Caldicott Guardian job description

The role of the Caldicott Guardian.

NHS Counter Fraud Authority

Job responsibilities

Post: Caldicott Guardian

Job summary

The appointment of a Caldicott Guardian was one of the recommendations of the Caldicott Report published in December 1997. The role of the guardian is to safeguard and govern uses made of person-identifiable information within the NHS Counter Fraud Authority (NHSCFA), as well as data flows to other NHS and non-NHS organisations.

The Guardian is responsible for the establishment of procedures governing access to, and the use of person-identifiable information and, where appropriate, the transfer of that information to other bodies.

In addition to the principles developed in the Caldicott Report, the Guardian must also take account of the codes of conduct provided by professional bodies, and guidance on the Protection and Use of Patient Information and on Information Management and Training (IM&T) security disseminated by the Department of Health.

To provide advice and support to staff working within the NHSCFA on all aspects of Caldicott, sharing and disclosure of person-identifiable patient information and related legislation.

Duties and responsibilities

Production of procedures, guidelines and protocols

To develop and implement procedures to ensure that all routine uses of personidentifiable patient information are identified, agreed as being justified and documented.

To develop and implement criteria and a process for dealing with ad hoc requests for person-identifiable patient information for non-clinical purposes.

To establish Information Sharing Protocols to govern the use and sharing of person-identifiable patient information between organisations both within and outside the NHS.

To ensure standard procedures and protocols are in place to govern access to person-identifiable patient information.

Information for staff

To ensure standard procedures and protocols are in an understandable format and available to staff.

Raise awareness through training and education to ensure that the standards of good practice and Caldicott principles are understood and adhered to.

Advise project leads on all aspects of Caldicott, acting as an expert resource for them.


To bring to the attention of the relevant manager any occasion where the appropriate procedures, guidelines and protocols may have not been followed.

To raise concerns about any inappropriate uses made of person-identifiable information with the Information Governance & Risk Management Lead where appropriate.

On an annual basis, to participate in the Information Governance Toolkit Assessment.

Advise the NHSBSA Board on all aspects of processing person-identifiable information.

Should advise the Board/Senior Management Team or the Information Governance & Risk Management Lead of any issues relating to confidentiality and data protection assurance so that they can be included within the Statement of Internal Control.

Should ensure that results of internal audits relating to confidentiality and data protection assurance are appropriately discussed by the Board/Senior Management Team. This will include advising them on confidentiality strategy to implement any necessary improvements.

Where external audits reveal areas of concern relating to confidentiality and data protection assurance, the Caldicott Guardian should ensure that the Board/Senior Management Team is made aware of the implications and presented with options for improvement.

Working relationships

Liaises with:

The Caldicott Guardian will be expected to liaise and work with the NHSCFA Board, the Senior Management Team and the Information Governance & Risk Management Lead in the course of promoting the Caldicott principles, which will include attending various meetings as appropriate.

The Caldicott Guardian is the Chief Executive of the NHSCFA.

The Caldicott Guardian is supported by the Information Governance Manager and the Head of Operations.


  1. The duties and responsibilities outlined above are to be regarded as broad areas of responsibility and do not necessarily detail all tasks which the post holder may be required to perform.
  2. The job description may be subject to change in the light of experience and circumstances and after discussion with the post holder.
  3. The post holder will undertake such other duties as may be required commensurate with grade and experience.
  4. The post holder will be expected to act with full regard to the requirements of the Authority's policies and procedures, including those relating to health and safety

Help us improve

Tell us what's happened so we can fix the problem. Please do not provide any personal, identifiable or sensitive information.


Thanks for the feedback!