The regulatory ground is shifting, and it’s moving under the feet of healthcare businesses, not just the clinicians who work for or with them.

In the UK, the Care Quality Commission (CQC) has quietly but steadily broadened its approach. The focus is no longer limited to the skill or qualifications of an individual doctor, nurse, or therapist. Increasingly, it’s about the systems, supervision, and governance put in place by the organisation at large. This includes how clinics oversee independent contractors, temporary workers, and third-party providers, in addition to salaried employees.

This matters because the business, not just the practitioner, is now in the regulator’s sights. If something goes wrong, regulators want to know: Who allowed this person to deliver care? What processes were in place to monitor their work? Was there a clear line of accountability? In the eyes of the CQC, it’s not enough to say, “We didn’t employ them.” If the care was provided under your name, it’s your responsibility.

For private clinics, telehealth platforms, and medical centres — many of which lean heavily on subcontracted models to manage staffing levels and stay agile — that’s a serious pressure point. Flexibility might make sense operationally, but it no longer offers a buffer against legal or regulatory fallout.

Can You Really Be Liable for Someone You Don’t Employ?

This isn’t just a regulatory trend. It’s been reinforced by several key legal rulings, including the Supreme Court’s decision in Barclays Bank plc v Various Claimants, which support the idea of a “non-delegable duty of care.” In short, courts are prepared to hold organisations liable for the actions of people they don’t directly employ if they’re seen to have created the conditions under which harm occurred.

In the healthcare context, this raises tough questions for providers. If a self-employed clinician, contracted via an agency, makes a mistake while treating your patient — using your tools, your systems, and your brand — you may still be on the hook. The legal argument is that your organisation held itself out as responsible for that care, and so it must answer for the outcome.

Why Are Patients Increasingly Taking Legal Action Against Healthcare Providers?

At the same time, there’s been a cultural shift in how patients approach harm. It’s no longer rare for someone to pursue legal action after a poor healthcare experience. It’s expected. Easy access to online information, consumer advocacy groups, and “no win, no fee” law firms mean more patients are aware of their rights and more willing to act.

When they do, their solicitors aren’t stopping with the clinician. They’re looking for the biggest, most solvent defendant. Often, that’s the business behind the care, especially if the individual’s indemnity turns out to be capped, lapsed, or contested.

What Healthcare Organisations Need to Do Now

This convergence of tighter regulation and sharper consumer awareness is forcing healthcare businesses to re-examine how they manage risk. It’s no longer just about protecting your staff. It’s about covering the entire ecosystem around your care delivery. That includes temporary workers, consultants, agency staff, and anyone else acting under your umbrella.

At Medicas, we understand the realities of modern healthcare because our solutions are designed by doctors, for doctors. Whether you’re a private clinic, telehealth platform, corporate group, or individual practitioner, we create tailored insurance coverage to protect your business and your reputation, even in complex subcontracted or multi-provider care models.

From comprehensive medical indemnity and malpractice policies to bespoke legal expense and income protection cover, we help ensure you’re equipped for today’s regulatory climate. If you’ve been refused coverage elsewhere or operate in a high-risk environment, we specialise in supporting those labelled as 'distressed risks', helping you get back to work with confidence.

Is your business really protected? With regulators and patients increasingly holding healthcare organisations accountable, even for care delivered by contractors or third parties, it’s time to rethink how you manage risk.

Visit our website to learn more and find the right protection for your clinic, platform, or practice.