ABConnect
United Kingdom

The Interplay between Statutory and Professional Duty of Candour and Insurance Obligations

What is the Duty of Candour?

The statutory duty of candour is a legal obligation requiring healthcare and social care providers to be open and transparent with patients, service users and their families when something goes wrong that causes, or could cause, harm or distress. The duty serves to remove any ambiguity around the treatment process, resulting in better patient satisfaction and enabling learning to prevent similar incidents.

The professional duty of candour is an ethical obligation required by regulatory bodies like the General Medical Council, Nursing and Midwifery Council, and the Health & Care Professions Council, as part of their codes of conduct.

The duty of candour aims to give patients and their families answers following unintended or unexpected events, as well as playing a key role in coronial proceedings and inquests.

The statutory duty of candour is triggered when a ‘notifiable safety incident’ occurs – an unintended or unexpected incident that could or did result in moderate harm, severe harm or death.

Introduced in 2014, under Regulation 20 of the Health and Social Care Act 2008 (Regulated Activities) Regulations 2014, the duty of candour states:

  1. Registered persons must act in an open and transparent way with relevant persons in relation to care and treatment provided to service users in carrying on a regulated activity.
  2. As soon as reasonably practicable after becoming aware that a notifiable safety incident has occurred a registered person must:
    • Notify the relevant person that the incident has occurred in accordance with paragraph (3).
    • Provide reasonable support to the relevant person in relation to the incident, including when giving such notification.
  3. The notification to be given under paragraph 2 must:
    • Be given in person by one or more representatives of the registered person.
    • Provide an account, which to the best of the registered person's knowledge is true, of all the facts the registered person knows about the incident as at the date of the notification.
    • Advise the relevant person what further enquiries into the incident the registered person believes are appropriate.
    • Include an apology.
    • Be recorded in a written record which is kept securely by the registered person.

Key terminology:

Apology An expression of sorrow or regret in respect of a notifiable safety incident.
Moderate harm Harm that requires a moderate increase in treatment, and significant, but not permanent, harm.
Moderate increase in treatment An unplanned return to surgery, an unplanned re-admission, a prolonged episode of care, extra time in hospital or as an outpatient, cancelling of treatment, or transfer to another treatment area (such as intensive care).
Prolonged pain Pain which a service user has experienced, or is likely to experience, for a continuous period of at least 28 days.
Prolonged psychological harm Psychological harm which a service user has experienced, or is likely to experience, for a continuous period of at least 28 days.
Severe harm A permanent lessening of bodily, sensory, motor, physiologic or intellectual functions, including removal of the wrong limb or organ or brain damage, that is related directly to the incident and not related to the natural course of the service user's illness or underlying condition.

What is a Notifiable Safety Incident?

A notifiable safety incident, triggering statutory duty of candour, must meet all three of the following criteria:

  1. It must have been unintended or unexpected.
  2. It must have occurred during the provision of a regulated activity under the Health and Social Care Act 2008.
  3. In the reasonable opinion of a healthcare professional, already has, or might, result in death, or severe or moderate harm to the person receiving care. This element varies slightly depending on the type of provider.

If any of these three criteria are not met, it is not a notifiable safety incident (though the overarching duty of candour, to be open and transparent, always applies).

Unexpected or unintended should be interpreted in relation to an incident which arises in the course of the regulated activity, not to the outcome of the incident. Regulated activity means the care or treatment provided, while outcome means the harm that occurred or could have occurred. So, if the treatment or care provided went as intended and as expected, an incident may not qualify as a notifiable safety incident, even if harm occurred. This does not mean that known complications or side effects of treatment are always disqualified from being notifiable safety incidents. In every case, the professionals involved must use their judgement to assess whether anything occurred during the provision of the care or treatment that was unexpected or unintended.

Definitions of harm vary slightly between health service bodies and all other providers. This is because when the regulation was written, harm thresholds were aligned with existing incident notification systems to reduce the burden on providers. It is possible for an incident to trigger the harm threshold for NHS trusts, but not for other service types, or vice versa. It is helpful to remember the statutory duty relates to the provision of regulated activities, and so you should follow the notifiable safety incident definition relating to the type of organisation or provider you work within.

Removing Barriers to Incident Reporting

Compliance with the statutory duty of candour starts with reporting notifiable safety incidents. However, a range of both practical and cultural barriers often exist which prevent accurate and effective reporting. In worst case scenarios, this opens the door to potential regulatory action and litigation, and lower patient satisfaction, with providers unable to implement learnings from each incident.

