The DSPT should be completed every year, usually by 31st March. However, due to COVID-19, the deadline for 2020/21 has been extended to 30th June 2021.
This means that, if you have a continuing healthcare contract or you already use systems that access NHS patient data, to remain compliant you will need to complete the 2020/21 DSPT by 30th June 2021.
Other services should aim to complete it by June 2021 for residential and nursing homes, and by October 2021 for other services.
Yes – the toolkit you published between April and September 2020 will count as your submission for the year 2019/20. Because it is an annual process, to remain compliant you will need to complete the 2020/21 toolkit between now and the new deadline of 30th June 2021.
For most questions, your answers and evidence will be transferred across automatically. There are just a few questions that are new or have changed too much for that to be possible.
Reflecting the need for adult social care services to operate in a way which meets the national data security standards, the option of publishing at Entry Level was always a temporary arrangement.
A new Approaching Standards level has been introduced on 5 March 2021 as a new stepping stone towards Standards Met. If you have done most of the DSPT but have a bit more work left to do, you’ll be able to get credit for the progress you have made by publishing at “Approaching Standards.” To do this, you’ll need to submit an improvement plan saying how and when you will complete the remaining items.
If you have already published at Entry Level for 2020/21, you should review and republish at Approaching Standards as a minimum by 30 June 2021.
The only information that is published is that fact that you have completed the DSPT on a particular date, and the level at which you completed it. The answers you give when you complete the DSPT and the documents you upload won’t be published.
The information will be published on the DSPT toolkit website, where you can search for organisations that have completed it.
They can search on the website https://www.dsptoolkit.nhs.uk/OrganisationSearch. Please note however that, if your organisation has only completed the DSPT at HQ level, and not for your individual service, your service may not show as having completed the DSPT, and you won’t get the benefits of having done so.
Luckily, if an organisation is confident that its individual services are compliant, it is a quick process to get each service showing on the website individually.
Please see the guidance at Registering for the Data Security and Protection Toolkit and call the Digital Social Care helpline if you are not sure what to do.
Yes, it applies equally. Every council which operates adult social care services is already registered with the DSPT. While some councils have already completed the DSPT, most of their individual services are not yet showing on the website https://www.dsptoolkit.nhs.uk/OrganisationSearch as having done so.
Provided that a council is confident that its individual services are compliant, it can use the same process as independent sector organisations to transfer HQ completion across to individual site completion.
Completing the DSPT will help you demonstrate that you meet CQC expectations. In particular, question C3.3 from the Key Lines of Enquiry (KLOE) asks: “How are people assured that information about them is treated confidentially…?” Question W2.8 asks: “How does the service satisfy itself that it has robust arrangements… in line with data security standards?”
Any organisation seeking to register for NHSmail for the first time after 30 June 2021 will need to be published at Approaching Standards. Therefore, if a care provider has already published at Entry Level but does not have NHSmail, and they want to register for it they will need to republish at Approaching Standards.
Where organisations have already published at Entry Level for this year and they currently have access to NHSmail, there are no current plans to remove access to NHSmail. Any changes to this will be clearly flagged well in advance.
A national and local support programme has been established to help care providers to use the DSPT and improve their cyber security. This includes support at a national level, plus a network of local support partners.
For details, see information on the Better Security, Better Care programme.
Please register for updates via the Digital Social Care newsletter.
The Digital Social Care helpline is open between 9am and 5pm Monday to Friday by calling 0208 133 3430 or by email on [email protected]
The DSPT is for care services based in England only.
Wales has the Welsh Information Governance Toolkit
Scotland has the Scottish Information Sharing (IS) Toolkit
To help us improve this website, we’d like to know more about your visit today.
Please leave any feedback below :