Data Security and Protection Toolkit

SARCP have been commissioned to run workshops to assist providers to complete the DSPT toolkit by the DHSC and Better Security Better Care (BSBC).

It is a contractual agreement and inspected by CQC. 

This is a national project affecting all care providers and the results are being monitored by local authorities and ICSs to ensure contractual agreements are being adhered to.

SARCP are reporting to BSBC monthly. LAs and ICSs are checking on who is still required to complete the tool.

All organisations who process health and/or care data should complete the DSPT.

CQC will consider how you apply the steps set out in the tool as part of the well-led element of their inspections. LAs are asking similar questions within their Quality assurance audits with care providers.

The tool shows you what you need to do to keep people’s information safe, and to protect your business from the risk of a data breach or a cyber-attack. It covers both paper and digital records. And it reassures everyone you work with that you are taking data security seriously.

All CQC-registered care providers need to complete the DSPT at least once a year.

The DSPT can open real opportunities. For example, you must have completed the DSPT if you:

• Deliver services under an NHS contract.
• Use a shared health and care records system.
• You are applying for NHSmail. Having an NHSmail opens up further doors.

Completing the DSPT is a contractual requirement.

Care providers who are not CQC registered can also use the DSPT to check and improve their data and cyber security arrangements as good practice.

Once you have completed the tool and published to Standards Met, it is just then an annual update you will need to complete.