Caldicott principles for professionals

In 1997 the Caldicott Committee, chaired by Dame Fiona Caldicott, issued a report on the protection of personally identifiable information within the health services. This report identified standards, which began to be implemented in the Health Service in 1998. In 2000, the government decided that these standards should be extended to "Councils with Social Service Responsibilities"

Surrey County Council has 2 Caldicott Guardians, one for Children's Services and one for Adults.

The Guardian plays a key role in ensuring that NHS, Councils with Social Services Responsibilities and partner organisations satisfy the highest practical standards for handling patient identifiable information.

Acting as the 'conscience' of an organisation, the Guardian actively supports work to facilitate and enable information sharing and advise on options for lawful and ethical processing of information as required.

The Caldicott Principles

The Caldicott Report set out a number of general principles that health and social care organisations should use when reviewing its use of client information and these are set out below:

Principle 1: Justify the purpose(s)

Every proposed use or transfer of personally identifiable information within or from an organisation should be clearly defined and scrutinised, with continuing uses regularly reviewed by the appropriate guardian.

Principle 2: Do not use personally identifiable information unless it is absolutely necessary.

Personally identifiable information items should not be used unless there is no alternative.

Principle 3: Use the minimum personally identifiable information.

Where the use of personally identifiable information is considered to be essential, each individual item of information should be justified with the aim of reducing identifiably.

Principle 4: Access to personally identifiable information should be on a strict need to know basis.

Only those individuals who need access to personally identifiable information should have access to it.

Principle 5: Everyone should be aware of their responsibilities.

Action should be taken to ensure that those handling personally identifiable information are aware of their responsibilities and obligations to respect patient/client confidentiality.

Principle 6: Understand and comply with the law.

Every use of personally identifiable information must be lawful. Someone in each organisation should be responsible for ensuring that the organisation complies with legal requirements.

Principle 7: The duty to share information can be as important as the duty to protect patient confidentiality.

Health and social care professionals should have the confidence to share information in the best interests of their patients within the framework set out by these principles.  They should be supported by the policies of their employers, regulators and professional bodies.