Presentation is loading. Please wait.

Presentation is loading. Please wait.

The session will commence at Please mute your microphone

Published byMary Allison Modified over 6 years ago

Similar presentations

Presentation on theme: "The session will commence at Please mute your microphone"— Presentation transcript:

1 The session will commence at 12.30 Please mute your microphone
Data Security and Protection Toolkit Welcome The session will commence at 12.30 Please mute your microphone Presented by: John Hodson NHS Digital

2 What is the Data Security and Protection Toolkit
Online data security self assessment Replacement for the IG Toolkit Lets organisations measure themselves against the NDG Data Security Standards Provides help for organisations with support to comply with GDPR All organisations that process health and care data should complete a Data Security and Protection Toolkit

3 Why data security is important
It’s about Trust! “Trust cannot be ensured without secure systems…” People trust the health and care system to protect information. Data Security must support digital transformation otherwise the risk of breaches increase and trust will be lost.

4 Why is it changing Static for a long period of time GDPR New threats
Move to continuous improvement model NDG Report Making the first step more straightforward for smaller organisations Provide intelligence to CQC for inspections.

5 Data Security and Protection Toolkit in numbers
Active Users 35 development sprints completed 11,600+ 14,800 Registered organisations Integrated GDPR + NIS Incident notification for streamlined automated reporting Feedback items 500+% Care Homes 580 Uptake so far* 8 Bugs Takes in account other recognised Certifications and systems 560 GDPR Incidents Reported to ICO Reported and fixed

6 What has changed? Move away from level 1,2,3 and towards ‘mandatory’ evidence items Removed duplication Aligned with NDG Standards and GDPR More concise requirements Documentary evidence only required where it adds value Exemptions for organisations which use NHSmail or have in place a relevant standard (PSN IA or Cyber Essentials PLUS)

7 Hardest requirements in DSPT
95% of all staff to have data security training List of systems holding or sharing personal information (information asset register) Data Protection Impact Assessments. Understanding your data flows Understand who has access to all your systems Organisations must survey their software for unsupported systems Organisations must ensure all networking components have had their default passwords changed. Adult Social Services and Public Health.

8 Iterative development

9 What is coming? New functionality in development* Entry level
accessibility and user interface improvements provide evidence for multiple organisations but not submitting public view peer benchmarking and enhanced reporting generate an action plan. * Not exhaustive

10 Incident Reporting Overview
An online tool for reporting GDPR notifiable incidents (health and care data) Applies to all organisations processing health and care personal data under contract Worked with ICO DHSC, NHS England and users Replacement of the IG SIRI Tool Guidance published and updated

11 Guidance for Care Providers for the Data Security and Protection Toolkit
Final version of this guidance includes: ‘Tool tips’ guidance to accompany the assertions in the new toolkit An updated Guide for Registered Managers An updated Guide for Staff ‘Big Picture’ Guides (overall view of 10 Data Standards, including ‘How to’ Guide with model answers). Available: 11

12 Help and support Register
Presentation developed to be used by IG Leads. FAQs including Training Tool. DSP Toolkit Support available through. Toolkit training and update events LGA newsletter article.

13 Demonstration

14 Questions?

15

Download ppt "The session will commence at Please mute your microphone"

Similar presentations

Security Controls – What Works

Security Controls – What Works
Information Governance in Commissioning Mental Health Commissioners Collaborative.

Information Governance in Commissioning Mental Health Commissioners Collaborative.
AGENDA Welcome and introductions Brief introduction to PSI Mobile Technical Overview Demonstration Q and A Next Actions.

AGENDA Welcome and introductions Brief introduction to PSI Mobile Technical Overview Demonstration Q and A Next Actions.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
1 Understanding CQC registration Summer 2012. 2 Introduction to CQC.

1 Understanding CQC registration Summer Introduction to CQC.
Improving the IG Toolkit (IGAF 2) presented by Mark Reynolds SCCI, September 2015.

Improving the IG Toolkit (IGAF 2) presented by Mark Reynolds SCCI, September 2015.
HIPAA Security John Parmigiani Director HIPAA Compliance Services CTG HealthCare Solutions, Inc.

HIPAA Security John Parmigiani Director HIPAA Compliance Services CTG HealthCare Solutions, Inc.
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.

1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
The Evolving IG Lead Role Phil Walker IGA. The IG Lead Role I am constantly surprised by the breadth and variety of work undertaken by IG Leads, but there.

The Evolving IG Lead Role Phil Walker IGA. The IG Lead Role I am constantly surprised by the breadth and variety of work undertaken by IG Leads, but there.
Healthy Apps Healthy Data Healthy People Healthy Apps Healthy Data Healthy People.

Healthy Apps Healthy Data Healthy People Healthy Apps Healthy Data Healthy People.
The Quality Surveillance Team / Programme

The Quality Surveillance Team / Programme
Preparing for the GDPR Helping us to help you.

Preparing for the GDPR Helping us to help you.
CQC matters: Regulating the safe and effective use of medicines

CQC matters: Regulating the safe and effective use of medicines
Knowledge for Healthcare: Driver Diagrams October 2016

Knowledge for Healthcare: Driver Diagrams October 2016
IS YOUR ORGANISATION’S INFORMATION SECURE?

IS YOUR ORGANISATION’S INFORMATION SECURE?
NHSmail: social care overview

NHSmail: social care overview
SIGNs Chairs Meeting – 14th December 2016

SIGNs Chairs Meeting – 14th December 2016
Emergency Care Data Set (ECDS)

Emergency Care Data Set (ECDS)
Tailored Dispensing Service (TDS)

Tailored Dispensing Service (TDS)
Secure Standard Introduction for IT Suppliers

Secure Standard Introduction for IT Suppliers

Similar presentations

Ads by Google