Data Security & Protection (DSPT)

NHSmail users: Please be aware some NHS Trusts are now requiring care providers to have NHSmail in place to share hospital discharge information. You need to have published your DSPT to at least 'Approaching Standards' in the last 12 months to qualify for NHSmail. To minimise delays to hospital discharges, please ensure you have either one of the two recommended forms of secure email in place. Please go to our NHSmail page (click on NHSmail tab above) to find out more about secure email and how to get it if you do not have it.

As part of the Better Security, Better Care programme, HCPA has been funded by NHSX to provide FREE support to Care Providers in Hertfordshire and Essex with completion of their DSPT.

The DSPT is an annual online assessment of your Data Protection & Cyber Security practices. As a care provider you need to ensure that you manage personal data securely within GDPR.

This assessment will take you through the necessary aspects of data compliance, mitigate the risk of disruption and financial and reputational repercussions from data breaches and cyber attacks and ensure best practice.

Once you have published the toolkit, you provide confidence to your service users and their families that you have met the required standard and are continuing to review and improve your data management and they can trust you to handle and process their personal data securely and appropriately.

Completion is a requirement to take advantage of key NHS systems and data initiatives, which save time and streamline processes.

NHSmail
Online Medication Ordering
Digital Social Care Records (DSCR)/Digital Transformation Fund
SystemOne
Hospital discharge information

It is also a requirement for delivering NHS contracts and for some local authorities.

What can the DSPT Team do for you?

Ensure you are compliant with Data Security law
Support completion of your Data Security & Protection Toolkit (DSPT)
Offer individual sessions to work through Toolkit questions
Share policy templates & guidance
Ensure you have mapped where you hold data
Ensure you are sharing Data legally
Help you meet Data management requirements for NHSmail and Online Ordering (Proxy Access)
CASE STUDY: See how Bluebird Care have benefitted from DSPT support: Tomorrow’s Care June 2023 :: 20 (yudu.com)

Want to contact us for assistance or to book a 1:1 session?

Email: DataProtection@HCPA.co.uk
Call: 01707 708018

Alternatively, you can book onto any of our workshops

DSPT awareness
DSPT Introduction
DSPT questions walk-through
Section specific workshops covering:
- Staffing and Roles
- Policies and Procedures
- Data Security
- IT Systems and Devices

Book a workshop

Self-help

You can access pre-recorded videos that you can view in your own time via the following links:

Digital Care Hub guidance videos – including how to register, what you need to know about data security, policies and procedures, data protection and cyber security training for staff, protecting IT systems and devices from cyber attacks

How to publish to Approaching Standards
How to publish to Standards Met

How to get started

Single Site?
If you are completing as a single site, you will need your Organisation Data Service code (ODS code) and an email address to register.

Multi site?
If you are part of a large organisation the DSPT can be completed at Head Office/Parent level, but only if all processes and procedures are the same across all sites AND all sites are linked to the same Head Office/Parent code. Register using the Head Office/Parent code. Once complete the status will filter to all linked sites.

If this is the case, register using the HO code, once complete the status will filter to all linked sites.

Where processes & procedures differ, each site will need to register individually.

Don’t know your ODS/HO code? Search here https://odsportal.digital.nhs.uk/Organisation/Search

Problems with logging in?

DSPT (Exeter) Helpdesk (for account queries):

Telephone: 0300 303 4034

Email: exeter.helpdesk@nhs.net