13.4 Caldicott Guardian
Last updated 23/09/2021
Caldicott Guardians were introduced in 1997 following concerns about the use of patient identifiable information in health agencies. In particular, the government felt that despite the introduction of the Data Protection Act in 1984, patient information was not sufficiently secure. Caldicott Guardians have responsibility to ensure that patient identifiable information is safeguarded. Given the increasing partnership working between health and social care, the Caldicott Guardian arrangements were also implemented in local authorities with social care responsibilities, several years later.
A Caldicott Guardian is therefore appointed in each NHS or social care organisation and has specific responsibilities to oversee information sharing in the organisation in relation to patient and service user identifiable information - to ensure that it takes place in accordance with the data protection principles as set out in this chapter.
The seven Caldicott principles are:
- Justify the purpose of every proposed use or transfer;
- Don't do it unless it is absolutely necessary;
- Use the minimum necessary;
- Access to the information should be on a strict need to know basis;
- Everyone with access to it should be aware of their responsibilities;
- Understand and comply with the law;
- The duty to share information can be as important as the duty to protect patient confidentiality.
The Caldicott Guardian is not there to prevent information sharing between health and social care organisations, but is there to make sure that this is done in a way which safeguards people's rights to privacy and confidentiality, and in accordance with data protection principles.