During my travels as a healthcare regulation consultant I have encountered many myths about compliance. One of these is the absolute conviction that mere adherence with the requirements of Regulation 17 (Health and Social Care Act 2008 [Regulated Activities] Regulations 2014) will ensure a trouble free CQC inspection.
This view is often predicated on misplaced assumptions about the respective meanings of governance and compliance, and moreover the scope of Regulation 17 itself. For some professionals they are simply interchangeable terms, ergo you are compliant if you can demonstrate good governance. This can lead to executive boards of healthcare providers being given false assurances about their 'CQC inspection readiness' and considerable wasted time and resources undertaking essentially administrative audits of systems and processes. So what is the difference between the two?
The Cadbury Committee provided the classic definition of corporate governance in 1992 when it stated, "corporate governance is the system by which companies are directed and controlled". At the heart of governance rests an expectation of executive responsibility, ownership, accountability, transparency and ethical conduct that ensures the proper functioning of any corporate organisation. As such, the scrutiny of governance arrangements forms a key element of CQC's 'Well Led' domain.
That governance is concerned with the totality of a provider's operational service delivery and strategic planning activities is a trite but nonetheless accurate observation. However, it is the very omnipotent nature of governance that has influenced general understanding in the healthcare sector as to the meaning and scope of Regulation 17. This can be summarised as a popular view that Regulation 17 is a kind of 'one stop shop' provision that enables providers to demonstrate compliance with all aspects of their CQC registration, i.e. deliver on Regulation 17 and everything else will follow. This is a misplaced belief for several reasons.
Firstly, the existence of policies, procedures, systems and processes can of course be identified by business audits designed to ensure that the fabric of the governance framework is indeed in place. However, these activities invariably do not test the application of the framework or gather evidence to substantiate the translation of theoretical expectation into operational practice.
An admittedly simple example is the healthcare assistant who identifies a patient's slippers as a trip hazard and diligently observes protocol and reports the issue as a risk. This gives rise to the 'so what?' question, i.e. what was done to mitigate the risk and ensure the safety of the patient? All the systems and processes in the world will not of themselves ensure you are assessed as compliant by a regulator focused on patient outcomes and not box ticking.
Secondly, the underlying purpose of Regulation 17 is commonly misunderstood. It is manifestly designed to interrogate whether or not an organisation can demonstrate a governance framework that offers assurance as to the provider's fitness (in the broadest sense) to operate. In other words, it is specifically the evidenced existence of a governance framework itself that Regulation 17 seeks to determine, not a provider's overall compliance. If Regulation 17 was the whole story, then CQC would not need to concern themselves with Regulations 4-16 and 18-20.
It is therefore reasonable to say that compliance is the ability of a provider to persuade the regulator that it meets statutory expectations in a multiplicity of operational and strategic areas (including governance). Conversely, governance is the method by which an organisation arranges its affairs and ensures a coordinated and structured approach to its legal obligations (including regulation). The two enjoy a close relationship, but it is naive to suggest that the singular presence of good governance will ensure you a positive outcome in wider regulatory compliance terms.
A final observation is that many providers who trust governance alone to evidence their regulatory compliance, place undue reliance on adherence with CQC's KLOE tools. Governance based audit activities using these tools (or customised variants of them) can offer misplaced assurance as to your likely compliance status as CQC ultimately assess providers against the statutory regulations and not the KLOE. The KLOE should be seen as an aid to inspection preparations, but not the exclusive solution to evidencing compliance.
Regulatory compliance is grounded in law, whereas governance in its widest sense remains a matter of good practice (although some statutory foundation in healthcare does exist). Governance is an invaluable aid to demonstrating provider compliance, but it forms one discrete part of the story not the complete answer.