New document summaries data security and protection requirements for health and care services
November 2 2017
New guidance on complying with the 10 data security standards recommended by the National Data Guardian has been issued for health and care organisations.
NHS England’s ‘Data Security and Protection Requirements’ sets out what all organisations will be expected to do to demonstrate that they are implementing the standards set out by Dame Fiona Caldicott in July 2017. It also includes more details about the assurance framework for April 2018 onwards, when the new Data Security and Protection Toolkit (DSP Toolkit) replaces the Information Governance Toolkit (IG Toolkit).
“General Practices, contracted to provide primary care essential services to a registered list under the NHS standard General Medical Services (GMS) contract (or Personal Medical Services (PMS) or Alternative Provider Medical Services (APMS) contracts), must comply with the requirements set out in this document, as part of the data security and protection requirements set out in that contract,” says the guidance.
“Some requirements will be implemented by the commissioner of the GP IT & GP Information Governance Support Service (Clinical Commissioning Group (CCG) or NHS England Regional) on their behalf.”
The document covers the leadership obligations in relation to three aspects: people, processes, and technology. Aspects include:
- senior level responsibility;
- completing the Information Governance Toolkit v14.1;
- completing the General Data Protection Regulation Checklist;
- training staff;
- continuity planning;
- unsupported systems;
- on-site assessments;
- supplier certification frameworks.
Links:
Department of Health announcement
‘2017/18 Data Security and Protection Requirements’ document