Caldicott Guardian role

A Caldicott Guardian is a senior officer, responsible for protecting the confidentiality of personal health and social care information and enabling appropriate information sharing.

Caldicott Guardians were established in all NHS organisations in 1999 and later extended to social care in 2002.

The Caldicott Guardian's role is to ensure that procedures are in place to govern access to and the use of patient (client) identifiable information and, where appropriate, the transfer of that information to other organisations. The Caldicott Guardian works closely with the organisation's Data Protection Officer (DPO) and Senior Information Risk Owner (SIRO) to ensure that any breaches of confidentiality are investigated and measures put in place to prevent recurrence. The Caldicott Guardian also provides advice to various groups (for example, Local Research Ethics Committee, Senior Management Teams etc), as well as to individual members of staff on issues concerning patient/client confidentiality. Another key role for the Caldicott Guardian is to provide training for staff on confidentiality.

Caldicott Principles

The key principles underlying use of patient/client identifiable information is summarised by the 8 Caldicott principles namely:

• Principle 1: Justify the purpose(s) of using confidential information
• Principle 2: Only use when absolutely necessary
• Principle 3: Use the minimum that is required
• Principle 4: Access should be on a strict 'need to know' basis
• Principle 5: Everyone must understand their responsibilities
• Principle 6: Understand and comply with the law
• Principle 7: The duty to share information is as important as the duty to protect patient confidentiality.
• Principle 8: Inform patients about how their information is used

GDPR and Caldicott

The Data Protection Act 2018 (and specifically the GDPR and LED Implementing Regulations 2018) provides the legal basis regarding protection of confidentiality on the Isle of Man. GDPR covers all sectors such as business, commercial etc whereas the Caldicott Guardian's role and Caldicott principles are specific to health and social care. There are major areas of overlap between Caldicott and GDPR; however there are some areas where they are different, the most important of which is that the GDPR and LED Implementing Regulations does not apply to deceased individuals whereas Caldicott does.

In the Isle of Man, the Caldicott Guardian works closely with the Information Commissioner to ensure that users of health and social services get consistent advice.

Manx Care Caldicott Guardian:

• Dr Sreeman Andole (Executive Medical Director)
• Deputy - Dr Gregor Peden (Chief Clinical Information Officer)

Full contact details: