Reporting & Recording

It’s important you accurately record any accidents or injuries which happen to a child in your care. No matter how slight the accident is, parents or guardians of the child must be informed.

An accident/incident report is a legal document and must contain the following information;

  • Casualty’s full name
  • Date and time of the incident
  • What happened? A factual description
  • Name of the person who dealt with the accident
  • The nature of the injury
  • What treatment was given
  • Name of any witnesses
  • Where did the incident happen? Include locations of the child, adults and any equipment used. Draw a picture if possible
  • What medical help was requested and if not, why not?
  • Further action required
  • Parent/ guardians signature

Reporting Incidents

All accidents will be reported to parents or guardians but serious incidents will also need reporting to authorities. You should know the reporting procedures in your own setting.

If you are a childcare provider on the Early Years Register and/or Childcare Register, you are required to notify Ofsted and in some cases local child protection agencies if a child suffers a serious accident or injury whilst in your care. If you are a childcare provider in Scotland you will be required to notify Care Inspectorate and in Wales CCSW.

When there is an accident leading to serious injury or fatality resulting from the operation of the childcare setting legally you are required to notify;

  • Enforcing authority for accidents at work – Health and Safety Executive or Local Authority
    (Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 1995 – RIDDOR)
  • Ofsted/ Care Inspectorate/ CCSW
  • Child Protection Agency

All accidents must be recorded in an accident book or similar recording system.

Report to the HSE or Local Authority under RIDDOR

When there is an injury to a child requiring general practitioner or hospital treatment or the death of a child on the premises or subsequently at home as a result of the operations of the childcare setting.

For Care Inspectorate guidance please refer to;

Care Inspectorate When to ReportDownload

For Ofsted please refer to ;

Ofsted Serious accidents injuries and deaths that registered providersDownload

Confidentiality of Records

All childcare records should be stored in accordance with the General Data Protection Regulation 2018 (GDPR). 

The General Data Protection Regulation (GDPR) is an EU law that came into effect on 25 May 2018. It gives individuals greater control over their own personal data.

GDPR condenses the Data Protection Principles into six areas, referred to as the Privacy Principles. They are:
  • You must have a lawful reason for collecting personal data and must do it in a fair and transparent way
  • You must only use the data for the reason it is initially obtained
  • You must not collect any more data than is necessary
  • It has to be accurate and there must be mechanisms in place to keep it up to date
  • You cannot keep it any longer than needed
  • You must protect the personal data

This means your setting must not only do the right thing with data but must also show that all the correct measures are in place to demonstrate how compliance is achieved.

There is also an expectation that staff will be trained on data protection. Documentation on policies, procedures and training is going to be a key part of any effective compliance programme.

Areas to consider-

  • Appointing a data protection officer; For most settings, appointing an individual who takes the lead on data compliance will be enough, although for larger early years provider chains may need to appoint a data protection officer.
  • Privacy notices; When you collect any data you must tell people exactly how you are going to use it, who might you share it with, how long you will keep it as well as information on consent and complaint.
  • Individual rights; People now have new and enhanced rights on the collection, access and deletion of their data so you must ensure your setting has mechanisms to allow individuals to exercise these rights.
  • Consent; GDPR requires early years providers to have a legitimate reason for processing any personal data. Where you rely on consent for processing data you must be able to demonstrate that the consent was freely given. Pre-ticked boxes or inactivity will no longer suffice. People have to actively opt-in.
  • Data agreements; Early years providers are now obliged to have written arrangements with anybody processing data for them. Providers must make sure that anyone processing data meet GDPR requirements.
  • New projects; Data protection must be incorporated into new projects and services at the development stage — not simply as an after-thought.
  • Breach notification; You are obligated to notify the Information Commissioner’s Office (ICO) of a data breach within 72 hours of becoming aware of the breach. 
  • Fines; One of the key drivers of compliance is that organisations can be fined significant amounts if they are not. However you should focus on the benefits of ensuring you are handling your data properly.
  • The government’s National Cyber Security Centre has produced a downloadable leaflet for early years providers explaining how to protect sensitive information about your setting and the children in your care from accidental damage and online criminals
early-years-practitioners-using-cyber-security-to-protect-your-settingsDownload