A Caldicott Guardian is a senior person in each NHS organisation responsible for protecting the confidentiality of patient and service-user information and enabling appropriate information-sharing.
Q: Why do I need to know about Caldicott Guardians? A: Because a CCG may state that certain documents cannot be made available to you if you are not the individual that they relate to – eg. the DST for your relative – on the grounds that they are not allowed to relase confidential conformation to a third party, or that you must seek this information by going through a process of formal application. The CCG may state that they need to refer to the decision of the Caldicott Guardian before complying with the requirements of the National Framework to provide medical documents.
In the case of the DST, however, the Decision Support Tool document 2013 specifies (item 20) that:
20. A copy of the completed DST (including the recommendation) should be forwarded to the individual (or, where appropriate, their representative) together with the final decision made by the CCG, along with the reasons for this decision.
This is reiterated in the Practice Guidance Notes which state clearly that: PG33 i) The decision should be communicated in writing as soon as possible in an accessible format and language to the individual or their representative so that it is meaningful to them. They should also be sent a copy of the DST and information on how to ask for a review of the decision if the individual is dissatisfied with the outcome.
Note that this wording does not say “a summary of the DST” or “part of the DST“. It says “the DST“. Therefore, any CCG that fails to provide the full DST, (or who amends the original DST in any way) when writing to you with the decision on eligibility is not complying with the National Framework. You should not need to request it or to make a formal application through a separate process. Nor should a ruling by the Calidicott Guardian differ from this, if the CCG are to abide by the National Framework’s legal requirements. (See “Principle 6. Comply with the law” )
The National Framework clarifies that: “In this Framework the term representative is intended to include any friend, unpaid carer or family member who is supporting the individual in the process as well as anyone acting in a more formal capacity (e.g. welfare deputy or power of attorney, or an organisation representing the individual).”
Practice Guidance Note 5.9 also says: There are some circumstances where information must be shared with a 3rd party e.g. where they have a registered Lasting Power of Attorney (Welfare) or are a court appointed Deputy (Welfare).
Each NHS organisation is required to have a Caldicott Guardian; this was mandated for the NHS by Health Service Circular: HSC 1999/012. The mandate covers all organisations that have access to patient records, so it includes acute trusts, ambulance trusts, mental health trusts, primary care trusts, strategic health authorities, and special health authorities such as NHS Direct.
Acting as the ‘conscience’ of an organisation, the Guardian actively supports work to enable information sharing where it is appropriate to share, and advises on options for lawful and ethical processing of information.
The Caldicott Guardian also has a strategic role, which involves representing and championing Information Governance requirements and issues at Board or management team level and, where appropriate, at a range of levels within the organisation’s overall governance framework.
National Register of Caldicott Guardians
NHS and Social Care Caldicott Guardians are required to be registered on the publicly available National Register of Caldicott Guardians.
Download the National Register of Caldicott Guardians (Excel, 855Kb).
If you need information about a Caldicott Guardian at a particular organisation, please contact the relevant NHS organisation or Local Authority.
The Caldicott Principles – Revised September 2013
Principle 1. Justify the purpose(s) for using confidential information
Every proposed use or transfer of personal confidential data within or from an organisation should be clearly defined, scrutinised and documented, with continuing uses regularly reviewed, by an appropriate guardian.
Principle 2. Don’t use personal confidential data unless it is absolutely necessary
Personal confidential data items should not be included unless it is essential for the specified purpose(s) of that flow. The need for patients to be identified should be considered at each stage of satisfying the purpose(s).
Principle 3. Use the minimum necessary personal confidential data
Where use of personal confidential data is considered to be essential, the inclusion of each individual item of data should be considered and justified so that the minimum amount of personal confidential data is transferred or accessible as is necessary for a given function to be carried out.
Principle 4. Access to personal confidential data should be on a strict need-to-know basis
Only those individuals who need access to personal confidential data should have access to it, and they should only have access to the data items that they need to see. This may mean introducing access controls or splitting data flows where one data flow is used for several purposes.
Principle 5. Everyone with access to personal confidential data should be aware of their responsibilities
Action should be taken to ensure that those handling personal confidential data – both clinical and non-clinical staff – are made fully aware of their responsibilities and obligations to respect patient confidentiality.
Principle 6. Comply with the law
Every use of personal confidential data must be lawful. Someone in each organisation handling personal confidential data should be responsible for ensuring that the organisation complies with legal requirements.
Principle 7. The duty to share information can be as important as the duty to protect patient confidentiality
Health and social care professionals should have the confidence to share information in the best interests of their patients within the framework set out by these principles. They should be supported by the policies of their employers, regulators and professional bodies.
UK Council of Caldicott Guardians
The Council is an elected body made up of Caldicott Guardians from health and social care. The Council meets four times per year.
Visit the Council’s web pages to see the membership and find out more about its work.