The Caldicott Principles. The Supplier shall comply with (and shall not do anything or fail to do anything which shall cause the Organisation to be in breach of) the Caldicott Principles and undertakes to comply with the following principles: a. The purpose must be justified. Every proposed use or transfer of personal data within or from the Organisation should be clearly defined and scrutinised, with continuing uses regularly reviewed by an appropriate guardian. b. Personal data must not be used unless it is absolutely necessary. Personal data should not be used unless there is no alternative. c. The minimum necessary personal data information is to be used. Where use of personal data is considered essential, each individual item of information should be justified with the aim of reducing identifiability. d. Access to personal data should be on a strict need to know basis. Only those individuals who need access to personal data should have access to it, and they should only have access to the data that they need to see. e. Everyone should be aware of their responsibilities. Those handling personal data - both frontline and support staff - must be aware of their responsibilities and obligations to respect personal confidentiality f. All persons handling personal data must understand and comply with the law. Every use of personal data information must be lawful. g. The duty to share information can be as important as the duty to protect patient confidentiality. Health and social care professionals should have the confidence to share information in the best interests of their patients within the framework set out by these principles. They should be supported by the policies of their employers, regulators and professional bodies.
Appears in 2 contracts