Summary
The Caldicott Guardian is responsible for the establishment of procedures governing access to, and the use of, person-identifiable information and, where appropriate, the transfer of that information to other bodies.
In addition to the Caldicott Principles, the Caldicott Guardian must also take account of the codes of conduct provided by professional bodies, and guidance on the protection and use of patient information and on information management and technology (IM&T) security disseminated by the Department of Health and Social Care.
Caldicott Guardians provide advice and support to staff on the sharing and disclosure of person-identifiable patient information and related legislation.
Work Activity Components
| Title | Details |
|---|---|
| Advice and guidance (INAS) (Level Six) | Guides, encourages, leads and develops colleagues, in the disciplines of Information assurance. Supports employees to understand their role in the security of data and information. |
| Best practice (INAS)(Level 6) | Assesses legal and best practice issues, and promotes awareness of national and international laws, including those relating to confidentiality, privacy and copyright. |
| Caldicott Guardian/SIRO and DPO advice and support (INAS) (Level 6) | Provides highly complex and strategic advice and support to the board, the senior management team and Senior Information Risk Owners. Provides support to the DPO. |
| Policies (INAS) (Level 6) | Reviews and agrees internal policies and protocols governing the protection and use of person-identifiable information by the organisation’s staff, ensuring that these address the requirements of national policy, guidance and the law, and that their operation is monitored. Ensures they are in an understandable format and available to staff. |
| Improvement plans (PEDP) (Level 6) | Agrees and presents annual outcome reports relating to issues of confidentiality and information sharing. Advises on annual improvement plans relating to issues of confidentiality and information protection. |
| Incident response (PEDP) (Level 6) | Raises concerns about any inappropriate uses made of patient / service user information with the DPO where necessary. |
| Personal information (PEDP) (Level 6) | Agrees and reviews protocols governing the disclosure of personal information across organisational boundaries, e.g. with social services and other partner organisations contributing to the local provision of care. |
| Policies, procedures and governance (PEDP) (Level 6) | Consults, collaborates and offers expert advice on developing organisational policies, procedures, best practice, privacy policies, standards and guidelines ensuring recognised data protection definitions and practices are applied throughout the organisation. Has due regard to the risk associated with processing operations, taking into account the nature, context and purpose of processing. |
| Knowledge research (TECH) (Level 5) | Develops and maintains knowledge of current legislation, guidance and best practice in information governance and Caldicott Guardian matters at a high level by, for example, reading relevant literature, attending conferences and seminars, meeting and maintaining contact with others involved in the specialism, and through taking an active part in appropriate professional and trade bodies. |
| Develops and builds effective relationships (RLMT) (Level 6) | Develops and maintains collaborative relationships with frontline staff and managers to support shared understanding of clinical risk and patient safety in the deployment and use of digital health technologies. |
Behavioural Skills
| Title | Details |
|---|---|
| Critical Thinking | The ability to think clearly and rationally; review and evaluation of processes and outputs; the ability to engage in reflective and independent thinking; reasoned thinking involving critique. |
| Decision Making | Making decisions at the appropriate time, taking into account the needs of the situation, priorities, constraints, known risks, and the availability of necessary information and resources. |
| Delegation | Delegating tasks, responsibilities and authorities effectively. |
| Influence, Persuasion and Personal Impact | Conveying a level of confidence and professionalism when engaging with stakeholders, influencing positively and persuading others to take a specific course of action when not in a position of authority. |
| Interacting with People | Establishing relationships, contributing to an open culture and maintaining contacts with people from a variety of backgrounds and disciplines. Effective, approachable and sensitive communicator in different communities and cultures. Ability to adapt style and approach to meet the needs of different audiences. |
| Leadership | Clearly articulating goals and objectives, and motivating and leading others towards their achievement. |
| Organisational Awareness | Understanding the hierarchy and culture of own, customer, supplier and partner organisations and being able to identify the decision makers and influencers. |
| Providing Direction | Directing others to undertake specified tasks within a defined timescale. |
| Strategic Perspective | Keeping organisational objectives and strategies in mind, and ensuring courses of action are aligned with the strategic context. |
Technical Skills
| Title | Details | Depth |
|---|---|---|
| Big Data | The discipline associated with data sets so large and/or complex that traditional data processing applications are inadequate. The data files may include structured, unstructured and/or semi-structured data, such as unstructured text, audio, video, etc. Challenges include analysis, capture, curation, search, sharing, storage, transfer, manipulation, analysis, visualization and information privacy. | Familiar with |
| Business Environment | The business environment relating to own sphere of work (own organisation and/or closely associated organisations, such as customers, suppliers, partners and competitors), in particular those aspects of the business that the specialism is to support (i.e. localised organisational awareness from a technical perspective). | Proficient in |
| Corporate, Industry and Professional Standards | Applying relevant standards, practices, codes, and assessment and certification programmes to the specific organisation or business domain. | Proficient in |
