Article

Diagnostic imaging and IR(ME)R compliance: the governance evidence CQC will look for

An image is part of a clinical pathway; a report can change treatment. Why imaging providers need a visible evidence loop, not just technical assurance, and what CQC follows from referral to report.

By Klaudiusz Zembrzuski, ex-CQC inspector.

Diagnostic imaging compliance is easy to misread from the outside. To someone who does not run an imaging service, the risk can look like machine maintenance and radiation paperwork. Those matter, but they are not the whole governance picture. An image is part of a clinical pathway. A report can change treatment. A missed urgent finding can cause harm. A wrong recipient can create a confidentiality breach. A contrast reaction, MRI screening failure or unintended exposure can become a serious patient-safety event.

That is why diagnostic imaging providers need more than technical assurance. They need a visible evidence loop.

IR(ME)R is not a folder, it is a working system

For services using ionising radiation, IR(ME)R is central. The required roles, procedures, entitlement, justification, optimisation, incident handling and audit are not just documents to show on request. They should shape daily work. CQC will be interested in whether the provider can show that the system is understood and used:

  • Who is entitled to act as referrer, practitioner and operator?
  • How are exposures justified, and how are protocols reviewed?
  • How are repeat, rejected or incorrect exposures monitored?
  • How are incidents escalated and learned from?
  • How does the provider know staff remain competent?
  • What happens when an external radiology or physics provider is involved?

The same principle applies outside ionising radiation. An ultrasound-only service does not solve governance by saying IR(ME)R does not apply to its modality. It still needs clinical governance, consent, professional competence, reporting standards, safeguarding awareness, complaints handling, information governance and escalation pathways. Modality changes the technical rulebook. It does not remove the need for governance.

The CQC evidence trail

When CQC looks at diagnostic imaging, the evidence trail should make sense from referral to report. A strong record can answer these questions:

  1. Was the examination appropriate?
  2. Was the patient identified correctly?
  3. Were risks checked before imaging?
  4. Was the examination performed by a competent person within scope?
  5. Was the equipment safe and maintained?
  6. Was the report produced and communicated in time?
  7. Were urgent and unexpected findings escalated?
  8. Were incidents, near misses and complaints reviewed for learning?

If those answers sit across multiple disconnected systems, the provider may struggle even if the clinical work is good. A PACS record may show the image. A maintenance folder may show the equipment check. An HR file may show training. An email thread may show escalation. But inspection evidence needs to connect the work into one governance story, the joined-up record we describe in how the evidence loop works.

MRI safety is its own risk profile

MRI safety cannot be treated as general equipment safety with a different machine name. The Medicines and Healthcare products Regulatory Agency (MHRA)'s MRI safety guidance is intended to highlight what needs considering before equipment is bought, after installation, and when managing current risks and hazards. In practical terms, a provider should be able to show that MRI safety is embedded in screening, access control, staff training, contraindication management, emergency planning and incident reporting. Common evidence gaps include:

  • incomplete or inconsistent MRI safety screening
  • unclear control of access to MRI-controlled areas
  • weak records for implant or device checks
  • lack of staff role clarity in an emergency
  • poor learning records after near misses
  • failure to connect equipment alerts to local action

The inspection question is not "Do you have an MRI policy?" It is "How do you know the MRI service is safe today?"

Reporting and follow-up are governance issues

Diagnostic imaging providers sometimes focus assurance on the scan itself and underplay what happens after. That is risky. Reporting delays, missed findings, unexpected findings and poor communication can all affect patient outcomes. A provider should be clear about:

  • expected report turnaround times
  • how urgent findings are identified and escalated
  • who is responsible for closing the communication loop
  • how incidental findings are handled
  • how rejected, amended or disputed reports are reviewed
  • how external reporting arrangements are monitored

If a report is clinically significant and nobody acts on it, the patient does not care whether the scanner was serviced on time. CQC will not either. This matters most for independent providers that receive referrals from multiple sources: the more fragmented the pathway, the more important the handover evidence becomes.

What incidents look like in imaging

Not every imaging incident is dramatic. Some are quiet, administrative or delayed:

  • wrong patient or wrong examination
  • wrong-side imaging
  • unintended or repeat exposure
  • MRI contraindication missed or unclear
  • contrast reaction
  • equipment or software failure
  • report sent to the wrong recipient
  • urgent finding not escalated
  • reporting delay beyond the provider's standard
  • missed follow-up after an incidental finding
  • a reporting clinician working outside agreed scope
  • a complaint about consent, dignity or communication

The important question is whether these events enter a learning system. A provider that logs an incident but does not review it has not closed the loop. A provider that discusses a concern but does not record the action has made learning invisible, the pattern we set out in what CQC looks for in incident records.

What good diagnostic imaging governance looks like

A good system is practical and connected. It does not require every provider to run the same governance structure. It does require the provider to know its modalities, risks, workforce, referrers, reporting routes and escalation responsibilities. Good evidence includes:

  • a current modality risk profile
  • local rules and procedures where required
  • role entitlement and competence records
  • equipment maintenance and quality-assurance records
  • MRI safety governance where MRI is provided
  • contrast and emergency-response readiness where relevant
  • reporting standards and turnaround monitoring
  • urgent-finding and incidental-finding escalation records
  • incidents, complaints and learning actions
  • audit results, and evidence that the actions were completed

The strongest providers can show patterns. They do not just show one incident; they show what has been happening across the service and what they have changed because of it.

The founder-view test

For a diagnostic imaging provider, I would not start by asking for every policy. I would ask for one recent risk or incident and follow it through. If there was a reporting delay, what caused it? Who knew? Was the referrer told? Was the patient affected? Was the standard reviewed? Was staffing, outsourcing or workflow changed? If there was an MRI near miss, what was the immediate control? Was access reviewed? Were staff retrained? Did the learning reach every relevant person? If a report went to the wrong recipient, was it handled as information governance, clinical risk, patient communication and process improvement, not just as an email mistake?

That is the inspection-ready version of diagnostic imaging compliance. It joins the technical rulebook to real clinical governance. It shows the provider does not only produce images; it manages the risks created by producing, reporting and acting on them instead of relying on the annual scramble we describe in why annual-panic compliance fails.

Verivius helps diagnostic imaging providers keep IR(ME)R, MRI safety, reporting, incidents, complaints, alerts and improvement actions together as one inspection-ready governance record. You can start a free trial, or read how the same approach works for independent secondary care.