Caldicott Report: recommendations

1. Every dataflow, current or proposed, should be tested against basic principles of good practice. Continuing flows should be re-tested regularly.
2. A programme of work should be established to reinforce awareness of confidentiality and information security requirements amongst all staff within the NHS.
3. A senior person, preferably a health professional, should be nominated in each health organisation to act as a guardian, responsible for safeguarding the confidentiality of patient information.
4. Clear guidance should be provided for those individuals/bodies responsible for approving uses of patient-identifiable information.
5. Protocols should be developed to protect the exchange of patient-identifiable information between NHS and non-NHS bodies.
6. The identity of those responsible for monitoring the sharing and transfer of information within agreed local protocols should be clearly communicated.
7. An accreditation system which recognises those organisations following good practice with respect to confidentiality should be considered.
8. The NHS number should replace other identifiers wherever practicable, taking account of the consequences of errors and particular requirements for other specific identifiers.
9. Strict protocols should define who is authorised to gain access to patient identity where the NHS number or other coded identifier is used.
10. Where particularly sensitive information is transferred, privacy enhancing technologies (e.g. encrypting identifiers or "patient identifying information") must be explored.
11. Those involved in developing health information systems should ensure that best practice principles are incorporated during the design stage.
12. Where practicable, the internal structure and administration of databases holding patient-identifiable information should reflect the principles developed in this report.
13. The NHS number should replace the patient's name on Items of Service Claims made by General Practitioners as soon as practically possible.
14. The design of new systems for the transfer of prescription data should incorporate the principles developed in this report.
15. Future negotiations on pay and conditions for General Practitioners should, where possible, avoid systems of payment which require patient identifying details to be transmitted.
16. Consideration should be given to procedures for General Practice claims and payments which do not require patient-identifying information to be transferred, which can then be piloted.