Large care providers may complete the Data Security and Protection Toolkit (DSPT) at headquarters level on behalf of all their sites and services. If they do, each registered manager must take ownership of the DSPT and its implementation at their site.
This checklist helps registered managers to understand what they need to do if their headquarters has completed the DSPT.
Registered managers should understand and implement the information recorded in the DSPT published by headquarters.
As a registered manager, you should:
- Receive a copy of the published DSPT from Headquarters: They should provide this to you as a spreadsheet showing all the answers they have added to the DSPT. You should check that the answers are in line with your site’s policies and procedures. If they are not, discuss this with your head quarters colleagues.
- Receive a copy of the DSPT Published Certificate: This is evidence that you have good data protection arrangements in place. You should:
-
- Display it at your premises and upload it to your website
- Ensure all staff are aware of the DSPT and what it means to them
- Share it with people seeking care
- Use it as evidence where relevant for CQC, commissioners, NHS partners, bids, data suppliers etc.
3. Attend DSPT and related webinars: These free sessions are hosted nationally by Digital Care Hub, or locally by a Local Support Organisations in your area.
4. Know where and what relevant policies are, and familiarise yourself with key components including:
-
- Data Protection
- BCP/ Incident response
- Training Needs Analysis
- Privacy policy and National opt-out.
5. Ensure documentation is up-to-date and accessible: For example, you should:
-
- Make sure staff know how and where to access relevant policies
- Keep own records up to date and inform the head office of any changes
7. Conduct regular backups, audits and reviews: You can use the following free resources to help with this, and do discuss it with your headquarters.
8. Maintain clear processes for reporting and managing data breaches
9. Foster a good cyber and data culture: Provide strong leadership support alongside good open communication about potential risks and incidents
10. Hold regular training sessions to keep staff informed of best practices: Check if your head office is arranging this centrally. You can find free resources and courses, including Digital Care Hub’s free elearning and Cyber Game.
