Beta

This is a new service - your will help us to improve it.

Do I need to complete the Data Security and Protection Toolkit?

The Department of Health and Social Care has provided guidance on information governance requirements for social care providers, which can be summarised as:

  1. If you operate through the NHS Standard Contract you need to complete the Data Security and Protection Toolkit to at least ‘entry level’
  2. For everyone else, there is no mandatory action to take.

We recommend that providers start to complete the Data Security and Protection Toolkit regardless of your contract status. See our guides for more details.

If you would like to access to any NHS systems such as NHSmail you must complete the Data Security and Protection Toolkit as a prerequisite. This includes if you are involved in a local initiative which involves the use of NHSmail.

If you have clients or residents who receive NHS continuing healthcare (CHC) funding or NHS-funded nursing care (FNC) then you will be operating under an NHS contract. It is an NHS contractual requirement to complete the Data Security and Protection Toolkit to at least ‘entry level’.

If all of your clients or residents are self-funded or funded via the local authority then generally there is no contractual requirement to complete the Data Security and Protection Toolkit. Note that some local authorities have been making it a contractual requirement – you should check your contracts if you are uncertain.

Back to FAQs