The Caldicott Committee's December 1997 Report on the Review of Patient-Identifiable Information, usually referred to as the Caldicott Report (named after its author Dame Fiona Caldicott), identified weaknesses in the way parts of NHS handled confidential patient data. The report made several recommendations, one of which was the appointment of Caldicott guardians, members of staff with a responsibility to ensure patient data is kept secure:
Recommendation 3: A senior person should be nominated in each NHS organisation, including the Department of Health and associated agencies, to act as a "guardian". The "guardian" should normally be a senior health professional or be closely supported by such a person. The NHS IM&T Security Manual (Section 18.4) requires each organisation to designate a senior medical officer to oversee all procedures affecting access to person-identifiable health data. This role and that of the "guardian" may be combined, providing there is no conflict of interest. The Department of Health should take the development of this role forward in partnership with interested parties.