May 13th 2024
70% (18,000) of all CQC registered care provider locations have an up-to-date Data Security and Protection Toolkit (DSPT) in place – up from just 15% before Better Security, Better Care started in 2021.
Our impact report, published at this week’s Cyber UK Conference, highlights the difference we are making – well beyond basic compliance with the DSPT.
Despite launching during the Covid pandemic which had a tremendous strain on the care sector, our programme has managed to reach and engage record numbers of care providers.
Almost five times more care providers are now using the DSPT to help them to keep information safe. In fact, the increase in the use of the DSPT by care providers is faster than any other sector – including GPs, dentists and large NHS Trusts. And we are by far the largest sector.
The programme is central to government policy. For example, in the adult social care reform white paper – People at the Heart of Care – the government commits to building on Better Security, Better Care to broaden support on data and cyber security.
Our programme is unique. We work at national, regional and local levels, to engage and support care providers across all sectors. And like all Digital Care Hub work, it is delivered by social care providers, for social care providers.
Local and regional collaboration is central to our model. Our 28 local support organisations work closely with local authorities, integrated care boards and integrated care partnerships to ensure that data protection is considered in planning, supporting and commissioning health and care services.
Since our launch in 2021, we have delivered 2,200 webinars, 10,000 hours of one-to-one support and 14,000 hours of helpline support.
Speaking about the programme, director Michelle Corrigan said:
“What’s been really striking is that our impact is so much wider than the use of the DSPT. We are helping care providers to really get to grips with practical issues – from awareness raising and cyber security training for their staff, to improving their policies and practices around issues such as staff’s use of their own devices for work purposes.”
Care providers told us that they struggle to access relevant training for their staff on data protection and cyber security. So, we developed the first free, open access data protection and cyber security elearning. Since launching in December 2023, the resources have attracted over 31,000 page views.
They have also said that, by completing the DSPT, they are identifying key areas for improvement. For example, they are now consistently creating backups to ensure they continue to have access to data in the event of a cyber attack and introducing clearer, safer policies around the use of staff’s own devices such as mobile phones.
At a national level, we are working with the Department of Health and Social Care and NHS England’s Joint Cyber Unit to check and improve national cyber incident response arrangements.
Our 28 local support organisations across England provide tailored, direct support to care providers in their area. This includes in-person training and workshops, online or telephone support, and site visits.
An independent evaluation of the programme concluded that we provide excellent value for money.
Since 2021, we have received grants worth a total of £10.4 million. £7m has gone directly to our 28 local support organisations that deliver direct support to care providers in their areas. The remaining £3.4 million has been used to deliver the programme, increase awareness and develop partners, and to research emerging issues.
The 2022 evaluation by Cordis Bright concluded that we demonstrated value for money in four main areas:
- Return on investment in terms of preventing costly cyber-attacks and data breaches. Their analysis indicates that for every £1 spent on the programme, approximately £2.50 was saved in terms of avoiding the cost of cyber incidents on the social care sector.*
- Reduction in administration costs for both social care providers and for the NHS through access to NHSmail, digital record-keeping and Proxy Access achieved as a result of publishing the DSPT.
- Delivering a strategic focus for engagement between social care providers and the integrated care systems and integrated care boards which supports the wider agenda of integration and closer alignment between health and social care.
- Efficiency savings to the wider health and social care system arising from the digitisation of systems enabled by the completion of the DSPT.
The programme is now well-established as the adult social care delivery infrastructure for cyber resilience and we continue to work closely with the Joint Cyber Unit on, for example, briefing the sector on cyber incidents.
As well as supporting care providers to complete the DSPT, we have been keeping our eye on emerging issues.
Over the last three years, we have commissioned 20 special projects to increase our understanding of data protection and cyber security issues for our diverse sector. In 2023, we launched the Action Research Fund to harness sector knowledge and expertise and to identify and test new approaches.
Looking to the future, Michelle Corrigan says:
“We will continue to work closely with care providers, partners and funders to ensure care providers expand their safe use of data and digital technology. We will also work with government to inform and implement policies which directly or indirectly impact on care providers use of data. And we will continue to identify emerging challenges – such as how to make the most of artificial intelligence while reducing the risks.”
If you would like to discuss potential partnership work, research or contracts, please email us at [email protected]
Read Better Security, Better Care: Impact report 2021-2024
View our infographic which summarises our impact.
View all News