Professional Boundaries and Conduct Policy

1. What the regulation says

Service users must be protected from abuse and improper treatment in accordance with this regulation. (Reg 13(1) (the headline duty))

Systems and processes must be established and operated effectively to prevent abuse of service users. (Reg 13(2) (prevention systems))

Systems and processes must be established and operated effectively to investigate, immediately upon becoming aware of, any allegation or evidence of such abuse. (Reg 13(3) (investigation systems))

any behaviour towards a service user that is an offence under the Sexual Offences Act 2003, (Reg 13(6)(a) (sexual offences))

theft, misuse or misappropriation of money or property belonging to a service user, or (Reg 13(6)(c) (theft / misuse / misappropriation))

This policy also engages Regulation 10 (dignity and respect) and Regulation 19 (fit and proper persons employed):

Service users must be treated with dignity and respect. (Regulation 10(1))

be of good character, (Reg 19(1)(a) (good character))

The full text of the regulation is at https://www.legislation.gov.uk/uksi/2014/2936/regulation/13. Where this policy and the regulation diverge, the regulation wins.

2. Plain-English summary

Service users must be protected from abuse and improper treatment. You need effective systems to prevent abuse, and effective systems to investigate any allegation or evidence of abuse as soon as you become aware of it. Care must not be provided in a way that discriminates, uses disproportionate control or restraint, is degrading, or significantly disregards the service user's needs. Service users cannot be deprived of their liberty without lawful authority. Professional boundaries are how a service prevents abuse before it happens: clear limits on conduct, money, relationships, communication and access protect people using the service, staff and the provider, and they make breaches easier to spot and investigate.

3. Purpose

The purpose of this policy is to make clear the professional standards and boundaries expected of everyone working in or for [Service Name].

Professional boundaries protect people using the service, staff and the provider. They support safe care, dignity, safeguarding, trust, confidentiality and good governance.

This policy supports Regulation 13 safeguarding, Regulation 10 dignity and respect, Regulation 11 consent, Regulation 12 safe care and treatment, Regulation 17 good governance, Regulation 18 staffing, Regulation 19 fit and proper persons employed, and relevant professional standards.

4. Policy warning

Staff must not use their role, access, knowledge, authority or relationship with a person using the service for personal, sexual, emotional, financial, social, political or other improper advantage.

A breach of professional boundaries may be abuse, misconduct, professional misconduct, a safeguarding matter, a criminal matter, or evidence that the person is not fit to work in the service.

The service will act immediately where boundaries are crossed or where a person using the service may be at risk.

5. Scope

This policy covers conduct and boundaries involving:

• people using the service
• families and representatives
• advocates
• visitors
• colleagues
• external professionals
• commissioners
• contractors
• online and social media contact
• financial interactions
• gifts
• personal relationships
• intimate care
• access to records
• use of personal devices
• communication outside work

It applies at work, during service-related activity, online, and outside work where conduct may affect suitability, safety or trust.

6. Principles

Staff must:

• treat people with dignity and respect
• maintain professional boundaries
• act honestly and transparently
• avoid conflicts of interest
• protect confidentiality
• communicate appropriately
• avoid exploitation or favouritism
• report concerns early
• follow service policies
• work within competence
• act in the best interests of people using the service

Professional warmth is encouraged. Personal dependency, secrecy, favouritism or exploitation is not.

7. Responsibilities

All staff are responsible for maintaining professional boundaries and raising concerns.

Managers are responsible for setting expectations, supervising practice, challenging poor conduct and acting on concerns.

The Registered Manager is responsible for investigating boundary concerns, safeguarding escalation, referrals and governance review.

The provider or Nominated Individual is responsible for oversight where concerns are serious, repeated or involve managers.

8. Relationships with people using the service

Staff must maintain a professional relationship with people using the service.

Staff must not:

• start a sexual or romantic relationship with a person using the service
• pursue a relationship after the service relationship ends where this may exploit trust or vulnerability
• create emotional dependency
• share excessive personal information
• visit outside work without authorisation
• invite the person to their home
• give personal contact details without authorisation
• use the person for personal support
• favour one person over others
• make promises they cannot keep
• use language or behaviour that is sexual, degrading, intimidating or discriminatory

Any existing personal relationship must be declared to the Registered Manager.

