The Caldicott principles and guardian roles explained
The National Data Guardian (NDG) plays a crucial role in maintaining the confidentiality of health and social care services.
Caldicott guardians oversee the upholding of the eight Caldicott principles to ensure proper handling and preservation of patient information.
The Caldicott principles may also apply to the deceased, just as confidentiality continues after death.
The Caldicott principles
The Caldicott principles, first introduced in 1997 (following a review chaired by Dame Fiona Caldicott) and since expanded, are a set of good practice guidelines for using and keeping safe people's health and care data. Caldicott guardians support the upholding of the principles at organisational level.
All NHS organisations must have a Caldicott guardian, and a wider range of bodies are now expected to have a guardian in place (see below).
The principles are intended to apply to all data collected for the provision of health and social care services where patients and service users can be identified and where they would expect this to be kept private.
Principle 1: justify the purpose(s) for using confidential information.
Principle 2: use confidential information only when it is necessary.
Principle 3: use the minimum necessary confidential information.
Principle 4: access to confidential information should be on a strict need-to-know basis.
Principle 5: everyone with access to confidential information should be aware of their responsibilities.
Principle 6: comply with the law.
Principle 7: the duty to share information for individual care is as important as the duty to protect patient confidentiality.
Principle 8: inform patients and services users about how their confidential information is used and what choice they have. There should be no surprises.
NHS organisations (including General Practice) have been required to have a Caldicott guardian since 1998 but the 2021 guidance covers which organisations should appoint a Caldicott guardian (and how), their role and responsibilities and how they should be supported, as well as the competencies and knowledge that will assist a Caldicott guardian. This is available from the NDG and you can find supporting information and advice from the UK Caldicott Guardian Council (UKCGC) website. The UKCGC is the point of contact for Caldicott guardians to seek advice on their role and responsibilities.
All the following organisations should appoint a Caldicott guardian:
- public bodies exercising functions relating to the health service, adult social care or adult carer support in England (that process confidential information about patients/service users)
- other organisations providing health or adult social care/carer support that is publicly funded (even if the organisation is not a public body).
- All such organisations have a statutory duty to 'have regard' to the NDG guidance, which means they are expected to take it into account and have good reason for any decision to depart from it.
- Small organisations where it is not proportionate to appoint a staff member to the role can share a Caldicott guardian (for example, a group of care homes or GP practices).
Maintaining the Caldicott Guardian Register
This site provides the current register of Caldicott Guardians in England.
You can Download the Caldicott Guardian register in Excel format and access the document to Register your Caldicott Guardian.
Note: This site also provides information on Senior Information Risk Owner, Information Asset Owner registers and Safe Haven Directory.
Training for Caldicott Guardians
elearning for healthcare (e-lfh) provides training for Caldicott Guardians, and those with an interest in finding out more about the role Caldicott Guardians play in keeping people’s health and social care data safe, and ensuring it is used appropriately.
The programme offers three, audience specific sessions:
A session for all staff (The Role of the Caldicott Guardian)
Caldicott Guardians: sharing information and protecting confidentiality in health and care
The aim of this session is to raise awareness and inform a broad range of staff from across health and social care of the importance of Caldicott Guardians and confidentiality in their setting, organisation, or sector. The learning would benefit staff working in the NHS, adult social care, local authorities and private sector partners.
Note: There is a also a module in Agilio TeamNet - Caldicott Principles suitable for staff awareness
A session for Caldicott Guardians (Your role as a Caldicott Guardian)
My role and responsibilities as a Caldicott Guardian
The aim of this session is to provide a starting point for newly appointed Caldicott Guardians, an aide memoire for the more experienced, and a pointer to the possibilities for professional development and support. It is also intended to inform Caldicott Guardians of the latest guidance about Caldicott Guardians, the support available to them, and to help train them for their role in the workplace.
Session senior staff (A Caldicott Guardian's role within the senior leadership team of an organisation)
A Caldicott Guardian’s role within the senior leadership team of an organisation
The aim of this session is to ensure that an organisation’s senior leaders are aware of the importance of the role of the Caldicott Guardian. It is intended to demonstrate to leadership teams how Caldicott Guardians act independently to represent the best interests of patients and service users, and the potential impact they can have on the decision-making processes of the organisation.
Smart Card Access
To obtain access to the Caldicott Guardian use right on your Smart Card, an email must be sent to the Registration Authority from a Sponsor (Existing Caldoctt Guardian or Senior Partner) .
RA/Smartcard Email: email@example.com / firstname.lastname@example.org
RA Dept: 0300 123 10 20 - Select RA option