UK: CCGs: Complying With Your Legal Duties

Last Updated: 29 August 2012
Article by Gayle Curry

CCGs have a number of legal duties, those which apply specifically to CCGs and those which apply to all public bodies.

The list provided below is intended to be an indicative list of those duties, not an exhaustive one.

The appendix provides you with a very simple list, in categories that CCGs have specifically requested of us: Jail / Lose authorisation / Cause harm

Circumstances in which a CCG can be dissolved

Section 14Z21 of the Health and Social Care Act 2012 – the NHS Commissioning Board may dissolve a CCG where it is satisfied that a CCG is failing or has failed to discharge any of its functions, or there is a significant risk that a CCG will fail to do so. Consequently, breach of any of the duties listed may lead to dissolution of a CCG, subject to the NHS Commissioning Board complying with certain procedural requirements.

Statutory duties of a CCG under the NHS Act 2006 and the Health and Social Care Act 2012

  • To promote the NHS Constitution.
  • To exercise functions effectively, efficiently and economically.
  • To exercise functions with a view to securing continuous improvement in the quality of services provided.
  • To assist and support the NHS Commissioning Board in discharging its duty to a secure continuous improvement in the quality of primary medical services.
  • To reduce inequalities.
  • To promote involvement of each patient.
  • To exercise functions with a view to enabling patients to make choices with respect to aspects of health services provided.
  • To obtain appropriate advice from persons who have a broad range of professional expertise.
  • To promote innovation.
  • To promote research on matters relevant to the health service and to use evidence from such research.
  • To promote integration of health services where this would improve the quality of those services and reduce inequalities.

The NHS Commissioning Board is responsible for enforcing the duties imposed on CCGs by the NHS Act 2006 and the Health and Social Care Act 2012. The Board has the following powers of intervention (subject to it complying with procedural requirements as set out in the Act) where it has reason to believe a CCG might have failed, might be failing or might fail to discharge any of its functions properly:

  • To require documents, information and explanations.
  • To require a CCG to discharge its functions.
  • To cease to perform any of its functions for such period as specified in the direction.
  • To vary the constitution of the commission.
  • To terminate the appointment of the CCG's accountable officer and appoint another person in their place.

Duties with criminal sanctions

  • Health and Safety at Work Act 1974:
    • Sections 7 and 37(1) provide that employees and employers will be vulnerable to criminal prosecution for offences committed under the Act.
    • Those found guilty are liable for fines and in some cases, imprisonment.
  • Data Protection Act 1998 – criminal offences created by the Act include:
    • unlawfully obtaining, disclosing, or procuring the disclosure of personal data;
    • selling, or offering to sell, personal data which has been unlawfully obtained;
    • processing personal data without notifying the Information Commissioner (and other offences related to notification);
    • failing to comply with an enforcement notice or an information notice, or knowingly or recklessly making a false statement in compliance with an information notice;
    • obstructing, or failing to give reasonable assistance in, the execution of a search warrant;
    • requiring someone, for example during the recruitment process, to exercise their subject access rights to supply certain information (such as records of their criminal convictions), which the person wanting it would not otherwise be entitled to. This offence, known as "enforced subject access", is not yet in force; and
    • the unlawful disclosure of certain information by the Information Commissioner, his staff or agents.
  • DPA penalties:
    • Fines of up to £500,000 for serious Contravention
    • Imprisonment for deliberate or negligent customer data leaks by individuals within an organisation may also become available.
  • Freedom of Information Act 2000:
    • Section 77 states that it is a criminal offence to alter, block, destroy or conceal information. Depending on the nature of the incident, an authority or its individual members of staff could be charged with this offence.
    • The criminal offence is punishable by a fine of up to £5000.
  • Corporate Manslaughter Act 2007:
    • An offence is committed where serious management failures constitute a gross breach of duty of care resulting in the death of a person.
    • The maximum penalty is an unlimited fine; and
    • The court can additionally make a publicity order requiring the organisation to publish details of its conviction and fine.
  • Bribery Act 2010:
    • General offences contained in sections 1-5 of the Act.
    • Section 7 provides that an offence is committed by a 'relevant commercial organisation' where it fails to prevent bribery. A CCG is a corporate body carrying on a business.
    • If an individual is found guilty of a bribery offence, tried as a summary offence, they may be imprisoned for up to 12 months and fined up to £5,000. An individual found guilty on indictment, however, faces up to 10 years' imprisonment and an unlimited fine.
    • The crime of a commercial organisation failing to prevent bribery is punishable by an unlimited fine.
    • In addition, a convicted individual or organisation may be subject to a confiscation order under the Proceeds of Crime Act 2002.

