Register of service providers: integrated impact assessment
A summary of the effect of requiring email addresses and phone numbers on the register of service providers.
This file may not be fully accessible.
In this page
Section 1. What action is the Welsh Government considering and why?
Background
Welsh Ministers are required, under Section 38 of the Regulation and Inspection of Social Care (Wales) Act 2016, to maintain a register of service providers. The register of service providers contains a record of all regulated care and support services in Wales. This includes care home services, domiciliary support services, secure accommodation services, residential family centre services, advocacy services, adoption services, fostering services and adult placement services.
Care Inspectorate Wales (CIW) acts on behalf of Welsh Ministers to undertake the function of maintaining the register of service providers. The register informs CIW’s online public facing directory.
Section 38 (2) of the 2016 Act states that an entry in the register in respect of a service provider must show the following information:
- the regulated services that the service provider is registered to provide
- the places at, from or in relation to which the provider is registered to provide those services
- the name of the responsible individual registered in respect of each such place
- the date on which the provider’s registration took effect in respect of each such regulated service and place
- details of any other conditions imposed on the service provider’s registration
- a summary of any inspection report relating to the service provider which has been published under section 36(3)(a).
We are proposing to create Regulations which prescribe additional information (a telephone number and email address for each service) to be shown on each entry of the register of service providers maintained by CIW. The Regulations will provide a mechanism for CIW to collect these contact details from new and incumbent service providers and to be notified when this information changes. These Regulations are entitled, The Register of Service Providers (Prescribed Information and Miscellaneous Amendments) (Wales) Regulations 2023.
The proposal addresses the inconsistencies in the information currently included on the register. At present, only the service telephone number is published, with the provider’s permission. There are a minority of providers (14%) who have refused consent for the publication of their telephone number, leading to gaps in the information included on the directory. Service email addresses are also not currently published on the register of service providers, although CIW does collect this information from providers as part of their registration. We therefore intend to make it a mandatory requirement for service providers to provide a telephone number and an email address for each service to CIW, which CIW will publish on the register of service providers.
Collaboration and involvement
We held a 12-week consultation on the draft Regulations between 15 May and 6 August 2023 and invited respondents to submit their views via an online form, by email or post. An easy read version of the consultation document was also created and the consultation was highlighted through social media.
In total, the Welsh Government received 25 complete responses. Three were from individuals, 14 were on behalf of organisations and eight did not say whether they were responding as an individual or on behalf of an organisation. The organisations that responded (and did not wish to remain anonymous) are listed:
- Gwent Regional Partnership Team
- Learning Disability Wales
- Education Workforce Council
- Estyn
- Swansea Council
- Ceredigion County Council
- Conwy County Borough Council
- Torfaen County Borough Council
- Hywel Dda University Health Board
- Community Housing Cymru
- Public Service Ombudsman for Wales
- Older People’s Commissioner for Wales
- Children’s Commissioner for Wales
We also consulted with the Information Commissioner’s Office (ICO) as required under Article 36(4) of the UK GDPR. Having considered the submission, the ICO advised that no further engagement was necessary.
The details of the consultation responses are highlighted within the section on impact.
Impact
Making it mandatory for service providers to provide a telephone number and email address for each service to CIW, which CIW will publish on the register of service providers, will ensure completeness and consistency in the information on CIW’s online public facing directory. This will ensure members of the public, including family members or representatives of individuals who use regulated services, can contact services should they have any queries or concerns. It will also increase the accountability and visibility of service providers.
Adding an email address in addition to a telephone number will provide a choice for people in how they contact services, making it more accessible. People with a hearing impairment may not be able to use a telephone, for example; others may find it difficult to use a computer keyboard because of reduced eyesight, arthritis or lack of digital skills. Email also provides a written record of communication which some people may prefer.
While service contact details are already likely to be in the public domain, such as on the provider’s own website, local authority websites or sites which advertise social care services, having this information in one place will make it much easier for people to find.
