Log in

As a care provider, you know how important it is to have access to good information about the people you support and your staff.

In order to store and share that information safely, you need to be confident that your paper and digital records are secure. 

DCHC, in partnership with the CCG, is offering free local support to care providers to evaluate and improve their data and cyber security and complete an annual, online self-assessment using the Data Security and Protection Toolkit (DSPT). The programme will help you to evaluate and improve your data and cyber security. This means you can reassure the people you support and their families, your staffcommissionersCQC regulatorslocal authorities, and health and care partners, that you are following good practice – and meeting legal and regulatory requirements.


The DSPT Journey

1. Register/Login

If you have never started the DSPT, or maybe have done some work on it in previous years, come along to one of our introductory sessions to get started. We will cover what exactly the DSPT is, what the new changes are, how to register, and what your next steps are.

Thursday 21st October 2pm Register here

Wednesday 27th October 2pm  Register here

Thursday 4th November 2pm Register here

Wednesday 10th November 2pm Register here

Thursday 18th November 2pm  Register here

Wednesday 24th November 2pm  Register here

Thursday 2nd December 2pm  Register here

Wednesday 8th December 2pm Register here

These are the links you will need to get started


If you're organisation has already registered and you've forgotten the login - reset the password

If you're organisation has registered but you are unsure which email was used - contact the Exeter Helpdesk

Telephone: 0300 303 4034

Email: exeter.helpdesk@nhs.net

Please provide your ODS code or address when raising queries via email.

2. Approaching Standards

If you've already made a start to the DSPT and would like some support answering the questions, then we are running weekly workshops right up until Christmas and beyond. These are two hour sessions going through all of the questions in two of the four topic areas of the DSPT.

For these sessions you need to already have registered with the DSPToolkit and have your ICO registration in place.

You will only need to attend one of each of these sessions to complete the Toolkit.

Staffing and Policies

14th October 11am

20th October 11am

28th October 11am

3rd November 11am 

11th November 11am 

18th November 11am

24th November 11am 

1st December 11am 

9th December 11am 

Data Security and IT Systems

21st October 11am 

27th October 11am 

4th November 11am 

10th November 11am

17th November 11am

25th November 11am 

2nd December 11am

9th December 11am 

A guide to completing Approaching Standards is available here

These are the policies you will need to complete Approaching Standards

The DSPT also requires you to cover staff training. Below are some videos from Skills for Care that will cover an introduction to data protection which can be incorporated into the induction and training process for staff.

3. Standards Met

A guide to completing Standards Met is available here

These are the policies you will need to complete Standards Met

Helpline launched!

If you need any assistance whilst completing the DSPT, we have launched a local helpline to assist you with any questions and signposting to resources.

DSPT Devon, Plymouth and Torbay helpline: 01626 912790

The helpline is open from 2-5pm Monday to Friday


Regulation and data and cyber security

8 June 2021

David James, Head of Adult Social Care Policy at the Care Quality Commission discusses current and future plans for regulation and data and technology.

Access to care records, and the use of data and technology are fundamental to health and social care delivery, therefore the Care Quality Commission needs to assess how safely they are used, and how well-led care providers are in terms of governance.

As providers will know, our current assessment framework is based around five key questions, key lines of enquiry, ratings, legal standards and fundamental standards. The use and security of records and data is already covered within these. In particular, question C3.3 from the Key Lines of Enquiry (KLOE) asks: “How are people assured that information about them is treated confidentially…?” And question W2.8 asks: “How does the service satisfy itself that it has robust arrangements… in line with data security standards?”

Our inspectors do encourage care providers to use the officially recognised Data Security and Protection Toolkit to assess their own data and cyber security arrangements - and provide evidence that they are complying with legal and regulatory requirements.

At present, it is not mandatory for care provider to complete the toolkit in order to demonstrate compliance with CQC standards. However, it is certainly one of the most effective and efficient ways of demonstrating compliance to our inspectors and we do expect providers to consider how information is accessed and shared by others and kept safe.

And of course the current DSPT information standard says “All organisations that have access to NHS patient data and systems must use this Toolkit to provide assurance that they are practising good data security and that personal information is handled correctly.” This means reaching Standards Met opens up access to take part in local shared records projects where these projects are available. Our own interim guidance on What good looks like for digital records in adult social care also reflects the fact that all records should comply with the DSPT if providers are accessing NHS patient data and system.

Given the particularly challenging year that care providers have faced during the COVID-19 pandemic, our inspectors have, understandably, been focused on other areas – especially infection control. So although inspectors many not ask for evidence that a care provider has completed the Data Security and Protection Toolkit, we would definitely encourage providers to use it.

What CQC inspectors look for

We want to see that providers focus on outcomes, involve the right people, manage change, understand and meet relevant standards and regulations. So if, for example a care provider was introducing a new data or digital system, they should be able to describe:

    • How the system will improve the quality of care they provide, support their organisation’s objectives and deliver better outcomes for people who use their service
    • How they have involved staff and people who use services in set up
    • The appropriate levels of planning and governance in place
    • How information will be accessed, shared and managed
    • What backup and contingency arrangements are in place
    • How they are meeting data protection and data security requirements. They should have clear and robust policies about consent, privacy and equality.

What’s next?

We have just published our new five year strategy which has a strong focus on innovation and improvement. This will be followed by a review of our inspection framework which will consider all areas of inspection including: what good looks like in relation to safe, well-led information management and cyber security; what constitutes good practice; and how evidence can be gathered.

We are keen to work with care providers - and the wider system – through the course of that review. Data protection and cyber security is not just an issue for care providers. It is also an important issue for health and care system leaders and commissioners. In future, CQC will have a role in both local authority and Integrated Care System (ICS) oversight. One of our ambitions is to simplify our inspection framework and to apply the same standards to all activities including provider regulation, LA and ICS oversight. We are keen to develop consistent approaches across health and social care – including around the safe and effective use of data.

We aim to have the new framework in place within 12 months.

To find out more and keep up to date, register for CQC updates.

Contact David.James@cqc.org.uk

Ogwell Grange, Rectory Road, East Ogwell, Newton Abbot, Devon, TQ12 6AH

© Copyright 2020 Devon Care Homes
Privacy Policy

Powered by Wild Apricot Membership Software