NDG announces new Caldicott Principle and guidance on Caldicott Guardians

The National Data Guardian for Health and Social Care has published the outcomes from a public consultation about the Caldicott Principles and Caldicott Guardians

A stethoscope resting on digital devices.

The National Data Guardian for Health and Social Care (NDG) Dame Fiona Caldicott has today published the outcomes from a public consultation that she ran to seek views on her intention to:

• revise the existing 7 Caldicott Principles
• introduce a new principle about ensuring there are no surprises for patients and service users about the use of their confidential information
• issue guidance about the role of Caldicott Guardians using her statutory powers

The consultation response contains a revised – and expanded – set of 8 Caldicott Principles and includes a commitment to issue guidance about Caldicott Guardians in 2021.

The Caldicott Principles, first introduced in 1997 and previously amended in 2013, are guidelines applied widely across the field of health and social care information governance to ensure that people’s data is kept safe and used appropriately. Caldicott Guardians support the upholding of these principles at an organisational level.

The new principle’s purpose is to make clear that patient and service user expectations must be considered and informed when confidential information is used, to ensure ‘no surprises’ about the handling or sharing of their data. Following feedback from the consultation, the wording of this new, eighth principle is:

Principle 8: Inform patients and service users about how their confidential information is used

A range of steps should be taken to ensure no surprises for patients and service users, so they can have clear expectations about how and why their confidential information is used, and what choices they have about this. These steps will vary depending on the use: as a minimum, this should include providing accessible, relevant and appropriate information - in some cases, greater engagement will be required.

Its introduction was prompted by a careful consideration of the role that the legal concept of ‘reasonable expectations’ should play in shaping the circumstances under which health and care data may be legitimately shared. The NDG does not envisage that this principle will establish reasonable expectations as a legal basis in its own right to meet the duty of confidence. However, given the influence of the Caldicott Principles, she does believe it will helpfully emphasise the perspective of patients and service users in decisions to use and share confidential information.

The consultation response also confirms the NDG’s intention to issue guidance using her statutory powers in 2021 about the appointment of Caldicott Guardians for all public bodies within the health and adult social care sector in England, and all organisations which contract with such public bodies to deliver health or adult social care services. The guidance will define the roles and responsibilities of Caldicott Guardians and how they should be supported by their organisations. The guidance will provide flexibility for organisations for which it is not proportionate to appoint a dedicated Caldicott Guardian and will suggest options/models to ensure those organisations can still have a Caldicott function.

Supporting resources will be made available for those who need to appoint a Caldicott Guardian or establish a Caldicott function within their organisations.

This will be the first time that the National Data Guardian has issued statutory guidance using her powers under the Health and Social Care (National Data Guardian) Act 2018.

National Data Guardian