The rise of the Caldicott principles

May 16, 2024 by Phil – Practice Index 

Caldicott, confidentiality and the UK GDPR are probably terms you’ve heard of. You likely associate them with your day-to-day work (there’s a very good reason for that), and all three are intrinsically linked. Our patients entrust us to maintain their confidentiality and if that trust is breached, the damage can be wide-reaching reputationally for the organisation and professionally for the individuals concerned.

How many times have you heard someone say, “What’s said in here stays in here”? Is that phrase relevant or true? In some instances, yes, but there are occasions when information must be shared, with or without consent. There is a duty to share information, just as there is to protect it.

Whilst all of us have completed training that refers to the Caldicott principles, in this digital age, many might not know why they were introduced some 27 years ago. What might shock you is that back then, what we now consider confidential information was quite easily accessible to the public, causing many an issue. In fact, it wasn’t really considered confidential information, and in some instances, information such as healthcare records were used by some for personal or financial gain.

So, what was needed was guidance on the use and sharing of patient identifiable information. The challenge was to devise principles that protected information, but also permitted the sharing of information appropriately and effectively. Not an easy task! Ultimately, the aim was to get information sharing right in a way that improved patient safety, but also in a way that involved the patient in how their information was used.

The principles get their name from Dame Fiona Caldicott, who chaired a committee and subsequently presented a report on patient confidentiality in 1997. The recommendations in the report introduced six principles, established to protect patient identifiable information. In 2013 a second report was published, resulting in a seventh principle, and in 2020, following public consultation, an eighth principle was agreed and then added in 2021.

The eight Caldicott principles are:

Principle 1: Justify the purpose(s) for using confidential information.

Principle 2: Use confidential information only when it is necessary.

Principle 3: Use the minimum necessary confidential information.

Principle 4: Access to confidential information should be on a strict need-to-know basis.

Principle 5: Everyone with access to confidential information should be aware of their responsibilities.

Principle 6: Comply with the law.

Principle 7: The duty to share information for individual care is as important as the duty to protect patient confidentiality.

Principle 8: Inform patients and service users about how their confidential information is used.

The CQC advise that patient safety can only be assured when information is accessible, its integrity is protected against loss or damage, and confidentiality is maintained.

Good information sharing is as essential as the need to maintain confidentiality; it helps to provide safe, effective care. The Caldicott principles are considered good practice and must be upheld by all staff to ensure that patient identifiable information is kept confidential. “Confidentiality is the essence of being trusted” (Billy Graham).

For the Dispex  SOP Dispensary Confidentiality (D5) please click here.


Please click here for the source.