Care Home Staff Files & Feedback — Secure GDPR System

Project Overview

Care homes operate under some of the most stringent data protection requirements in the UK. Staff personal records, employment contracts, DBS checks, health declarations, appraisals, and disciplinary documents are all classed as sensitive personal data under UK GDPR — and they must be stored, accessed, and managed with appropriate technical and organisational safeguards.

This project replaced a paper-based filing system and a collection of unencrypted spreadsheets with a purpose-built, encrypted web platform covering two core areas:

1. Secure Digital Staff Files — a centralised, encrypted repository for all employee documentation
2. Online Feedback Forms — separate, role-specific feedback portals for staff, family members, and health visitors

All data is stored on UK-based servers. No third-party services handle the data. No SaaS platform has access. The system was designed with a "data minimisation" mindset throughout.

Staff File Management System

What It Stores

Every member of staff has a secure digital file containing:

• Personal details (name, address, emergency contacts, NI number)
• Employment documents (contract, offer letter, role-specific amendments)
• DBS check records — disclosure date, reference number, update service status
• Right to Work documents (passport, visa, biometric residence permit scans)
• Training certificates and mandatory training completion records
• Appraisal records and performance reviews
• Sickness and absence records
• Disciplinary and grievance documentation (where applicable)
• Health declarations and occupational health referrals

Encryption Architecture

All documents and sensitive fields are encrypted at rest using AES-256-GCM — the same standard used by financial institutions and government departments. The encryption key is never stored alongside the data; it is derived per-session from authenticated credentials and a server-side key management layer.

In practice, this means:

• If the database is compromised, the data is unreadable without the key
• If the file storage is accessed directly, documents are unreadable without decryption
• Each document upload is individually encrypted with a unique initialisation vector

Role-Based Access Control

Not everyone should see everything. The system enforces a strict permission hierarchy:

| Role | Access Level | |------|-------------| | System Administrator | Full access — all staff, all documents | | Home Manager | Full access within their site | | Deputy Manager | Most documents — restricted from disciplinary records of peers | | HR Officer | Employment and compliance documents only | | Senior Carer | Own file only — read-only | | Care Staff | Own file only — read-only |

Each role is defined in the database and tied to a user's authenticated session. Attempting to access a document outside your permission scope returns a 403 with the attempt logged.

Audit Logging

Every action in the system is logged:

• Who accessed which file and when
• What document was downloaded or viewed
• Any edits made to records, by whom, and the previous values (change history)
• Failed access attempts

This audit log is immutable from within the application — it can only be cleared by a system administrator via direct server access, and that action itself is logged externally. This satisfies the GDPR accountability principle (Article 5(2)) and CQC inspection requirements.

Document Expiry Alerts

DBS checks, right to work documents, training certificates, and mandatory training all have expiry dates. The system tracks these and generates:

• In-app dashboard alerts when documents are within 60 days of expiry
• Email notifications to the relevant manager at 60 days, 30 days, and 7 days before expiry
• A clear "compliance dashboard" showing the entire team's status at a glance — green, amber, or red per requirement

For a care home manager, this replaces the spreadsheet and the manual calendar reminders that inevitably get missed.

Online Feedback System

The second component of the project is a separate, public-facing feedback platform with three distinct portals — each designed for a different audience.

1. Staff Feedback Portal

An internal feedback channel for care home employees to raise concerns, suggest improvements, or provide anonymous feedback to management — without going through their direct line manager.

• Optional anonymity — staff can choose to submit identified or anonymous feedback
• Category selection (Wellbeing, Workload, Equipment, Training, Management, Other)
• Priority flagging for urgent concerns
• Manager notification on submission (name withheld if anonymous)
• Response tracking — feedback can be marked as "Acknowledged," "In Progress," or "Resolved" with a written response that notifies the original submitter

2. Family Member Feedback Portal

A simple, accessible feedback form for relatives and next-of-kin to share their experience of the care their family member is receiving.

• Accessible design — large text options, simple language, works on all devices
• Optional identification — families can submit anonymously or with contact details
• Resident reference (first name and room number only — no sensitive care data exposed to the form)
• Rating system (overall care quality, communication, cleanliness, activities)
• Free-text comments
• Urgent concern escalation — a "I need to speak to someone urgently" option that triggers an immediate email alert to the Registered Manager
• Auto-acknowledgement email to identified submitters

3. Health Visitor & Professional Portal

A separate, authenticated portal for district nurses, GPs, social workers, occupational therapists, and other visiting professionals to log feedback, clinical concerns, or recommendations following visits.

• Authenticated access — professionals register with their name, organisation, and professional registration number (verified manually on first registration)
• Structured submission forms tailored to different professional types
• Ability to flag clinical concerns for urgent attention
• Submission history — professionals can view their own previous submissions
• Secure message thread between professional and care home management

GDPR Compliance Features

The entire system was designed against the UK GDPR and Data Protection Act 2018 requirements:

• Privacy by Design — data minimisation baked into every form and data structure
• Lawful basis recording — each data category has its lawful basis documented in the system
• Retention schedule — automated alerts and archival based on a documented retention policy (aligned to CQC and ICO guidance for care sector)
• Subject Access Request (SAR) tool — a manager can generate a complete data export for any data subject in one click, formatted for human reading
• Right to Erasure workflow — structured process for handling deletion requests, with appropriate exemptions (legal hold, safeguarding records) documented and enforced
• Data breach logging — a built-in incident log for recording and tracking potential data breaches, with the detail required for ICO notification

The Result

A system that replaced physical filing cabinets, scattered spreadsheets, and paper feedback forms with a single, encrypted, auditable platform — purpose-built for the regulatory environment care homes actually operate in.

The client's CQC inspector reviewed the system during an inspection and described the digital compliance approach as "excellent evidence of a well-organised and governance-conscious management team."

This project is confidential. No client name, logo, or identifying details are included.