June 28th 2023
Nick Griffiths, Lead Quality, Compliance & Development Manager at Bluebird Care Franchises explains how using the Data Security and Protection Toolkit (DSPT) centrally has freed up time for staff and given him the peace of mind that comes with knowing Bluebird Care franchisees are doing everything they can to protect both staff and customer data. And with 200 locations across England, that’s no mean feat.
Nick was made acutely aware of the value of the DSPT for all Bluebird Care franchisees after the company’s data was stolen in a widespread cyber attack that impacted both health and care services last year.
He said: “The DSPT is a sensible and safe guide for us to have in place. In August last year the rostering provider we used – which was also linked to NHS clinical services – was hit by a cyber attack. It took down the data of thousands of employees across the Bluebird Care network. That resulted in mass upheaval for the company for quite some time. And, actually, we are still experiencing challenges from it now, six months down the line. It made us realise we needed additional safeguards in place to prevent something similar happening again.”
Numbers aren’t a barrier – centralising the DSPT
Nick became aware of the DSPT when it was first announced that CQC-registered care providers in England should complete the self-assessment annually to demonstrate they have good data and cyber security practices in place. However, since Bluebird Care operates a predominantly private-pay care model, he didn’t think it would apply to the company’s franchisees. Nevertheless, he produced a guide for franchisees but take up of the DSPT by individual franchisees was low.
In December last year, Nick was made aware that a company as large as Bluebird Care, with multiple franchisees, could complete one DSPT centrally from the Franchise Support Centre, so long as franchisees had the same policies and procedures in place. Luckily, Bluebird Care has centralised policies and procedures around information governance, with each individual business obliged to legally record their franchise agreements.
The many benefits for Bluebird of using the DSPT
Nick says the company can already see the benefits of completing the DSPT, as he explains: “The DSPT is a tool that demonstrates we’re doing even more to protect both customer and staff data against breaches, upholding our reputation.”
Creating a centralised DSPT allowed Nick to take a helicopter view of all Bluebird Care policies and identify any gaps. It also provided a structure for their data protection policy, including tightening up policies for staff using their own mobile phones.
In addition, being DSPT compliant to Standards Met offers Bluebird Care franchisees opportunities that they might have missed otherwise. For instance, it allows them to access shared systems such as GP Connect and NHSmail.
Eating an elephant – or doing the DSPT in bite-sized pieces
Nick admits that at first undergoing a DSPT audit can seem overwhelming.
“It looks like a lot. But sitting and looking at it doesn’t get it done. It’s best to break it down into bite-sized pieces. I dedicated half an hour a day over the course of a week. Fill in the mandatory bits first to focus on what’s important. Get help from others, such as your IT supplier, if there’s questions you can’t answer. And your Local Support Organisation offers free professional 1-2-1 support from a friendly face, supporting your journey and identifying risks along the way.
If I’d known I could do the DSPT centrally I would have done it two years ago. Doing this centrally frees up time for our franchisees’ Care Managers to do other things.”
Ringing the changes with DSPT
“I urge all Franchise Owners to use the toolkit and view it as the final checklist for ensuring they have all the necessary data protection safeguards in place”, says Nick. “Then you can reassure your customers and your employees that their information is safe.”
Top Tips
- Companies with multiple franchisees can complete the DSPT centrally if policies and procedures are the same across the business.
- Break the DSPT down into bite-sized pieces:
– Complete it a step at a time; you don’t have to do it all in one go
– Set aside half an hour a day over a week to complete it
– Fill in the mandatory bits first
– Get help from Better Security, Better Care - Better Security, Better Care’s Local Support Organisations offer free tailored advice to help you improve your data security and compliance with every DSPT question answered
Photo by Dan Dimmock on Unsplash
View all case studies