What legislation must I know when working in Primary Care? | QCS

What legislation must I know when working in Primary Care?

Dementia Care
March 9, 2021

Download our guide here that helps to explain the key legislation that Primary Care organisations are obliged to comply with. Further information can be found in the link to each type of legislation.

Download Now

Alternatively, read the guide below:

Care Quality Commission (CQC) Regulations

The intention of The Health and Social Care Act 2008 (Regulated Activities) Regulations 2014 is to ensure that people who have director level responsibility for the quality and safety of care and for meeting the fundamental standards (such as Registered Managers), are fit and proper to carry out this important role. The CQC guidance describes how providers and managers can meet the regulations, including the fundamental standards, which are the standards below which care must never fall. It also specifies how the CQC (the regulator) inspects services to ensure that providers are meeting these regulations.

The Care Quality Commission (Registration) Regulations 2009 cover the registration of all health and social care providers. This means that all health and social care providers, including Primary Care, must undergo initial registration before granted permission to perform services. Providers must demonstrate that they can meet or are already meeting the registration requirements. Continuing to demonstrate their ability to meet standards is required for continuous CQC registration.

Children Act (2004)

The Children Act 2004 is a development from the 1989 Act. It emphasises that all people and organisations working with children have a responsibility to help safeguard children and promote their welfare. Employers are responsible for ensuring that their staff are competent to carry out their responsibilities for safeguarding and promoting the welfare of children and creating an environment where staff feel able to raise concerns and feel supported in their safeguarding role. Staff must be given appropriate supervision and support, including undertaking safeguarding training.

Video guide: https://www.youtube.com/watch?v=TtEz6TfIT48

Control of Substances Hazardous to Health Regulations 2002

The Control of Substances Hazardous to Health Regulations 2002 (COSHH) require employers to control substances that are hazardous to health, such as dust, fumes, vapours, liquids, and gas, to prevent or reduce workers exposure to hazardous substances by:

  • Finding out what the health hazards are
  • Deciding how to prevent harm to health (risk assessment)
  • Providing control measures to reduce harm to health
  • Making sure they are used
  • Keeping all control measures in good working order
  • Providing information, instruction and training for employees and others
  • Providing monitoring and health surveillance in appropriate cases
  • Planning for emergencies

Video guide: https://www.youtube.com/watch?v=-mD2hstt7DI

Data Protection Act 2018

The Data Protection Act 2018 (DPA) is the UK’s implementation of the General Data Protection Regulation (GDPR) and controls how personal information is used. Everyone responsible for using personal data must follow strict rules called ‘data protection principles’. They must make sure the information is:

  • Used fairly, lawfully and transparently
  • Used for specified, explicit purposes
  • Used in a way that is adequate, relevant and limited to only what is necessary
  • Accurate and, where necessary
  • Kept up to date kept for no longer than is necessary
  • Handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage

Every piece of data received that involves personal information about another person (both patients and staff) must be in line with the above principles and people must be made aware of what information is being gathered, with whom it is being shared, know how it is being kept and for how long, and have the right to refuse data sharing. In Primary Care, where safeguarding may impact this, there are measures in place to be able to safely share information in accordance with the law.

In Primary Care, information must be stored securely and only shared on a need-to-know basis with the permission of the person it relates to. People must be made aware of their rights by the use of privacy notices.

The Caldicott Principles are fundamentals that healthcare organisations should follow to protect any information that could identify a patient, such as their name and their records. They also ensure that this information is only used and shared when it is appropriate to do so. The seven Caldicott Principles relating to the use of patient identifiable information are:

  1. Justify the purpose(s) of using confidential information
  2. Only use it when absolutely necessary
  3. Use the minimum that is required
  4. Access should be on a strict, need-to-know basis
  5. Everyone must understand his or her responsibilities
  6. Understand and comply with the law
  7. The duty to share information can be as important as the duty to protect patient confidentiality

Video guide: https://www.youtube.com/watch?v=pxFwhG9VeQw

Employment Rights Act 1996

The Employment Rights Act 1996 covers areas such as unfair dismissal, redundancy payments, protection of wages, zero-hour contracts, Sunday working, suspension from work, flexible working and termination of employment. It provides employees the right to not be dismissed unfairly by the employer.

Equality Act 2010

The Equality Act 2010 legally protects people from discrimination in the workplace and in wider society. It sets out the different ways in which it is unlawful to treat someone and makes sure that all of the following protected characteristics are protected:

  1. Age
  2. Disability
  3. Gender reassignment
  4. Marriage and civil partnership
  5. Pregnancy and maternity
  6. Race
  7. Religion or belief
  8. Sex
  9. Sexual orientation

Video guide: https://www.youtube.com/watch?v=Yue1glAllAs

Freedom of Information Act 2000

The Freedom of Information Act 2000 (FOI) creates a general right of access to all types of recorded information held by most UK public authorities, including GP Practices. When receiving a request, Practices must:

  • Understand what information is being requested
  • Only respond with recorded information that is held by the Practice
  • Respond promptly – within 20 working days
  • Send out the information using the requester’s preferred means of communication which has been stipulated in their initial request

FOI covers information held by public authorities, but not requests for personal information about the person making the request. FOI is about providing access to public information. Data protection legislation protects personal data.

