UKA correspondentWednesday 16 May 2018

NHS gets new Data Security and Protection Toolkit

Online self-assessment tool will support compliance National Data Guardian’s 10 standards and GDPR

NHS Digital has launched the new Data Security and Protection Toolkit, replacing the previous Information Governance Toolkit, to help keep patient information safe.

'Data protection' key on keyboardIt is an online self-assessment tool for health and social care organisations to measure and publish their performance against the National Data Guardian’s 10 data security standards.

All organisations that have access to NHS patient data and systems – including trusts, primary care and social care providers and commercial third parties – must complete the toolkit to provide assurance that they are practising good data security and that personal information is handled correctly.

Dan Taylor, programme director for the Data Security Centre at NHS Digital, described it as a “powerful tool” to assess cyber preparedness.

“This launch marks the start of a journey, with the toolkit forming a foundation for long term improvements in patient data security,” he said. “The toolkit is part of a number of new initiatives to build public trust in the way we secure their data.”

Simpler format

NHS Digital said it has taken feedback from users in the health and care sector to make the toolkit easier to use with a simpler format. It is also designed to help organisations measure themselves against key elements of the General Data Protection Regulation, which is due to come into force later this month.

Organisations which provide health services or connect to national systems will be required to complete the toolkit annually. However, it will not be required for the relevant elements if they already have accreditation such as ISO27001 and Cyber Essentials Plus.

It will also be used to support the Care Quality Commission’s Well Led inspections over the next year.

Image from iStock