What is the DSPT?
The DSPT is a free, online self-assessment of health and social care providers’ data security and protection policies, procedures and processes. It is not just about your technology – it is about any information you hold about any person - staff, clients or visitors – that enables you to demonstrate that you are compliant with data protection legislation (GDPR and the Data Protection Act and the 10 health and social care data standards).
The DSPT should be completed every year – this year you have until the end of June 2021 to complete it. This means that it is a rolling process. You can go in and out throughout the year and can make updates at any time. IT DOES NOT NEED TO BE DONE ALL AT ONCE. To note – the majority of the work is in the first year getting everything up together – then in subsequent years it’s about keeping it updated as your answers roll forward from one year to the next.
What are the benefits of completing it?
The DSPT is a helpful guide and self-assessment tool for data security in social care that will help you keep people’s confidential information safe People trust the care system to protect information and the DSPT helps to build trust. It will help you reassure people who use your services and their families, and your staff that you keep data safe, and share it appropriate and securely It will help protect your business from the risk of being fined for a data breach and from the disruption of a cyberattack It give guidance so that you can practise good data security and be sure that personal information is handled and processed correctly DSPT is the NHS’s online self-assessment toolkit that all social care providers should complete as they will hold, process or share peoples’ personal data.
The questions in the 2020/21 toolkit are specific to the sector – if you register on the toolkit as a social care organisation then you will see questions that are specific to social care providers.
This means that the toolkit is a valuable source of advice about what you need to do: it’s a best practice checklist. If you want to know what you should be doing about data protection, information or cyber security then the toolkit will tell you. It is also an essential requirement if you want to have Proxy Access (e.g. ordering medication directly from the GP and eventually patients’ medical records). If you currently have an NHS e-mail account, you will be required to register on the toolkit.
Even if you don’t complete the DSPT at the moment, please register on it so that you have full access to the guidance/best practice checklist and future updates. There is a lot of support for you to complete the DSPT and improve your level of data and cyber security. Take the first step and register today.
To find out if your organisation is already registered https://www.dsptoolkit.nhs.uk/OrganisationSearch
This will also tell you if your organisation has already completed (‘published’) the Toolkit and when. If not you will need to register on the toolkit.
Need Further Help?
The Toolkit has a help section https://www.dsptoolkit.nhs.uk/Help including a Quick Start Guide and Big Picture Guides, and FAQs
The DSPT helpline is very helpful https://www.dsptoolkit.nhs.uk/Home/Contact
Specifically for social care, there is comprehensive guidance on how to complete the toolkit https://www.digitalsocialcare.co.uk/protecting-my-information/data-security-and-protection-toolkit/
There will also be local help available from Suffolk Association of Independent Care Providers ( SAICP ) and Care Development East and you can contact us to find out more on firstname.lastname@example.org