| Cyber Security Concepts | The understanding of cyber security concepts and ability to effectively translate and accurately communicate security and risk implications across technical and non-technical stakeholders so that they are understood and applied. | Familiar with |
| Incident Management Tools | Including interrogation of incident database, creation of parent and child incidents, creation of queries to seek trends and use of known error logs/ databases. | Aware of |
| Information Architecture | Methods, techniques and technologies for ingesting, securing, processing and using data and information within and beyond an organisation. | Familiar with |
| Information Modelling Tools | Using tools (manual or automated) to record the structure, relationships and use of information within an organisation. | Familiar with |
| IT Environment | The IT environment relating to own sphere of work (own organisation and/or closely associated organisations, such as customers, suppliers, partners), in particular own organisation's technical platforms and those that interface to them through the specialism, including those in closely-related organisations. | Familiar with |
| National/International Standards | Current and emerging standards associated with IT practice nationally and internationally, published by authorities such as IEEE, IEC, BSI, ISO. | Proficient in |
Other Skills
| Title | Details | Depth |
|---|---|---|
| Data Protection | Principles, practices, tools and techniques to ensure data protection. | Proficient in |
| Information Assurance Methods and Tools | Information assurance methods, tools and techniques (including the Caldicott Principles) used to protect the integrity, availability, authenticity, non-repudiation and confidentiality of user data and manage the risks related to the use, processing, storage, and transmission of information. | Expert in |
| Legislation | Relevant national and international legislation. | Expert in |
| Presentation Techniques | Methods and techniques for delivering effective and accessible presentations, either face-to-face or online within various contexts and to a variety of audiences. | Proficient in |
| Report Writing Techniques | Methods and techniques for writing clear, accessible and persuasive reports. | Proficient in |
| Risk Management | Methods and techniques for the assessment and management of business risk. | Proficient in |
| Stakeholder Engagement | Establishing relationships, analysing perspectives and managing stakeholders from a variety of backgrounds and disciplines. Adapting stakeholder engagement style to meet the needs of different audiences. The identification of key business stakeholders and an assessment of their level of power and interests, and their perspectives to inform the way(s) in which they should be considered and managed. | Proficient in |
| Standards Writing Techniques | Principles, methods and techniques for establishing, documenting, and maintaining standards. | Proficient in |
| Techniques for Effective Meetings | Methods and techniques for running effective meetings and for understanding and influencing the roles played by participants. | Proficient in |
| Threat Landscape | Knowledge and understanding of the threat landscape, regulatory and legislative requirements and awareness of industry good practice relating to information governance, privacy and security. | Familiar with |
Training
| Title | Details |
|---|---|
| Coaching | Concepts, methods and techniques for providing coaching in subject specialisms to individuals or groups (e.g. GROW model). |
| Data Management | Data management concepts, methods, tools and techniques relating to the planning, development, implementation, administration and curation of data. |
| Latest Cyber Security Threats for Senior Execs | Short, high-level, up-to-date and to-the-point briefing on the latest threats and vulnerabilities in cyber security. |
| Strategic Planning for Information and Communications Systems | The process of defining the ICT strategic plan of an organisation in a methodical way based on business aims and objectives thereby enabling the specification of options and associated action plans for the use of IT-enabled business processes. |
Professional Development Activity (PDA)
| Title | Details | PDA Group |
|---|---|---|
| Gaining Knowledge of Broader IT Issues | Increasing and maintaining currency of knowledge of broader IT issues through reading, attending and participating in seminars or conferences, special studies, temporary assignments etc. | Increasing Knowledge |
| Gaining Strategic Knowledge of Employing Organisation | Developing a comprehensive understanding of the business environment in which the employing organisation operates and its position, policies and direction in relation to health and care, country and global issues. | Increasing Knowledge |
| Management Development | Undertaking learning and best practice of the skills appropriate to managing all or part of an organisation, including business and financial management, benefits management, people management, management of change and strategic planning. This will require both on and off the job learning and may include participation in an appropriate development programme such as MBA or DMS (Diploma in Management Studies). | Developing Professional Skills |
| Mentoring | Acting as a mentor, advising those for whom there is no direct responsibility, on matters to do with their job role, career and professional development. | Broadening Activities |
| Participation in Professional Body Affairs | Taking an active part in professional body affairs at branch, specialist group, committee or board level. | Participation in Professional Activities |
| Standards and Legislation | Participating in working groups, advisory boards, committees etc. responsible for the production, maintenance or oversight of relevant standards or legislative requirements, for example BCS policy reviews or the SFIA Council. | Participation in Professional Activities |
Qualification Components
| Title | Awarding Bodies |
|---|---|
| FEDIP Leading Practitioner | The Federation for Informatics Professionals |
The Professional Body Responsible for this job family is CHIME. This job role profile was created in collaboration with BCS, using Role Model Plus.