Maria Mallaband: Data protection for large care providers

Maria Mallaband: Data protection for large care providers

How investing in new technology and good data protection are key to the quality of care and staff development at the Maria Mallaband Care Group.

The Maria Mallaband Care Group (MMCG) is one of the UK’s largest independent care providers, employing 4,500 staff and supporting 3,600 people in over 80 homes – most with nursing.

Naheem Shan, MMCG’s Data Protection Officer and Head of Information Governance explains how tech and data protection is ingrained in the group’s work:

“We see investment in new technology and digital records as key to the quality of our care and to the development of our staff. It gives us access to more comprehensive, up-to-date information, supports better working with our healthcare colleagues, and frees up care staff to care – not chase down information.”

80 care homes – 30 legal entities – one DSPT submission

MMCG recognised that storing and sharing data safely was absolutely essential. They have been using the Data Security and Protection Toolkit – and its predecessor the IG tool – to check and demonstrate that their policies, procedures and practices are not just in line with legal requirements, but also following good practice.

“The updated Data Security and Protection Toolkit is really clear and much more relevant to the care sector,” says Naheem. “And the huge benefit is that, as a large care group with almost 30 legal entities and still growing, I can submit one DSPT entry for all our businesses. We use the same policies and procedures across the group – so one DSPT submission works for all. That saves our care home managers – and me – a lot of time.”

As a large group, MMCG acquires and sells services. When this happens they introduce the same policies and procedures to any new service and advise the DSPT helpline of changes so that new services can be added to their DSPT publication – or former services removed.

Commissioners’ requirements

Having the DSPT in place for all their services is enabling MMCG to meet both local authority and NHS commissioners’ requirements.

MMCG delivers a lot of nursing care under NHS contracts – so it is essential that they have the DSPT in place, but they are also finding that local authorities are increasingly expecting services to have it.

As Naheem explains: “When our care home managers come to me saying that their local authority or CCG wants evidence that we have completed the DSPT, I can quickly reassure them that we have all of that in place already and give them access to our DSPT status. It’s one less thing for the care home managers to worry about.”

Accessing health and care records

MMCG is using the DSPT to enable them to take part in innovative, integrated health and care systems.

“We are open to change, and making the most of innovative developments,” says Naheem. “If our care home managers tell me they want access to a new system, I try to ensure that data protection arrangements are there to enable them – not to block them. We really want to have access to the best systems. At present, we are rolling out digital care records across all of our services, taking part in shared records systems such as GP Connect, and exploring the digital red bag scheme which supports sharing information when someone is discharged from hospital in a care service. In order to take part in any of these schemes, we need to use the DSPT as evidence that we store and share data safely.”

Developing and supporting staff

All MMCG staff undertake data protection training every year – that’s 4,500 people so it is a substantial commitment.

When new care home managers or heads of departments join, Naheem delivers face-to-face training for them on their responsibilities, such as reducing the risk of data breaches, archiving and sharing information.

“Part of our training and induction is to make staff – and especially managers – aware of the consequences of a data breach,” says Naheem. “The company could face a substantial fine if we have a breach and cannot demonstrate that we had all reasonable measures in place to minimise the risk. And there’s the personal side of things – how would you feel if your personal data was accessed or shared inappropriately?”

Ongoing learning

The toolkit is also acting as a comprehensive checklist of issues to consider, covering both paper and digital records.

“As a Data Protection Officer, I have a pretty detailed understanding of data and cyber security issues,” says Naheem. “But the toolkit really covers everything, and it’s all in one place, which is so helpful. For example, it is has highlighted to me how important it is to carry out regular penetration testing of the software and tech services that we use. That’s one of the areas that we have improved on and enabled us to reach Standards Met on the DSPT. I have also introduced extensive due diligence on all our tech and data system suppliers.”

Top tips for large care providers

Naheem shares his top tips for large care providers:

  1. Get leadership from the top: data protection and cyber security is essential for your whole business
  2. Don’t step back: the benefits of having good, secure systems in place are real – enabling you to access NHSmail, shared records
  3. Look at the DSPT questions before trying to answer them. Do your research and gather information together before completing your submission.
  4. Don’t bluff! Get the right policies and procedures in place before you complete your DSPT.
  5. Go back to your DSPT entry and update it regularly, not just once a year. Always keep it up to date when you buy or sell a service
  6. Get support from the Better Security, Better Care programme.

Further information

Find out more about the Maria Mallaband Care Group

Follow Naheem’s tips on twitter @DigiSocialCare #DSPTlargeproviders

Access support on using the Data Security and Protection Toolkit from the Better Security, Better Care programme.

 

Photo by Georg Arthur Pflueger on Unsplash

Back to Success Stories