The session will commence at Please mute your microphone

Slides:



Advertisements
Similar presentations
Information Governance. “ensuring the confidentiality, accuracy and availability of patient information” Why Information Governance?
Advertisements

Rev.DescriptionAuthorDate 0.0First draftDavid Stone14/07/10 0.1ReviewPhil Walker Magi Nwoli Tony Heap Vanessa Kaliapermall 15/07/10 1.0FinalDavid Stone18/07/10.
National Update: The information revolution and the 2012 Caldicott Review Simon Richardson – Information Rights Manager.
Information Governance in Commissioning Mental Health Commissioners Collaborative.
Welcome ISO9001:2000 Foundation Workshop.
Partners in improving local health Slide 1 Information Governance & IT Security in the NHS Ian Davison, Director of Business Information Services Alison.
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
The Evolving IG Lead Role Phil Walker IGA. The IG Lead Role I am constantly surprised by the breadth and variety of work undertaken by IG Leads, but there.
7/7/20161 The Public Sector Equality Duty for Schools in England Jonathan Timbers – Policy Manager, PSED Team, Equality and Human Rights Commission.
Transforming the quality of dementia care – consultation on a National Dementia Strategy Mike Rochfort Programme Lead Older People’s Mental Health WM CSIP.
1 CQC review of data security standards in the NHS Rosie Wood, Strategy Lead Information Governance Alliance Conference 16 March 2016.
NHS PAM Electrical Systems 2 nd June ) Policy & Procedures Does the Organisation have a current, approved Policy and an underpinning set of procedures.
Information Governance A refresher for all staff who have previously gone through the full course.
An update from the Department of Health Lorraine Jackson Deputy Director for Data sharing and Cyber security Department of Health 22 November 2016.
Tony Sheppard Mobile Guardian
Community Services Programme Re-Contracting
Accountability & Structured Privacy Management
New CMS Emergency Preparedness Rule
SIGNs Chairs Meeting – 14th December 2016
Tailored Dispensing Service (TDS)
GDPR Awareness and Training Workshop
General Data Protection Regulations: what you really need to know
General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.
The session will commence at Please mute your microphone
General Data Protection Regulations
The session will commence at Please mute your microphone
Data Security Protection Toolkit – Overview
GDPR in schools and academies
The session will commence at Please mute your microphone
Incident Reporting Webinar Begins at 12.30
Data Security and Protection Toolkit
The session will commence at Please mute your microphone
Sue Cawthray, CEO/ Gill Thrush, Catering Manager
End of Year Performance Review Meetings and objective setting for 2018/19 This briefing pack is designed to be used by line managers to brief their teams.
Data Security and Protection Toolkit
Data protection and information governance: Balancing the confidentiality of patients against the importance of sharing information presented by John Hodson,
Appropriate Data Sharing in Health and Social Care
Information Governance
G.D.P.R General Data Protection Regulations
The Public Sector Equality Duty
Data Security Protection Toolkit – Top Tips
NHSmail and HSCN Lorraine Amor
The session will commence at Please mute your microphone

Premises Assurance Model
Primary Care Information Governance Manager
General Data Protection Regulation
The National Working Group
The session will commence at Please mute your microphone
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
A whistle stop tour of GDPR
D3 Confidentiality.
How we’ll prepare for the General Data Protection Regulation (GDPR)
TYPE IN CENTRE NAME LEVEL 1 GDPR AWARENESS TYPE IN NAME
The General Data Protection Regulation Six months on – What’s changed
The session will commence at Please mute your microphone
The Public Sector Equality Duty
What Governors need to know about GDPR
TYPE IN CENTRE NAME LEVEL 1 GDPR AWARENESS TYPE IN NAME
ADD YOUR LOGO HERE TYPE IN CENTRE NAME LEVEL 2 GDPR AWARENESS
The session will commence at Please mute your microphone
The General Data Protection Regulations 2016
Jodie Stutely Primary Care Information Governance Manager
ADD YOUR LOGO HERE TYPE IN CENTRE NAME LEVEL 1 GDPR AWARENESS
Better Information sharing?
Data Security and Protection Toolkit Assurance 2018/19
About the national data opt-out
National data opt-out - Preparing for implementation
ESFA Update for North East Learning Providers Network
Presentation transcript:

The session will commence at 12.30 Please mute your microphone Data Security and Protection Toolkit Welcome The session will commence at 12.30 Please mute your microphone

What is the Data Security and Protection Toolkit Online data security self assessment Replacement for the IG Toolkit Lets organisations measure themselves against the NDG Data Security Standards Provides help for organisations with support to comply with GDPR All organisations that process health and care data should complete the Data Security and Protection Toolkit If you are working on an NHS Standard Contract, you must complete the Data Security and Protection Toolkit.

Why data security is important It’s about trust! “Trust cannot be ensured without secure systems…” People trust the health and care system to protect information Data security must support digital transformation, otherwise the risk of breaches increase and trust will be lost.

