1. Justify the purpose for using confidential information
2. Only use it when absolutely necessary.
3. Use the minimum required
4. Access should be on a strict ‘need-to-know’ basis
5. Everyone must understand their responsibilities
6. Everyone must understand and comply with the law
7. The duty to share information can be as important as the duty to protect patient confidentiality
Full documentation:
The Information Governance Review
p. 108, F. Caldicott (2013)