Legal and ethical aspects

Caldicott Guardians offer an authoritative view on ethical and human rights and wrongs when considering the sharing of personal data.

They seek to find a balance between:

• an individual’s privacy and best interests

• any risk of harm

• the public good

Their endeavour should result in the best possible answer in the circumstances.

Caldicott Guardians are not established by a specific act of parliament and so have no legal basis for their functions. However, a complex framework of legislation, common law, non-statutory codes of practice and protocols underpin everything they do.

In some complex situations, before reaching a considered decision about the sharing of data, Caldicott Guardians may need to:

• take legal advice

• speak to other Caldicott Guardians

• speak to the UK Caldicott Guardian Council

In some circumstances, sharing may be legally permitted, yet it does not follow that it is ethically right. On the other hand, there may be occasions where the legal basis for sharing is unclear or disputed, yet there is an overwhelming ethical imperative to disclose.

It is essential to appreciate that confidentiality is not necessarily absolute, and healthcare professionals must carefully balance the importance of confidentiality against avoiding harm—to the confidant and others who may benefit from disclosure.

The legal aspects Caldicott Guardians need to be particularly familiar with are the Data Protection Act 2018, the UK General Data Protection Regulation (GDPR), and the common law duty of confidentiality.

Details on these are provided at the bottom of this page.

Ethical considerations

It is generally agreed that data should be used in the 'right way', but for many, the ethical aspects of doing so remain unclear. Many will recognise an ethical duty to 'do good', and a corresponding duty to 'do no harm', but two other ethical considerations, autonomy and justice, are less often recognised. These ethical considerations are known jointly as the four pillars of ethics:

• autonomy – respect for the patient’s right to self-determination

• beneficence – the duty to ‘do good’

• non-maleficence – the duty to ‘not do bad’

• justice – treat all people equally and equitably

There are always consequences, either foreseen or unforeseen, to any course of action. But there will also be consequences of 'not doing something'.

Caldicott Guardians are often asked whether information may be disclosed or not. When making such choices, the consequences of not sharing should be considered along with the consequences of sharing. Whilst there may always be some unforeseeable consequences, rigorous efforts should be made to ensure that, as far as possible, both the likely and the unlikely consequences are considered.

Situations in the real world are often complex, and it may not be possible to respect all four pillars of ethics equally at the same time. There may be situations where the duty to do good for an individual may result in harm being done to the individual or to others, and the needs of individuals should be balanced against the need to protect society, for example, with communicable diseases and where there is a risk of violence.

There is also an inherent danger where decisions are made by a single individual that their own personal views may colour their judgement. The need to respect a patient's right to self-determination may be influenced by a professional’s strong belief that their view is more informed and should prevail over the patient’s.

A decision which may seem reckless to others may simply reflect a personal belief system and wishes. A patient with cancer might wish to discontinue treatment if they felt their quality of life was impaired, and this should not necessarily indicate a lack of mental capacity. Although an individual’s autonomy should normally be respected, there may occasionally be unintended consequences. For example, the desire of a terminally ill patient to die at home may impact other members of the household who are either unwilling or unable to care for them.

Public safety must also be considered and balanced against the wishes and autonomy of an individual. It is expected that cases of serious crime will be reported to the police, but it is not always clear what this means in practice. A case of rape should normally be reported, but the victim might object, creating a dilemma between the need to protect the public and respecting the victim’s autonomy. The apprehension, trial and conviction of a rapist would serve public safety, but the experience of a trial might add to the victim's suffering.

Caldicott Guardians are often faced with such dilemmas where there is no clear, 'right' answer. It is often a case of finding the 'best possible' answer or the 'least bad' option.

In situations like this, it is important that the decision-making process is documented and that all factors considered have been recorded. This is particularly important as Caldicott Guardians are frequently expected to make wise decisions based only on the information supplied. Other factors might have led to a different decision had they been aware of them.

Documenting the process helps to provide a consistent, structured approach to decision-making and may lead to a realisation that additional information is required before reaching a conclusion.