Presentation is loading. Please wait.

Presentation is loading. Please wait.

The session will commence at Please mute your microphone

Published byBambang Sutedja Modified over 6 years ago

Similar presentations

Presentation on theme: "The session will commence at Please mute your microphone"— Presentation transcript:

1 The session will commence at 12.30 Please mute your microphone
Data Security and Protection Toolkit Welcome The session will commence at 12.30 Please mute your microphone

2 What is the Data Security and Protection Toolkit
Online data security self assessment Replacement for the IG Toolkit Lets organisations measure themselves against the NDG Data Security Standards Provides help for organisations with support to comply with GDPR All organisations that process health and care data should complete the Data Security and Protection Toolkit If you are working on an NHS Standard Contract, you must complete the Data Security and Protection Toolkit.

3 Why data security is important
It’s about trust! “Trust cannot be ensured without secure systems…” People trust the health and care system to protect information Data security must support digital transformation, otherwise the risk of breaches increase and trust will be lost.

4 Why is it changing? Static for a long period of time GDPR New threats
Move to continuous improvement model NDG Report Making the first step more straightforward for smaller organisations Provide intelligence to CQC for inspections.

5 Where we are Data Security and Protection Toolkit is now open for registration Development continuing every week and will continue throughout the year Guidance being continuously updated Entry level developed for social care and others to make the first step more straightforward.

6 National Data and Security requirements
In January 2018, the Department of Health and Social Care published 2017/18 Data Security and Protection Requirements outlining actions and key dates. It is recommended that providers consider completing the DSPT because it helps with: General Data Protection Regulation (GDPR) readiness as new Toolkit has been mapped to it Key Lines of Enquiry (KLOEs) from the Care Quality Commission now includes data security The 10 Data Security Standards as it helps demonstrate compliance Access to National Digital Products to support information sharing.

7 Sector-led, Information Governance and Cyber Security guidance
What is it? Sector-led guidance for Cyber Security and Information Governance; specifically tailored to be accessible for Care Providers. Who is writing it? The Care Provider Alliance was procured by the Social Care Programme in NHS Digital in 2017 to write guidance for their sector. What has been completed and what still needs to be done? Information Governance and Care Homes Research – completed Provide Care Provider Guidance for previous Information Governance Toolkit – completed Provide Care Provider Interim Guidance for the new Data Security and Protection Toolkit – completed Provide Care Provider Final Guidance for the Data Security and Protection Toolkit – completed.

8

9 Guidance for Care Providers for the Data Security and Protection Toolkit
Final version of this guidance will include: ‘Tool tips’ guidance to accompany the assertions in the new Toolkit An updated guide for Registered Managers An updated guide for staff ‘Big Picture’ guides (overall view of 10 Data Standards, including ‘How to’ guide with model answers). Available: 9

10 Entry level for social care
‘Entry level’ is a stepping stone to achieving the full standard for small organisations Time-limited level (subject to review) for social care providers Evidence items for critical legal requirements are being met; but some expected mandatory requirements have not been met ( Allows access to NHSmail.

11 What do we need for entry level?
1.1.6 Data Protection Officer 1.2.1 Data security and protection policy or policies. 1.2.3 Policy has been approved by the person with overall responsibility for data security. 1.3.1 ICO Registration Number. 1.3.3 How have Individuals been informed about their rights and how to exercise them? 1.4.1 A record (e.g. register or registers) that details each use or sharing of personal information including the legal basis for the processing. 1.5.1 There is approved staff guidance on confidentiality and data protection issues. 1.6.1 Procedure that sets out the organisation’s approach to data protection by design and by default 1.6.7 Procedure on carrying out a Data Protection Impact Assessment 1.6.11 All high risk data processing has a Data Protection Impact Assessment carried out 1.7.1 There is policy and staff guidance on data quality. 2.1.1 Review of the list of all systems/information assets holding or sharing personal information? 2.3.2 All employment contracts contain data security requirements. 4.1.1 The organisation maintains a current record of staff and their roles. 6.1.1 A data security and protection breach reporting system is in place. 10.1.1 The organisation has a list of its suppliers that handle personal information, the products and services they deliver, their contact details and the contract duration.

12 What has changed? Requirements reflect the 10 NDG Data Security Standards Support key requirements under the General Data Protection Regulation Move away from levels 1, 2 and 3 and towards ‘mandatory’ evidence items Removed duplication Concise, clear requirements Documentary evidence only required where it adds value Exemptions for organisations which use NHSmail or have in place a relevant standard. The requirements of the Data Security and Protection Toolkit (DSPT) are designed to encompass the National Data Guardian review’s 10 data security standards. The requirements of the DSPT support key requirements under the General Data Protection Regulation (GDPR), identified in the NHS GDPR checklist. The IG Toolkit assessed performance against three levels 1, 2 and 3. Organisations were required to provide evidence of compliance with (at least) level 2 for all elements of their assessment. The DSPT does not include levels and instead requires compliance with assertions and (mandatory) evidence items. The assertions and evidence items are designed to be concise and unambiguous. Documentary evidence is only requested where this adds value. Some evidence items will not be required where an organisation uses NHSmail, or has in place an existing relevant standard (Cyber Essentials PLUS, ISO 27001, Public Service Network Information Assurance).