The majority of people who responded to the consultation agreed with the draft Regulations. One respondent wrote:
This is already in place for many service providers so this would make perfect sense that there is a mandatory requirement for a telephone number and a generic email address to be published which would provide consistency for all service providers and would provide members of the public with appropriate contact details for when they have any queries or concerns.
Another stated:
I agree with the proposal to establish a legal basis for collecting, collating and publishing telephone numbers and email contact details for all registered service providers. As a registered provider, you would be required to give your contact details to anyone using your service or considering it. I feel that this would be a positive change.
While having all service contact details available in one place will benefit the general public, it could potentially lead to an increase in phone calls and unwanted emails to services, including junk mail or potentially abusive messages from people who have had poor experiences with their service. This could be stressful for service managers and responsible individuals. An overall increase in the number of emails might also lead to important messages from CIW, Social Care Wales or other key organisations being missed. It could also lead to an increase in phishing emails or other cyber attacks.
The risk of an increase in abusive messages as a result of this proposal was highlighted in one response to the public consultation on these Regulations. The comment stated:
Whilst the need to provide an email and phone number for ease of contact is understood, it can also create a risk. A manager has had service users and families get hold of their personal number and faced a level of abuse that is unacceptable.
Whilst the need to be open is appreciated, and we also have mechanisms to manage difficult behaviour, we have to balance this with our duty of care to staff, including the Responsible Individual. Within Childrens' Residential Services it is a risk if the contact details are openly shared. There are times when children may be on a full care order and their address and contact details are not to be shared with family members for safeguarding reasons.
The Regulations are clear that only the telephone number and email address for the service will be published. We will not require responsible individuals, service providers, managers, staff members or individuals using the service to share or publish their personal or professional contact details. We are aware that some services have currently opted to provide CIW with the manager’s email address as their main point of contact, which might include the name of the manager. Currently, 31% of the service email addresses submitted to CIW contain names. We consider there to be sufficient time before the Regulations come into force for services to change the contact details they provide to CIW,
should they wish to – for example, to create a more generic mailbox for the service. We would not expect email addresses to contain any details about the service’s location. As part of the implementation of these Regulations CIW will write to services prompting them to check their contact details and update them if necessary.
With regards to the potential increase in phishing emails or cyber attacks, we will mitigate this risk by reminding service providers of the resources available on cyber resilience via CIW’s communication channels.
Cost and savings
To implement the changes described in these Regulations, CIW has advised that updates will be needed to their Customer Relationship Management (CRM) system, CaSSI. CaSSI is CIW’s database of registration data, regulatory activity and gathered intelligence. All information collected through CIW’s secure online platform, CIW Online, feeds directly into CaSSI, along with information manually entered by CIW staff. CaSSI also feeds registration data to CIW’s website to populate CIW’s care service directory.
The updates required are:
- revisions to 5 online transactions between CIW Online and CaSSI, plus associated data cutover work
- revisions to CIW Online to clarify information to be published on CIW directory
- revisions to CIW Online to mandate service providers to update missing details on their profiles when logging in.
- revisions to the CaSSI overnight job which updates the CIW Directory to address new data and logic
- revisions to the CIW Website Directory to display additional data. CIW estimates that the cost to do this will be around £10,000.
Requiring contact details to be published on the register of service providers will create savings in relation to CIW’s time. Making service contact details publicly available means CIW will not need to obtain consent from providers to share this information. This will reduce the manual effort for CIW’s Data Intelligence and Analytics team in redacting data when handling daily requests for information (for example lists of services and contact details). It will also save time for CIW’s Communications team who will no longer need to send emails to service providers on behalf of other Welsh Government departments or external organisations due to data protection issues in sharing this information.
Service providers already submit their contact details to CIW for the purpose of registering their services so we do not anticipate these changes will create any additional costs for providers. 31% of the service email addresses submitted to CIW contain names (such as the name of the manager or RI for the service). As such, service providers may wish to update their email addresses to a more generic name to avoid the publication of personal information. There may be a small cost in terms of time for providers to do this and update CIW with this information.
