3.1.4 Caldicott Guardian
Caldicott Guardians were introduced in 1997 following concerns about the use of patient identifiable information in health agencies. In particular, the government felt that despite the introduction of the Data Protection Act in 1984, patient information was not sufficiently secure. Caldicott Guardians have responsibility to ensure that patient identifiable information is safeguarded. Given the increasing partnership working between health and social care, the Caldicott Guardian arrangements were also implemented in local authorities with social care responsibilities, several years later.
A Caldicott Guardian is therefore appointed in each NHS or social care organisation and has specific responsibilities to oversee information sharing in the organisation in relation to patient and service user identifiable information - to ensure that it takes place in accordance with the data protection principles as set out in this chapter.
The eight Caldicott principles are:
Principle 1: Justify the purpose(s) for using confidential information
Principle 2: Use confidential information only when it is necessary
Principle 3: Use the minimum necessary confidential information
Principle 4: Access to confidential information should be on a strict need-to-know basis
Principle 5: Everyone with access to confidential information should be aware of their responsibilities
Principle 6: Comply with the law
Principle 7: The duty to share information for individual care is as important as the duty to protect patient confidentiality
Principle 8: Inform patients and service users about how their confidential information is used
The Caldicott Guardian is not there to prevent information sharing between health and social care organisations, but is there to make sure that this is done in a way which safeguards people's rights to privacy and confidentiality. The importance of the Caldicott Guardian acting as “the conscience of the organisation” remains central to trusting the impartiality and independence of their advice.