Skip to main content
Back to gap analysis tools

Run your gap analysis now

Our free tools guide you through 8 key domains, generating tailored remediation plans you can implement before the 21 November deadline.

Start gap analysis (5 min)

Preparing for eDEC 2025: A strategic approach to compliance readiness

Published: 22 October 2025

TL;DR

This year's eDEC carries heightened ICB scrutiny. Our recommended approach: conduct domain-specific gap analyses, create documented remediation plans, and make honest attestations supported by evidence of proactive improvement.

Why this year feels different

NHS England's 2025 guidance has emphasised that ICBs will actively verify eDEC submissions against other data sources, including NWRS returns, GP Connect implementation status, access dashboards, and previous inspection findings. Several ICBs have already issued breach notices for core hours violations and workforce reporting gaps earlier this year.

The message is clear: attestations must be defensible. If an audit reveals material misrepresentation, the consequences extend beyond contractual breach to reputational damage and potential CQC action.

Historically, some practices may have – whether intentionally or through misunderstanding the detailed requirements – overstated their compliance position. That approach now carries considerably more risk.

The timing challenge

With less than a month until submission, most practices realistically cannot close every compliance gap they identify. Achieving full compliance with complex requirements around premises safety, information governance, workforce resilience, or medicines management takes months, not weeks.

This creates a paradox: conducting a thorough gap analysis might reveal issues you cannot immediately fix, but failing to identify and document gaps leaves you unprepared for inspection and unable to demonstrate proactive governance.

A strategic approach: gap analysis with documented remediation

We propose an alternative framework that balances honesty with pragmatism:

1. Conduct comprehensive domain-specific gap analyses

Rather than attempting to address all eDEC requirements at once, systematically assess your practice across the key domains that carry highest contractual and patient safety risk:

  • Patient access and core hours – The most actively monitored area, with ICBs tracking core hours compliance, online consultation availability, and appointment capacity metrics
  • Workforce and staffing resilience – Covering NWRS reporting accuracy, safer recruitment, DBS checks, and mandatory training
  • Safeguarding and vulnerable patients – Named leads, training levels, referral processes, and register management
  • Premises safety and infection control – Environmental safety, statutory checks, fire safety, and accessibility
  • Medicines management – Storage, prescribing safety, controlled drugs governance, and high-risk medicines monitoring
  • Information governance and digital services – DSPT status, records access, cyber security, and business continuity
  • Patient communication and experience – Complaints handling, registration fairness, and patient engagement
  • Leadership and governance – Risk management, clinical audit, CQC notifications, and continuous improvement

For each domain, ask the difficult questions: if an inspector arrived today and requested evidence, what could you actually demonstrate?

2. Prioritise by risk and evidence remediation plans

Not all gaps carry equal risk. A missing DBS check or non-compliance with core hours requirements represents immediate contractual breach with high enforcement likelihood. A gap in business continuity testing, while important for good governance, carries lower immediate breach risk.

Once you've identified gaps, categorise them by:

  • Contractual breach likelihood – Is this actively monitored by your ICB? Have breach notices been issued to other practices?
  • Patient safety impact – Does this gap create direct risk of patient harm?
  • Speed to remediate – Can this be addressed in weeks, months, or does it require capital investment?

3. Make honest attestations supported by documented improvement

This is where practices must make an informed decision about their eDEC responses, ideally with guidance from professional advisors such as your LMC or legal counsel.

Important

We cannot provide legal advice on which approach is appropriate for your circumstances. The right path depends on your specific gaps, your ICB's enforcement stance, your practice's inspection history, and your risk tolerance. Seek professional guidance before finalising your submission.

4. Document and implement systematically

Crucially, a gap analysis and plan only provides protection if you genuinely implement it. Your documented plan needs to be:

  • Specific – Not "improve medicines management" but "implement daily temperature logging with escalation protocol; appoint CD lead; complete staff training by 31 January 2026"
  • Realistic – Timelines must be credible given your resources
  • Tracked – Regular progress reviews that you can evidence
  • Integrated – Incorporated into your practice governance structures, not a separate document gathering dust

Why this approach reduces risk

While we cannot predict individual ICB or CQC enforcement decisions, this framework has several advantages:

  • It demonstrates proactive governance. A practice that has systematically identified gaps and is working through a prioritised plan is demonstrating the kind of leadership and quality improvement that underpins the CQC "Well-led" domain.
  • It focuses resources on highest risk areas. With limited time and capacity, you want to address gaps that carry greatest contractual breach likelihood and patient safety risk first.
  • It provides defensible documentation. If audited, you can show inspectors that you understood your gaps before submission, had an honest assessment of your position, and took active steps towards remediation.
  • It may reduce likelihood of being targeted for enforcement. While this is speculative, ICBs are unlikely to issue breach notices to large numbers of practices. They are more likely to focus enforcement on practices that appear to be ignoring problems or making demonstrably false attestations.

Practical implementation

To make this approach actionable within your remaining timeframe, we suggest:

Week 1

by 28 October

Complete gap analyses for your three highest-risk domains, focusing especially on access, workforce, and safeguarding. Document specific gaps with evidence (or lack thereof).

Week 2

by 4 November

Develop prioritised action plans for identified gaps, with specific actions, owners, and realistic timelines. Present to partners/governance lead for approval.

Week 3

by 11 November

Complete remaining domain assessments. Begin implementing quick wins (e.g., updating policies, scheduling outstanding training, documenting existing processes that weren't previously written down).

Week 4

by 18 November

Finalise eDEC responses based on your documented position and professional advice. Ensure partners and registered manager have reviewed and approved your approach.

Tools to support your gap analysis

To support practices through this process, we've built 8 domain-specific gap analysis tools that guide you through the critical questions for each area, then generate a personalised gap analysis and remediation plan for your practice.

Each tool:

  • Asks 4-6 focused questions that align with eDEC requirements and current enforcement priorities
  • Provides regulatory context and evidence hints for each question
  • Generates a tailored report highlighting your highest-risk gaps
  • Suggests specific, actionable next steps prioritised by breach likelihood and patient safety impact
  • Can be completed in under 5 minutes per domain

The tools are designed to be honest rather than reassuring – they highlight areas where "not being sure" carries significant risk, because identifying problems now is better than discovering them during inspection.

Access the gap analysis tools →

Final thoughts

The eDEC submission is anxiety-inducing for many practice managers, particularly when you're uncertain whether your evidence base would satisfy an inspector. This year's heightened ICB scrutiny makes that anxiety more acute.

We cannot eliminate that uncertainty, nor can we tell you exactly how to respond to each attestation – that requires professional advice tailored to your circumstances.

What we can offer is a structured approach to understanding your gaps, documenting your improvement plan, and focusing your limited time on the areas that matter most for contractual compliance and patient safety.

Whatever approach you choose, taking proactive steps now – rather than hoping audit doesn't happen – is the hallmark of well-led practices that take their regulatory responsibilities seriously.

Disclaimer

This article is for informational purposes only and reflects understanding as of 22 October 2025. It does not constitute legal, contractual, or professional advice regarding eDEC submissions or contract compliance. Practices should consult with their Local Medical Committee, professional indemnity providers, or legal advisors regarding specific eDEC responses and compliance strategies. Always refer to the latest official NHS England guidance and your specific ICB requirements when preparing eDEC submissions.

Ready to start your gap analysis?

Complete your first domain assessment in under 5 minutes and receive a tailored remediation plan.

Start gap analysis

My Practice Manager provides AI-powered compliance tools and comprehensive resources for GP practices across England. Our mission is to make healthcare administration smoother, so professionals can focus on patient care and get home on time.