9. Sexual boundaries

Sexual behaviour, sexual comments, sexualised jokes, sexualised touch, grooming, exposure, sharing sexual images or sexual relationships with people using the service are prohibited.

Any sexual boundary concern must be escalated immediately.

The Registered Manager must consider:

• safeguarding referral
• police contact
• suspension or restriction from duties
• DBS referral
• professional-regulator referral
• CQC notification
• support for the person affected
• incident and investigation records

10. Gifts, money and financial boundaries

Staff must not borrow from, lend to, sell to, buy from, or financially exploit people using the service.

Staff must not accept gifts, money, loans, tips, personal benefits, bequests or favours except in line with the service's Gifts and Hospitality Policy.

Staff must not:

• handle money unless authorised and recorded
• use bank cards or PINs unless explicitly authorised through care planning and policy
• become involved in wills, property, inheritance or financial decisions
• ask for sponsorship, donations or personal support
• accept private work from people using the service without written approval

Any financial irregularity must be reported immediately.

11. Social media and digital contact

Staff must not contact, follow, message, befriend or interact with people using the service or their relatives through personal social media accounts unless there is a pre-existing relationship declared and approved by the Registered Manager.

Staff must not:

• share information about people using the service online
• post photographs or videos of people without lawful authority and service approval
• discuss incidents, complaints or staff matters online
• use personal devices to store service-user information or images unless explicitly authorised
• send informal messages that bypass service records
• use online contact to create dependency or secrecy

Digital contact must be professional, recorded and service-approved.

12. Communication

Staff must communicate in a way that is respectful, clear and appropriate.

Staff must not use:

• offensive language
• discriminatory language
• sexual comments
• threats
• ridicule
• humiliation
• sarcasm intended to hurt
• coercive or controlling language
• pet names that the person dislikes or finds degrading
• language that undermines dignity

Where a person has communication needs, staff must adapt communication to support understanding and involvement.

13. Confidentiality and access to records

Staff must only access records where they have a legitimate work reason.

Staff must not access records because they know the person, are curious, or have a personal interest.

Staff must not disclose confidential information to unauthorised people.

Breaches of confidentiality may be treated as misconduct, data breach, safeguarding concern or professional-regulatory matter.

14. Working within competence

Staff must work within their role, training, competence and authorisation.

Staff must not:

• perform tasks they are not trained or authorised to do
• give advice outside their competence
• alter care or treatment plans without authority
• ignore professional restrictions
• misrepresent qualifications or experience
• continue a task where they feel unsafe or incompetent

Concerns about competence must be raised with a manager immediately.

15. Conflicts of interest

Staff must declare conflicts of interest.

Examples include:

• personal relationship with a person using the service
• family member using the service
• financial interest
• outside employment
• relationship with supplier or contractor
• involvement in another organisation connected to the service
• personal dispute affecting professional judgement

The Registered Manager must record the conflict and any controls required.

16. Boundaries in lone working and home settings

Where staff work alone or in people's homes, professional boundaries remain essential.

Staff must:

• follow visit plans
• record visits accurately
• avoid unnecessary personal arrangements
• protect confidential records
• avoid accepting gifts or favours
• report unsafe, inappropriate or boundary-crossing behaviour
• leave and escalate where personal safety is at risk
• not undertake tasks outside the care plan unless authorised or necessary in an emergency

17. Reporting boundary concerns

Staff must report concerns immediately where they see or suspect:

• inappropriate relationship
• grooming
• sexual comment or behaviour
• financial exploitation
• unauthorised contact
• confidentiality breach
• bullying, intimidation or discrimination
• favouritism
• unsafe practice
• dishonesty
• misuse of position
• staff member working outside competence
• conduct that may make a person unsuitable for the role

Concerns may be raised with the line manager, Registered Manager, safeguarding lead, provider representative or through the whistleblowing route.

18. Immediate protective action

Where a boundary concern may place a person at risk, the Registered Manager must consider immediate protective action.

