Caldicott and Confidentiality

Caldicott Following on from the initial Caldicott Report commissioned in 1997 which identified weaknesses in the way parts of the NHS handled confidential patient data. A subsequent review was published in 2013, this showed that there had been improvements but there was work still to do.

The report also highlighted added a seventh key principles to the 6 which where created in 1997. These principles are the cornerstone in which the NHS protect the data we hold and are often seen as an interpretation of the Data Protection Legislation for NHS staff. 

In 2020 an eighth principle was added to once again, intending to guide WWL and our staff, but it should be remembered that patients, service users and/or their representatives should be included as active partners in the use of confidential information.

Principle 1:

Justify the purpose(s) for using confidential information  Every proposed use or transfer of confidential information should be clearly defined, scrutinised and documented, with continuing uses regularly reviewed by an appropriate guardian.  

Principle 2:

Use confidential information only when it is necessary  Confidential information should not be included unless it is necessary for the specified purpose(s) for which the information is used or accessed. The need to identify individuals should be considered at each stage of satisfying the purpose(s) and alternatives used where possible.  

Principle 3:

Use the minimum necessary confidential information  Where use of confidential information is considered to be necessary, each item of information must be justified so that only the minimum amount of confidential information is included as necessary for a given function.  

Principle 4:

Access to confidential information should be on a strict need-to-know basis  Only those who need access to confidential information should have access to it, and then only to the items that they need to see. This may mean introducing access controls or splitting information flows where one flow is used for several purposes.  

Principle 5:

Everyone with access to confidential information should be aware of their responsibilities  Action should be taken to ensure that all those handling confidential information understand their responsibilities and obligations to respect the confidentiality of patient and service users.  

Principle 6:

Comply with the law Every use of confidential information must be lawful. All those handling confidential information are responsible for ensuring that their use of and access to that information complies with legal requirements set out in statute and under the common law.  

Principle 7:

The duty to share information for individual care is as important as the duty to protect patient confidentiality Health and social care professionals should have the confidence to share confidential information in the best interests of patients and service users within the framework set out by these principles. They should be supported by the policies of their employers, regulators and professional bodies.  

Principle 8:

Inform patients and service users about how their confidential information is used A range of steps should be taken to ensure no surprises for patients and service users, so they can have clear expectations about how and why their confidential information is used, and what choices they have about this. These steps will vary depending on the use: as a minimum, this should include providing accessible, relevant and appropriate information - in some cases, greater engagement will be required. 

A Guide to Confidentiality in Health and Social Care

A five rule guide designed and produced by NHS Digital (Health and Social Care Information Centre). The guide starts from the historic cornerstone of medical practice that promises confidentiality between doctor and patient. Yet it also recognises that patients, users of social care and the wider public can all reap the benefits from the sharing of information about their care.

To view the guide please click here

Confidentiality: NHS Code of Practice

The Confidentiality: NHS Code of Practice provides guidance on patient confidentiality.

The Code proposes a model for providing a confidential service:

Protect -  look after patients' information

Inform - ensure that patients are aware of how their information is used

Provide Choice - allow patients to decide whether their information can be disclosed or used in particular ways

Improve - always look for better ways to protect, inform and provide choice.

To view the Confidentiality: NHS Code of Practice, click here.