Adherence to the Caldicott Principles
Last Updated: 1st March 2025
Introduction
Be-Informed Healthcare Ltd. ("we," "our," "us") is committed to ensuring that patient data is handled in line with the Caldicott Principles, which set out best practices for protecting patient confidentiality while ensuring that information is shared appropriately for healthcare purposes. These principles are fundamental to NHS data governance, and we incorporate them into our eConsent platform to ensure compliance, security, and ethical handling of patient data.
What Are the Caldicott Principles?
The Caldicott Principles were first introduced in 1997 and have been updated over time to strengthen patient data protection. They provide a framework for managing personal and confidential information within healthcare settings.
Below, we outline the eight Caldicott Principles and how Be-Informed Healthcare adheres to them:
Principle 1: Justify the Purpose for Using Confidential Information
We only collect and process patient consent data when it is necessary for providing a clear and auditable record of consent in medical procedures.
Our system ensures that all data collection and processing activities have a clear and lawful purpose aligned with GDPR and NHS requirements.
Principle 2: Only Use Confidential Information When Absolutely Necessary
Patient data is only collected and stored if it is essential for completing and documenting the consent process.
We follow data minimisation principles, ensuring that we do not process excessive or unnecessary information.
Principle 3: Use the Minimum Necessary Confidential Information
Our eConsent platform is designed to limit data access to only what is required for clinicians to complete the consent process.
Anonymisation and pseudonymisation techniques are used wherever possible to protect patient identities.
Principle 4: Access to Confidential Information Should Be on a Strict Need-to-Know Basis
Role-based access controls (RBAC) are in place to ensure that only authorised users (e.g., clinicians, healthcare providers) can access patient consent records.
We log and monitor all access and activity within the platform to prevent unauthorised access.
Principle 5: Everyone with Access to Confidential Information Should Be Aware of Their Responsibilities
All users (clinicians, administrators, and support staff) are required to undergo training on data protection and confidentiality.
Clear user agreements and policies outline responsibilities regarding patient data security and confidentiality.
Principle 6: Comply with the Law
Our platform complies with the UK GDPR, Data Protection Act 2018, and NHS data security standards.
We have data processing agreements in place with healthcare organisations to ensure legal compliance.
A Data Protection Officer (DPO) oversees compliance and ensures that patient rights are protected.
Principle 7: The Duty to Share Information Can Be as Important as the Duty to Protect Confidentiality
Our system allows secure sharing of consent forms between authorised healthcare providers where clinically necessary.
Information is shared only when legally justified (e.g., safeguarding cases, regulatory reporting) and in compliance with NHS information governance guidelines.
Patients are informed about how their data is shared and can access their consent records digitally.
Principle 8: Inform Patients and Service Users About How Their Confidential Information is Used
Our Privacy Policy clearly explains how patient data is collected, stored, and used within the eConsent platform.
Patients can review, access, and withdraw consent in accordance with legal and ethical standards.
We ensure that all communication about data usage is clear, transparent, and accessible to patients.
Our Adherence to the Caldicott Principles
At Be-Informed Healthcare, we have built our eConsent platform with the Caldicott Principles at its core, ensuring that patient confidentiality is maintained while enabling secure, efficient, and legally compliant digital consent processes. We continuously review our security, data protection, and information-sharing practices to uphold these principles.
Contact Us
For more information, please contact:
Be-Informed Healthcare Ltd.