Why data protection and cyber security matter

Having good data protection and cyber security arrangements in place is critical to delivering safe, effective care.

 

It’s essential to good care

You need access to accurate, timely information to make informed decisions about people’s care. Whether that’s the care plan you create and hold within your service or access to NHS patient information.  And you cannot hold, use or share that information without good data protection arrangements in place.

 

It’s the law.

All organisations must protect personal information but as a care provider you have additional legal obligations. You must manage sensitive data such as information about health and care needs even more carefully, and you must share data in order to support someone’s care.

There are some rules you must follow when you handle personal data. These are set out by General Data Protection Regulation (GDPR) and the National Data Guardian’s 10 Data Security Standards.

If you do not comply with these regulations, you are breaking the law. You could be fined by the Information Commissioners Office.

Care providers are classified as data controllers, meaning that you determine how and why data is processed. For example, the development of a person’s care plan, how it is used, stored, and updated is your responsibility as a care provider. This means that you need to register with the Information Commissioner’s Office.

The Data Protection Act 2018 and General Data Protection Regulation (GDPR) came into force in 2018. All organisations must take steps demonstrate they are complying with the data protection legislation.

These laws apply to personal data which belongs to an identifiable, living person.

You must keep records to prove that you are complying with the law.

 

It’s in all contracts.

As your business grows, you are very likely to want to win care contracts from the NHS and local authorities.

NHS and local authority commissioners require you to have good data protection and cyber security arrangements in place.

All NHS contracts and increasing numbers of local authorities require you to have completed the government-funded self-assessment tool on data protection and cyber security. It’s called the Data Security and Protection Toolkit (DSPT) – and we can help you to register for and complete the toolkit, for free.

 

It’s what people expect

People who pay for their own services, and their families, will also expect you to protect their information.  We are all growing more aware of the risk of identity theft and cyber attacks – and attack on such personal information such as someone’s health and care needs, can be devastating. And of course, if they are paying for their own care, you will have their bank details which is very valuable information for a cyber criminal.

 

It’s required by the Care Quality Commission.

You must prove to CQC inspectors that you have robust arrangements in place to manage data safely. The DSPT is specifically mentioned in the Single Assessment Framework.

CQC has said that they “will increasingly expect a good provider to comply with the Data Security and Protection Toolkit (DSPT) or equivalent, as a minimum. This also applies where you use a combination of digital and paper record systems.”

 

It’s the present – and the future.

The increasing use of digital technology means information can be shared quickly. It can speed up and improve decisions about health and care, but it does increase the risk of a cyber attack. You must minimise that risk by having good arrangements in place.