Strategy & governance: the Caldicott Guardian should champion confidentiality issues at Board/senior management team level, should sit on an organisation’s Information Governance Board/Group and act as both the ‘conscience’ of the organisation and as an enabler for appropriate information sharing.
Confidentiality & data protection expertise: the Caldicott Guardian should develop a strong knowledge of confidentiality and data protection matters, drawing upon support staff working within an organisation’s Caldicott and information governance functions, but also on external sources of advice and guidance where available.
Internal information processing: the Caldicott Guardian should ensure that confidentiality issues are appropriately reflected in organisational strategies, policies and working procedures for staff. The key areas of work that need to be addressed by the organisation’s Caldicott function are detailed in the Information Governance Toolkit.
Information sharing: the Caldicott Guardian should oversee all arrangements, protocols and procedures where confidential personal information may be shared with external bodies and others with responsibilities for social care and safeguarding. This includes flows of information to and from partner agencies, sharing through IT systems, disclosure for research, and disclosure to the police.
Many or all of these responsibilities may be shared with the Senior Information Risk Officer (SIRO), with whom the Caldicott Guardian should work closely.
Staff should be advised to seek assistance from the Caldicott Guardian where necessary; typical examples of such situations are:
- a request from the police for access to people’s information;
- requests from patients to delete their records;
- an actual or alleged breach of confidentiality.