Being a Caldicott Guardian can feel like a big responsibility but the 8 guiding principles are a really helpful reference point. I’ve referred to these when weighing up the various angles in a scenario and they are a strong reminder about the importance of placing the person at the centre of the decision-making process.‘ – Michelle De Souza, Caldicott Guardian for Inspire North

Origins of the role

Caldicott Guardians derive their name and inspiration from the Government Review of Patient-Identifiable Information, chaired by Dame Fiona Caldicott, which reported in December 1997.

Please see here for further information on the role.

Who needs to appoint a Caldicott Guardian?

Under the guidance published by the National Data Guardian in 2021 all public bodies within health and adult social care that process confidential information about patients or service users will be required, by law, to have a Caldicott Guardian in place. This includes any Third Sector organisations contracted by public bodies to deliver health or adult social care services that process such information.

Where an organisation considers that it is not proportionate or feasible to appoint a member of its own staff to the Caldicott Guardian role, it should arrange for the function to be provided in another way. An organisation may choose to share a Caldicott Guardian with one or more other organisations.

We know that some Third Sector organisations in Leeds have completed, or started to complete, the Data Security and Protection Toolkit (DSPT). As part of the DSPT process, organisations should provide details about its Caldicott Guardian(s) and as part of their annual submission.

For more information please read the guidance on the National Data Guardian’s Website here.

What is a Caldicott Guardian?

A Caldicott Guardian is a senior person, within a health or social care organisation, responsible for protecting the confidentiality of patient information and making sure it is used legally, ethically and appropriately. The Guardian should be, in order of priority:

• An existing member of the senior management team;
• A senior health or social care professional;
• The person with responsibility for promoting clinical governance or equivalent functions.

All organisations required to have a Caldicott Guardian should ensure their details are kept up-to-date on the Caldicott Guardian register.

A video summarising the guardian role is available here

What does a Caldicott Guardian do?

The Caldicott Guardian should play a key role in ensuring that their organisation satisfies the highest practical standards for handling person identifiable information. A Caldicott Guardian’s role is guided by Eight principles to ensure people’s information is kept confidential and used appropriately. These are:

Principle 1: Justify the purpose(s) for using confidential information
Principle 2: Use confidential information only when it is necessary
Principle 3: Use the minimum necessary confidential information
Principle 4: Access to confidential information should be on a strict need-to-know basis
Principle 5: Everyone with access to confidential information should be aware of their responsibilities
Principle 6: Comply with the law
Principle 7: The duty to share information for individual care is as important as the duty to protect patient confidentiality
Principle 8: The need to keep patients and service users informed, and to ensure that their expectations are considered and met when their confidential information is used

You can download guidance on the principles here. The UK Caldicott Guardian Council has produced a helpful Checklist for newly appointed Caldicott Guardians here.