Blog

Confidence in Credentialling: Your Questions Answered

Last week, Credentially partnered with The Digital Health Assurance Company and PwC to host a webinar exploring what the CQC expects from healthcare providers when it comes to recruitment compliance and credentialling.

The session brought together compliance specialists, digital credentialling experts, and governance advisors to address the practical realities of meeting Regulation 19, Schedule 3, and Regulation 5. The webinar covered what good looks like, where providers most commonly fall short, and how digital credentialling supports ongoing assurance.

The audience raised a number of important questions during the session. Below, we have published the full Q&A with detailed answers from our panel.

The Webinar and subsequent publishing of the Q&A is part of a series of joint education and guidance that will be shared over the coming months. To find out more about how Credentially and The Digital Health Assurance Company can support your organisation, get in touch with the team[link].

Questions & Answers

How do providers show good ongoing compliance when using locum and bank staff compared to regular staff?

A good first step is to review the Service Level Agreement that the provider has with the agency and confirm it complies with Regulation 19 and Schedule 3. The agency also needs to share a record or other form of information showing that the required checks have been completed.

Because locum and bank staff may not be long-term colleagues, it is important they receive a bespoke induction guide that provides granular detail on how they are to operate within your systems. The induction resource should include contact details for key personnel who can answer any queries. This document should be reviewed regularly to ensure it reflects the current Safeguarding Lead and other essential roles.

The CQC will always ask to see locum packs to check they contain the required information to keep patients and service users safe.

What are the most frequent errors or omissions usually found after a typical audit?

The most common finding is that two references have not been taken, or the references provided do not meet the required standard for employment references. An academic reference is only acceptable when the candidate has been undertaking a course or qualification. A character reference is only acceptable where there has been a significant gap in the recent employment history.

Gaps in employment history are another recurring issue. Providers often do not explore those gaps with the candidate. A practical step is to include a note on the job posting, or communicate through the agency, that any gap of more than four weeks requires a narrative explaining why the gap occurred within the CV. Gaps are very common and usually attributed to caring responsibilities, academia, travelling, or other commitments. The important thing is that there is an explanation. Providers need to be curious and not treat the exercise as a foregone conclusion.

The third common theme is a lack of overall record keeping, with the induction section containing the least information.

What is best practice for performing these checks retrospectively, for example for directors already in place before the organisation registered with CQC?

This process can feel quite invasive to individuals who have never worked within a regulated healthcare service, particularly at a senior director level.

If directors are not compliant historically, the first step is to highlight this to the Chief People Officer or Director of HR. This can be an informal conversation or a detailed summary explaining that now the organisation is registered with CQC, this activity needs to be completed retrospectively for senior leaders. The Risk Register should also be updated. At this point the organisation has fallen out of compliance, and this poses a significant risk. A failure to act reflects a poor culture from the most senior level and can impact the Well-Led domain scoring upon inspection. From experience, a sample is traditionally taken of director, NED, and senior leader personnel files when checking compliance.

After speaking with the relevant person, a Board Workshop can be a more collaborative forum for discussing Regulation 19, Schedule 3, and Regulation 5 and what these checks mean for directors. Alternatively, a detailed report for inclusion on the relevant meeting agenda may be more constructive. This report should cover:

  • Non-compliance rationale: Why the organisation is currently non-compliant.
  • Risk Register entry: Formal recording of the compliance risk.
  • Regulatory requirements: Regulation 19, Schedule 3, and Regulation 5 compliance obligations.
  • Information gathering plan: How information will be collected, vetted, and recorded.
  • Timescale: A clear timeline for completing the project, which can be captured as a quality improvement initiative.
  • Ongoing assurance: Plans for maintaining compliance through regular audits.

Upon registration, the provider agreed to the CQC standards. If there is resistance from directors or a general reluctance to share personal information, and the CEO cannot secure their cooperation, it may be beneficial to seek external support.

Providers should also be reminded that staff members can whistleblow both internally and externally to the CQC if they have concerns that are not being managed.

Who do "directors" refer to? Is that the Board of Directors or the executive level? Are board members subject to the same checks?

Members of the Board of Directors must meet the requirements of Regulation 19.

The term director means anyone with director-level responsibility for the quality and safety of care and for meeting the fundamental standards. Rather than basing Regulation 5 checks on job titles, it is better to look at the person's role and responsibilities. Often this will be the senior leaders, though naming conventions vary across organisations and partnerships.

Can we start someone before their reference comes in, if there is a delay and the person is needed urgently?

Regulation 19 and Schedule 3 are pre-employment checks, so it should become standard practice and part of the recruitment culture to treat them as such.

There are two options to bridge a staffing gap. In the first instance, consider locum, bank, or agency staff who already have the required checks in place.

If there are extraordinary circumstances that require an immediate start, a robust risk assessment of the individual could be conducted with appropriate mitigations, such as not providing care unsupervised while the Regulation 19 checks are ongoing. This approach is only for extraordinary circumstances. It is not best practice and should not become custom and practice.

What is the best way for teams to escalate gaps in the recruitment and governance process to executive level, framing it as a governance improvement rather than an operational failure?

It can be challenging to highlight non-compliance when there is a lack of a no blame culture. Non-clinical regulations, including Regulation 15, 16, and 19, are often not part of the Annual Audit Schedule. This means a critical governance tool that acts as an early warning system for non-compliance is not generating evidence about health and safety, recruitment, and complaint handling. The advice is to raise concerns as soft intelligence to the relevant manager and proactively seek permission to conduct an audit. This provides the fact-based evidence needed to position the issue as a piece of non-clinical quality improvement work.

Before undertaking the audit, make sure the standards align to Regulation 19 and Schedule 3, and ensure any resulting action plan is detailed.

The Risk Register is another key governance tool. Any staff member should be able to raise a risk, and it is then for senior leaders to discuss the scoring and mitigations. Recording the risk may highlight a resource issue that is the underlying cause of non-compliance. Having it on the Risk Register places the onus for accountability and monitoring on senior leaders, which is correct. They cannot be unaware of risks to the organisation and they carry a high level of accountability to the regulator to maintain a positive risk culture.

Contact & Next Steps

If you would like to discuss how Credentially can support your organisation's compliance and credentialling processes, you can book a call with the team.

Confidence in Credentialling: Your Questions Answered
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
UK: +44 (0) 330 818 2414US: +1 (254) 877 9814sales@credentially.iosupport@credentially.io

UK: 52 Grosvenor Gardens, 1st Floor, London SW1W 0AU

USA: 98 Cutter Mill Rd, STE 466, Great Neck NY 11021

AboutCareers
Api docsHelp CentreStatus
SecurityTerms of UseTerms and ConditionsData Processing
Agreement
ISO
GDPR
UK: +44 (0) 330 818 2414US: +1 (254) 877 9814sales@credentially.iosupport@credentially.io

UK: 52 Grosvenor Gardens, 1st Floor, London SW1W 0AU

USA: 98 Cutter Mill Rd, STE 466, Great Neck NY 11021

AboutCareers
Api docsHelp CentreStatus
SecurityTerms of UseTerms and ConditionsData Processing
Agreement
ISO
GDPR