Menu Home Search


Updated on Friday, 11 May 2018, 2382 views

The December 1997 Caldicott Report identified weaknesses in the way parts of NHS handled confidential patient data. The report made sixteen recommendations,one of which was the appointment of Caldicott guardians, members of staff with a responsibility to ensure patient data is kept secure.  It is now a requirement for every NHS organisation to have a Caldicott guardian.  The Guardians are responsible for ensuring that their organisation adheres to the Caldicott Principles.

The six Caldicott Principles are as follows:

  1. Justify the purpose(s) of using confidential information
  2. Every proposed use or transfer of patient-identifiable information within or from an organisation should be clearly defined and scrutinised, with continuing uses regularly reviewed, by an appropriate guardian.
  3. Do not use patient-identifiable information unless it is absolutely necessary
  4. Patient-identifiable information items should not be included unless it is essential for the specified purpose(s) of that flow.  The need for patients to be identified should be considered at each stage of satisfying the purpose(s).
  5. Use the minimum necessary patient-identifiable information that is required
  6. Where use of the patient-identifiable is considered to be essential, the inclusion of each individual item of information should be considered and justified so that the minimum amount of identifiable information is transferred or accessible as is necessary for a given function to be carried out.

Access to patient-identifiable information should be on a strict need-to-know basis

Only those individuals who need access to patient-identifiable information should have access to it, and they should only have access to the information items that they need to see. This may mean introducing access controls or splitting information flows where one information flow is used for several purposes.

Everyone with access to patient-identifiable information should be aware of their responsibilities

Action should be taken to ensure that those handling patient-identifiable information - both clinical and non-clinical staff - are made fully aware of their responsibilities and obligations to respect patient confidentiality.

Understand and comply with the law

Every use of patient-identifiable information must be lawful. Someone in each organsiation handling patient information should be responsible for ensuring that the organisation complies with the legal requirements.

Following a request from the Secretary of State for Health, Dame Fiona Caldicott carried out a further independent review of information sharing in March 2013 to ensure that there is an appropriate balance between the protection of patient information, and the use and sharing of information, to improve patient care.

More information is available at:

Related guidance...

Disclosing patient information without consent

Disclosing patient information without consent- A precis of GMC advice You must disclose information if it is required by statute or if...


Medical confidentiality is at the bedrock of the Doctor-Patient relationship and it is enshrined in a number of codes, guidelines and...

Accessing and sharing health records and patient confidentiality House of Commons Briefing

Individuals have a right to access their own health records, and in limited circumstances, access to the records of other people. The...

Police requests for medical notes from general practice

There is clear guidance regarding the obligations that GPs have with respect to copying and/or release of the GP record. For your...

Staff Members accessing records of their Family/Relations

We would like to remind practices of their obligation for protecting access to records by their staff members. GMC guidance from April...

Medical Records - Amending patient records

Medical Records, Amending patient records, Alterations Medical Records - Alterations We are often asked under what circumstances, and...

Information sharing with Separated Parents

Some important information for you to note when you are asked by separated parents for information about their child: Parents may have...

Patient Registration

PCSE Guide to Patient Registrations Registering new patients Removing patients How to cancel a deduction request Patient removals and...

Schools Requesting Certificates for Children's Absences

Schools are under increasing pressure to reduce non-attendance and will make contact with parents/guardians if there is a concern that...

Somerset LMC Weekly Update Friday 14th August 2020

All Somerset GPs and Practice Managers This and previous Updates can be found here and the SGPET ones here Winter Flu Campaign...