Caldicott Approval Procedure
Author: Peter McKenzie Review Group: Information
Review Date: September 2010 Last Update: September 2009
Document No: NHST-ISC-CAP Issue No: 1.2
UNCONTROLLED WHEN PRINTED
Signed: Executive Lead
NHS Tayside Caldicott Guardian Approval Procedure
Role of the Caldicott Guardian
Caldicott Guardians will be responsible for agreeing and reviewing internal protocols governing the
protection and use of patient-identifiable information by the staff of their organisation or those shared
with other NHSS organisations. Guardians will need to be satisfied that these protocols address the
requirements of national guidance/policy and law and that their operation is monitored.
Caldicott Guardians will also be responsible for agreeing and reviewing protocols governing the
disclosure of patient information across organisational boundaries, e.g. with social work services and
other partner organisations contributing to the local provision of care. These protocols should
underpin and facilitate the development of cross boundary working, health improvement programmes
and other changes.
Patient Identifiable Information
The term patient identifiable information means any data item or combination of data items by
which a patient's identity may be established. Commonly used patient identifiable data items are;
Forename Surname Address Postcode Telephone / Fax
CHI Date of Birth Diagnosis e-mail address
The Caldicott Principles
Justify the purpose(s)
Every proposed use or transfer of patient-identifiable information within or from an organisation should
be clearly defined and scrutinised, with continuing uses regularly reviewed by an appropriate
Don’t use patient-identifiable information unless it is absolutely necessary.
Patient-identifiable information items should not be used unless there is no alternative.
Use the minimum necessary patient-identifiable information.
Where use of patient-identifiable information is considered to be essential, each individual item of
information should be justified with the aim of reducing identifiability.
Access to patient-identifiable information should be on a strict need to know basis.
Only those individuals who need access to patient-identifiable information should have access to it,
and they should only have access to the information items that they need to see.
Everyone should be aware of their responsibilities.
Action should be taken to ensure that those handling patient-identifiable information – both clinical and
non-clinical staff – are aware of their responsibilities and obligations to respect patient confidentiality.
Understand and comply with the law
Every use of patient-identifiable information must be lawful. Someone in each Organisation should be
responsible for ensuring that the organisation complies with legal requirements.
NHS Tayside NHS Tayside Caldicott Guardian Approval Procedure Page 1 of 11
Access control is essential for ensuring that only authorised persons have:
physical access to computer hardware and equipment;
access to computer system utilities capable of over-riding system and application controls;
access to manual files containing confidential information about individuals;
access to computer files and databases containing confidential information about individuals
Access to Confidential Information about Individuals
Access to person identifiable information will be restricted to those staff who have a justifiable need to
know in order to effectively carry out their jobs. The Caldicott Principles underpin the approach that
NHS Tayside will adopt.
Registered access levels will be used to further limit the access of authorised persons to the minimum
information that they need to carry out a task or function. This is particularly relevant to information
held electronically, but the principles apply to all records, e.g. staff who need access to manual files
for filing purposes should not need to access the information already contained within the files.
There are also legal restrictions on who may see certain patient-identifiable information. Only staff
whose responsibilities include the treatment of individual patients with such diseases or who are
involved more widely with the treatment or prevention of disease, such as those employed by public
health departments, should be permitted access to such information.
Access Levels and Registration
There will be formal and documented user registration for access to all person-identifiable information
held in confidence, where multiple users need access. Although this is mainly applicable to
electronically held information, the principles extend to manual files.
It is particularly important that it is clear, at any point in time, just who should have access to what
information and the purpose the information is to be put to.
Applying for Caldicott Guardian Approval to Access or Record Patient Information
The application process relies upon the completion of a Confidentiality Statement and Data
Processing Specification (appendix 1)
An approved application is relevant to the specific research/study/project/audit that is specified in the
application. The information provided on that basis must not be used for other purposes.
The Confidentiality Statement
The contents of the Statement are described below. However, the Statement is an approval document
and is not expected to contain adequate information to allow authorisation for anything but the
simplest of situations. Therefore, it is likely in most cases that additional application information will be
provided in support of the application in the form of:
Ethics Committee letter of approval, including any recommendations made by the Committee.
