Cyber Security: What do new care services need to know?

Cyber Security: What do new care services need to know?

December 1st 2023

Better Security, Better Care teamed up with the Homecare Association for another specialised webinar series exclusively tailored for new care services looking to improve their data protection and cyber security arrangements.

The session, hosted by the Homecare Association’s Director of Corporate Services, Jon Stone, and Digital Care Hub’s Project Lead, Katie Thorn, explored the key legal requirements new care services need to be aware of, and what support is available to meet them.

You can access a full recording here.

What requirements do care services need to follow to protect information?

One of the primary themes discussed in the webinar was the care provider’s responsibility to be compliant with data protection legislation. As a care service you handle a lot of personal and sensitive information, and must know how to store and share it safely.

In 2017, the Department of Health & Social Care established policy that all health and social care providers must follow the 10 Data Security Standards, developed by the National Data Guardian. These standards are organised under 3 leadership obligations:

  • People
  • Process
  • Technology

Care providers are classified as data controllers, meaning that you determine how and why data is processed. For example, the development of a person’s care plan, how it is used, stored, and updated is your responsibility as a care provider. This means that you need to register with the Information Commissioner’s Office.

What do new care services need to do to protect information?

New care services will need to have some policies in place relating to data protection and cyber security. The size of your business might mean that you have one all-encompassing policy, whilst others might have multiple policies. The important thing is that you have them – and you follow them.

Digital Care Hub has a range of free templates to help you create the records that you need to comply with data protection law.

A good framework to check your business meets minimum GDPR and the 10 Data Security Standards is the Data Security & Protection Toolkit (DSPT). The DSPT is a free self-assessment tool that will help you to check what policies and procedures you have in place. It can also be used as evidence in regulatory inspections.

What policies will the DSPT ask for?

A full list of policies to have in place before completing the DSPT and templates for each can be found on the Pre-DSPT checklist. Some of them include:

  • Data Protection Policy
  • Training needs analysis
  • Network security policy
  • Smart Phone policy
  • Business continuity plan

What support is out there to help new care services?

Getting to grips with your data protection arrangements might feel a little daunting at first, but it doesn’t have to be. There is so much free support available to help you, and a really good place to start is with Better Security, Better Care. As well as national online support, the programme offers localised one to one support across England for all CQC-registered care providers.

Watch Rose’s story on her experience as a new care provider and accessing free support from Better Security, Better Care:

Further information

View all News

Next Event

View all Events


View all Events