The Caldicott Guardian’s role
A Caldicott Guardian is a senior role for an organisation which processes health and social care personal data. They make sure that the personal information about those who use the organisation’s services is used legally, ethically and appropriately, and that confidentiality is maintained. Caldicott Guardians should be able to provide leadership and informed guidance on complex matters involving confidentiality and information sharing.
The Caldicott Guardian should play a key role in ensuring that their organisation satisfies the highest practical standards for handling person-identifiable information. Their main concern is information relating to individuals and their care, but the need for confidentiality extends to other individuals, including their relatives, staff and others. Organisations typically store, manage and share personal information relating to staff, and the same standards should be applied to this as to the confidentiality of patient information.
Caldicott Guardians should apply the eight Caldicott Principles wisely, using common sense and an understanding of the law. They should also be compassionate and courageous, recognising that their decisions will affect real people—some of whom they may never meet. The importance of the Caldicott Guardian acting as “the conscience of the organisation” remains central to trusting the impartiality and independence of their advice.
In all but the smallest organisations the Caldicott Guardian should work as part of a broader information governance function, with support staff contributing to the work required. A key relationship is with the Senior Information Risk Officer (SIRO).
The Caldicott Guardian also has an important strategic role that it is less appropriate to delegate. This involves representing and championing information governance requirements and issues at senior management team and board level and, where appropriate, throughout the organisation’s overall governance framework, including the governance of information management and technology (IM&T). This aspect of the Caldicott Guardian’s role is particularly important in relation to the implementation of digital and paperless systems.
Material in this and the section on responsibilities may be useful in defining job descriptions for Caldicott Guardians and others responsible for carrying out the Caldicott function.
Responsibilities
A Caldicott Guardian’s key responsibilities include strategy and governance, confidentiality and data protection expertise, internal information processing and information sharing.
Accountability
Caldicott Guardians should have a relationship of mutual respect and ideally should be of equal seniority with those to whom they are accountable. However, it is the good relationship that matters.
Key relationships
Caldicott Guardians should hold good relationships with senior risk information owners, information governance, clinical governance, information management and technology, external agencies and safeguarding.
Origins of the role
How the role of the Caldicott Guardian came to be.
“I have had the pleasure over the years of meeting many guardians and I know that the role is sometimes difficult, but always interesting and rewarding. I would like to take this opportunity to thank all Caldicott Guardians, past and present, for their excellent work.”
— Dame Fiona Caldicott