What Good Looks Like: Cyber and Data Security

July 31st 2024

In his latest blog, Mark de Bernhardt Lane, Head of Programmes (Digital) for South West ADASS, delves into the significance of digital maturity in the adult social care sector, exploring the What Good Looks Like (WGLL) framework and its role in enhancing cyber security and data protection.

Digital maturity in the adult social care sector centres on the capability and sophistication of its organisations’ adoption and use of technology. Whilst ‘what’s in and what’s out’ in Care Quality Commission (CQC) assessments of councils is open for debate and is constantly evolving, at its centre it encompasses the culture of the organisation to support innovation, digital leadership, workforce skills to support digital working, and the capability to effectively utilise digital technology. These processes, capabilities and behaviours are integral to meeting the evolving needs of service users through efficient, safe, and responsive digital services.

The ‘What Good Looks Like’ (WGLL) framework is a tool to support the whole sector’s journey towards digital maturity. It provides a blueprint for care providers and local authorities to follow, ensuring consistency  as they digitise, connect, and transform services. Initially developed by NHS England and the Department of Health and Social Care, the framework is part of a broader initiative to enhance digital capabilities across health and social care services. And an important part of it are the success measures specifically for care providers and also for local authorities. In total there are seven success measures that cover most aspects of the digital working:

1. Well led
2. Ensure smart foundations
3. Safe practice
4. Support workforce
5. Empower people
6. Improve care
7. Healthy populations

Whilst it is an aspirational framework, we are now seeing it increasingly used or adopted across the wider health and care system. Nationally, Integrated Care Systems (ICS) have assessed their digital maturity using it; primary care is just completing the same exercise. In the South West, North West and North East regions, local authorities have benchmarked themselves using it too. In the East of England one of the ICSs has piloted and launched it as a self-assessment tool for the local social care provider market, with very promising response levels. It is highly likely that we are at a tipping point where aspiration is starting to become reality and where we could, for the first time start to understand where we are, as a local care and health ecosystem, on this path to digital maturity.

The framework, when adopted this way, will encourage collaboration between local authorities, health and care providers, and technology experts to have a more cohesive and unified digital strategy.

Importantly, and most relevant to our agenda at Better Security, Better Care, it provides a blueprint for care providers and local authorities to follow, ensuring that as they digitise, connect, and transform services, they do so with the utmost attention to the safety and security of the data they hold.

Cyber security: a bedrock of digital excellence

With the rise in recent, high-profile instances of cyber-attacks on the health and care sector and its suppliers of technology, cyber and data security is placed as one of the foundational elements within the WGLL framework. Helpfully the framework and the evidence of a provider’s and local authority’s cyber security maturity reflects the CQC’s requirement for safety in care services. The framework’s ‘Smart Foundations’ and ‘Safe Practice’ measures support the CQC’s standards for protecting service users from harm and managing risk effectively. They emphasise the need to safeguard sensitive data by utilising tools available such as the Data Security and Protection Toolkit (DSPT), and maintaining trust.

Robust digital foundations

The ‘Smart Foundations’ success measure highlights the importance of creating a secure IT infrastructure, advocating for secure, scalable and interoperable systems that form the backbone of digital care delivery. This includes data encryption, secure storage solutions, and stringent access controls to safeguard personal and sensitive information.

Data protection and compliance

The ‘Safe Practice’ measure mandates adherence to legal and regulatory standards, including GDPR and the Data Protection Act 2018, to manage personal data responsibly. This measure reinforces the commitment to using digital tools for risk management and the enhancement of safeguarding practices.

Local authorities have a responsibility to support commissioned providers in maintaining robust digital safety practices. The DSPT is the officially-recognised  tool for care providers to check and improve their arrangements. The WGLL framework recommends incorporating DSPT requirements into contracts with care providers, which is an obvious way to encourage safe digital practices in the provider market. Those that are ready to do this can utilise the free contract wording guidance developed by North West ADASS to facilitate that process.

However not all local authorities may be ready to add the DSPT into contracts at this time. Regardless of that, they can still play a pivotal role by encouraging care providers to adopt the toolkit and leverage the fully funded support available through the Better Security, Better Care programme. This approach ensures that all care providers, regardless of their current level of digital maturity, have the opportunity to strengthen their data security practices.

Empowering individuals through data security

The ‘Empower People’ measure ensures that individuals are informed about the use, storage, and sharing of their data, upholding their privacy rights and autonomy. This aligns with the CQC’s expectation for services to be caring and compassionate, respecting the dignity and privacy of service users.

Continuous cyber security improvement

The ‘Improve Care’ measure calls for ongoing vigilance in monitoring cyber security threats and updating security protocols to address emerging vulnerabilities. This proactive approach is vital for the continuous enhancement of care services and supports the CQC’s focus on the effectiveness of care.

Supporting the workforce with cyber security training

The ‘Support Workforce’ measure focuses on providing comprehensive cyber security training, equipping staff with the necessary skills to prevent data breaches and understand their role in data security. This initiative is crucial for meeting the CQC’s standards for well-led services.

Local Authorities can support care providers to upskill their own staff’s data protection knowledge by signposting them to the free data and cyber security elearning resource available from Better Security, Better Care.

Setting the standard for a secure digital future

The WGLL framework provides a clear and structured path for integrating technology into adult social care, ensuring that every digital advancement contributes to a more efficient, safe, and person-centred care system. By adhering to the framework’s principles, care providers and local authorities can deliver services that are not only effective but also secure and trustworthy. As the sector progresses, the WGLL framework stands as a beacon, guiding the way to a future where digital adult social care is synonymous with safety, security, and excellence.

In essence, the WGLL framework is about harnessing technology to enhance the human experience of care. It presents a vision for a digital environment that supports and enriches the lives of all stakeholders. With its focus on people, the framework charts a course towards a bright and secure future for adult social care, where digital transformation is achieved with a steadfast commitment to the well-being of individuals and communities. The alignment of the WGLL’s cyber security and data security measures with the CQC inspection themes ensures high-quality, safe, and reliable care services, setting a benchmark for excellence in the digital era.