Chemist + Druggist is part of Pharma Intelligence UK Limited

This is operated by Pharma Intelligence UK Limited, a company registered in England and Wales with company number 13787459 whose registered office is 5 Howick Place, London SW1P 1WG. The Pharma Intelligence group is owned by Caerus Topco S.à r.l. and all copyright resides with the group.

This copy is for your personal, non-commercial use. Please do not redistribute without permission.

Printed By


What you need to know about new patient data safety recommendations

Legal expert David Reissner runs through new guidance recommending the appointment of Caldicott Guardians, who are responsible for advising organisations on the ways they hold and process confidential patient information

The National Data Guardian has published guidance on the appointment, role and responsibilities of organisations that process confidential information about patients or service users as part of the NHS. The word “organisations” encompasses those who own pharmacies that provide NHS services, and they have a legal duty to have regard to the guidance.

The guidance recommends the appointment of a Caldicott Guardian by anyone who provides services as part of the NHS.

Caldicott Guardians should: “Play a key role in helping to ensure that their organisation(s) satisfy the highest ethical and legal standards for processing patient and service user confidential information. Their main concern is confidential information relating to patients, service users and their care.”

Day-to-day activities of a Caldicott Guardian will vary according to the type and size of the organisation, but they may include:

 • advising on disclosures of confidential information, and in particular whether they can be made in line with the common law duty of confidentiality

• involvement with patients’ or service users’ complaints

 • involvement in audit reporting or recommendations

• involvement in data breach investigations.

Caldicott Guardians should document any advice offered, judgments or decisions made and the reasoning behind them in the interests of transparency and accountability. The National Data Guardian advises that emails and written communications are preferable to verbal conversations because they provide Caldicott Guardians with a clear, documented history including how the Caldicott Principles have been considered, any advice given, how much information has been shared, and with whom.

Caldicott Guardians should be “available and accessible for patients and service users”. Their contact details should be publicly accessible, for example via websites. Organisations must register the details of Caldicott Guardians on the Caldicott Guardian register, which is maintained by NHS Digital.

Some Caldicott Guardians may also have senior management responsibilities, but the National Data Guardian emphasises that they must be free to advise in the best interests of patients and service users even if this conflicts with the views of other senior management colleagues, saying: “The line between their advice as a Caldicott Guardian and their corporate view must be very clear to all.”

The guidance says Caldicott Guardians should have “inquisitiveness to question, analyse and challenge decision-makers”. Caldicott Guardians should not be dismissed or penalised by the organisation for performing their role and responsibilities to the required standard.

A Caldicott Guardian need not be an employee, and the role could be provided by another organisation and/or could be shared with other providers of healthcare services.

Since the General Data Protection Regulation became law in 2018, pharmacies have had to have a Data Protection Officer (DPO) and there is some overlap in responsibilities. The role of Caldicott Guardian can be combined with that of DPO so long as no conflict of interest arises.

However, the responsibilities of a Caldicott Guardian are not the same as a DPO, and the former will need to have detailed knowledge of the relevant law and the Caldicott principles, which are set out in an Annex to the guidance.

David Reissner is a solicitor and Chair of the Pharmacy Law & Ethics Association.

Related Content


Pharmacy Manager

Apply Now
Latest News & Analysis
See All



Ask The Analyst

Please Note: You can also Click below Link for Ask the Analyst
Ask The Analyst

Thank you for submitting your question. We will respond to you within 2 business days. my@email.address.

All fields are required.

Please make sure all fields are completed.

Please make sure you have filled out all fields

Please make sure you have filled out all fields

Please enter a valid e-mail address

Please enter a valid Phone Number

Ask your question to our analysts