What is the NHS DSPT?
The NHS Data Security and Protection Toolkit.
The DSPT is a mandatory data protection and cybersecurity certification for any organisation which processes NHS patient information. It allows, through the aid of an online self-assessment tool, an organisation to compare their performance against the National Data Guardian’s 10 data security standards. Think of it kind of like the Rosetta stone of patient based data protection.
What are the National Data Guardian 10 Data Security Standards?
The 10 Data Security Standards were developed by the National Data Guardian. In 2017 the Department of Health and Social Care released a policy mandating that all health and social care providers follow them. These standards allow organisations to weather the changing landscape of information security threats, faced by the NHS.
These 10 standards are divided into three different leadership obligations; ‘People’, ‘Process’ and ‘Technology’.
People
The first obligation ensures that staff are equipped to handle information respectfully, safely and according to the Caldicott Principles.
Process
The second obligation ensures that an organisation not only proactively prevents data security breaches but responds appropriately to incidents or near misses should they occur.
Technology
The third obligation denotes the requirement for organisations to acquire secure and up to date technology to house data processes.
Why does your organisation need to complete the DPST?
If your organisation processes any patient data, regardless of purpose, under the NHS England Standard Conditions contract and the Department of Health and Social care policy, you are contractually obligated to complete the DSPT.
Not only that, all Care Quality Commission (CQC) registered care providers must complete the DSPT annually to keep up to date with the changing threat landscape.
The DSPT provides regulation, assuring that organisations with access to NHS patient data and systems are practising good data security and handling personal information appropriately. Completion of the DSPT forges trust between external contractors and suppliers and the NHS – your compliance may even help you to win tenders!
Recent developments to the DSPT have introduced a requirement for compliance with the national data opt-out service (a scheme whereby patients are able to opt-out of their confidential patient information’s inclusion in research and planning). The opt-out service was introduced on the 25th of May 2018 as per the National Guardian’s recommendation, from July 2022 the clause was solidified as a legal requirement for all health and social care CQC-registered organisations.
How can we support your organisation?
Here at DPAS, we understand that you may not have the capacity and capabilities in-house to audit your DSPT submission or review the compliance of important policies and procedures. Completing the DSPT can be overwhelming and put a strain on already tight resources. We can do all of the hard work for you. DPAS provides the majority of our services offsite and will come on-site only when appropriate, causing little disruption to your operations.
Our service can provide you with the confidence you need to compile and submit your evidence for NHS Digital’s approval.
We can;
- Provide you with a dedicated contact at DPAS (our team have years of industry experience and are qualified Data Protection Officers and Data Protection Practitioners)
- Review your current status with the DSPT
- Assess your organisation’s completed documentation
- Ensure compliance with the relevant data protection legislation, including GDPR.
- Include a gap analysis and evaluation of documents
- Providing expert advice on any amendments (if necessary)
We understand the importance of protecting patient data and have completed the Caldicott Guardian training course. In addition to supplementary training such as our BCS Practitioner level certifications in Information Security, Freedom of Information (FOI) and Data Protection.
For further information, please see our website: https://www.dataprivacyadvisory.com/dpas-compliance/nsptservices/). Alternatively, view the services we offer here.
If you require additional support with demonstrating or achieving DSPT compliance you can contact us at info@dataprivacyadvisory.com or by calling our office at 0203 301 3384.