The Data Security and Protection Toolkit (DSPT) is a really helpful annual self-assessment for health and care organisations. 

As a care provider, it shows you what you need to do to keep people’s information safe, and to protect your business from the risk of a data breach or a cyber attack. It covers both paper and digital records. And if reassures everyone you work with that you are taking data security seriously.

All CQC-registered care providers should complete the DSPT at least once a year. The deadline for 2021/22 is 30 June 2022.

The DSPT can open up real opportunities. For example, you must have completed the DSPT if you: deliver services under an NHS contract; use a shared health and care records system; or you are applying for NHSmail.

Care providers who are not CQC registered can also use the DSPT to check and improve that data and cyber security arrangements.

This short, animated film explains how the DSPT helps care providers – including how it opens up access to shared information systems.

The Better Security, Better Care programme provides free guidance, practical tools, templates and direct support to help you to register, complete and publish the Toolkit.

View recordings of previous webinars and access Q&As.

Book one of our forthcoming webinars on:

Using the DSPT for the first time

Review and republish your DSPT 


Find out more about the DSPT in the sections below.