Skip to main content
Follow us

Coronavirus - Changes to our services

Due to the Coronavirus pandemic, some of our non-urgent services have been temporarily suspended and others are operating with reduced hours. Find out about service changes here.

Caldicott Guardian

A Caldicott Guardian is a senior person responsible for protecting the confidentiality of patient and service-user information and enabling appropriate information-sharing.

Share this:

Steve Gregory - Director of Nursing and Operations, is the Trust's Caldicott Guardian. Acting as the 'conscience' of the Trust, the Guardian actively supports work to enable information sharing where it is appropriate to share, and advises on options for lawful and ethical processing of information.

Steve Gregory

Each NHS organisation is mandated to have a Caldicott Guardian. The Guardian plays a key role in ensuring that NHS, Councils with Social Services Responsibilities and partner organisations satisfy the highest practical standards for handling patient identifiable information.

The Caldicott Guardian is a strategic role, which involves representing and championing Information Governance requirements and issues at Board or management team level and, where appropriate, at a range of levels within the Trust’s overall governance framework.

Further information is available from the Caldicott Council.

Caldicott Principles

The term used to describe how organisations and individuals manage the way information is handled within the health and social care system in England is ‘information governance’. In 1997 the Review of the Uses of Patient-Identifiable Information, chaired by Dame Fiona Caldicott, devised six general principles of information governance (the Caldicott Principles) that could be used by all NHS organisations with access to patient information.

In January 2012, the NHS Future Forum work stream on information identified this as an issue and recommended a review “to ensure that there is an appropriate balance between the protection of patient information and the use and sharing of information to improve patient care”. The Government accepted this recommendation and asked Dame Fiona to lead the work, which became known as the Caldicott 2 review. As part of that review, a seventh principle was added to the original principles.

7 Caldicott Principles

The Seven Caldicott Principles (revised in September 2013 following the Caldicott 2 Review) are:

Principle 1. Justify the purpose(s) for using confidential information

Every proposed use or transfer of personal confidential data within or from an organisation should be clearly defined, scrutinised and documented, with continuing uses regularly reviewed, by an appropriate guardian.

Principle 2. Don’t use personal confidential data unless it is absolutely necessary

Personal confidential data items should not be included unless it is essential for the specified purpose(s) of that flow. The need for patients to be identified should be considered at each stage of satisfying the purpose(s).

Principle 3. Use the minimum necessary personal confidential data

Where use of personal confidential data is considered to be essential, the inclusion of each individual item of data should be considered and justified so that the minimum amount of personal confidential data is transferred or accessible as is necessary for a given function to be carried out.

Principle 4. Access to personal confidential data should be on a strict need-to-know basis

Only those individuals who need access to personal confidential data should have access to it, and they should only have access to the data items that they need to see. This may mean introducing access controls or splitting data flows where one data flow is used for several purposes.

Principle 5. Everyone with access to personal confidential data should be aware of their responsibilities

Action should be taken to ensure that those handling personal confidential data - both clinical and non-clinical staff - are made fully aware of their responsibilities and obligations to respect patient confidentiality.

Principle 6. Comply with the law

Every use of personal confidential data must be lawful. Someone in each organisation handling personal confidential data should be responsible for ensuring that the organisation complies with legal requirements.

Principle 7. The duty to share information can be as important as the duty to protect patient confidentiality

Health and social care professionals should have the confidence to share information in the best interests of their patients within the framework set out by these principles. They should be supported by the policies of their employers, regulators and professional bodies.

Next review due: 1 September 2020

Contact information

  • Steve Gregory
    Caldicott Guardian (Director of Nursing and Operations)
    William Farr House
    Mytton Oak Rd
    Shropshire
    SY3 8XL
    Tel: 01743 277500
    Email: steve.gregory@nhs.net
  • Alan Ferguson
    Records Manager and Caldicott Support
    William Farr House
    Mytton Oak Rd
    Shropshire
    SY3 8XL
    Tel: 01743 277617
    Email: alan.ferguson@nhs.net

Email the Caldicott Guardian