News & Events

Project Manager Update DSPT Sussex

Nada – Project Manager DSPT Sussex

Data protection and cyber security: myths and facts 

Some care providers think data protection and cyber security isn’t an issue for them, and that they don’t need the Data Security and Protection Toolkit. 

Every care provider – regardless of service or size, regulated or unregulated – stores and shares information about the people they support, their staff, and their professional partners. That’s often personal, sensitive data, but it may also be business information like bank account details of commissioners and funders. So every organisation has data protection responsibilities.  And in this day and age, that information is almost always stored or shared in some digital format.

The Data Security and Protection Toolkit (DSPT) is the sector-led, freely-available, national toolkit to guide care providers through their data and cyber security arrangements. Usage has increased, but why are some care providers hesitant?

Here are our responses to some of the common myths identified by a recent review of issues raised with the Programme, and through an online quiz earlier this month.

Myth: “We use paper records, not digital systems – so the DSPT isn’t for us.”

Fact: That’s not true – on a couple of levels. Paper records are subject to data protection legislation and are included within the DSPT. And also, how many organisations genuinely do not store or share any information digitally? Think about the information that you share on emails or by text – including to colleagues own private mobile phones. Even if it’s not in a formal digital record, it’s still being shared through a digital channel so it is at risk of a cyber attack or data breach.  The DSPT helps you reduce risk – and prove to others that you are taking it seriously.

Myth: “The DSPT is complex and time consuming – you need to be a data geek to complete it.”

Fact: OK, so you do need to involve people who understand what your organisation is doing with information to complete the DSPT – but you definitely don’t need to be a data or cyber expert. The Better Security, Better Care programme offers free support on the DSPT to all care providers. And we have recently expanded that support to include a free review of your DSPT responses, including tailored advice on how to improve. We have also updated our series of films that guide you through each set of questions on the DSPT.

We know time is scarce, but the last thing you want is to have to worry about the risk of data breach and possible fines. The DSPT can help you to reduce those risks, comply with contracts – as well as legislation, and help with your CQC inspection.

Myth: “We can access NHS patient information systems with NHSmail, so we don’t need the DSPT.”

Fact: We’re hearing this a lot – in fact 68 per cent of respondents to our recent online quiz thought this was the case. And it’s really not. NHSmail is a great secure email system for communicating directly with NHS colleagues. But it does not give you access to shared systems such as proxy access to GP or medication ordering systems. NHSX and NHS Digital are very clear that you must have reached at least Standards Met on the DSPT. The reason is care providers need to give assurance that they are practising good data security and that personal information is handled correctly.

Myth: “Commissioners and regulators don’t really care about our DSPT status, so it’s not a priority.”

Fact: If you deliver care under an NHS contract, then it’s already part of your contractual responsibilities. It’s one of the General Conditions of the NHS Standard Contract.

The Local Government Association is strongly encouraging local authorities to add the DSPT to their contracts. Several authorities are already doing this, and it’s clearly the direction of travel.

The use of data and cyber security is included within the CQC’s assessment framework. And inspectors do encourage care providers to use the DSPT as they recognise it as an “effective and efficient way of demonstrating compliance”.

Myth: “The DSPT doesn’t help me to manage COVID within our service – so it’s really not important.”

Fact: We fully appreciate that COVID is a major priority and we won’t pretend that the DSPT is going to resolve your key concerns. The pandemic has, however, increased the use of digital technology and recording of medical information – such as covid infection, vaccination or exemption status.The DSPT can help you to check that your data and cyber security policies, procedures and practices are helping you to keep that data safe.

Further information

Get free, expert support on completing your Data Security and Protection Toolkit from the Better Security, Better Care programme. Look for your local partners in your area to help you complete the toolkit and have another thing completed before the end of the year. Better Security, Better Care – Local Support Partners – Digital Social Care

Read more related articles

  • Events

    Join our latest event.

  • Useful Links

  • Documents

  • OS Newsletters

  • CQC Trade Association Meetings

  • 21st April 2022 Meeting

  • Previous Virtual Meetings