![]() ![]() You will find yourself frantically skimming through digital mountains of information and lists to find the very one you need. If you are a medium to large-scale organization and do not have the appropriate processes and workflows in place to aid you in providing evidence wherever the DSP Toolkit demands it, you have a problem. It should be an on-going process where information is added and updated regularly throughout the whole year. As mentioned earlier, completing the DSPT is a big task that should not be left until the deadline. Some items will require you to provide a written answer, while other will ask you to provide a document of some sort to support your answer, such as an Excel spreadsheet or PDF file.ĭoing so for 166 questions is a time-consuming process that demands a high level of meticulousness and great organizational skills, as well as insight from the person or persons completing it. The 179 evidence items, of which 166 are mandatory for Category 1 organisations, are called evidence items because they require you to provide evidence to support your answers. The DSPT is an extensive and detailed questionnaire. What Are the Challenges in Completing the DSP Toolkit? Action is taken immediately following a data breach or a near miss, with a report made to senior management within 12 hours of detection.ĭata Security Standard 7: A continuity plan is in place to respond to threats to data security, including significant data breaches or near misses, and it is tested once a year as a minimum, with a report to senior management All access to personal confidential data on IT systems can be attributed to individualsĭata Security Standard 5: Processes are reviewed at least annually to identify and improve processes which have caused breaches or near misses, or which force staff to use workarounds which compromise data security.ĭata Security Standard 6: Cyber-attacks against services are identified and resisted and CareCERT security advice is responded to. Once completed, organizations can publish their completed DSPT to further increase that trust.ĭata Security Standard 4: Personal confidential data is only accessible to staff who need it for their current role and access is removed as soon as it is no longer required. The DSP Toolkit also helps organisations protect against data breaches by requiring them to demonstrate compliance with the key points of the General Data Protection Regulation (GDPR), as identified in the NHS GDPR Checklist, as well as with the guidelines of other frameworks, such as the Data Protection Act 2018 and ISO 27001. This, in turn, reduces the likelihood that patients will withdraw their consent for sharing personal information with such organisations. ![]() A higher level of accountability raises public confidence that the NHS and its partner organisations can be trusted with confidential data. The purpose of the DSPT is to demonstrate to these people and the people you work with – GPs, NHS services, commissioners, regulators – that your organisation can be trusted to handle confidential patient data appropriately and securely. The field of data privacy and confidentiality is a growing area of interest to organisations as people are becoming more aware of their data protection rights. The keywords here are: accountability and compliance. This is why annual or semi-annual completion is mandatory. The 10 security standards are designed to address basic cyber vulnerabilities and to ensure that attacks such as WannaCry can be better prevented in the future.Īs data security standards are constantly changing, the DSP Toolkit and its requirements are reviewed on a regular basis and updated to ensure they are always aligned with current best practices. These standards were formulated as a response to the WannaCry ransomware attack, which took place in 2017 and affected several organizations around the world – including NHS trusts. All organizations in the healthcare sector – from NHS trusts to nursing homes to GPs – must complete the DSP Toolkit annually (or twice a year for larger organizations) to measure their level of compliance with the data and information governance requirements, as stipulated by the Department of Health and Social Care, in particular the 10 Data Security Standards set out by the National Data Guardian. statements) which are again divided into 179 evidence items (sub-questions). The Data Security and Protection Toolkit (DSPT), provided by NHS Digital, is a free online self-assessment questionnaire based on the 10 Data Security standards. ![]()
0 Comments
Leave a Reply. |