Caldicott Guardian

Caldicott Guardians are experts on confidentiality issues and access to patient records. Dame Fiona Caldicott recommended such posts in her 1997 report into how patient information was used (and should be protected) in the health service, and in its increasingly complex information systems: "A senior person, preferably a health professional, should be nominated in each health organisation to act as a guardian, responsible for safeguarding the confidentiality of patient information."

The NUH Caldicott Guardian is readily available to give advice on any concerns you may have about a case or activity.


Our Caldicott Guardian:

Dr Jeremy Lewis
Caldicott Guardian
Consultant in Acute Medicine
Nottingham University Hospitals NHS Trust
QMC campus
Derby Road

Tel: 0115 924 9924 ext 66113


How it works

The Caldicott report sets standards for management of confidentiality and access to personal information in the NHS.

Two key preconditions for confidentiality of information are its integrity and its security. Integrity is achieved by ensuring the accuracy and completeness of information through proper processing. Security is achieved by effective protection against inappropriate access or disclosure.

The six 'Caldicott' principles apply specifically to patient-identifiable information. The Caldicott Guardian has a responsibility to oversee an ongoing process of audit, improvement and control of application of the principles.

  • Justify the purpose(s) of using or transferring confidential information
  • Do not use patient-identifiable information unless it is absolutely necessary
  • Use the minimum necessary patient-identifiable information that is required
  • Access to patient-identifiable information should be on a strict need-to-know basis
  • Everyone with access to patient-identifiable information should be aware of their responsibilities
  • Understand and comply with the law


Caldicott Guardians and the Data Protection Act 1998

The 1998 Data Protection Act is the key legislation covering all aspects of information processing. This includes security and confidentiality of personal information. The Caldicott requirements provide the framework to put the Data Protection Act into operation.