The Care Quality Commission (CQC) are the independent regulator of health and adult social care in England.
The CQC make sure health and social care services provide people with safe, effective, compassionate, high-quality care and encourage them to improve.
They monitor, inspect and regulate services to make sure they meet fundamental standards of quality and safety and publish what is found, including performance ratings to help people choose care.
CQC has powers under the Health and Social Care Act 2008 to access and use information where we consider this is necessary for us to carry out our functions as a regulator. Where possible inspectors should explain why they are asking to look at certain records. They will consider any concerns and objections raised to them, and whether they can achieve CQC’s purpose by accessing the records of someone else. However, CQC relies on its legal powers to access information rather than consent, therefore may use its powers to access records even in cases where objections have been raised.
More detail on how we ensure compliance with data protection law (including GDPR) and our privacy statement is available on our website. As part of their own compliance with GDPR, providers’ own privacy statements should inform people of CQC’s powers to ensure their staff, people using services and their families are aware. It would be helpful for providers to include a link to CQC’s privacy statement in their own. The ICO provides more information and resources on GDPR compliance and can be contacted for advice.