⚠️A Wake-Up Call for Agencies – Before It’s Too Late⚠️
Posted on
Let’s be honest – things are brutal for agencies right now. Margins are tight, audits are tougher, and one mistake could lose you your frameworks. That’s why this matters.
Over the past few months, we’ve spoken with several agencies that had a gut feeling something wasn’t right with their new compliance provider. So they did the smart thing – they booked independent audits to check if corners were being cut.
What came back was horrifying – and every single one of them had been using the same provider.
Where It’s Going Wrong
🔴 “Interviews” done via static self-submitted forms – no questions, no human, no proper assessment.
🔴 Fitness to Work (FTW) certificates signed by someone not legally permitted to do it – this is where many agencies are being misled. Certain Practitioners may have clinical skills and training, SEQOHS sets strict requirements about who can deliver and sign off on occupational health assessments. It’s not just about being a registered health professional – it’s about specific competence in occupational health, immunisation interpretation, and risk-based clearance.
SEQOHS standards require:
1.1:“All health professionals delivering clinical services are registered/licensed with the relevant regulatory body.” 2.1:“All clinical staff employed by the service, and contractors engaged, have the knowledge, skills, experience and relevant qualifications for the work they undertake.” 2.6:“Staff and contractors who advise on and/or deliver immunisations, or otherwise engage in medicines management, are clinically competent and practise in accordance with national standards and guidelines.”
To be compliant, Fitness to Work clearance must be signed off by a qualified occupational health nurse or doctor (with NMC or GMC registration and OH training). Even if a registered practitioner is not registered with the NMC or GMC, and has general healthcare expertise, they aren’t recognised as competent under SEQOHS for OH risk assessment; meaning the certificate is invalid and will result in an immediate core fail during any SEQOHS or framework audit.
🔴 EPP certificates missing IVS details – certificates don’t even mark IVS next to the relevant sections, leaving no confirmation of proper Exposure-Prone Procedure (EPP) clearance.
🔴 AI-driven clearance – Allegations have surfaced that AI is being utilised to renew FTW’s services.
🔴 Automation over accountability – FTW renewals are being issued by scripts within seconds, with no review of original declarations or health records.
Security and Data Failings
Technical audits and whistleblower evidence show the provider’s platform is dangerously insecure:
No enforced HTTPS redirect – leaving data vulnerable to interception.
Open ports (22, 80, 3000) exposing admin-level services.
No reliable audit logs – certificate dates and details can be altered without a trace.
Privacy policy contradictions – they claim:
“We store your personal data on our servers in the UK. We will only transfer information outside of the UK or EEA where we have a valid legal mechanism in place.” Yet independent testing shows data is actually stored in Germany, breaching trust and potentially the law.
Whistleblowers Are Speaking Out
Several whistleblowers – including staff from agencies who’ve used this provider – have come forward with alarming evidence.
One insider told us:
“I don’t think they realise they’re trying to do me out of my own job – but doing it badly by cutting massive corners. Yes, automation is great to a point, but sometimes things need a human touch. If it weren’t for humans, no one would catch on to just how bad this is!”
We’ve received evidence of:
FTW certificates are being renewed without a seemingly thorough medical review.
Sensitive health records are being stored on insecure systems.
This evidence is now being shared with auditors, key stakeholders, regulators, and governing bodies.
TAKE ACTION NOW!
If you have used or are working with this provider, please review your certificates. Ensure that someone has signed them off who is registered with the GMC or NMC and holds the proper occupational health qualifications or training. If not, ask for a full refund.
Even if you don’t use us, there are plenty of reputable businesses out there who do things right – companies that value governance, accuracy, and compliance above shortcuts.
Don’t Let Automation Replace Your Role
All this automation could render compliance managers’ jobs obsolete. Automation has its place – it can speed up admin and routine checks – but these are critical verifications that need a human touch, not a botched script. Verifying blood test results and titres, confirming IVS for EPP clearance, reviewing health declarations for safeguarding issues, checking the authenticity of documents, ensuring Fitness to Work sign-off is done by the right qualified professional, and verifying qualifications and registrations are all tasks that require trained eyes and judgement. When these checks are left to automation, they’re wide open to abuse – fake documents slip through, risks go unnoticed, and there’s zero accountability. Don’t be replaced by a computer that can’t do the job correctly. Don’t let the wool be pulled over your eyes.
Your Next Step
💬 Ask yourself:
Would your agency survive if this came out in your next framework audit?
Would you trust certificates that don’t even show IVS for EPP clearance?
If you don’t, it will be too late the next time you are audited.
❌ Don’t risk your place on the framework. ❌ Don’t risk your candidates. ❌ And definitely don’t risk your own job in compliance.
Why Agencies Trust HB Compliance
✅ At HB Compliance, we don’t cut corners: ✔️ Face-to-face interviews ✔️ Nurse-led decisions ✔️ Verified documents ✔️ Independent from recruitment ✔️ Proper governance and accountability ✔️ We comply fully with SEQOHS standards – using qualified, trained occupational health professionals and nurses to support agencies.
You can trust us. And you’ll never have to wonder how it was done, as we will show you the evidence!
This isn’t just a warning – it’s your heads-up, before it’s too late.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
_GRECAPTCHA
5 months 27 days
This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Cookie
Duration
Description
CONSENT
2 years
YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Cookie
Duration
Description
yt-remote-connected-devices
never
YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id
never
YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