Where ethics approval has not been necessary an indication of that to be included.
An outline of the research/study/project/audit programme indicating;
The purpose of the research/study/project/audit - to conform to Data Protection and Caldicott
Any person identifiable information to be used and any anonymisation that will be applied.
The arrangements to be employed in contacting/inviting/informing/interviewing/follow up of
individuals as part of the research/study/project/audit, where this will occur.
NHS Tayside NHS Tayside Caldicott Guardian Approval Procedure Page 2 of 11
The management arrangements - to define responsibilities and to confirm that all agreed
arrangements take place.
Specification of the users and departments/agencies/organisations/companies that will have
access to the information - to define responsibilities and if necessary confirm that all have
been made aware and will abide by NHS Tayside rules of confidentiality and security.
A specification of any manual or computer databases to be devised as part of the
Software to be used
Who will be developing the database and their employer
Where the database will be run from
Relevant security arrangements: access control, backup and restore, ongoing support, etc.
The arrangements for disposal of the information held.
Your arrangements for accessing and processing identifiable personal data must be summarised in a
Data Processing Specification for each data source.
User Details - the details of the person who is responsible for the work to be undertaken associated
with the information to be provided. There is a requirement that this person will abide by NHS Tayside
rules of confidentiality and security in using the provided information.
Sponsor Details - the details of the NHS Tayside person who is supporting the provision of the
information in question, usually to be signed by a consultant if patient data is requested and the
applicant is not of that status or is not medically qualified
Data Protection Reg. No. - only relevant to organisations or agency outside NHS Tayside.
Data Requested - a brief description of the information that is to be provided. This is to be supported
by the completion of a Data Processing Specification for each data source.
Co-users of the Data - a list of individuals who will have access to the information provided and who
will be under the management/supervision of the User.
Intended use of Data - a brief description of the purposes that the information will be put to.
User's Declaration - dated signature of the User.
Sponsor's Declaration - dated signature of the Sponsor.
Data Processing Specification: - to ensure that it is clear what data is being requested and that the
applicant has made appropriate arrangements to gain access with those responsible for managing
that data and that the data provided will be managed appropriately by the applicant, a data processing
specification is required for each data source.
Return Details - completed applications along with supporting documentation to be returned to the
Information Governance Office.
A flowchart describing the process for application for Caldicott approval is included in
Confirmation of Approval
Once Caldicott approval has been given the User will receive a confirmation letter and copy of the
The outcome of research/study/project/audit programmes is often that further work or development in
to departmental systems is considered. In such cases further consideration must be taken beyond the
Caldicott Guardian approval process and the original approval will unlikely be adequate.
NHS Tayside NHS Tayside Caldicott Guardian Approval Procedure Page 3 of 11
Where further development is being considered then the NHS Tayside Project Approval Process must
be followed in order that such development is considered by the eHealth Group in the context of the
NHS Tayside eHealth Strategy. (appendix 3)
NHS Tayside NHS Tayside Caldicott Guardian Approval Procedure Page 4 of 11
CONFIDENTIALITY STATEMENT - for users of person identifiable data
User Details Sponsor Details
Data Protection Reg. No.
Data Requested :
A Data Processing
Specification must also be
Co-Users of the Data :
Intended use of data
(inc. publications) :
User’s Declaration Sponsor’s Declaration (to be signed by a consultant
if patient data is requested and the applicant is not
I declare that I understand and of that status or is not medically qualified)
undertake to abide by the rules for
confidentiality, security and release of I declare that the above named user of the data is a bona
data received from NHS Tayside. fide worker engaged in a reputable project and that the
data requested can be entrusted to this person in the
knowledge that they will conscientiously discharge their
obligations in regard to confidentiality of the data.
On completion, please return this form to: For NHS Tayside use only
Information Governance Officer Release authorised by
NHS Tayside Date
Ashludie Hospital Ref.No.
