New mandatory data security toolkit

A NEW Data Security and Protection Toolkit has been launched by NHS Digital which all organisations in England with access to NHS patient data and systems must complete to help keep patient information safe.

The new toolkit replaces the previous Information Governance Toolkit and is an online self-assessment tool that enables health and social care organisations to measure and publish their performance against the National Data Guardian’s ten data security standards and key elements of the General Data Protection Regulation (GDPR).

All organisations with access to NHS patient data and systems – including NHS Trusts, primary care and social care providers and commercial third parties – are required to complete the toolkit to provide assurance that they are practising good data security and that personal information is handled correctly.

Organisations which provide health services or connect to national systems will be required to complete the toolkit annually. NHS Digital says the toolkit will also support existing best practice, such as ISO27001 and Cyber Essentials Plus. This means that organisations already with accreditation are not be expected to complete all elements of the toolkit.

The toolkit will also over the course of the next year be used to support the Care Quality Commission’s Well Led inspections.

Link: Data Security and Protection Toolkit