Mechanism
This proposal will require Regulations to change the method of collecting and publishing service contact details from consent to legal requirement. A full Regulatory Impact Assessment has been carried out.
Section 8. Conclusion
8.1 How have people most likely to be affected by the proposal been involved in developing it
CIW is responsible for maintaining the register of service providers. We have collaborated with CIW on these proposals throughout the process.
We held a 12-week consultation on the draft Regulations between 15 May and 6 August 2023 and invited respondents to submit their views via an online form, by email or post. An easy read version of the consultation document was also created and the consultation was highlighted through social media.
In total, the Welsh Government received 25 complete responses. Three were from individuals, 14 were on behalf of organisations and eight did not say whether they were responding as an individual or on behalf of an organisation.
The organisations that responded (and did not specify they wished to remain anonymous):
- Gwent Regional Partnership Team
- Learning Disability Wales
- Education Workforce Council
- Estyn
- Swansea Council
- Ceredigion County Council
- Conwy County Borough Council
- Torfaen County Borough Council
- Hywel Dda University Health Board
- Community Housing Cymru
- Public Service Ombudsman for Wales
- Older People’s Commissioner for Wales
- Children’s Commissioner for Wales
We also consulted with the Information Commissioner’s Office (ICO) as required under Article 36(4) of the UK GDPR. Having considered the submission, the ICO advised that no further engagement was necessary.
8.2 What are the most significant impacts, positive and negative?
Making it mandatory for service providers to provide a telephone number and email address for each service to CIW, which CIW will publish on the register of service providers, will ensure completeness and consistency in the information on CIW’s online public facing directory. This will ensure members of the public, including family members or representatives of individuals who use regulated services, can contact services should they have any queries or concerns. It will also increase the accountability and visibility of service providers.
Adding an email address in addition to a telephone number will provide a choice for people in how they contact services, making it more accessible. People with a hearing impairment may not be able to use a telephone, for example; others may find it difficult to use a computer keyboard because of reduced eyesight, arthritis or lack of digital skills. Email also provides a written record of communication which some people may prefer.
While service contact details are already likely to be in the public domain, such as on the provider’s own website, local authority websites or sites which advertise social care services, having this information in one place will make it much easier for people to find.
While publishing service contact details in one place online will benefit the general public, it could lead to an increase in phone calls and unwanted emails to services, including junk mail or potentially abusive messages from people who have had poor experiences with their service. This could be stressful for service managers and Responsible Individuals. An overall increase in the number of emails might lead to important messages from CIW, Social Care Wales or other key organisations being missed. It could also lead to an increase in phishing emails or other cyber attacks.
The Regulations are clear that only the telephone number and email address for the service will be published. We will not require Responsible Individuals, service providers, managers, staff members or individuals using the service to share or publish their personal or professional contact details. We are aware that some services have currently opted to provide CIW with the manager’s email address as their main point of contact, which might include the name of the manager. Currently, 31% of the service email addresses submitted to CIW contain names.
8.3 In light of the impacts identified, how will the proposal:
- maximise contribution to the well-being objectives and the seven well-being goals and/or,
- avoid, reduce or mitigate any negative impacts?
We consider there to be sufficient time before the Regulations come into force for services to change the contact details they provide to CIW, should they wish to – for example, to create a more generic mailbox for the service. We would not expect email addresses to contain any details about the service’s location.
As part of the implementation of these Regulations CIW will write to services prompting them to check their contact details and update them if necessary. With regards to the potential increase in phishing emails or cyber attacks, we will mitigate this risk by reminding service providers of the resources available on cyber resilience.
8.4 How will the impact of the proposal be monitored and evaluated as it progresses and when it concludes?
We will work with CIW to keep service providers up to date on the implementation of these Regulations, seeking feedback from providers where necessary.