NHSScotland Caldicott Guardians: Principles into Practice

Foundation manual for NHS Scotland Cadicott Guardians


6. Information Management

6.1 Information Governance

Information Governance is a framework for handling all information in a confidential and secure manner to appropriate ethical and quality standards. NHS Information Governance is one element of the NHS Quality Improvement Clinical Governance and Risk Management standards. These standards will assist NHS Boards to develop and improve Information Governance at local level. Information Governance has six main components:

  • Information Governance Management
  • Confidentiality and Data Protection
  • Freedom of Information
  • Records management
  • Information Security
  • Information Quality Assurance

6.2 Staff, skills and resources assigned to each of these assurance areas can be thought of as organisational functions. Caldicott Guardians are central to the Confidentiality and Data Protection function, so much so that this is often referred to as the Caldicott function. Examples of how a range of organisations have supported their Caldicott function can be accessed through links found on the accompanying website.

6.3 In addition to the key area of confidentiality and Data Protection, the Caldicott Guardian needs to provide input into the other areas of Information Governance. The reverse is also likely to be the case, with staff working on other aspects of Information Governance being well placed to contribute to confidentiality and Data Protection work. It is important that organisations put in place effective governance arrangements to ensure that the organisation's approach to information governance is coordinated and inclusive.

6.4 The review of Information Governance in Scotland has led to the development of the Information Governance standards and self-assessment Toolkit for NHSScotland. NHS Health Boards should have Information Governance steering groups or boards as outlined in the Information Governance Toolkit, and it is recommended that the Caldicott Guardian attends these meetings.

6.5 The NHS Scotland Information Governance Electronic Toolkit is an online self-assessment tool that all NHS Scotland organisations are required to complete on a bi-annual basis. The Toolkit enables NHS Boards/Special Health Boards to record progress against National Information Governance Standards.

The Information Governance Standards cover the following key areas:

  • Policy and Planning
  • Confidentiality
  • Freedom of Information
  • Records management - for both Corporate and Health Records
  • Data Protection
  • Caldicott
  • Information Management
  • Information Security
  • Data Quality

It should be noted that section 7 of the Information Governance Standards concerns Caldicott Guardians.

6.6 The Statement on Internal Control is part of the annual assurance process on governance within NHS organisations. As part of this process NHS Boards need to identify sources of assurance and evidence of compliance to enable them to produce a meaningful statement on the system of internal control within an organisation. This would include an assessment of the effectiveness of the internal control and risk management arrangements covering overall good governance and the four specific strands of governance:

  • Clinical Governance
  • Staff Governance
  • Financial Governance
  • Information Governance
Back to top