Acting as the "conscience" of an organisation, the Caldicott Guardian supports work to facilitate and enable information sharing, advising on options for lawful and ethical processing of information as required. Local issues will inevitably arise for Caldicott Guardians to resolve.
Principle 1: Justify the purpose(s)
Every proposed use or transfer of personal-identifiable information within or from an organisation should be clearly defined and scrutinised, with continuing uses regularly reviewed by an appropriate guardian.
Principle 2: Don't use patient-identifiable information unless it is absolutely necessary
Personal-identifiable information items should not be used unless there is no alternative.
Principle 3: Use the minimum necessary patient-identifiable information
Where use of personal-identifiable information is considered to be essential, each individual item of information should be justified with the aim of reducing identifiability.
Principle 4: Access to patient-identifiable information should be on a strict need to know basis
Only those individuals who need access to personal information should have access to it, and they should only have access to the information items that they need to see.
Principle 5: Everyone should be aware of their responsibilities
Action should be taken to ensure that those handling personal information are aware of their responsibilities and obligations under the Data Protection Act 2018.
Principle 6: Understand and comply with the law
Every use of personal information must be lawful.
Principle 7: The duty to share information can be as important as the duty to protect patient confidentiality
Health and social care professionals should have the confidence to share information in the best interests of their patients within the framework set out by these principles. They should be supported by the policies of their employers, regulators and professional bodies.