What are the 7 Caldicott Principles in Health and Social Care?

April 19, 2019
Clock Icon 4 min read

The Caldicott Principles were originally developed in 1997 following a review of how the NHS handled patient information. Dame Fiona Caldicott chaired this review. The results led to the creation of six initial Principles relating to patient confidentiality, which were named the Caldicott Principles.

Everybody who works in health and social care should honour these principles and act in accordance with them. This is essential for upholding patient confidentiality.


What are the Caldicott Principles?

The Caldicott Principles are fundamentals that organisations should follow to protect any information that could identify a patient, such as their name and their records. They also ensure that this information is only used and shared when it is appropriate to do so.

Organisations should use the Principles as a test to determine whether they need to share information that could identify an individual. Although there were originally 6 principles, Dame Fiona Caldicott introduced a seventh principle in April 2013 following her second review of information governance.

Nurse pushing hospital bed through hospital

These 7 Caldicott principles are:

Principle 1: Justify the purpose for using confidential information

Every proposed use or transfer of personally identifiable information, either within or from an organisation, should be clearly defined and scrutinised. Its continuing uses should be regularly reviewed by an appropriate guardian.

Principle 2: Don’t use personal confidential data unless absolutely necessary

Identifiable information should not be used unless it’s essential for the specified purposes. The need for this information should be considered at each stage of the process.

Principle 3: Use the minimum necessary personal confidential data

Where the use of personally identifiable information is essential, each individual item should be considered and justified. This is so the minimum amount of data is shared and the likelihood of identifiability is minimal.

Principle 4: Access to personal confidential data should be on a strict need-to-know basis

Only those who need access to personal confidential data should have access to it. They should also only have access to the data items that they need.

Principle 5: Everyone with access to personal confidential data should be aware of their responsibilities

Action should be taken to ensure that those handling personally identifiable information are aware of their responsibilities and their obligation to respect patient and client confidentiality.

Principle 6: Understand and comply with the law

Every use of personally identifiable data must be lawful. Organisations that handle confidential data must have someone responsible for ensuring that the organisation complies with legal requirements.

Principle 7: The duty to share information can be as important as the duty to protect patient confidentiality

Health and social care professionals should have the confidence to share information in the best interests of their patients and within the framework set out by these principles. They should also be supported by the policies of their employers, regulators, and professional bodies.

Nurse looking through the hospital archive


What is the Caldicott Report?

The Caldicott Report was a review commissioned in 1997 by the Chief Medical Officer of England. The focus of the report was to review how patient information is used in the NHS.

The motivation behind the report was increasing concern about advancements in technology and its capability to distribute information about patients quickly and extensively. The basis of the review, therefore, was to ensure that confidentiality was not being undermined.

The report outlines principles of good practice that are transparent and explicit. Sometimes, the report states, the NHS are met with a tension between the need for patient information and the expectation from patients that their information will be kept confidential. However, in abiding by the Caldicott Principles, the NHS are able to meet both of these expectations.

In total, the report provided 16 recommendations for those who work within the NHS. These included things like giving patients an NHS number to use rather than their name. The complete list of recommendations can be found in the full Caldicott report.

Woman having a check-up at the dentist


How do the Caldicott Principles Apply to your Setting?

The Caldicott Principles are something that all health organisations should follow and promote to staff to protect patient information. The seventh principle, however, can cause a lot of confusion in healthcare environments. Often, people are uncertain about when it’s acceptable to share information about someone and when it’s not. This creates a tension and confusion between when it’s vital to share information or when confidentiality must be upheld.

You should generally uphold patient confidentiality. However, you must share information in certain circumstances and override your duty of confidentiality. This is the aim of principle 7: to realise that sharing information can be as important as protecting confidentiality. It’s important that you can successfully balance the need for maintaining confidentiality with the need for keeping people safe.

You should share information about a patient when:

  • They, or others, are, or might be, at risk of harm.
  • They are at risk of posing harm to someone else.
  • A crime could be prevented if the information is shared.
  • A serious crime has been committed.
  • A court order or other legal authority has requested the information.

The 7 Caldicott Principles provide a framework for all health settings to follow to protect identifiable patient information. If you work in a health setting, it’s important that you’re aware of these responsibilities and know what your duties are in relation.


What to Read Next: