All health and adult social care bodies in England must include a Caldicott Guardian under new government guidance.

The National Data Guardian (NDG) has published new rules outlining the requirement for all health and adult social care public bodies that “handle confidential information about patients or service users” to have a designated person in place to manage data protection.

This includes organisations contracted by public bodies to deliver health or adult social care services that handle such information.

The guidance follows a consultation in 2020 on the expansion of organisations expected to have a Caldicott Guardian.

The new guidance also provides an update to the Caldicott Principles, including a new rule to make clear that patients’ and service users’ expectations must be considered and informed when confidential information is used.

All organisations impacted by the new guidance are required to have a Caldicott Guardian in place by June 30 2023.

National Data Guardian Dr Nicola Byrne said: “My past experience as a Caldicott Guardian gives me a deep understanding of the vital role that they play in ensuring that health and social care data is used responsibly and ethically to support the delivery of better care.

“Caldicott Guardians are central to ensuring that confidentiality is protected and that wise decisions are made about the information their organisations hold. For this reason, introducing Caldicott Guardians into more settings is an important step in the right direction when it comes to maintaining people’s trust in a confidential health and social care system.

“We are very pleased to be sharing this guidance today and will be working with partners and colleagues over the coming weeks to ensure that those who need to take action are aware of what is required of them.”

The role of the National Data Guardian became statutory in December 2018, with Dame Fiona Caldicott selected as the first statutory National Data Guardian for health and social care.

In making the role statutory it meant public bodies such as hospitals, GPs, care homes, planners and commissioners of services were required by law to follow the relevant guidance.

It also applied to organisations such as private companies or charities which are delivering services for the NHS or publicly funded adult social care.

All organisations will now be required to appoint someone to the role of ensuring NDG guidance is followed. Caldicott Guardians are responsible for protecting the confidentiality of patient and service user information within their organisation.

The NDG aims to build trust in three main areas:

  • Encouraging clinicians to share information to enable joined-up care
  • Ensure citizens know how their health and care data is being used
  • Building a dialogue with the public about how information should be used