From a cultural viewpoint, staff may feel compelled to avoid blame in the event of a notifiable safety incident in fear of damage to their career and legal consequences. Healthcare is highly complex, with services often delivered in high pressure environments that have not traditionally created the conditions needed for staff to openly report mistakes. Fortunately, over the past decade we have seen positive strides towards the adoption of a just culture, where staff are encouraged to raise potential issues. In practice, a just culture means staff feel fully supported when reporting an incident, with their organisation embracing five fundamental values:

  1. No person intends to cause harm or be in involved in an incident.
  2. A person involved in an incident is also affected and should be supported appropriately.
  3. An individual is part of a much larger, complex system which inevitably leads to greater risk of incidents.
  4. Management teams must be open and responsive to ‘bad news’ as important learning and improvement opportunities.
  5. Harmed, and potentially harmed, individuals and their families can provide valuable insight for learning.

Leaders should promote the values of openness and transparency required by the duty of candour, and communicate that reporting risks, issues and concerns is in the best interest of patients, staff and the organisation. It’s important to promote mutual responsibility and accountability between staff and the organisation, where everyone understands they have professional and personal accountability in how they work and their tasks.

Practical concerns can play a significant role in incident reporting and duty of candour. In high pressure environments, staff must rightly prioritise the care of patients, with often little time for tasks such as incident reporting/logging. This can mean incident reports are not completed, or are submitted non-contemporaneously, increasing the risk of inaccurate details being provided. Evidence from NHS Resolution states the duty of candour was commonly not well understood, with varying levels of understanding and awareness demonstrated by healthcare providers. This underpins the need for effective training and communication to standardise the incident reporting and duty of candour processes – further improving patient and staff safety.

A clear duty of candour policy, with decision flowcharts, that is regularly reviewed by both senior management and clinicians, should be provided to assist and train staff. Management, clinical and governance support should be available to support when staff are not sure if an incident should be reported and the duty of candour triggered. This includes training in drafting duty of candour letters and having duty of candour conversations with patients and their families.

Incident reporting systems should be easily accessible and involve a user-friendly process. Incident reporting and duty of candour should ideally be a fundamental skill base of all staff.

Apologies and liability

Importantly, it should also be noted when issuing an apology in response to a notifiable safety incident, that an apology is not an admission of liability.

By removing barriers to incident reporting, organisations can have greater certainty they are fulfilling their duty of candour.

The Intersection of Duty of Candour and Insurance

Many applicable insurance policies contain a positive obligation, often a condition precedent to liability, not to make admissions following incidents. Therefore, some may be tempted to think that their obligations of openness and transparency under the duty of candour may undermine their insurance coverage position; however, the opposite is often true.

Most healthcare and social care policy wordings have been drafted with the duty of candour in mind and will expressly state that admissions made in the discharge of duty of candour obligations are permitted. Again, it is important to note an apology is not an admission of legal liability or negligence under Regulation 20.

The approach, embracing these values in practice, not only results in patients getting the answers they need, but also supports organisations in demonstrating they are committed to delivering high-quality care and learning from incidents. In turn this is often beneficial in related regulatory action, coronial proceedings/inquests, and complaints/claims. With better patient satisfaction following unexpected events, there is a reduced risk of lengthy legal proceedings and reputational damage. This is beneficial for patients and the provider but also for the staff involved in the incident.

Insurance Case Study

Aon assisted a healthcare provider with a critical review of their duty of candour policy to ensure it was compliant with Regulation 20 and delivered a training session to the client’s staff together with the client on their new, updated policy. When an adverse incident later occurred, Aon assisted the client through the duty of candour process, including liaising (on the client’s behalf) with insurers to ensure their agreement with the client’s approach - thereby avoiding any potential policy issues around admissions. Having assisted with the drafting of a duty of candour letter, Aon further assisted the client with responding to a complaint/demand for financial compensation, including facilitating the negotiation of a mutually agreeable resolution – again liaising with insurers throughout the process.

To learn more about how Aon’s Healthcare & Social Care expertise can help protect your organisation, please reach out using the contact details below.

Contact Us

Kieran Pettman
Senior Solicitor, Healthcare and Social Care
[email protected]

Lorraine Roberts-Rance
Managing Director, Healthcare Risk Consulting
[email protected]

 

While care has been taken in the production of this document, Aon does not warrant, represent or guarantee the accuracy, adequacy, completeness or fitness for any purpose of the document or any part of it and can accept no liability for any loss incurred in any way by any person who may rely on it. Any recipient shall be responsible for the use to which it puts this document. This document has been compiled using information available to us up to its date of publication and is subject to any qualifications made in the document.

This article has been compiled using information available to us up to 2025. Aon UK Limited is authorised and regulated by the Financial Conduct Authority. Registered in England and Wales. Registered number: 00210725. Registered Office: The Aon Centre, The Leadenhall Building, 122 Leadenhall Street, London EC3V 4AN. Tel: 020 7623 5500.

FP.RISK.2025.534.GG

 

 

Do Not Sell or Share My Personal Information | Cookie Preferences | Global Home | Careers | Investor Relations | Legal | Privacy | Supporting Customers | Cookie Notice | © 2025 Aon plc