This may include:

• removing the staff member from direct contact
• restricting duties
• increasing supervision
• preserving records
• securing devices or information where lawful
• informing safeguarding
• contacting police
• notifying CQC
• referring to DBS
• referring to professional regulator
• informing agency or contractor employer
• supporting the person affected

The decision must be recorded.

19. Investigation

Boundary concerns must be investigated proportionately and fairly.

The investigation may include:

• speaking with the person affected
• speaking with witnesses
• reviewing records
• reviewing messages or digital contact where lawful
• reviewing rota or visit records
• checking incident, complaint or safeguarding history
• obtaining agency or employer information
• seeking professional or legal advice
• liaising with safeguarding, police or regulators

Internal investigation must not interfere with safeguarding or police enquiries.

20. Referral duties

The Registered Manager must consider whether the concern requires referral to:

• safeguarding authority
• police
• DBS
• professional regulator
• CQC
• commissioner or local authority
• Information Commissioner's Office where a data breach is involved
• agency or contractor employer

The decision to refer or not refer must be recorded with rationale.

21. Staff support and training

Staff must receive training on professional boundaries appropriate to their role.

Training must cover:

• dignity and respect
• safeguarding
• consent
• confidentiality
• gifts and finances
• social media
• intimate care
• lone working
• conflicts of interest
• reporting concerns
• professional-regulator expectations where relevant

Supervision must include discussion of boundaries where risk or role requires it.

22. Records

The service must keep records of:

• boundary concerns
• immediate protective action
• risk assessment
• investigation
• safeguarding referral
• police contact
• DBS or professional-regulator referral
• CQC notification consideration
• outcome
• learning
• actions taken
• support offered to person affected

Records must be factual, secure and restricted to authorised people.

23. Audit and governance

The Registered Manager must review professional-boundary concerns through governance.

The review must consider:

• repeated themes
• staff training
• supervision quality
• lone-working risks
• digital-contact risks
• safeguarding links
• recruitment and fitness concerns
• whether policies or controls need strengthening

Serious or repeated boundary concerns must be escalated to provider level.

24. Related policies

This policy should be read with:

• Safeguarding Adults Policy
• Safeguarding Children Policy
• Consent Policy
• Chaperone Policy
• Dignity and Respect Policy
• Data Protection and Confidentiality Policy
• Staff Conduct and Disciplinary Policy
• Whistleblowing and Raising Concerns Policy
• Lone Working Policy
• Record Keeping Policy
• Safe Recruitment Policy
• Fitness, Professional Registration and Referral Policy
• Complaints Policy
• Incident Reporting, Investigation and Learning Policy

25. Review

This policy will be reviewed annually, or sooner following a safeguarding concern, complaint, boundary incident, professional-regulatory matter, CQC finding, data breach, staff conduct theme or change in legal or professional guidance.

26. Sources and further reading

This template is based on CQC's guidance for providers and managers, the Health and Social Care Act 2008 (Regulated Activities) Regulations 2014, and other topic-specific legislation and guidance listed below. It is a starting point for adaptation, not a substitute for legal, clinical, HR, safeguarding or specialist professional advice.

• CQC Regulation 13: Safeguarding service users from abuse and improper treatment
• CQC Regulation 10: Dignity and respect
• CQC Regulation 19: Fit and proper persons employed
• Professional regulator conduct standards (for example NMC, GMC, GDC, HCPC, Social Work England, as relevant to the staff group)
• DBS barring referral guidance
• Local authority safeguarding adults procedures
• Information Commissioner's Office guidance (where a confidentiality or data breach is involved)
• Human Rights Act 1998 (https://www.legislation.gov.uk/ukpga/1998/42)
• Health and Social Care Act 2008 (Regulated Activities) Regulations 2014 (https://www.legislation.gov.uk/uksi/2014/2936/regulation/13)

27. When to seek further advice

Seek specialist advice where the issue involves serious harm, safeguarding, deprivation of liberty, restraint, children, professional misconduct, controlled drugs, radiation, termination of pregnancy, infection outbreak, water safety, employment dismissal, DBS barring referral, or regulatory enforcement.

28. Document control

This sample policy template was issued by Verivius. It is a template, not a substitute for legal advice or the tenant's own policy-development process. Where this template and live law or regulator guidance diverge, the live source wins.