Record Keeping and Documentation Standards Policy

1. What the regulation says

Systems or processes must be established and operated effectively to ensure compliance with the requirements in this Part. (Reg 17(1): the umbrella duty)

assess, monitor and improve the quality and safety of the services provided in the carrying on of the regulated activity (including the quality of the experience of service users in receiving those services) ... assess, monitor and mitigate the risks relating to the health, safety and welfare of service users and others who may be at risk which arise from the carrying on of the regulated activity. (Reg 17(2)(a) and (b): quality and risk)

maintain securely an accurate, complete and contemporaneous record in respect of each service user, including a record of the care and treatment provided to the service user and of decisions taken in relation to the care and treatment provided. (Reg 17(2)(c): accurate service-user record)

The full text of the regulation is at https://www.legislation.gov.uk/uksi/2014/2936/regulation/17. Where this policy and the regulation diverge, the regulation wins.

2. Plain-English summary

You have to run effective systems and processes to comply with everything else in Part 3. The regulation lists six things those systems must enable in particular: quality assessment and improvement, risk management, accurate service-user records, accurate employment and management records, seeking and acting on feedback, and continually evaluating and improving how you process all this. If CQC requests a written report on quality and risk plus your improvement plans, you have 28 days from the day after the request.

3. Purpose

The purpose of this policy is to make sure that records created by [Service Name] are accurate, complete, contemporaneous, secure and useful for safe care, good governance and inspection evidence.

Good records are not an administrative extra. They are part of safe care. They show what was known, what was decided, what was done, who was involved and what changed as a result.

This policy supports Regulation 17 good governance, Regulation 12 safe care and treatment, the Mental Capacity Act, safeguarding duties, data protection law and professional standards.

4. Policy warning

If it is not recorded, the service may not be able to evidence that it happened.

Records must not be falsified, backdated, deleted to conceal information, altered without audit trail, or written in a way that misleads the reader.

Poor record keeping can place people at risk, undermine continuity of care, prevent learning, and create evidence of poor governance.

5. Scope

This policy applies to all records relating to:

• care and treatment
• clinical consultations
• risk assessments
• care plans
• consent
• mental capacity and best interests
• medicines
• incidents
• complaints
• safeguarding
• duty of candour
• CQC notifications
• staff recruitment
• training
• supervision and appraisal
• audits
• action plans
• risk registers
• governance meetings
• equipment and premises checks
• communication with people, families, advocates and professionals
• service management
• business continuity
• data protection and confidentiality

Records may be paper-based, electronic, photographic, audio, video or held in another format.

6. Principles

All records must be:

• accurate
• complete
• contemporaneous
• legible
• attributable
• dated and timed where relevant
• clear
• factual
• respectful
• secure
• accessible to authorised people
• retained and destroyed lawfully
• sufficient to support safe care and governance

7. Responsibilities

All staff are responsible for making accurate records within their role.

Managers are responsible for checking record quality, acting on gaps and making sure staff have the training and time needed to keep records properly.

The Registered Manager is responsible for ensuring that record-keeping systems support safe care, confidentiality, audit and inspection readiness.

The provider is responsible for ensuring that records are securely stored, backed up where applicable, and retained lawfully.

8. When records must be made

Records must be made as soon as reasonably possible after the event, decision, care episode, contact or review.

Records must be made on the same day unless there is a clear reason why this is not possible.

Where a record is made later, the entry must state:

• date and time of the event
• date and time the record was made
• reason for delay
• person making the record

Late entries must be clearly identifiable as late entries.

9. Content of records

Records must include enough information to explain:

• what happened
• who was involved
• what was observed
• what was reported
• what was decided
• why the decision was made
• what action was taken
• who was informed
• what follow-up is needed
• when the matter will be reviewed

Records must be written so that another competent person could understand the situation and continue care safely.

10. Factual and respectful language

Records must be factual, professional and respectful.

Staff must avoid:

• judgemental language
• personal opinions presented as fact
• blaming language
• offensive or discriminatory wording
• vague phrases such as "fine", "usual", "no concerns" without context
• unexplained abbreviations
• speculation
• emotional commentary

Where professional judgement is recorded, it must be clear what facts or observations support that judgement.

11. Corrections and amendments

Records must not be erased, overwritten or altered in a way that hides the original entry.

Where a correction is needed, the record must show:

• what was corrected
• who corrected it
• date and time of correction
• reason for correction

For paper records, the original entry must remain readable. For electronic records, the system should retain an audit trail.

12. Care and treatment records

Care and treatment records must include, where relevant:

• assessment
• care plan or treatment plan
• risk assessments
• consent
• mental capacity assessment
• best-interests decision
• communication needs
• medicines
• allergies
• clinical observations
• care delivered
• treatment delivered
• changes in condition
• escalation
• professional advice
• family, advocate or representative contact
• review dates
• discharge, transfer or handover information

Records must reflect the person's current needs and must be updated when those needs change.

13. Risk assessments and care plans

Risk assessments and care plans must be reviewed:

• when the person starts using the service
• at planned review intervals
• after an incident
• after a complaint or safeguarding concern
• after a change in needs
• after hospital admission or discharge where relevant
• after professional advice
• where staff identify that the current plan is no longer accurate

Staff must follow the current care plan and risk assessment. If the plan cannot be followed, this must be escalated and recorded.