Video guide: https://www.youtube.com/watch?v=7P8qrS9zBsg

Health and Safety at Work etc. Act 1974

The Health and Safety at Work etc. Act 1974 is the primary piece of legislation covering occupational health and safety in Great Britain. Under health and safety law, employers have a responsibility to protect workers and others from risk to their health and safety including fire safety. Health and safety law is mostly enforced by the Health and Safety Executive (HSE) or the local authority, and those who do not comply with a regulation relevant to their work could be committing a criminal offence.

There is specific health and safety legislation for healthcare which covers areas such as allergies, blood borne viruses (BBVs), sharps injuries, healthcare waste, legionella, PPE, and pandemics.

Human Rights Act 1998

The Human Rights Act 1998 sets out the rights and freedoms that everyone in the UK is entitled to. Practices must provide:

  • Fairness – People are valued as individuals and are listened to, and what is important to them is viewed as important by the Practice
  • Equality – People do not experience discrimination, and have their diverse needs met
  • Dignity – People are treated in a compassionate way that supports their self-respect
  • Autonomy – People can exercise the maximum amount of choice and control possible, such as care planning and treatment
  • Right to life – People will have their right to life protected and respected
  • Staff rights and empowerment – Staff have their rights protected and respected, are encouraged to speak up freely about concerns and not face unlawful workplace discrimination, harassment, bullying or violence

Video guide: https://youtu.be/VO7oS8PqkJY

Medical Act 1983

The Medical Act 1983 governs the regulation and credentials of the medical profession and defines offences in respect of false claims of fitness to practise medicine. The General Medical Council’s (GMC) role under this Act is to protect patients and improve medical education and practice across the UK by:

  • Deciding which doctors are qualified to work in the UK
  • Overseeing UK medical education and training
  • Setting the standards doctors need to follow throughout their careers
  • Where necessary, taking action to prevent a doctor from putting the safety of patients or the public’s confidence in doctors, at risk

Medicines Act 1968

The Medicines Act 1968 provides the main legal framework for the prescribing, supply, storage and administration of medicines, and classifying them into categories including prescription-only medicines and controlled drugs. The law requires that the right medicine is given to the right patient, at the right time, using the right doses in the right formulation.

Mental Capacity Act (2005)

The Mental Capacity Act 2005 (MCA) is designed to protect and empower people who may lack the mental capacity to make their own decisions about their care and treatment. It applies to people aged 16 and over.

The MCA allows people to express their preferences for care and treatment, and to appoint a trusted person to make a decision on their behalf should they lack capacity in the future, such as giving a family member or carer power of attorney.

The five principles of the MCA are:

  1. Assume a person has capacity unless proved otherwise
  2. Do not treat people as incapable of making a decision unless all practicable steps have been tried to help them
  3. A person should not be treated as incapable of making a decision because their decision may seem unwise
  4. Always do things or take decisions for people without capacity in their best interests
  5. Before doing something to someone or making a decision on their behalf, consider whether the outcome could be achieved in a less restrictive way

Video guide: https://www.youtube.com/watch?v=nZc36AXNfzc


The Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013 (RIDDOR). A RIDDOR report is required when the accident or incident is work related and it results in an injury or occurrence of a type which is reportable. Reportable incidents must be submitted by a ‘responsible person’ to the HSE under RIDDOR within specified time frames as follows:

  • Report immediately:
    1. Deaths
    2. Major injuries
    3. Dangerous occurrences
    4. Injuries to members of the public, where they are taken from the scene of an accident to hospital
  • Report as soon as possible
    1. Diseases
  • Report within 15 days
    1. Injuries lasting more than 7 days

Video guide: https://www.youtube.com/watch?v=pGt_QZNDYMs

Safeguarding Vulnerable Groups Act 2006

The Safeguarding Vulnerable Groups Act 2006 essentially provides a system for employers to check the suitability of employees or volunteers to work with children or vulnerable adults, which is administered by the Disclosure and Barring Service (DBS). The DBS decides whether an individual who carries out a ‘regulated activity’ should be barred, to prevent them from working with children, or vulnerable adults, or both, following an enhanced DBS check with barred list(s).

Good Medical Practice

Good medical practice describes what it means to be a good doctor to:

  • Make the care of patients the first concern
  • Be competent and keep professional knowledge and skills up to date
  • Take prompt action if patient safety is being compromised
  • Establish and maintain good partnerships with patients and colleagues
  • Maintain trust in the profession by being open, honest and acting with integrity

Code of Conduct for Nurses

The Code is the professional standards that nurses, midwives and nursing associates must uphold in order to be registered to practise in the UK. It is structured around four themes:

  1. Prioritise people
  2. Practise effectively
  3. Preserve safety
  4. Promote professionalism and trust


placeholder Image
June 11, 2024
Podcast: Building Resilience Within your Social Care Organisation
Read more
June 7, 2024
Latest Social Care Monthly Highlights (June 2024)
Read more
placeholder Image
June 7, 2024
Beyond the Parade: How Companies Can Celebrate Pride Throughout the Year
Read more