Caldicott Guardian

A Caldicott Guardian is is responsible for the management of patient information and patient confidentiality, in accordance with the Caldicott principles.

Caldicott Guardian responsibilities include:

  • Actively support work to facilitate and enable information sharing, and advise on options for lawful and ethical processing of information as required
  • Represent Information Governance requirements and issues at Board level
  • Support development of processes, including performance frameworks, that satisfy the highest practical standards for handling person-identifiable information and acts as the “the conscience” of the organisation.

Senior Information Risk Officer (SIRO)

A SIRO is the Senior Information Risk Owner in the organisation. The role supports implementation of standards for information management and security.  The SIRO is accountable for the management of all information assets and any associated risks and incidents. 

SIRO responsibilities include:

  • Ultimately accountable for assurance of information security at the Organisation
  • Champions information security at Board level
  • Owns corporate policy on information security
  • Provides an annual statement of the security of information assets for the Annual Governance Statement (as part of the audit process)

Data Protection Officer

Assists an organisation to monitor internal compliance, inform and advise on  an organisations data protection obligations, provide advice regarding Data Protection Impact Assessments (DPIAs) and act as a contact point for data subjects and the Information Commissioner.

DPOs can help an organisation to demonstrate compliance and are part of the enhanced focus on accountability.

The DPO must be independent, an expert in data protection, adequately resourced, and report to the highest management level.

Contacts

Caldicott Guardian: Dr Tim Scull, Medical Director, caldicott@ydh.nhs.uk / 01935 384896
Data Protection Officer: Gary McCann, data.protection@ydh.nhs.uk / 01935 384415
Senior Information Risk Owner: Tom Norton, 01935 384896
Access to Health Records and Information Governance: Karen Carter01935 384396