Caldicott Guardians are experts on confidentiality issues and access to patient records.

Dame Fiona Caldicott recommended such posts in her 1997 report into how patient information was used (and should be protected) in the health service, and in its increasingly complex information systems: 

A senior person, preferably a health professional, should be nominated in each health organisation to act as a guardian, responsible for safeguarding the confidentiality of patient information."

The Caldicott Guardian can give advice on any concerns you may have about a case or activity.

Our Caldicott Guardian

Our Caldicott Guardian is Dr Lee-Anne Farach, Director of People and Caldicott Guardian.

How it works

The Caldicott report sets standards for management of confidentiality and access to personal information in local councils.

The 2 main preconditions for confidentiality of information are its integrity and its security.

Integrity is achieved by ensuring the accuracy and completeness of information through proper processing.

Security is achieved by effective protection against inappropriate access or disclosure.

Caldicott principles

The Caldicott Guardian has a responsibility to oversee an ongoing process of audit, improvement and control of applications. The 8 Caldicott principles apply specifically to patient-identifiable information.

They are:

  • justify the purposes of using or transferring confidential information
  • do not use patient-identifiable information unless it is absolutely necessary
  • use the minimum necessary patient or client-identifiable information that is required
  • access to patient-identifiable information should be on a strict need-to-know basis
  • everyone with access to patient-identifiable information should be aware of their responsibilities
  • understand and comply with the law
  • the duty to share information can be as important as the duty to protect patient or client confidentiality
  • inform patients and service users about how their confidential information is used.

Caldicott Guardians and the Data Protection Act 1998

The 1998 Data Protection Act is the legislation covering all aspects of information processing. This includes security and confidentiality of personal information.

The Data Protection Act 2018 controls how your personal information is used by organisations, businesses or the government.

The Caldicott requirements provide the framework to put the Data Protection Act into operation.

Download the Caldicott report.