What should commissioners know about data protection and cyber security?

What should commissioners know about data protection and cyber security?

March 11th 2024

 Commissioners of care are often looking to how they can build quality improvement into commissioning strategies so that market stability is supported, risks are reduced, and quality is upheld.
Ahead of our webinar for commissioners supporting care providers with the Data Security & Protection Toolkit (DSPT), Matilda Moss, Head of Integrated Commissioning for Buckinghamshire Council, explores what commissioners need to know about data protection and cyber security.

As a commissioner of care, it’s really important to me that the care providers I work with know and understand how to keep the information they hold safe.

Technology has changed – and continues to change – the way we deliver social care. The COVID-19 pandemic propelled us to take on digital systems and these technological advancements have brought about numerous benefits, including more efficient care delivery, data-driven insights, and furthered the person-centred focus.

There are significant rewards to reap with going digital, but it will always come with a little risk. How that risk is managed should be a concern for all care providers and those of us who commission care services.

Why should commissioners care about data protection & cyber security?

The government’s Cyber Security Strategy to 2030 agrees that we must work together with all parts of the system to foster a strong culture of cyber security as part of our social care responsibility. As commissioners, we share a lot of sensitive information with care providers, and in order to comply with data protection regulations, the services we commission should also comply.

So it doesn’t matter where you fit into the system, we all have a responsibility to protect people’s information. Care providers who maintain good cyber security practices also demonstrate to commissioners that they take data protection seriously and understand what their own responsibilities are.

I’m not a fortune teller, but I’m relatively confident that the future of care is digital. The Care Quality Commission (CQC) recognises the benefits to going digital and actively encourages providers to make the transition. There’s also government backed funding available to care providers across England to adopt digital technology. Eventually it will become challenging to have a ‘good’ or ‘outstanding’ rating without digital systems in place, and we need to help care services understand how to protect those systems.

Where should commissioners signpost care services to for support?

Luckily for us, there’s already a wealth of free support and information for care services out there. We don’t need to reinvent the wheel, but we should know where to signpost care services to and what information to include in training. Working collaboratively with our local care and trade associations is an excellent way we can access support and align on messaging.

Encouraging care services to use the Data Security & Protection Toolkit (DSPT) will help them to work through and identify where there might be vulnerabilities in their business. It’ll show them what they need to do to keep their information secure, and it can support in demonstrating to us that they’re taking data protection seriously.

Signposting care services to the government funded free support programme to use the DSPT, Better Security, Better Care, will help care providers complete the toolkit at ease. The DSPT should be completed at least once a year to reflect changes in a business, and commissioners can check a care provider’s status online.

Some local authorities have chosen to include the DSPT in contracts with care providers to help drive improvement with data security and protection in their area. This is another way commissioners can encourage good practice, and there’s template wording guidance available from Better Security, Better Care.

What can commissioners do to reduce the risk & impact of a cyber attack on a care service?

As well as signposting to key resources and guidance, commissioners should have a clear way of working with providers to support them with data protection and cyber security issues.

It’s important that care services communicate any data protection or cyber security issues with commissioners as quickly as possible, even where full details are not known. Open and honest communication means that we can help the provider respond and maintains confidence and integrity in the relationship the local authority holds with them.

Understanding the key issues covered in the DSPT is essential. This helps commissioners understand what policies and procedures care services are expected to have in place, and will support us in carrying out spot audits of topics covered in the DSPT such as business continuity plans and cyber security policies.

Both care services and commissioners should consider who else they would contact in the event of an incident to access support. In an urgent situation, having input from data protection and cyber security colleagues can help the local authority and the provider to action a response.

A unified approach will be key in developing consistency across the adult social care market and improving sector-wide cyber security infrastructure. We all have a role to play in this ever-evolving digital landscape, and investing our efforts in the present moment will secure a promising future.

View all News

Next Event

View all Events


View all Events