Compliance with Care Quality Commission (CQC) requirements is a core responsibility across healthcare settings, from GP surgeries and clinics to care homes, hospitals, and community services. One area that often raises questions is how to manage compliance for staff who are not directly employed—such as agency workers, contractors, or visiting professionals.

Do Agency and Contracted Staff Need the Same Checks?

Yes. All staff working within a healthcare setting—whether permanent, agency, or contracted—must meet the same compliance standards as employed staff. This includes those who may not have direct access to clinical systems but still work on-site or deliver patient care.

At a minimum, healthcare providers should ensure:

• Data Protection / GDPR Training: up to date within the last 12 months.

• DBS Checks: appropriate to the role.

• Confidentiality Agreements: signed and on record.

  
  

What About Visiting Professionals From Other Organisations?

Many healthcare providers host visiting professionals, such as midwives, physiotherapists, mental health practitioners, or community specialists, who are employed by another organisation.

In these cases, it should not be necessary to duplicate the checks already carried out by their employer.

Instead, providers should:

• Request a formal written assurance (an email is sufficient) from the visiting staff member’s employer (e.g. DPO or Caldicott Guardian).

• Confirm that:

  • Training and checks are current.

  • Documentation will be provided if required - for example, following a data breach or incident.

    
    

Key Takeaways for Providers

• Consistency matters: apply the same compliance standards to all staff.

• Written assurances: where another organisation is the employer, obtain confirmation that compliance is being managed.

• Be inspection-ready: keep records and agreements on file.

By embedding these practices, healthcare providers can strengthen governance, protect patients, and be confident in meeting CQC expectations.