Caldicott principles

The Caldicott Principles were originally developed in 1997 following a review of how the NHS handled patient information. Dame Fiona Caldicott chaired this review. The results led to the creation of six initial Principles relating to patient confidentiality, which were named the Caldicott Principles.

Everybody who works in Cloister Road Surgery honour these principles and act in accordance with them. This is essential for upholding patient confidentiality.

The Caldicott Principles are fundamentals that Cloister Road Surgery follows to protect any information that could identify a patient, such as their name and their records. They also ensure that this information is only used and shared when it is appropriate to do so.

Cloister Road Surgery staff use the Principles as a test to determine whether they need to share information that could identify an individual. Although there were originally 6 principles, Dame Fiona Caldicott introduced a seventh principle in April 2013 following her second review of information governance.

These 7 Caldicott principles are:

Principle 1: Justify the purpose for using confidential information

Every proposed use or transfer of personally identifiable information, either within or from an organisation, should be clearly defined and scrutinised. Its continuing uses should be regularly reviewed by an appropriate guardian.

Principle 2: Don’t use personal confidential data unless absolutely necessary

Identifiable information should not be used unless it’s essential for the specified purposes. The need for this information should be considered at each stage of the process.

Principle 3: Use the minimum necessary personal confidential data

Where the use of personally identifiable information is essential, each individual item should be considered and justified. This is so the minimum amount of data is shared and the likelihood of identifiability is minimal.

Principle 4: Access to personal confidential data should be on a strict need-to-know basis

Only those who need access to personal confidential data should have access to it. They should also only have access to the data items that they need.

Principle 5: Everyone with access to personal confidential data should be aware of their responsibilities

Action should be taken to ensure that those handling personally identifiable information are aware of their responsibilities and their obligation to respect patient and client confidentiality.

Principle 6: Understand and comply with the law

Every use of personally identifiable data must be lawful. Organisations that handle confidential data must have someone responsible for ensuring that the organisation complies with legal requirements.

Principle 7: The duty to share information can be as important as the duty to protect patient confidentiality

Health and social care professionals should have the confidence to share information in the best interests of their patients and within the framework set out by these principles. They should also be supported by the policies of their employers, regulators, and professional bodies.

Caldicott policy