A day in the life of a Caldicott Guardian

A day in the life of a Caldicott Guardian

Since Dame Fiona Caldicott’s first review of the state of confidentiality within the context of patient data was published in 1997, Caldicott Guardians have been championing the ethical use of data within NHS organisations. More recently, the role has become necessary for NHS business partners, suppliers or allied services as part of the Data Security and Protection Toolkit. This has enabled the Caldicott Guardian role to grow and develop from figure-head to a hands-on service that ensures that all seven Caldicott Principles are embedded within the organisation and associated activities. Whilst historically a senior clinician, now Information Governance colleagues have the knowledge and experience to happily step into the breach. Today, I have my Caldicott Guardian hat on…

07:00 Rise with the lark, grab some fruit for breakfast and get ready for work, not forgetting to feed the cats before I leave.

08:00 Commute to work (on the train), phone rings and I answer but as the carriage is crowded and the query is sensitive. Ask them to wait until I get in where we can meet in a private setting.

09:00 Meet with the colleague that called me, share a cup of tea, and discuss the issue which related to discussing appropriate access to a certain system. As access to patient data must be on a strict need to know basis, we worked out who did and didn’t need this level of access within the team in terms of cover. I also ensured that they had thought about a written process to revoke access as one of the team had just announced that they moving to another department in a few months’ time.

  • Text Hover
10:00 Meeting two of the day (which should have been meeting one) is with the CEO. We’re discussing how best to ensure that all employees understand their responsibilities with respect to confidentiality and data protection laws. I advise about appropriate training subjects and styles that can be implemented within the company (in particular Caldicott Guardian, an excellent choice).

11:00 Meeting with the project team, who had come together to ask various questions around data sharing. Whilst the data sharing process was a secure one, they were in particular looking to ensure that the use of patient confidential data, in this context, was justified and absolutely necessary. We talked over the specific use-case and I asked them to provide me with more information relating to the process of obtaining patient consent, which they will email as a follow up as this is managed through a separate clinical team.

12:00 Lunch meeting with another colleague who wanted me to approve collation of various data items for their project. This time, I had to disappoint. Using the requirement for ensuring that only minimum data is collated for a specific reason, we slimmed down the list of data items considerably. They took it well, as it was lunch time, so she had chance to tell me all about her new puppy.

13:00 An half hour walk in the rare sunshine, the long route to another building, and then a check of emails on my laptop, which have been piling up.

14:00 Afternoon meeting. A long one, but rightly so, as it is a multi-agency discussion of some very sensitive and difficult cases. The role of the Caldicott Guardian here is to ensuring that there is the understanding that the duty to share information, with appropriate services e.g. police, social care, mental health, drug advisory, sexual health etc., is often as important as protecting patient confidentiality. That way the patient themselves can more easily be protected and treated by those involved in their case.

17:00 Last meeting of the day over and a final read through of the never-ending emails for the day.

18:00 Finally time to clock out and take the commute home to hungry cats and a Zumba class.


Louise PaddockLouise Paddock

Louise Paddock

Louise has worked in Information Governance (IG) for over 10 years, mainly in the NHS, private healthcare and healthcare technology sectors. Her focus is on protecting the patient (or any data subject) through ensuring the practical application of good IG. Alongside her work with Leadership Through Data, Louise owns a data privacy and security consultancy, is the Data Protection Officer for a small healthcare technology company and is Head of IG for a leading healthcare technology company. When she finds some free time, she enjoys singing, spending time with her cats and walking in the Yorkshire countryside, near home.