Why it is now essential to complete DSPT?

  • The Data Security and Protection Toolkit is official and well-recognised. Completing this toolkit shows that you care about the personal data of your clients, their families and your staff.
  • Central and local government bodies, local authority and CCG commissioners, the Care Quality Commission and the National Data Guardian recognise this as the official tool to evaluate your compliance with legal requirements, Data Security Standards and good practice.

By completing and publishing the toolkit on an annual basis (reaching Standards Met) you will be able to:

  • reassure people who use services, their families and your staff that you are managing their information safely. Most people expect you to share information with others who support them – but you must do this securely and legally.
  • answer the Care Quality Commission’s Key Line of Enquiry questions about how you manage data securely (see below)
  • demonstrate that you meet legal requirements including Data Protection Legislation and the Data Security Standards
  • access key services such as free NHS mail, shared care records, etc.

Social care providers who provide care through the NHS Standard contract or through Local Authority commissioning need to complete and publish the new DSP Toolkit as a part of any new contracts (Mandatory).

CQC guidance to Care Providers:

  • Publishing the Toolkit is a CQC expectation, and provides some answers to KLOEs – See the latest statement here: Click here

CQC assess digital records systems and paper records against the relevant key lines of enquiry and the characteristics of ratings. All records must comply with:

  • Regulation 17 Health and Social Care Act 2008 (Regulated Activities) Regulations 2014.
  • Accessible Information Standard.
  • Data protection legislation (including GDPR) requirements.
  • Data Security and Protection Toolkit (where providers have access to NHS patient data and systems).

Click here

All health and care organisations must assure themselves they are implementing the data security standards and meeting their statutory obligations on data protection and data security. This comes under well-led, key line of enquiry W6 “Is appropriate and accurate information being effectively processed, challenged and acted on?”