{content}

Sharing health and care information – Caldicott Guardians

A Caldicott Guardian is a senior person responsible for protecting the confidentiality of people’s health and care information and making sure it is used properly. All NHS organisations and local authorities which provide social services must have a Caldicott Guardian. For further information see the Caldicott Guardian page on Gov.UK

There are eight principles and they are specific to Health and Social Care Services. Our Caldicott Plan [PDF, 101Kb] provides further information.

Our Caldicott Guardians

The Caldicott Guardians for Social Services are:

  • Tom Hewis, Principal Social Work, Children’s Services
  • Wendy Lawtey, Assistant Director – Integrated Care

The Caldicott Guardian for Public Health is:

  • Wendy Lawtey, Assistant Director – Integrated Care

The Caldicott principles

The principles are intended to apply to all data collected for the provision of health and social care services where patients and service users can be identified and would expect that it will be kept private. This may include for instance, details about symptoms, diagnosis, treatment, names and addresses. In some instances, the principles should also be applied to the processing of staff information. Read the details of the eight Caldicott principles.

What Caldicott principles mean for staff

The eight principles are simple steps to ensure the security of information and to protect the confidentiality of patients or service users. Every employee is responsible for information security and for ensuring that:

  • Any information obtained, either directly or indirectly from or about a client is not disclosed to any person, organisation or body who does not need to know or who does not have an authorised right to access that information.
  • Every use or transfer of personal information, including e-mail, is clearly justified. Personal information should not be used unless it is absolutely necessary.
  • Consent is sought wherever possible for the recording, retention and sharing of personal information.
  • Appropriate information is shared with other professionals if it is in the best interests of the client or is necessary to safeguard another professional.
  • Wherever appropriate, personal information is anonymised, for example, for statistical reporting.
  • Reasonable steps are taken to ensure that all information recorded is accurate and up-to-date and that information is only changed or modified by someone authorised to do so. (If a patient or service user advises that their information is incorrect, a correction a should be made immediately or a note added to the file if correction is not possible or inappropriate).
  • Security passwords are not be shared with any other person.
  • Patient or service user records or systems are not accessed unless there is a business reason for the access.