Template job description for a Caldicott Guardian

This job description template has been developed by a range of Caldicott Guardians from across different health and care sectors.

It is intended to help you consider the role and responsibilities of a Caldicott Guardian within your organisation.

It will be helpful for those implementing the National Data Guardian’s guidance on the appointment of Caldicott Guardians.

It is important to note that the template is only intended as a starting point to help you develop a job description that is more tailored to the needs and circumstances of your specific organisation and sector.

Caldicott Guardian: Job Description

Background

In its December 1997 report, the Caldicott Committee recommended improvements to the way that the NHS handles and protects patient information. A key recommendation was that each organisation should appoint a Caldicott Guardian to oversee access to patient-identifiable information. Then in 1998 the Caldicott Guardian role was mandated.

The Caldicott Guardian’s role is intended to be strategic, advisory and facilitative. Formal responsibility for protecting and using patient information lies with the organisation, headed by the chief executive, and with each individual member of staff.

The Caldicott Guardian will normally be a senior health professional, an existing member of the management board of the organisation, and/or an individual with responsibility for promoting clinical governance.

Job summary

The Caldicott Guardian is responsible for the establishment of procedures governing access to, and the use of, person-identifiable information and, where appropriate, the transfer of that information to other bodies.

In addition to the Caldicott Principles, the Caldicott Guardian must also take account of the codes of conduct provided by professional bodies, and guidance on the protection and use of patient information and on information management and technology (IM&T) security disseminated by the Department of Health and Social Care.

Caldicott Guardians provide advice and support to staff on the sharing and disclosure of person-identifiable patient information and related legislation.

Working relationships

The Caldicott Guardian will be expected to liaise and work with the board, the senior management team, relevant staff and departments, in particular executive directors, IM&T services, health records, and clinical governance.

The Caldicott Guardian will work closely with and support the data protection officer (DPO), the senior information risk owner (SIRO) and the information governance team in the course of promoting the Caldicott principles, which will include attending various meetings as appropriate.

Role and responsibilities

The Caldicott Guardian will:

• advise the organisation on the standards required to maintain the confidentiality of personal information relating to patients and other individuals, and on the actions required to achieve them

• review and agree internal policies and protocols governing the protection and use of person-identifiable information by the organisation’s staff, ensuring that these address the requirements of national policy, guidance and the law, and that their operation is monitored

• agree and review protocols governing the disclosure of personal information across organisational boundaries, e.g. with social services and other partner organisations contributing to the local provision of care

• assume a strategic role, in developing security and confidentiality policies representing confidentiality requirements and issues to the board

• advise on annual improvement plans relating to issues of confidentiality and information protection

• agree and present annual outcome reports relating to issues of confidentiality and information sharing

• provide advice and support to assist the resolution of local confidentiality issues arising

• keep up to date with current legislation, guidance and best practice in information governance and Caldicott Guardian matters

• ensure standard procedures and protocols are in an understandable format and available to staff

• raise awareness through training and education to ensure that the standards of good practice and Caldicott Principles are understood and adhered to

Reporting

• raise concerns about any inappropriate uses made of patient / service user information with the DPO where necessary

• on an annual basis, to participate in the Data Security and Protection Toolkit assessment

Notes

1. The duties and responsibilities outlined above are to be regarded as broad areas of responsibility and do not necessarily detail all tasks which the post holder may be required to perform.

2. The job description may be subject to change in the light of experience and circumstances and after discussion with the post holder.

3. The post holder will undertake such other duties as may be required commensurate with grade and experience.

4. The post holder will be expected to act with full regard to the requirements of their organisation’s policies and procedures, including those relating to health and safety.