The Caldicott Committee's Report on the Review of Patient-Identifiable Information, usually referred to as the Caldicott Report, was a review commissioned in 1997 by the Chief Medical Officer of England due to increasing worries concerning the use of patient information in the National Health Service (NHS) in England and Wales and the need to avoid the undermining of confidentiality because of the development of information technology in the NHS, and its ability to propagate information concerning patients in a rapid and extensive way. A committee was established under the chairmanship of Dame Fiona Caldicott, Principal of Somerville College, Oxford, and previously President of the Royal College of Psychiatrists. Its findings were published in December 1997. The Caldicott Report highlighted six key principles, and made 16 specific recommendations. In 2012 Dame Fiona produced a follow-up report which made 26 further recommendations including the addition of a seventh principle which is included in the list below. In 2016 a further follow-up report was produced following controversy over the care.data initiative from HSCIC.

Caldicott principles

Every single proposed use or transfer of patient identifiable information within or from an organisation should be clearly defined and scrutinised, with continuing uses regularly reviewed, by an appropriate guardian. Patient identifiable information items should not be included unless it is essential for the specified purpose(s) of that flow. The need for patients to be identified should be considered at each stage of satisfying the purpose(s). Where use of patient identifiable information is considered to be essential, the inclusion of each individual item of information should be considered and justified so that the minimum amount of identifiable information is transferred or accessible as is necessary for a given function to be carried out. Only those individuals who need access to patient identifiable information should have access to it, and they should only have access to the information items that they need to see. This may mean introducing access controls or splitting information flows where one information flow is used for several purposes. Action should be taken to ensure that those handling patient identifiable information - both clinical and non-clinical staff - are made fully aware of their responsibilities and obligations to respect patient confidentiality. Every use of patient identifiable information must be lawful. Someone in each organisation handling patient information should be responsible for ensuring that the organisation complies with legal requirements. Professionals should in the patient's interest share information within this framework. Official policies should support them doing so. These principles have been subsumed into the NHS confidentiality code of practice.

Summary of recommendations in original report