Skip navigation

Disclosing information to regulators

There are a number of regulators – such as the General Medical Council, the Care Quality Commission and us – who may need you to pass on information to them

In some cases regulators have statutory powers to request information (see ‘Identifiable information and fitness to practise’ below). This section refers to regulators of health and care professionals, but is relevant to other types of regulators as well.

Reporting your concerns

Registrants are often not sure about passing on identifiable information because they do not know how this information might be used. However, so that regulators can protect the public, it is important that you tell them if you have any concerns about whether a registered professional is fit to practise. This is also related to your duties under our standards of conduct, performance and ethics.

When you tell a regulator about your concerns, you may need to include information about a service user. This might be because your concerns are about the care or services provided to a particular service user or group of service users.

If you need to disclose information about a service user, make sure that the information is relevant to your concerns. You should, if possible, remove all identifiable information, including names and addresses. Where it is necessary to include identifiable information it is good practice to tell the service user and try to get their consent for the disclosure. However, if the disclosure is required in the public interest, identifiable data can be disclosed without consent.

You should keep an appropriate record of any disclosures, giving reasons for disclosing the information and a justification for that disclosure where possible.

You might also want to discuss these matters with your manager (if you have one) or a
professional colleague. If you are not sure whether to tell a regulator, what information to provide, or how they will use the information, you should contact the regulator for more advice.

Identifiable information and fitness to practise

Sometimes regulators make requests for information about service users that they need to help them investigate a registrant’s fitness to practise. For example, if we are looking at a complaint about a registrant's record-keeping, we might need to ask for copies of the records so that we can decide whether the professional has met our standards.

Regulators often have powers to require information from people other than the person being investigated. They will sometimes make these requests using ‘statutory powers’. These are powers that a regulator has by law to help them in an investigation. You have to provide the
information, but it is good practice to tell service users (if possible) when you have disclosed information about them.

You should make sure that you only provide the information the regulator has asked for, and provide anonymised or partly anonymised information when you can. If we ask for information using our statutory powers, we will put this in writing and explain why we are asking for it and how we will use it.

Information we use during a hearing will usually have all the identifiable information removed from it, and we will always take appropriate steps to make sure that we protect a service user’s confidentiality. The law says we have to handle this information responsibly. For  example, we use terms such as ‘Service user A’ to refer to individuals. We may also hold  hearings fully or partly in private when necessary.

Page updated on: 24/03/2021