13 Hardest requirements in DSPT
95% of all staff to have data security training List of systems holding or sharing personal information (information asset register) Data Protection Impact Assessments Understanding your data flows Understand who has access to all your systems Organisations must survey their software for unsupported systems Organisations must ensure all networking components have had their default passwords changed.

14 Help and support Register Presentation developed to be used by IG Leads FAQs including training tool DSPT support available through Toolkit training and update events

15 Demonstration

16 Questions?

17

Download ppt "The session will commence at Please mute your microphone"

Similar presentations

Information Governance. “ensuring the confidentiality, accuracy and availability of patient information” Why Information Governance?

Information Governance. “ensuring the confidentiality, accuracy and availability of patient information” Why Information Governance?
Rev.DescriptionAuthorDate 0.0First draftDavid Stone14/07/10 0.1ReviewPhil Walker Magi Nwoli Tony Heap Vanessa Kaliapermall 15/07/10 1.0FinalDavid Stone18/07/10.

Rev.DescriptionAuthorDate 0.0First draftDavid Stone14/07/10 0.1ReviewPhil Walker Magi Nwoli Tony Heap Vanessa Kaliapermall 15/07/10 1.0FinalDavid Stone18/07/10.
National Update: The information revolution and the 2012 Caldicott Review Simon Richardson – Information Rights Manager.

National Update: The information revolution and the 2012 Caldicott Review Simon Richardson – Information Rights Manager.
Information Governance in Commissioning Mental Health Commissioners Collaborative.

Information Governance in Commissioning Mental Health Commissioners Collaborative.
Welcome ISO9001:2000 Foundation Workshop.

Welcome ISO9001:2000 Foundation Workshop.
Partners in improving local health Slide 1 Information Governance & IT Security in the NHS Ian Davison, Director of Business Information Services Alison.

Partners in improving local health Slide 1 Information Governance & IT Security in the NHS Ian Davison, Director of Business Information Services Alison.
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.

1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
The Evolving IG Lead Role Phil Walker IGA. The IG Lead Role I am constantly surprised by the breadth and variety of work undertaken by IG Leads, but there.

The Evolving IG Lead Role Phil Walker IGA. The IG Lead Role I am constantly surprised by the breadth and variety of work undertaken by IG Leads, but there.
7/7/20161 The Public Sector Equality Duty for Schools in England Jonathan Timbers – Policy Manager, PSED Team, Equality and Human Rights Commission.

7/7/20161 The Public Sector Equality Duty for Schools in England Jonathan Timbers – Policy Manager, PSED Team, Equality and Human Rights Commission.
Transforming the quality of dementia care – consultation on a National Dementia Strategy Mike Rochfort Programme Lead Older People’s Mental Health WM CSIP.

Transforming the quality of dementia care – consultation on a National Dementia Strategy Mike Rochfort Programme Lead Older People’s Mental Health WM CSIP.
1 CQC review of data security standards in the NHS Rosie Wood, Strategy Lead Information Governance Alliance Conference 16 March 2016.

1 CQC review of data security standards in the NHS Rosie Wood, Strategy Lead Information Governance Alliance Conference 16 March 2016.
NHS PAM Electrical Systems 2 nd June 2016. 1) Policy & Procedures Does the Organisation have a current, approved Policy and an underpinning set of procedures.

NHS PAM Electrical Systems 2 nd June ) Policy & Procedures Does the Organisation have a current, approved Policy and an underpinning set of procedures.
Information Governance A refresher for all staff who have previously gone through the full course.

Information Governance A refresher for all staff who have previously gone through the full course.
An update from the Department of Health Lorraine Jackson Deputy Director for Data sharing and Cyber security Department of Health 22 November 2016.

An update from the Department of Health Lorraine Jackson Deputy Director for Data sharing and Cyber security Department of Health 22 November 2016.
Tony Sheppard Mobile Guardian

Tony Sheppard Mobile Guardian
Community Services Programme Re-Contracting

Community Services Programme Re-Contracting
Accountability & Structured Privacy Management

Accountability & Structured Privacy Management
New CMS Emergency Preparedness Rule

New CMS Emergency Preparedness Rule
SIGNs Chairs Meeting – 14th December 2016

SIGNs Chairs Meeting – 14th December 2016
Tailored Dispensing Service (TDS)

Tailored Dispensing Service (TDS)

Similar presentations

Ads by Google