Duties enforceable by civil action

  • Employment Rights Act 1996 and Transfer of Undertakings (Protection of Employment) Regulations 2006:
    • Employment tribunals may order reinstatement or re-engagement of the dismissed employee if the complaint is upheld, and/or
    • Make an award of compensation. The amount of the compensation will be whatever the Tribunal considers just and equitable in all the circumstances.
  • Management of Health and Safety at Work Regulations 1999:
    • An employee can claim damages from an employer where they suffer injury or illness as a result of breach by an employer.
  • Negligence:
    • where CCG owes a duty of care,
    • it breaches that duty,
    • thereby causing loss to a person,
    • the CCG will be liable for an award of damages to the injured party which will put them back in the position they were in prior to the breach.
  • Occupiers Liability Acts 1957:
    • A CCG will owe a common law duty of care to visitors to premises "occupied" by it.
    • A claim for damages can be made in respect of death, personal injury or damage to personal property.
  • Occupiers Liability Act 1984:
    • A CCG will owe a common law duty of care to trespassers to premises "occupied" by it.
    • A claim for damages can be made in respect of death or personal injury only.
  • Breach of contract
    • A CCG will need to consider the terms of contracts inherited from a PCT during the transition process as well as any that it enters into itself.
    • Remedies for breach of contract include damages, specific performance and injunction.
  • Public procurement legislation:
    • Statutory duties owed under the Public Contracts Regulations 2006, the Public Contracts (Amendment) Regulations 2009 and the Public Procurement (Miscellaneous Amendments) Regulations 2011.
    • An economic operator harmed or who may suffer harm as a result of a breach has a right of action in the High Court.
    • A decision may be set aside in the course of a tender procedure (not once entered into).
    • An award of damages may be made to an operator which has suffered loss or damages as a result of a breach of the statutory duty.
    • A court may declare a contract prospectively ineffective.
    • Financial penalty may be imposed on the CCG.

Duties enforceable by enforcement action

  • Public duty under the Equality Act 2010:
    • Enforced by the Equality and Human Rights Commission(EHRC).
    • EHRC can issue compliance notices and apply to the courts for judicial review.
  • Data Protection Act 1998 and Freedom of Information Act 2000:
  • Enforced by the Information Commissioner (IC).
  • As well as the criminal sanctions listed above, the IC has the power to carry out checks to assess whether organisations are complying with the DPA, serve information notices requiring organisations to provide certain information within a prescribed time and serve enforcement notices where there has been a breach of the DPA.
  • Health and Safety legislation is enforced by the Health and Safety Executive (HSE).
  • As well as the powers to prosecute as detailed above, the HSE can issue informal warnings, improvement notices and enforcement notices.
  • Powers of the Care Quality Commission, the independent regulator of registered medical services:
    • To issue warning notices, penalty notices, simple cautions.
    • To prosecute.

Breach of duties constituting grounds for judicial Review

Decisions made by public bodies are capable of challenge by judicial review.

The grounds for judicial review as established by case law (not an exhaustive list) are:

  • Illegality
  • Irrationality
  • Procedural impropriety

The following remedies are available in proceedings for judicial review:

  • Quashing order – renders a decision completely invalid;
  • Prohibiting order - acts prospectively by telling an authority not to do something in contemplation;
  • Mandatory order – addresses wrongful failure to act, rather than a wrongful act. Failure to comply constitutes a contempt of court;
  • Declaration - clarifies the respective rights and obligations of the parties to the proceedings, without actually making any order;
  • Injunction - order made by the court to stop a public body from acting in an unlawful way;
  • Damages will only be awarded where there is a recognised 'private' law cause of action such as negligence or breach of statutory duty or a claim under European law or the Human Rights Act 1998.

Breach of the duties under the following statutes may be grounds for judicial review:

  • Public procurement law.
  • Equality Act 2010.
  • Human Rights Act 1998 and rights under the European Convention on Human Rights.

CCGs' Legal Duties

  • Gross breach of care resulting in death of a person (Corporate Manslaughter)
  • Serious breaches of Health and Safety legislation
  • Failing to prevent bribery
  • Deliberate or negligent Data Protection breaches (obtaining or disclosing data)
  • Blocking, destroying or concealing information subject to disclosure under the Freedom of Information Act
  • Fraud

Failure to:

  • Exercise functions effectively, efficiently and economically
  • Promote the NHS Constitution
  • Promote patient and public involvement
  • Promote integration of services where that would improve quality and reduce inequalities
  • Assist the NHS Commissioning Board to improve quality of primary medical services
  • Act to reduce inequalities
  • Deliver Choice appropriately
  • Promote innovation and research
  • Obtain appropriate professional advice

Key breaches of statutory duty that might result in harm being caused, leading to litigation: Failure to:

  • Comply with public procurement law
  • Adhere to the Rules for Co-operation and Competition
  • Adhere to contractual obligations
  • Make lawful, rational and proper decisions
  • Have and adhere to a robust conflicts of interests policy
  • Comply with Human Rights Act and Equality Act
  • Comply with Data Protection Act and Freedom of Information Act
  • Acting negligently

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on

Click to Login as an existing user or Register so you can print this article.

In association with
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
Email Address
Company Name
Confirm Password
Mondaq Topics -- Select your Interests
 Law Performance
 Law Practice
 Media & IT
 Real Estate
 Wealth Mgt
Asia Pacific
European Union
Latin America
Middle East
United States
Worldwide Updates
Check to state you have read and
agree to our Terms and Conditions

Terms & Conditions and Privacy Statement (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

Use of

You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.


Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.


Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.

Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

If you do not want us to provide your name and email address you may opt out by clicking here .

If you do not wish to receive any future announcements of products and services offered by Mondaq by clicking here .

Information Collection and Use

We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to with “no disclosure” in the subject heading

Mondaq News Alerts

In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.


A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

Log Files

We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.


This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

Surveys & Contests

From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.


If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.


This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to

Correcting/Updating Personal Information

If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to

Notification of Changes

If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

How to contact Mondaq

You can contact us with comments or queries at

If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at and we will use commercially reasonable efforts to determine and correct the problem promptly.