NHS Digital’s Data Security and Protection Toolkit (DSPT) is a free, online self-assessment of your compliance with:
It is not just about your technology. It is about any information you hold about any person – staff, residents or visitors.
The toolkit was updated in November 2020 to ensure it is relevant and easy for care providers to use. And it provides practical tips and directs you to relevant guidance, templates and legislation to make completing the self-assessment even easier.
The DSPT is a really helpful annual self-assessment for health and care organisations. It shows you what you need to do to keep people’s information safe, and to protect your business from the risk of a data breach or a cyber attack. Once you’ve completed the DSPT, it will help you demonstrate, to the people you support, your commissioners, GPs and other NHS services, that you are handling information securely.
You can register online at https://www.dsptoolkit.nhs.uk/Account/Register
If you need support registering for the Toolkit, we have produced guidance on how to do this: Registering for the Data Security and Protection Toolkit
This guidance is particularly useful for large multisite providers, domiciliary care organisations and providers offering multiple services as the process does vary depending on how your own organisation manages its data.
We have produced a how-to guide and a range of templates to help you complete Entry Level.
If you are a commissioner who is supporting care providers to complete the toolkit in your region, we also have materials for you to use.
We have produced a how-to guide and a range of templates to help you to complete Standards Met.
No – your current registration will continue.
The DSPT should be completed every year, usually by 31st March. However, due to COVID-19, the deadline for 2019/20 was extended to 30th September 2020, and the deadline for 2020/21 has been extended to 30th June 2021. This means that, if you have a continuing healthcare contract or you already use systems that access NHS patient data, to remain compliant you will need to complete the 2020/21 DSPT by 30th June 2021. Other services should aim to complete it by June 2021 for residential and nursing homes, and by October 2021 for other services.
Yes – the toolkit you published between April and September 2020 will count as your submission for the year 2019/20. Because it is an annual process, to remain compliant you will need to complete the 2020/21 toolkit between now and the new deadline of 30th June 2021.
For most questions, your answers and evidence will be transferred across automatically. There are just a few questions that are new or have changed too much for that to be possible.
Reflecting the need for adult social care services to operate in a way which meets the national data security standards, the option of publishing at entry level will come to an end on 31st December 2020. However, from April 2021, if you have done most of the DSPT but have a bit more work left to do, you’ll be able to get credit for the progress you have made by publishing at “Approaching Standards.” To do this, you’ll need to submit an action plan saying how and when you will complete the remaining items.
The only information that is published is that fact that you have completed the DSPT on a particular date, and the level at which you completed it. The answers you give when you complete the DSPT and the documents you upload are completely confidential.
They can search on the website https://www.dsptoolkit.nhs.uk/OrganisationSearch. Please note however that, if your organisation has only completed the DSPT at HQ level, and not for your individual service, your service won’t show as having completed the DSPT, and you won’t get the benefits of having done so. Luckily, if an organisation is confident that its individual services are compliant, it is usually a quick process to get each service showing on the website individually. Please see the guidance at Registering for the Data Security and Protection Toolkit and call the Digital Social Care helpline if you are not sure what to do.
Yes, it applies equally. Every council which operates adult social care services is already registered with the DSPT. While some councils have already completed the DSPT, most of their individual services are not yet showing on the website https://www.dsptoolkit.nhs.uk/OrganisationSearch as having done so. Provided that a council is confident that its individual services are compliant, it can use the same process as independent sector organisations to transfer HQ completion across to individual site completion. The Local Government Association is currently developing guidance that will ask councils to do this and which will guide them through the process.
Completing the DSPT will help you demonstrate that you meet CQC expectations. In particular, question C3.3 from the Key Lines of Enquiry (KLOE) asks: “How are people assured that information about them is treated confidentially…?” Question W2.8 asks: “How does the service satisfy itself that it has robust arrangements… in line with data security standards?”
No, but organisations are asked to register with the DSPT straightaway and to complete it as soon as they can do.
A national and local support programme has been established to help care providers to use the DSPT and improve their cyber security.
For details, see information on the Better Security, Better Care programme.
Further support will be announced in January 2021. If you are registered on the toolkit, you will be automatically told about the new support. Otherwise, register for updates via the Digital Social Care newsletter.
If you don’t have a local contact for help and advice, please contact the Digital Social Care helpline.
Our helpline will be open between 9am and 5pm Monday to Friday by calling 0208 133 3430 or by email on [email protected]
To help us improve this website, we’d like to know more about your visit today.
Please leave any feedback below :