Caldicott Guardian role

A Caldicott Guardian is a senior officer, responsible for protecting the confidentiality of patient / client information and enabling appropriate information sharing.

Caldicott Guardians were established in all NHS organisations in 1999 and later extended to social care in 2002.

The Caldicott Guardian's role is to ensure that procedures are in place to govern access to and the use of patient (client) identifiable information and, where appropriate, the transfer of that information to other organisations. The Caldicott Guardian ensures that any breaches of confidentiality are investigated and measures put in to prevent securities of breach. The Caldicott Guardian also provides advice to various groups (for example, Local Research Ethics Committee, SMT's etc), as well as to individual members of staff on issues concerning patient/client confidentiality. Another key role for the Caldicott Guardian is to provide training for staff on confidentiality.

Caldicott Principles:

The key principles underlying use of patient/client identifiable information is summarised by the 6 Caldicott principles namely:

Principle 1: Justify the purpose(s) of using confidential information
Principle 2: Only use when absolutely necessary
Principle 3: Use the minimum that is required
Principle 4: Access should be on a strict 'need to know' basis
Principle 5: Everyone must understand his/her responsibilities
Principle 6: Understand and comply with the law

Caldicott 2 (May 2013) has added a seventh principle:

Principle 7: The duty to share information can be as important as the duty to protect patient confidentiality.

DPA and Caldicott:

The Data Protection Act 2002 provides the legal basis regarding protection of confidentiality; however the Data Protection Act 2002 covers all sectors such as business sector, commercial sector etc where as Caldicott Guardian's role and Caldicott principles are specific to health and social care. There are major areas of overlap between Caldicott and Data Protection; however there are some areas where they are different, the most important of which is that the Data Protection Act does not apply to deceased individuals whereas Caldicott does.

In the Isle of Man, the Caldicott Guardian works closely with the Data Protection Supervisor to ensure that users of health and social services get consistent advice.

The Department has two Caldicott Guardians:

Catherine Quilliam is responsible for health care matters;
Mike Williamson is responsible for social care matters with Cath Hayhow covering during absence.

Full contact details: