Caldicott Guardian

Caldicott Guardians are experts on confidentiality issues and access to patient records. Dame Fiona Caldicott recommended such posts in her 1997 report into how patient information was used (and should be protected) in the health service, and in its increasingly complex information systems: "A senior person, preferably a health professional, should be nominated in each health organisation to act as a guardian, responsible for safeguarding the confidentiality of patient information."

The NUH Caldicott Guardian is readily available to give advice on any concerns you may have about a case or activity.


Our Caldicott Guardian is Dr Jeremy Lewis.


Dr Jeremy Lewis

Caldicott Guardian

Consultant in Acute Medicine

Nottingham University Hospitals NHS Trust

QMC campus

Derby Road




Tel: 0115 924 9924 ext 66113



How it works

The Caldicott report sets standards for management of confidentiality and access to personal information in the NHS.

Two key preconditions for confidentiality of information are its integrity and its security. Integrity is achieved by ensuring the accuracy and completeness of information through proper processing. Security is achieved by effective protection against inappropriate access or disclosure.

The six 'Caldicott' principles apply specifically to patient-identifiable information. The Caldicott Guardian has a responsibility to oversee an ongoing process of audit, improvement and control of application of the principles.

  • Justify the purpose(s) of using or transferring confidential information
  • Do not use patient-identifiable information unless it is absolutely necessary
  • Use the minimum necessary patient-identifiable information that is required
  • Access to patient-identifiable information should be on a strict need-to-know basis
  • Everyone with access to patient-identifiable information should be aware of their responsibilities
  • Understand and comply with the law

Caldicott Guardians and the Data Protection Act 1998

The 1998 Data Protection Act is the key legislation covering all aspects of information processing. This includes security and confidentiality of personal information. The Caldicott requirements provide the framework to put the Data Protection Act into operation.

NHS Nottingham University Hospitals
Cookie Disclaimer

Our website uses cookies to provide you with a better online experience. If you continue to use our site without changing your browser settings, we'll assume you are happy to receive cookies. Please read our Cookie policy for more information.