NHS Tayside NHS Tayside Caldicott Guardian Approval Procedure Page 5 of 11
RULES ON CONFIDENTIALITY, SECURITY AND RELEASE OF INFORMATION
FOR USERS OF NHS PATIENT DATA
1) If the data received from NHS Tayside are to be held on computer, the signatory of this
request, or the organisation (s)he represents, should have an appropriate registration with the
Office of the Data Protection Registrar. Details of the registration number should be entered on
2) Data received from NHS Tayside must not be used for any purpose other than for the intended
use specified on this document.
3) Data received from NHS Tayside must not be divulged to any person who is not specified as a
‘co-user of the data’ on this document.
4) Proper safeguards should be applied in keeping the data and destroying it on completion of the
work/project declared to prevent any breach of confidentiality.
5) Any misuse or loss of these data should be notified immediately to the Information Governance
Officer for NHS Tayside at Ashludie Hospital, Monifieth (01382-527920).
6) Recipients of information supplied by NHS Tayside are reminded that the data has been
supplied for the purposes stated in the approved study only. Further submission for approval
will be required for any other uses of that data.
7) Any statistics or results of research based on data received from NHS Tayside should not be
made available in a form which:
a) directly identifies individual data subjects
b) is not covered by the ‘intended use of data’ specified
NHS Tayside would welcome copies of any publications based on data supplied.
Monifieth Telephone : 01382 527920
DD5 4HQ Fax : 01382 527808
NHS Tayside NHS Tayside Caldicott Guardian Approval Procedure Page 6 of 11
CALDICOTT APPROVAL - DATA PROCESSING SPECIFICATION
To be submitted with application for Caldicott Approval
For each separate source of patient identifiable data that you intend to access in support of your
study please provide the following information.
Data Source: (Medical Records/System Name)
Data Items: (list the data items that you will require from the named data source)
Data Source Contact Details: (who have you agreed access to the source data with?)
Base: Tel No:
Data Storage Arrangements: (where arrangements are described in a supplied study protocol then
reference to the relevant sections of the protocol can be used)
Location: (NHS Tayside, University, etc.) Device to be held on (desktop, laptop, network
Access Controls (how will the data be protected from Encryption: (will encryption be used to protect the data?)
Anonymisation: (how will the identity of individuals be Format (spreadsheet, database, etc.)
If you intend to make contact with patients identified through the processing of this data,
indicate how this will be done and how you will ensure that it is appropriate to contact them.
It is recommended that contact with patients is through correspondence signed by the patient’s
GP/Clinician or Head of Clinical Service.
NHS Tayside NHS Tayside Caldicott Guardian Approval Procedure Page 7 of 11
Appendix 2 - NHS Tayside
Confidentiality Statement Flowchart
Has your project
You need to get
Are you going to be approval from the
accessing patient project
records or patient stakeholders
identifiable before you can
information? proceed any
You do not
You require require
Obtain copy of the Confidentiality Statement
and Data Processing Specification from
The Sponsor is usually
Lead health or social care
organisation Do you have
The lead employer of the approval of and
researchers details of the
The provider of funding project sponsor?
Complete Obtain details
details of of the sponsor
sponsor on before
NHS Tayside NHS Tayside Caldicott Guardian Approval Procedure Page 8 of 11
Will data received
from NHS Tayside be No
held on computer?
Where data is to be held on a computer, the signatory of this Where databases are to be created
request, or the organisation(s) he/she represents, should have refer to information requirements
appropriate registration with the Office of the Data Protection in the main procedure under
Registrar. Details of the registration number should be entered on Confidentiality Statement
the appropriate confidentiality statement section.
Do you know No Obtain the registration number
the from the organisation that will
registration be holding the information.
