- Confidentiality: NHS Code of Practice
- Records Management: NHS Code of Practice (part 1)
- Records Management: NHS Code of Practice (part 2)
- NHS Information Governance-Guidance on legal and professional obligations
- Information Security Management: NHS Code of Practice
- Freedom of Information Act 2000
- General Data Protection Regulation
Protecting patient confidentiality
For every patient visit to the hospital, as an inpatient or outpatient, data is stored on computer systems and added to medical records. This allows our clinicians and other medical staff to make informed decisions about each individual’s condition and treatment in respect to their healthcare history. It is vital to maintain the accuracy of this information as a record of their care if it is to be useful in the future. It is also essential that these records, both written and digital, are kept secure and access is restricted to specific staff members.
What is Caldicott?
The Caldicott review and data protection legislation enforce strict legal guidelines to the storage, maintenance and access to patient information. The Freedom of Information Act 2000 and the Information Governance initiative both support the need to maintain the principles of effective confidential data control.
The review committee, chaired by Dame Caldicott, into the use of patient information in the NHS recommend seven principles to improve the handling and protection of these records. Each NHS organisation should nominate a Caldicott Guardian, and ours is Mike Stewart, chief medical officer.
While the information management principles are not a legal requirement, they are seen as essential to support the requirements of the Data Protection Act.
The seven Caldicott principles are:
- Justify the purpose(s) of using confidential information
- Only use it when absolutely necessary
- Use the minimum that is required
- Access should be on a strict need-to-know basis
- Everyone must understand his or her responsibilities
- Understand and comply with the law
- The duty to share information can be as important as the duty to protect patient confidentiality