The Role of the Caldicott Guardian

1
The Role of the Caldicott Guardian

• Information Governance Policy Team
• NHS Connecting for Health

2
Key Learning Points

• The history of the Caldicott Guardian.
• Who should be the Caldicott Guardian?
• The role of the Caldicott Guardian.
• Information Governance.
• The Information Governance Toolkit.
• The National Programme for IT.
• Further guidance and support.
• The UK Council of Caldicott Guardians.
• Recommended further training.

3
History1

• 1997 Caldicott Committee reported.
• Caldicott Report Recommendations
• Appointment of NHS Caldicott Guardians
  (HSC1999_012 Caldicott Guardians).
• Appointment of Social Care Caldicott Guardians
  (LAC(2002)2_Caldicott Guardians).
• CG responsible for ensuring
• Policies and procedures.
• Compliance with the Caldicott Principles.

4
Caldicott Principles

• Justify the purpose for using confidential
  information.
• Only use it when absolutely necessary.
• Use the minimum required.
• Access should be on a strict need-to-know basis.
• Everyone must understand their responsibilities.
• Everyone must understand and comply with the law.

5
History 2

• The Data Protection Act 1998.
• The Human Rights Act 1998.
• The Freedom of Information Act 2000.
• Patient Information Advisory Group (PIAG) 2001.
• NHS Code of Practice on Confidentiality 2003.
• NHS Information Governance 2003.
• NHS Care Records, Electronic Social Care Records,
  and the Secondary Uses Service 2005 onwards.
• The UK Council of Caldicott Guardians 2005.
• The Cayton review of Information Governance 2006.

6
Who should be the Caldicott Guardian?

• The Caldicott Guardian should be, in order of
  priority
• An existing member of the organisations Board or
  Senior Management Team.
• A senior health or Social Care professional.
• Responsible for promoting clinical governance or
  equivalent functions.
• Familiar with guidance and legislation.

7
The Caldicott Guardian Role1

• Agreeing and reviewing policies.
• Ensuring the organisation satisfies the highest
  practical confidentiality standards.
• Acting as the conscience of the organisation.
• Advising on lawful and ethical processing of
  information.
• Resolving local issues.
• Ensuring a record of resolved issues is kept.

8
The Caldicott Guardian Role2

• Representing and championing IG requirements and
  reporting issues at Board/Senior Management Team
  level.
• Working as part of a broader Information
  Governance function.
• Key role in implementation of the National
  Programme for IT.
• A signatory for high level agreements.

9
Report to the Board

• The number of Caldicott issues logged.
• The number of Caldicott issues resolved.
• The number of issues pending and the reason.
• The number and type of issues escalated due to
  unsatisfactory response.
• Any improvement plans to address unresolved or
  escalated issues.
• IG Toolkit score and any improvement plans.

10
Information Governance

• NHS Information Governance is one element of the
  Integrated Governance framework promoted by the
  Department of Health in its Integrated
  Governance Handbook 2006.
• IG includes four main components
• IG Management.
• Confidentiality and Data Protection Assurance.
• Information Security Assurance.
• Information Quality Assurance.

11
The Information Governance Toolkit1

• The NHS IG Toolkit sets out a range of standards
  encompassing the entire IG agenda.
• Basis for organisation to assure information
  handling in accordance with the law, guidance and
  best practice.
• 60 standards in 6 groups, 14 standards relate to
  Confidentiality and Data Protection Assurance.
• Includes guidance and resource materials, a clear
  framework for assurance and controls, and an
  on-line tool for efficient performance assessment
  reporting.

12
The Information Governance Toolkit2

• Mandated annual assessment for all NHS
  organisations including Foundation Trusts.
• Non-mandatory assessment sets available for
  Social Care organisations and General Practices.
• BUT Mandated for General Practices involved in
  the IMT Directed Enhanced Service.
• A sub-set of standards for Statement of
  Compliance applications for an N3 connection
  www.connectingforhealth.nhs.uk/soc .
• Submitted reports to the Healthcare Commission in
  support of the Annual Health Check (Standard C9).

13
The Caldicott Function Key responsibilities

• Support the Caldicott Guardian.
• Co-ordinate and implement the data protection
  work programme.
• Ensure the organisation complies with the
  Confidentiality NHS Code of Practice.
• Ensure staff are made aware of individual
  responsibilities through policies, procedures and
  training.
• Complete the Confidentiality and Data Protection
  Assurance component of the IG Toolkit.
• Provide routine reports to the organisations IG
  Steering Group.

14
The Data Protection Work Programme Key elements

• Maintaining the currency of the data protection
  policy.
• Ensuring organisational compliance with the DPA
  1998.
• Promoting DP awareness through training and
  procedures.
• Monitoring compliance with the Act and the
  procedures through checks/audits and ensuring
  appropriate action is taken for non-compliance.
• Co-ordinating the work of other staff with DP
  responsibilities.
• Ensuring patients and service users are provided
  with information on their rights under the DP
  legislation.
• Providing reports on data protection to the
  Board.
• Assisting with investigations into complaints.

15
The Data Protection Act Organisation
responsibilities
Chief Executive
Director
Data Protection Lead or Manager
Department Senior Managers And Staff
16
The National Programme for IT

• Modern information technology (IT) products which
  will give staff the information they need at the
  touch of a button, meaning better care for
  patients.
• NHS Connecting for Health are an agency of the
  Department of Health responsible for delivering
  NPfIT.
• Programme of work includes
• NHS Care Records Service.
• Choose and Book.
• Electronic Prescription Service (EPS).
• National Networks for the NHS (N3).
• Picture Archiving and Communications Systems
  (PACS).
• IT Supporting GPs.
• NHSmail.
• www.connectingforhealth.nhs.uk

17
Caldicott Guardians and NPfIT

• NHS Care Record Service functionality.
• Role based access.
• Legitimate relationships.
• Sealed envelopes.
• Incident Alerts.
• Information Governance is still key.

18
Summary

• The history of the Caldicott Guardian.
• Who should be the Caldicott Guardian.
• Role, responsibilities and duties.
• Reports to the Board.
• Information Governance.
• The Information Governance Toolkit.
• The National Programme for IT.

19
The UK Council of Caldicott Guardians
The Council is an elected body made up of
Caldicott Guardians from health and social care

• For further information and to view the
  Constitution see-
• www.connectingforhealth.nhs.uk/infogov/caldicott

20
Further Guidance and useful links
21
Further Guidance and useful links
22
Recommended further training for Caldicott
Guardians

• Other relevant NHS Connecting for Health IG
  Training Tool sessions.
• External academic courses for Caldicott Guardians
  in either Confidentiality, FOI, DPA or Caldicott
  Guardianship. (this may cost a fee).
• Attend national conferences which offer further
  training to assist in the day to day fulfilment
  of the Caldicott Guardian role.