NHSScotland Caldicott Guardians: Principles into Practice

Foundation manual for NHS Scotland Cadicott Guardians


1. Introduction

1.1. The 1997 Caldicott report made a number of recommendations for regulating the use and transfer of person identifiable information between NHS organisations and between NHS organisations and non- NHS bodies. The Caldicott Committee's remit included all patient-identifiable information passing between organisations for purposes other than direct care, medical research or where there was a statutory requirement for information. The aim was to ensure that patient-identifiable information was shared only for justified purposes and that only the minimum necessary information was shared in each case. The Committee also advised on where action to minimise risks of confidentiality would be desirable.

The recommendations of the Caldicott Committee influenced the confidentiality agenda for NHS organisations for a number of years. Central to the recommendations was the appointment in each NHS organisation of a "Guardian" to oversee the arrangements for the use and sharing of patient identifiable information. In Scotland these recommendations did not apply to Local Authorities. A key recommendation was that use of patient-identifiable information should be regularly justified and routinely tested against the following principles:

Principle 1 - Justify the purpose(s) for using confidential information

Principle 2 - Only use it when absolutely necessary

Principle 3 - Use the minimum that is required

Principle 4 - Access should be on a strict need-to-know basis

Principle 5 - Everyone must understand his or her responsibilities

Principle 6 - Understand and comply with the law

Since then developments in information management in NHSScotland ( NHSS) have added to the Caldicott role including:

  • Data Protection Act 1998
  • Human Rights Act 1998
  • Freedom of Information (Scotland) Act 2002
  • NHSS Code of Practice on Protecting Patient Confidentiality.
  • NHSS Information Governance standards 2005
  • e-health developments (such as the ECS , SCI Store, SCIDC etc)

This manual takes account of these developments and, importantly, sets the role of the Caldicott Guardian within an organisational Caldicott/Confidentiality function which is itself a part of the broader Information Governance agenda.

This manual does not aim to reproduce or codify all the guidance available, but it updates existing materials where necessary and provides pointers to other current sources of guidance and standards which are available via the Caldicott Guardian website. The website is intended to be a 'one stop shop' for template policies and procedures, and links to legislation, Codes of Practice and Professional Standards.

The manual and website replaces the UK Caldicott Guardian manual. The new Caldicott Guardian manual and website will be subject to regular review and updated as necessary.

Back to top