14. Consent, capacity and best interests

Records relating to consent and capacity must show:

• the decision being considered
• information given to the person
• how the person was supported to decide
• the person's response
• whether the person had capacity for that specific decision
• who was consulted where the person lacked capacity
• best-interests reasoning
• less restrictive options considered
• decision made
• review date

Consent must be reviewed where the decision changes, the person's condition changes, or there is reason to believe consent may no longer be valid.

15. Incident, complaint and safeguarding records

Incident, complaint and safeguarding records must include:

• date and time
• people involved
• factual account
• immediate action taken
• escalation
• external reporting decision
• investigation or review
• actions agreed
• outcome
• learning
• communication with the person or representative
• closure decision
• review or follow-up

These records must link to action plans, risk register entries or care-plan updates where relevant.

16. Staff records

Staff records must include information relevant to employment, role suitability, training, supervision and ongoing fitness.

This includes, where applicable:

• recruitment checks
• Schedule 3 information
• DBS and barred-list information
• right to work
• references
• qualifications
• professional registration
• induction
• training
• competency assessments
• supervision
• appraisal
• fitness declarations
• conduct or capability records
• restrictions or adjustments

Access to staff records must be restricted to authorised people.

17. Governance records

Governance records must include:

• audits
• risk register
• action plans
• incident trend reviews
• complaint trend reviews
• safeguarding reviews
• meeting minutes
• provider oversight
• policies and procedures
• service maintenance records
• equipment checks
• training compliance
• staffing reviews
• feedback analysis
• improvement plans
• evidence that actions were completed and checked

Governance records must show not only that issues were identified, but that the service acted and reviewed whether improvement happened.

18. Confidentiality and access

Records must be kept confidential and accessed only by people who need the information for a lawful and legitimate purpose.

Staff must not access records out of curiosity or because they know the person.

Records must not be left visible or accessible to unauthorised people.

Electronic records must be protected by appropriate access controls, passwords and role-based permissions.

Paper records must be stored securely when not in use.

19. Sharing records

Information may be shared where there is a lawful basis and it is necessary for care, treatment, safeguarding, legal duty, regulatory duty, professional duty or serious risk management.

Where information is shared, the record should show:

• what was shared
• with whom
• why
• when
• who authorised it where required

Staff must seek advice if they are unsure whether information should be shared.

20. Retention and disposal

Records must be retained and disposed of in line with the service's retention schedule, legal requirements, professional guidance and data protection duties.

Records must be destroyed securely when retention has expired and there is no lawful reason to keep them.

The service must maintain evidence of secure destruction where appropriate.

21. Record audit

The Registered Manager must audit record quality at least quarterly.

The audit must check:

• completeness
• timeliness
• legibility
• accuracy
• care-plan updates
• risk-assessment reviews
• consent and capacity records
• incident and complaint links
• action follow-through
• confidentiality
• secure storage
• whether records support continuity of care

Findings must be recorded and actioned.

22. Staff training

Staff must receive training appropriate to their role on:

• record-keeping standards
• confidentiality
• data protection
• factual writing
• care documentation
• incident records
• safeguarding records
• consent and capacity records
• electronic systems where used
• correcting errors
• escalation of poor records

Where record keeping is poor, the manager must consider supervision, retraining, competency assessment or formal action.

23. Related policies in this pack

This policy should be read with:

• Good Governance Policy
• Safe Care and Treatment Policy
• Data Protection and Confidentiality Policy
• Incident Reporting, Investigation and Learning Policy
• Complaints Policy
• Safeguarding Policy
• Consent Policy
• Mental Capacity Act Policy
• Action Plan and Improvement Tracking Policy
• Clinical Audit and Quality Assurance Policy
• Staff Recruitment Policy
• Training and Competency Policy

24. Review

This policy will be reviewed annually, or sooner following a CQC finding, serious incident, data breach, record audit failure, safeguarding concern, complaint theme, change in legislation or change in documentation system.

25. Sources and further reading

This template is based on CQC's guidance for providers and managers, the Health and Social Care Act 2008 (Regulated Activities) Regulations 2014, and other topic-specific legislation and guidance listed below. It is a starting point for adaptation, not a substitute for legal, clinical, HR, safeguarding or specialist professional advice.

• CQC Regulation 17: Good governance
• ICO records management and security guidance
• Professional record-keeping standards, especially GMC, NMC, HCPC and GDC
• NHS Records Management Code of Practice (where relevant)
• UK GDPR and Data Protection Act 2018
• Health and Social Care Act 2008 (Regulated Activities) Regulations 2014 (https://www.legislation.gov.uk/uksi/2014/2936/regulation/17)

26. When to seek further advice

Seek specialist advice where the issue involves serious harm, safeguarding, deprivation of liberty, restraint, children, professional misconduct, controlled drugs, radiation, termination of pregnancy, infection outbreak, water safety, employment dismissal, DBS barring referral, or regulatory enforcement.

27. Document control

This sample policy template was issued by Verivius. It is a template, not a substitute for legal advice or the tenant's own policy-development process. Where this template and live law or regulator guidance diverge, the live source wins.