The DSPT Journey
These are the links you will need to get started
A guide to completing Approaching Standards is available here
These are the policies you will need to complete Approaching Standards
The DSPT also requires you to cover staff training. Below are some videos from Skills for Care that will cover an introduction to data protection which can be incorporated into the induction and training process for staff.
3. Standards Met
A guide to completing Standards Met is available here
These are the policies you will need to complete Standards Met
If you need any assistance whilst completing the DSPT, we have launched a local helpline to assist you with any questions and signposting to resources.
DSPT Devon, Plymouth and Torbay helpline: 01626 912790
The helpline is open from 2-5pm Monday to Friday
Regulation and data and cyber security
8 June 2021
David James, Head of Adult Social Care Policy at the Care Quality Commission discusses current and future plans for regulation and data and technology.
Access to care records, and the use of data and technology are fundamental to health and social care delivery, therefore the Care Quality Commission needs to assess how safely they are used, and how well-led care providers are in terms of governance.
As providers will know, our current assessment framework is based around five key questions, key lines of enquiry, ratings, legal standards and fundamental standards. The use and security of records and data is already covered within these. In particular, question C3.3 from the Key Lines of Enquiry (KLOE) asks: “How are people assured that information about them is treated confidentially…?” And question W2.8 asks: “How does the service satisfy itself that it has robust arrangements… in line with data security standards?”
Our inspectors do encourage care providers to use the officially recognised Data Security and Protection Toolkit to assess their own data and cyber security arrangements - and provide evidence that they are complying with legal and regulatory requirements.
At present, it is not mandatory for care provider to complete the toolkit in order to demonstrate compliance with CQC standards. However, it is certainly one of the most effective and efficient ways of demonstrating compliance to our inspectors and we do expect providers to consider how information is accessed and shared by others and kept safe.
And of course the current DSPT information standard says “All organisations that have access to NHS patient data and systems must use this Toolkit to provide assurance that they are practising good data security and that personal information is handled correctly.” This means reaching Standards Met opens up access to take part in local shared records projects where these projects are available. Our own interim guidance on What good looks like for digital records in adult social care also reflects the fact that all records should comply with the DSPT if providers are accessing NHS patient data and system.
Given the particularly challenging year that care providers have faced during the COVID-19 pandemic, our inspectors have, understandably, been focused on other areas – especially infection control. So although inspectors many not ask for evidence that a care provider has completed the Data Security and Protection Toolkit, we would definitely encourage providers to use it.
What CQC inspectors look for
We want to see that providers focus on outcomes, involve the right people, manage change, understand and meet relevant standards and regulations. So if, for example a care provider was introducing a new data or digital system, they should be able to describe:
We have just published our new five year strategy which has a strong focus on innovation and improvement. This will be followed by a review of our inspection framework which will consider all areas of inspection including: what good looks like in relation to safe, well-led information management and cyber security; what constitutes good practice; and how evidence can be gathered.
We are keen to work with care providers - and the wider system – through the course of that review. Data protection and cyber security is not just an issue for care providers. It is also an important issue for health and care system leaders and commissioners. In future, CQC will have a role in both local authority and Integrated Care System (ICS) oversight. One of our ambitions is to simplify our inspection framework and to apply the same standards to all activities including provider regulation, LA and ICS oversight. We are keen to develop consistent approaches across health and social care – including around the safe and effective use of data.
We aim to have the new framework in place within 12 months.
To find out more and keep up to date, register for CQC updates.