Managing Third-Party Errors Within CQC Notification and Duty of Candour Processes
Not all incidents originate within the provider’s own service. Errors by hospitals, pharmacies, transport providers or agencies can still result in harm to people receiving care. Providers need clear processes for reporting incidents involving third parties to ensure accountability is maintained.
Even where fault sits externally, providers must evidence how they responded. This requires robust assurance and documentation systems that show escalation, communication and follow-up.
This aligns with the wider CQC compliance and governance knowledge hub, where responsibility for people’s safety remains with the provider.
Why this matters
Providers cannot assume that external responsibility removes their reporting obligations. The impact on the person receiving care remains central.
Inspectors expect providers to demonstrate control over how third-party incidents are managed. Commissioners expect clear coordination and communication.
A clear framework for managing third-party errors
Providers should record the incident, identify the external involvement and assess whether notification is required based on impact, not fault.
Duty of candour should still be considered, alongside communication with the external organisation and internal governance review.
Operational example 1: Pharmacy dispensing error
Baseline issue: Medication errors caused by pharmacies were recorded, but reporting decisions were inconsistent. Improvement focused on structured response, supported by MAR records, audits, feedback and staff practice.
Step 1: The staff member identifies the dispensing error and records it in the MAR chart and medication incident form, including details of the pharmacy involvement.
Step 2: The senior staff member contacts the pharmacy and records communication and advice in the medication log.
Step 3: The Registered Manager assesses the impact and records the notification decision and rationale in the notification tracker.
Step 4: The manager communicates with the person or representative and records duty of candour actions in the candour log.
Step 5: The medication lead records follow-up actions and pharmacy feedback in the governance system.
What can go wrong is assuming the pharmacy is solely responsible. Early warning signs include missing records or unclear communication. Escalation involves provider-level review or external complaint. Consistency is maintained through clear protocols.
Governance audits third-party medication errors monthly. The Registered Manager leads the audit, with provider oversight quarterly. Action is triggered by repeated issues, unclear records or audit findings.
Operational example 2: Hospital discharge error affecting care
Baseline issue: Discharge information errors were not always linked to notification decisions. Improvement focused on structured assessment, supported by care records, audits, feedback and management review.
Step 1: The staff member records the discharge issue in the daily care record and incident form, including incorrect or missing information.
Step 2: The senior staff member contacts the hospital and records communication in the communication log.
Step 3: The Registered Manager assesses the impact and records the notification decision in the tracker.
Step 4: The manager records duty of candour communication with the person or representative.
Step 5: The deputy manager updates care plans and records changes in the care planning system.
What can go wrong is focusing only on correcting the issue. Early warning signs include repeated discharge problems or unclear records. Escalation may involve raising concerns with commissioners. Consistency is maintained through structured review.
Governance audits discharge-related incidents quarterly. The Registered Manager reviews outcomes, with provider oversight annually. Action is triggered by repeated issues or audit findings.
Operational example 3: Agency staff error within the service
Baseline issue: Errors involving agency staff were not always treated consistently. Improvement focused on accountability, supported by incident logs, audits, feedback and supervision.
Step 1: The staff member records the incident involving agency staff in the incident form and daily record.
Step 2: The senior staff member informs the agency and records communication in the communication log.
Step 3: The Registered Manager assesses the incident and records the notification decision in the tracker.
Step 4: The manager records any duty of candour actions in the candour log.
Step 5: The deputy manager records follow-up actions, including agency feedback, in the governance system.
What can go wrong is unclear accountability between provider and agency. Early warning signs include repeated agency-related incidents. Escalation involves reviewing contracts or staffing arrangements. Consistency is maintained through clear agreements.
Governance audits agency-related incidents monthly. The Registered Manager leads the audit, with provider oversight quarterly. Action is triggered by repeated issues, unclear accountability or audit findings.
Commissioner expectation
Commissioners expect providers to manage third-party risks effectively. They want assurance that incidents are recorded, reported and addressed regardless of origin.
They also expect measurable outcomes, including improved coordination, clearer accountability and stronger governance systems.
Regulator and inspector expectation
Inspectors will assess how providers handle incidents involving external parties. They will expect clear records, consistent decisions and appropriate communication.
They will also look for evidence that duty of candour has been applied where required. Failure to act may indicate weak oversight.
Conclusion
Third-party errors do not remove provider responsibility. Services must ensure incidents are recorded, assessed and reported based on impact.
Strong systems support communication, documentation and governance review. This ensures accountability and protects people receiving care.
Outcomes are evidenced through audit findings, improved coordination, staff practice and stakeholder feedback. Consistency is maintained through structured processes, regular review and provider oversight.
For providers aiming to demonstrate strong governance, effective management of third-party errors is a key indicator of control and professionalism.