Why is it changing? Static for a long period of time GDPR New threats Move to continuous improvement model NDG Report Making the first step more straightforward for smaller organisations Provide intelligence to CQC for inspections.

Where we are Data Security and Protection Toolkit is now open for registration Development continuing every week and will continue throughout the year Guidance being continuously updated Entry level developed for social care and others to make the first step more straightforward.

National Data and Security requirements In January 2018, the Department of Health and Social Care published 2017/18 Data Security and Protection Requirements outlining actions and key dates. It is recommended that providers consider completing the DSPT because it helps with: General Data Protection Regulation (GDPR) readiness as new Toolkit has been mapped to it Key Lines of Enquiry (KLOEs) from the Care Quality Commission now includes data security The 10 Data Security Standards as it helps demonstrate compliance Access to National Digital Products to support information sharing.

Sector-led, Information Governance and Cyber Security guidance What is it? Sector-led guidance for Cyber Security and Information Governance; specifically tailored to be accessible for Care Providers. Who is writing it? The Care Provider Alliance was procured by the Social Care Programme in NHS Digital in 2017 to write guidance for their sector. What has been completed and what still needs to be done? Information Governance and Care Homes Research – completed Provide Care Provider Guidance for previous Information Governance Toolkit – completed Provide Care Provider Interim Guidance for the new Data Security and Protection Toolkit – completed Provide Care Provider Final Guidance for the Data Security and Protection Toolkit – completed.

Guidance for Care Providers for the Data Security and Protection Toolkit Final version of this guidance will include: ‘Tool tips’ guidance to accompany the assertions in the new Toolkit An updated guide for Registered Managers An updated guide for staff ‘Big Picture’ guides (overall view of 10 Data Standards, including ‘How to’ guide with model answers). Available: https://www.careprovideralliance.org.uk/data-security-and-protection-toolkit.html 9

Entry level for social care ‘Entry level’ is a stepping stone to achieving the full standard for small organisations Time-limited level (subject to review) for social care providers Evidence items for critical legal requirements are being met; but some expected mandatory requirements have not been met (https://www.dsptoolkit.nhs.uk/Help/32) Allows access to NHSmail.

What do we need for entry level? 1.1.6 Data Protection Officer 1.2.1 Data security and protection policy or policies. 1.2.3 Policy has been approved by the person with overall responsibility for data security. 1.3.1 ICO Registration Number. 1.3.3 How have Individuals been informed about their rights and how to exercise them? 1.4.1 A record (e.g. register or registers) that details each use or sharing of personal information including the legal basis for the processing. 1.5.1 There is approved staff guidance on confidentiality and data protection issues. 1.6.1 Procedure that sets out the organisation’s approach to data protection by design and by default 1.6.7 Procedure on carrying out a Data Protection Impact Assessment 1.6.11 All high risk data processing has a Data Protection Impact Assessment carried out 1.7.1 There is policy and staff guidance on data quality. 2.1.1 Review of the list of all systems/information assets holding or sharing personal information? 2.3.2 All employment contracts contain data security requirements. 4.1.1 The organisation maintains a current record of staff and their roles. 6.1.1 A data security and protection breach reporting system is in place. 10.1.1 The organisation has a list of its suppliers that handle personal information, the products and services they deliver, their contact details and the contract duration.

What has changed? Requirements reflect the 10 NDG Data Security Standards Support key requirements under the General Data Protection Regulation Move away from levels 1, 2 and 3 and towards ‘mandatory’ evidence items Removed duplication Concise, clear requirements Documentary evidence only required where it adds value Exemptions for organisations which use NHSmail or have in place a relevant standard. The requirements of the Data Security and Protection Toolkit (DSPT) are designed to encompass the National Data Guardian review’s 10 data security standards. The requirements of the DSPT support key requirements under the General Data Protection Regulation (GDPR), identified in the NHS GDPR checklist. The IG Toolkit assessed performance against three levels 1, 2 and 3. Organisations were required to provide evidence of compliance with (at least) level 2 for all elements of their assessment. The DSPT does not include levels and instead requires compliance with assertions and (mandatory) evidence items. The assertions and evidence items are designed to be concise and unambiguous. Documentary evidence is only requested where this adds value. Some evidence items will not be required where an organisation uses NHSmail, or has in place an existing relevant standard (Cyber Essentials PLUS, ISO 27001, Public Service Network Information Assurance).

Hardest requirements in DSPT 95% of all staff to have data security training List of systems holding or sharing personal information (information asset register) Data Protection Impact Assessments Understanding your data flows Understand who has access to all your systems Organisations must survey their software for unsupported systems Organisations must ensure all networking components have had their default passwords changed.

Help and support Register https://www.dsptoolkit.nhs.uk/Account/Register Presentation developed to be used by IG Leads https://www.dsptoolkit.nhs.uk/News/25 FAQs including training tool https://www.dsptoolkit.nhs.uk/News/9 DSPT support available through Exeter.helpdesk@nhs.net Toolkit training and update events https://www.dsptoolkit.nhs.uk/News/10

Demonstration

Questions? cybersecurity@nhs.net