Enter details Enter a brief statement about the data requested and
on form complete a Data Processing Statement for each data
Data received from NHS
Tayside must not be divulged Will there be co- No
to any person who is not users of the data?
specified as a ‘co-user of the
data’ on the confidentiality
Full details must be included in the
Full details of the intended use of data
must be included
NHS Tayside NHS Tayside Caldicott Guardian Approval Procedure Page 9 of 11
Any statistics or results of research
Do you intend to based on data received from NHS
publish the data? Tayside should not be made
Yes available in a form which:
No individual data subjects
Include full Is not covered by the
details of ‘intended use of data’
Proper safeguards should be applied in keeping
Indicate the period for which the data the data and destroying it on completion of the
will be retained work/project declared to prevent any breach of
Complete the user declaration and
have the sponsor complete their
declaration on the form
Once the form is fully completed, pass
to the Information Governance Officer A copy of the authorised confidentiality
who will obtain Caldicott approval on statement will then be retuned to you to retain
your behalf. as part of your project/research.
As noted in the main procedure it is most likely that supporting documentation will have to be provided with
the Confidentiality Statement and Data Processing Specifications.
Please ensure that you have included this information to avoid delay in processing the application.
NHS Tayside NHS Tayside Caldicott Guardian Approval Procedure Page 10 of 11
NHS TAYSIDE: Ehealth/IM&T Computer Systems
STANDARD BUSINESS CASE
1. The standard business case will be presented to the eHealth and Area Business IM&T
group for clinical and business systems respectively for approval to ensure that any
proposal is consistent with the eHealth strategy for NHS Tayside.
2. A separate Standard Business Case Template is required for each individual proposal.
3. Standard business cases should be completed in conjunction with the under-noted
members of staff to ensure that all IM&T aspects of the project are covered within the
business case to:-
Mr Stewart Hunter firstname.lastname@example.org
Mr Ian Fenton email@example.com
If a scheme covers all the areas within Tayside then any of the above will assist in preparation of
the business case.
4. where funding for the project has been identified the support of the relevant Finance staff
must be agreed.
5. please note that submissions will only be accepted on this template.
6. Notes written in italics are provided for guidance/example only and should be deleted
completely before templates are returned.
7. Any queries with this template should be raised, in the first instance, with Stewart Hunter,
Tel: Ext. 33472
1. Title of the Project Proposal
This should include speciality/operational system name E.g. Photobiology, catering systems
- Strategic Objectives
A brief overview of the strategic objectives of the proposal relevant to eHealth strategy and how it
would impact on Clinical Group/ Service/ Departmental objectives.
- Clinical needs
A brief overview of the clinical objectives of the proposal relevant to the Group/ Service/
Department/ Facilities clinical needs, as well as those other Departments/ Areas/Groups that rely
upon its support .e.g. introduction of computer system may improve information for the clinician but
may also impact on the medical records service.
- Proposed Outcomes – benefits to patient
NHS Tayside NHS Tayside Caldicott Guardian Approval Procedure Page 11 of 11
A very brief overview of the proposal and how patients and the service will benefit from it? E.g. Will
they been seen quicker, will they have to travel less, will they be reviewed by fewer people, etc?
NB. This is expanded upon in section 5.
3. Description of the service concerned.
- Current Service
What does the service look like now and why does it have to change?
- Proposed Service
What will the service look like if this proposal is implemented?
4. List of options
A brief “high-level” outline of those alternative options for the service initially considered, including
brief reasons why each was excluded.
5. Preferred Option
A brief narrative describing the preferred option (the proposal) in more detail, explaining the
relationship between it and the strategic objectives of the eHealth Strategy as well as
meeting the Clinical Directorates/Departments objectives..
6. Revenue Impact
Where financial resources have been identified, these need the support of your accountant
within the finance dept.
7. Capital Cost
8. Risk Assessment
Please identify any risks to the project either by not implementing the proposal or any
known risks associated with developing and implementing the project at this stage.
NHS Tayside NHS Tayside Caldicott Guardian Approval Procedure Page 12 of 11
Project Approval Process
Funded Stream Non Funded Stream
Commercial Supplier Proposal
eHealth / Area Prioritisation Group
ICT Maryfield CTC Ninewells Commercial Supplier
NHS Tayside NHS Tayside Caldicott Guardian Approval Procedure Page 13 of 11