The Data Security and Protection Toolkit (DSPT) is the officially-recognised self-assessment tool on data protection and cyber security for adult social care providers in England.


The DSPT is a free, online self-assessment of health and social care providers’ data security and protection policies, procedures and processes.

It is not just about technology and digital records – it is about any information that care providers hold about any person – staff, clients, funders, partners or visitors – including paper records.

By answering a series of questions, care providers can demonstrate that they are compliant with data protection legislation, the health and social care data security standards, and good practice.

The DSPT was originally developed by the NHS and updated in consultation with care providers to ensure it is social-care friendly.

Central and local government bodies, local authority and CCG commissioners, the Care Quality Commission and the National Data Guardian recognise it as the official tool to evaluate your compliance with legal requirements, Data Security Standards and good practice.

Who needs to complete the DSPT

If you have services funded by the NHS, for example under continuing healthcare, there is a contractual requirement to complete the DSPT every year.

All adult social care services in England, including residential and nursing homes, supported living, homecare, extra care, shared lives and day services, are strongly recommended to complete the DSPT. It’s increasingly what local authorities, CCGs and the Care Quality Commission will expect to see.

Better Security, Better Care is the free and official support programme to help care providers complete their DSPT.


By using the DSPT on an annual basis and reaching Standards Met you will be able to:

  • reassure people who use services, their families and your staff that you are managing their information safely. Most people expect you to share information with others who support them – but you must do this securely and legally
  • answer the Care Quality Commission’s Key Line of Enquiry questions about how you manage data securely (see KLOE W.2.8)
  • demonstrate that you meet legal requirements including Data Protection Legislation and the Data Security Standards
  • access key services such as NHSmail and shared care records.

Access to shared systems and NHSmail

The DSPT opens up potential access to shared systems, as the toolkit reassures NHS colleagues that care providers are operating to the same data security standards as NHS bodies. By completing the toolkit and achieving ‘Standards Met’, care providers can access the following systems:

  • GP Connect
  • Local shared care records
  • Proxy access to GP records
  • Proxy access for medication ordering
  • Summary care records

NHSmail is a free, secure email system available to care providers. NHS bodies require care providers to use secure email systems if they are communicating with them. To access NHSmail care providers must reach ‘Approaching Standards’ or above on the toolkit.

Contact us

If you want to find out more about the DSPT, or get involved with the Better Security, Better Care programme which supports the use of the Toolkit, contact [email protected].