Caldicott Guardian

Overview

A Caldicott Guardian is a named senior figure in health and social care organisations, ensuring personal data is handled legally, ethically, and appropriately.

They provide leadership on complex confidentiality and information sharing issues. Their primary focus is on patient-related data, but they also uphold confidentiality standards for staff and others, applying the same principles to all person-identifiable information.

Guided by the Eight Caldicott Principles, Guardians use common sense, legal knowledge, compassion, and courage. Caldicott Guardians typically work as part of a broader information governance team. They collaborate closely with the Senior Information Risk Officer (SIRO) and receive support from dedicated staff. Their responsibilities and the principles they uphold may guide job descriptions for themselves and others performing similar functions. The Caldicott Guardian’s presence helps maintain trust, transparency, and integrity in the handling of sensitive personal information.

🎱 Eight Caldicott Principles

Principle 1: Justify the purpose(s) for using confidential information

Every use or sharing of confidential information must be explicitly defined, thoroughly examined, recorded, and periodically reassessed under the guidance of a suitable guardian.

Principle 2: Use confidential information only when it is necessary

Only include confidential information when it’s essential for the intended purpose.

Principle 3: Use the minimum necessary confidential information

Only include information strictly required for the task.

Principle 4: Access to confidential information should be on a strict need-to-know basis

Restrict confidential data access only to authorised individuals who require it.

Principle 5: Everyone with access to confidential information should be aware of their responsibilities

Ensure everyone handling confidential data fully understands and honours their responsibility to maintain patient and service user confidentiality.

Principle 6: Comply with the law

All data usage must align with legal requirements.

Principle 7: The duty to share information for individual care is as important as the duty to protect patient confidentiality

Professionals should share confidential information in patients’ best interests, guided by these principles and supported by their employers, regulators, and professional bodies.

Principle 8: Inform patients and service users about how their confidential information is used

Ensure patients and service users fully understand how and why their data is used, what options they have, and avoid surprises by providing accessible information and adjusting the level of engagement as needed.

Mnemonic - COMPLIED

Comply with the law (P6)
Only use when necessary (P2)
Minimum information included (P3)
Purpose justified for using confidential data (P1)
Limit access on a need-to-know basis (P4)
Inform patients and service users (P8)
Ensure everyone understands their responsibilities (P5)
Duty to share equals duty to protect (P7)