Social care providers delivering work under an NHS contract must have reached at least Standards Met on the DSPT as it is a requirement within NHS England’s Standard Conditions Contract.
Local authorities are increasingly adding the requirement to have the DSPT in place to their contracts – and it is clearly the direction of travel.
Better Security, Better Care is working with ADASS and local authorities to explore how they can strengthen care providers’ data protection through their role as commissioners.
We worked with the North West Association of Directors of Adult Social Services (NW ADASS) to develop guidance to support Adult Social Care (ASC) Commissioners in increasing implementation of the Data Security and Protection Toolkit (DSPT) across the ASC market.
This is an important step that will help councils encourage adult social care providers to evaluate and improve their data security by completing their DSPT.
In May 2023, the government published guidance for care providers and local authorities on What Good Looks Like (WGGL) for digital working in adult social care.
The guidance details 7 success measures which provide common goals for organisations to work towards. The guidance is aimed at people who have a responsibility for digital transformation in local authorities.
Success Measure 3 – Safe Practice
This success measure details the importance of taking informed steps to protect people’s health and care information against cyber threats and data breaches. This includes making sure that staff are trained, the organisation has clear policies and processes, including business continuity plans, to respond to a data breach or cyber attack.
The guidance recommends that local authorities should:
The guidance recommends that care providers should:
Buckinghamshire Council’s Head of Integrated Commissioning writes a blog post on the value of supporting care providers to use the DSPT.
Durham County Council’s Supporting the Provider Market team speak to Digital Care Hub about what they’re doing to improve cyber security practices within their provider market.
Some local authorities might ask providers for Cyber Essentials. Cyber Essentials is a useful resource that helps organisations to protect themselves from common cyber threats. The DSPT covers the same topics as cyber essentials, but goes a little further by helping organisations to protect their data security arrangements and meet their minimum GDPR requirements.
The Local Government Association (LGA) recommends that “commissioners should support providers to complete the DSPT to Standards Met level”. Other than including the DSPT in contracts, commissioners can also support providers by putting them in touch with their Local Support Organisation or signposting them to resources available from Better Security, Better Care.
Buckinghamshire Council have developed a business continuity plan audit tool which supports local authorities to check how robust a care provider’s business continuity plan is.
A robust business continuity plan that includes data protection and cyber security will help to minimise the impact of a data breach or cyber attack.