A Caldicott Guardian is a senior role for an organisation which processes health and social care personal data. They make sure that the personal information about those who use the organisation’s services is used legally, ethically and appropriately, and that confidentiality is maintained.
Organisations that access patient records are required to have a Caldicott Guardian; this was mandated for the NHS by the Health Service Circular: HSC 1999/012. The mandate includes acute trusts, ambulance trusts, mental health trusts, clinical commissioning groups (CCGs), special health authorities, commissioning support units and area teams.
The Guardian plays a key role in ensuring that NHS, Councils with Social Services Responsibilities and partner organisations satisfy the highest practical standards for handling patient-identifiable information.
Acting as the 'conscience' of an organisation, the Guardian actively supports work to enable information sharing where it is appropriate to share and advises on options for lawful and ethical processing of information.