The Care Quality Commission (CQC) fined Bradford Teaching Hospitals NHS Foundation Trust for failing to apologise to a family in a reasonable period of time. A baby had been admitted to Bradford Royal Infirmary in July 2016, but there were delays in diagnosing his condition and missed opportunities to admit him to hospital. He later died. In a development that will have raised the eyebrows of many in the care sector, the Trust was fined £1,250 after only apologising to the family in October 2016.
The CQC used its powers to issue a fixed penalty notice to the Trust for failing to comply with the Duty of Candour. This duty is found in 2014 regulations requiring providers to be open and honest with patients and their families if there is an incident in which they suffer harm.
Regulation 20(3) of the Health and Social Care Act 2008 (Regulated Activities) Regulations 2014 requires a provider to provide a notification of notifiable safety incidents to the relevant person as soon as it is reasonably practicable to do so. A provider must:
- ensure the notification is given in person by one or more representatives;
- provide an account, which to the best of the registered person’s knowledge is true, of all the facts known about the incident as at the date of the notification;
- advise the relevant person what further enquiries into the incident the registered person believes are appropriate;
- include an apology;
- and be recorded in a written record which is kept securely.
Under the Health and Social Care Act, the CQC can serve a penalty notice when a registered person has failed to comply with certain requirements of the regulations. Any fixed penalty paid to the CQC under section 86 of the Act must be repaid to the Secretary of State.
It is only appropriate to issue a penalty notice where the CQC would have been entitled to prosecute.
The Health and Safety Executive (HSE) are well known for playing a key role in prosecutions after serious safety incidents. The Health and Social Care Act 2008 (Regulated Activities) Regulations 2014 grants similar powers to the CQC – which is now able to prosecute cases where people using a registered service are harmed or placed at risk of harm.
The CQC’s prosecution criteria is extensive. It will only consider prosecution where there is evidence that any of the following apply:
- A service which would result in avoidable harm (whether of a physical or psychological nature) to a service user, or a service user being exposed to a significant risk of such harm occurring, or in a case of theft, misuse or misappropriation of money or property, any loss by a service user of the money or property concerned.
- Services that have been provided to individuals without informed consent.
- There has been a failure to provide reports on complaints or good governance.
- There has been a failure to legibly display ratings that relate to performance at a provider’s premises and overall place of business.
- There has been a failure to notify and offer support to the relevant person following a notifiable safety incident.
- There has been a disregard for and/or attempted avoidance of, the requirement for anyone who carries on regulated activities in England to be registered with the CQC.
- There has been a failure to comply with a requirement, warning Notice or consideration, suspension or cancellation of registration; or there has been a repetition of a breach that was subject to a simple caution.
- False information has been supplied willfully; information or explanations have been withheld; or there has been an intent to deceive, in relation to a matter that gives rise to significant risk.
- Persons authorised by the CQC to enter and inspect have been intentionally obstructed in the lawful course of their duties.
The CQC will also consider the following factors when deciding whether to prosecute:
- The gravity of the incident, taken together with the seriousness of any actual or potential harm or the general record and approach of the provider, mean that not holding the provider to account could undermine public confidence in regulation or in that sector of providers.
- There has been a disregard for the requirements of a registered person.
- There have been repeated or multiple breaches, which give rise to significant risk, or persistent and significant poor compliance.
- The service breaches the fundamentals of care, namely that it has been carried on significantly below the standards that are required for compliance with regulations and is giving rise to significant risk.
- The potential for wider learning points for providers may mean the CQC will prioritise a single case so that enforcement sends a broader message to a sector and encourages improvement across it.
Many may be surprised by the breadth of the criteria that could lead to criminal proceedings brought by the CQC against providers. It is clear that a delay in apologising is covered by the criteria above (as would a failure to provide reports on complaints and good governance in general).
Penalty notices enable the CQC to attempt a proportionate response in all the above circumstances. As their own guidance sets out, it also enables the CQC to ‘send a message’ where there are recurrent breaches across a sector. Of course, a provider need not pay a penalty notice, but this is likely to lead to a full prosecution. The sum was relatively modest and many providers may feel it is better to pay the penalty and move on. Such an attitude could be dangerous from a reputation management perspective. I would expect more providers to defend ‘prosecutions’, refusing to pay penalty notices over time.
The case is a good example of the CQC’s ever-growing willingness to use all the powers available to it when endeavoring to discharge its regulatory duties. For providers, their response – from governance, business and reputation perspective – to these more robust enforcement initiatives should be considered carefully and with full legal advice. If you have any concerns as to a potential investigation by the CQC then why not discuss this with Paul Keown, 0207 822 4168 or email email@example.com