Caldicott 2


Dame Fiona Caldicott has just published her latest principles of good practice (attached) concerning the use of personal confidential data (PCD), whether paper or electronic.  These consist of the original 6 principles, plus an additional seventh: 

  1. Justify the purpose
  2. Don’t use PCD unless it is absolutely necessary
  3. Use the minimum necessary PCD
  4. Access to PCD should be on a strict need-to-know basis
  5. Everyone with access to PCD should be aware of their responsibilities
  6. Comply with the law
  7. The duty to share information can be as important as the duty to protect patient confidentiality (my emphasis)

 This new, final principle is highly significant as it is designed to encourage appropriate sharing of data, and to counteract the ‘overly cautious’ approach taken by some clinicians (Taylor, 2013). 

It’s worth pointing out also that there are 26 recommendations, including one that patients should have the fullest possible access to their electronic records and that an audit trail should be available.  This is relatively easy to do within a single system, such as Lorenzo, but may be more difficult to do when data is shared between systems.  The danger here is that this recommendation could have the perverse effect of restricting sharing of data if a comprehensive audit trail can’t be compiled. 

There are other concerns, too.  De-identified  or pseudonymised data that could possibly be reconstructed by linking data sets can only be accessed within ‘safe havens’, such as the Health and Social Care Information Centre (HSCIC).  This could limit the activities of ‘big data’ analysis.  Assumed patient consent is also outlawed. 


Taylor P, (2013). Caldicott 2 and patient data.  BMJ 2013;346:f2260