Success Measure
Good data and cyber security means organisations can safely use and share information which can improve care and support for people.
Overview
Taking informed steps to protect people’s health and care information against cyber threats and data breaches is one of the most fundamental ways a provider can enable digital transformation in their organisation. Doing so gives care workers the knowledge and confidence to appropriately use and share information and helps establish trust between the provider and the people drawing on care and support.
A number of steps can be seen as an indication that you are ensuring safe practice. For example, you may be assured that all suppliers you use for software or care technology follow robust cyber security and data handling processes. This helps to guarantee people’s data is handled in a way that is safe and secure.
It is also clear that safe digital practice requires staff across the whole organisation to be competent in avoiding breaches of data at a level appropriate to their role. By actively upskilling staff and sharing knowledge on cyber security and information governance, providers can build confidence in sharing information for individual care whilst protecting people’s confidentiality.
Establishing clear policies and processes, including business continuity plans, is also vital and helps providers to respond to data breaches and cyber security issues. Another key enabler for digital transformation is organisations creating and promoting a non-blame culture where staff feel safe to raise concerns about data breaches.
Being up-to-date on digital safety standards and regulatory, policy and legislative changes relating to data security is another big step that can be taken by providers. A culture of transparency and continuous learning is also a fundamental. Where a cyber security or data breach does occur, reporting this to the relevant authority as required and using your experience to learn and continuously improve mitigation and recovery plans is essential.
Resources
- Data Protection and Cyber Security Guidance for Care Providers - Digital Care Hub
- Care providers need to store and share information securely – on paper and digitally. Digital Care Hub provide a range of free guidance, tools and advice services to help you to understand and improve your data protection and cyber security arrangements.
- Better Security, Better Care - Digital Care Hub
- Better Security, Better Care is the national and local support programme to help adult social care providers to store and share information safely. It covers paper and digital records and focuses on helping care providers to complete the Data Security and Protection Toolkit – the annual, online self-assessment. Get free one-to-one support in your local area.
- The Assured Solutions List - Digitising Social Care
- The assured solutions list is a list of digital social care records (DSCRs) solutions that have been assured by NHS England. DSCR solutions are assured in line with the DSCR Capability Assessment and Standards Assurance Process.
- Records Management: Abbreviated retention schedule for Adult Social Care providers - Digital Care Hub
- The Records Management Code of Practice provides guidance on how to keep records, including how long to keep different types of records. This abbreviated code and guidance for adult social care providers is based on based on Records Management Code of Practice – A guide to the management of health and care records, published August 2021, last updated December 2023. This abbreviated code was published in 2024.
- UK GDPR Guidance and Resources - the ICO
- The Information Commissioner's Office is the regulator for anything to do with data protection in the UK. They have guidance for all organisations on data protection and electronic marketing.
- National IG Guidance - NHS England
- Guidance approved by the Health and Care IG Panel, for patients or service users, health and care organisations and IG professionals. Includes universal templates.
- Business Continuity Planning guidance - Digital Care Hub
- A free template for your business continuity plan and an audit tool for care organisations.
- The Digital Skills Training Database - Digitising Social Care
- A database of different digital skills training mapped to the Digital Skills Framework.
- Data Security and Protection: Staff - Digital Care Hub
- This free elearning course is for all staff working in adult social care services in England. Care providers can use this course to improve and assess their staff’s knowledge of data protection and cyber security – including their individual responsibility to keep information safe. The course meets the training requirements within the Data Security and Protection Toolkit (DSPT).
- Data Security and Protection: Leads - Digital Care Hub
- This free elearning course is for those with responsibility for data security and protection in small to medium sized care and support organisations in England. We have used the term data security and protection lead to describe this role. You can use this course to improve your knowledge of data protection and cyber security and to support your continuing professional development (CPD). The course meets the training requirements within the Data Security and Protection Toolkit (DSPT) and builds on the existing Data security and protection elearning for social care staff.
- Playlist: How to complete the DSPT - Digital Care Hub
- Cyber simulation: Phishing Attack in the South West - Digital Care Hub
- Rose's Story: Inspired Lives and the DSPT (short 2 min video)
- Impact of cyber attacks on care providers (short 2 min video)
- Implementing a robust business continuity plan - Digital Care Hub
- Cyber Assessment Framework - NCSC
- Cyber incidents can result in a number of different consequences, depending on the nature of the network and information systems targeted and intention of the perpetrators. Circumstances in which the possible consequences of cyber incidents are extremely serious or even, perhaps catastrophic, generally require very robust levels of cyber security and resilience. It is for these circumstances that the NCSC has developed the Cyber Assessment Framework (CAF) collection.
- Free Cyber Action Plan - NCSC
- Answer a few simple questions to get a free personalised action plan that lists what you or your organisation can do right now to protect against cyber attack.
- Data Security and Protection Toolkit - NHS England
- The Data Security and Protection Toolkit is an online self-assessment tool that allows organisations to measure their performance against the National Data Guardian’s 10 data security standards. All organisations that have access to NHS patient data and systems must use this toolkit to provide assurance that they are practising good data security and that personal information is handled correctly.
- Cyber Essentials Framework - NCSC
- Protect your organisation, whatever its size, against the most common cyber threats. A requirement in some Local Authority contracts.
- UK GDPR - ICO
- How the Data Security and Protection Toolkit (DSPT) brought one small domiciliary care agency into the technological age
- How social care partners are working together to improve data and cyber security infrastructure
- Navigating IT solutions: how Swanton Care found security and growth
- Cyber attacks in social care: a case of ‘when’ not ‘if’