Information policies

  • Confidentiality: NHS Code of Practice
  • Records Management: NHS Code of Practice (part 1)
  • Records Management: NHS Code of Practice (part 2)
  • NHS Information Governance-Guidance on legal and professional obligations
  • Information Security Management: NHS Code of Practice
  • Freedom of Information Act 2000
  • General Data Protection Regulation

Protecting patient confidentiality

For every patient visit to the hospital, as an inpatient or outpatient, data is stored on computer systems and added to medical records. This allows our clinicians and other medical staff to make informed decisions about each individual’s condition and treatment in respect to their healthcare history. It is vital to maintain the accuracy of this information as a record of their care if it is to be useful in the future. It is also essential that these records, both written and digital, are kept secure and access is restricted to specific staff members.

What is Caldicott?

The Caldicott review and data protection legislation enforce strict legal guidelines to the storage, maintenance and access to patient information. The Freedom of Information Act 2000 and the Information Governance initiative both support the need to maintain the principles of effective confidential data control.

The review committee into the use of patient information in the NHS recommend eight principles to improve the handling and protection of these records.

Each NHS organisation should nominate a Caldicott Guardian, and ours is Mike Stewart, chief medical officer.

While the information management principles are not a legal requirement, they are seen as essential to support the requirements of the Data Protection Act.

The eight caldicott principles

  1. Justify the purpose(s) for using confidential information
  2. Use confidential information only when it is necessary
  3. Use the minimum necessary confidential information
  4. Access to confidential information should be on a strict need-to-know basis
  5. Everyone with access to confidential information should be aware of their responsibilities
  6. Comply with the law
  7. The duty to share information for individual care is as important as the duty to protect patient confidentiality
  8. Inform patients and service users about how their confidential information is used

For more details visit the UK Caldicott Guardian Council website.