule 3 pre-employment checks. The full suite of checks required under the Health and Social Care Act 2008, including identity verification, right to work, qualification verification, DBS, and professional registration.

Each of those elements has its own renewal cycle, its own source of truth, and its own risk profile if it lapses.

The self-employed contractor problem

The governance challenge with practising privileges is structural. Unlike employed staff, consultants working under practising privileges are self-employed contractors. They choose which hospitals to work at, often holding privileges at multiple sites simultaneously. They frequently define their own scope of activity, which may be broader than the work they perform in their NHS role (Verita, Practising Privileges in Private Healthcare, 2024).

This creates a dynamic that does not exist in NHS settings. An employed consultant's scope is defined by the trust and governed through job planning. A consultant with practising privileges at a private hospital may perform procedures that fall outside the hospital's usual clinical profile, and the hospital's governance team may not have the clinical expertise to assess whether the consultant's scope request is appropriate.

A compliance lead managing this on a spreadsheet is tracking not just credential status but clinical governance decisions. That is a fundamentally different task from checking whether a DBS certificate is in date.

What CQC actually expects

CQC's inspection framework for independent healthcare providers specifically examines practising privileges governance. Inspectors look for evidence that the hospital has a formal process for granting, reviewing, and withdrawing privileges. They want to see that the scope of practice is documented, agreed, and periodically reviewed.

The 2014 regulations governing practising privileges were extended beyond their original March 2025 review date, with five-yearly reviews now built into the framework (DKJ Support Services, Practising Privileges Guide, 2024). This means the regulatory expectation is not static. Providers must demonstrate that they have an active governance cycle, not just initial documentation.

Inspectors also look at how the hospital monitors compliance between formal review points. A consultant granted practising privileges in January with a five-year review period still needs continuous monitoring of their GMC registration, indemnity, and appraisal status throughout that period.

The most common inspection findings around practising privileges relate to incomplete documentation, outdated scope-of-practice records, and a lack of evidence that periodic reviews took place. Providers frequently score poorly in the Safe and Well-led domains because of practising privileges governance failures.

Why spreadsheets structurally fail at this

A spreadsheet can record when a consultant's DBS check was completed or when their indemnity expires. What it cannot do is enforce governance workflows.

Practising privileges require a sequence of approvals, document verifications, and clinical governance sign-offs. When a consultant requests an extension to their scope of practice, that request needs to be assessed, approved by a medical advisory committee, documented, and reflected in the ongoing governance record. When indemnity is renewed, the compliance team needs to verify not just that coverage exists but that it covers the specific procedures within the agreed scope.

Spreadsheet tracking treats each of these elements as a data point. The governance requirement is for them to function as a connected process, with audit trails, approval chains, and automated monitoring of expiry dates.

Private hospitals managing 100 or more consultants under practising privileges often have a single compliance officer responsible for tracking all of these elements. At that volume, manual tracking does not just create administrative burden. It creates structural blind spots where governance lapses can persist for months without detection.

The criminal offence that most governance leads have not read

Section 10 of the Health and Social Care Act 2008 makes it an offence for a registered person to fail to comply with any requirement imposed by regulations under Section 20 of that Act. Schedule 3 requirements for practising privileges fall within that scope.

Most governance leads understand practising privileges as a regulatory requirement. Fewer have absorbed the fact that failure to establish proper protections carries criminal liability for the registered organisation (CQC, Scope of Registration, 2015). This is not a theoretical risk. CQC has the power to prosecute organisations that fail to meet Schedule 3 requirements, and practising privileges governance is explicitly within scope.

The gap between "we have a process" and "we can evidence that process under inspection" is exactly where criminal exposure sits.

Private hospital admissions are growing. Governance has not kept pace.

UK private hospital admissions reached a record 898,000 in 2023, a seven per cent increase year on year (PHIN, Private Market Update, 2026). Self-pay revenue now accounts for a third of total income at major providers like Spire Healthcare (PHIN, Private Market Update, 2026). This growth means more consultants seeking practising privileges, more procedures to govern, and more regulatory exposure for hospitals still managing the process manually.

The volume challenge compounds every weakness in a manual system. Each new consultant adds another set of credentials to track, another scope-of-practice agreement to maintain, and another five-year review cycle to manage. At scale, the spreadsheet approach does not degrade gracefully. It degrades suddenly, when a lapse is discovered that the manual process was never designed to catch.

How automated practising privileges governance changes the risk profile

Platforms built specifically for healthcare credentialling can manage practising privileges as a structured governance workflow rather than a document storage exercise.

Credentially treats practising privileges as a first-class workflow. Initial appointment, scope of practice approval, indemnity verification, appraisal tracking, revalidation monitoring, and periodic review are managed as connected stages with automated expiry alerts and audit-ready reporting at each step. Rather than a compliance officer manually checking whether Dr Jones's indemnity covers their agreed scope, the platform surfaces mismatches automatically.

For medical directors, this changes the governance conversation from reactive to proactive. Instead of discovering a lapse during a CQC inspection, the hospital's governance committee sees compliance status in real time, with evidence logs that demonstrate active oversight.

For the consultants themselves, the experience improves too. A structured digital process replaces the back-and-forth of emailing scanned documents to a compliance team, waiting for manual confirmation, and receiving no feedback until something expires.

Credentially's practising privileges module also handles the complexity that generic tools miss: tracking different scopes of practice across multiple sites, managing medical advisory committee approval workflows, and generating the specific governance reports that CQC inspectors expect to see during an assessment.

Moving from a document store to an active governance system

The shift from spreadsheets to automated practising privileges management is not about technology for its own sake. It is about closing the gap between what CQC expects and what most private hospitals can currently evidence.

A governance lead who can produce a real-time practising privileges report, showing scope agreements, indemnity status, appraisal completion, and revalidation dates for every consultant, walks into a CQC inspection from a fundamentally different position than one carrying a folder of printouts from a shared drive.

The regulatory expectation is clear. The legal exposure is documented. The volume of consultants under practising privileges is growing. The only variable is whether the governance system can keep pace.

---

  1. Credentially Practising Privileges feature page
  2. CQC compliance and audit-ready reporting page
  3. Blog 14 (Fit and Proper Persons, when published)
Practising Privileges Management UK: Governance Beyond the Spreadsheet
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
UK: +44 (0) 330 818 2414US: +1 (254) 877 9814sales@credentially.iosupport@credentially.io

UK: 52 Grosvenor Gardens, 1st Floor, London SW1W 0AU

USA: 98 Cutter Mill Rd, STE 466, Great Neck NY 11021

AboutCareers
Api docsHelp CentreStatus
SecurityTerms of UseTerms and ConditionsData Processing
Agreement
ISO
GDPR
UK: +44 (0) 330 818 2414US: +1 (254) 877 9814sales@credentially.iosupport@credentially.io

UK: 52 Grosvenor Gardens, 1st Floor, London SW1W 0AU

USA: 98 Cutter Mill Rd, STE 466, Great Neck NY 11021

AboutCareers
Api docsHelp CentreStatus
SecurityTerms of UseTerms and ConditionsData Processing
Agreement
ISO
GDPR