Government Releases Guidance on Data Security for Health and Care Organisations

Government Releases Guidance on Data Security for Health and Care Organisations

Department for health releases document including an assurance framework for 2018 the day before Halloween.

The document outlines a plan that health and social care organisations should adopt in line to be compliant with protecting patient data.

From April 2018 the new Data Security and Protection Toolkit (DSP) Toolkit, will replace the Information Governance Toolkit (IG Toolkit) and consists of 10 data security standard and meeting their statutory obligations on data protection and security. The DSP Toolkit will launch as GDPR comes into effect across the EU, highlighting a wider government strategy to prioritise safe data handling, retention and where necessary, deletion.

These standards will apply to all health and care organisations and the guidance highlights the following stipulations that all health and care organisations must follow in the next calendar year:

  1. Senior Level Responsibility: There must be a named senior executive to be responsible for data and cyber security in your organisation. Ideally this person will also be your Senior Information Risk Owner (SIRO), and where applicable a member of your organisation’s board.
  2. Completing the Information Governance Toolkit v14.1: In 2017/18, organisations are still required to achieve at least level two on the current IG Toolkit before it is replaced with a new approach (the new Data Security and Protection Toolkit), from 2018/19 onwards, to measuring progress against the 10 data security standards.
  3. Complete the General Data Protection Regulation Checklist: NHS Digital will publish a checklist to support organisations in implementing the requirements of the General Data Protection Regulation which they will be required to comply with from May 2018. Organisations must complete this checklist to ensure they will be able to meet their legal obligations from May 2018.
  4. Training Staff: All staff must complete appropriate annual data security and protection training. This training replaces the previous Information Governance training while retaining key elements of it. It contains new sections on cyber security.

The guidance marks a positive step in trying to enable health organisations to prioritise staff training and be ever vigilant in auditing their data usage and behaviour.

You can read more on the Acumin whitepaper on insider threat within the NHS here.

Our accreditations & Partners

  • REC Member
  • VTC - Virtual Technology Cluster
  • Bloom Nepro
  • YPO
  • Crown Commerical Service
  • Disability Confident
  • ISO 9001
  • Armed Force Covenant
  • Cyber Essentials Plus
  • ISO 27001

Thanks

Success

Thanks

Success

Thank you for signing up to the acumin alerts.

Send CV

Send us your CV and have our recruiters match you to the ideal opportunities

Do you already have an account with us?

Log in

Want to have an account with us?

Register

Want to just send us your CV?

Upload only doc, docx, odt, pdf format file.

By submitting your registration and CV to us you are agreeing to join our database and to be contacted about relevant jobs industry communications. Please read our terms of business for more information.

Password reset

If you need a reminder for your password, fill out the field below

Log in

Access your account to edit your contact details, job alerts or to upload a new CV

Thank you

Success

Thank you for successfully uploading your CV.

Acumin Alerts

Success

Thanks for registering for Acumin alerts.

Acumin Alerts

Unfortunately your CV could not be uploaded

Please make sure your CV is one of the following file types: doc, docx, odt, pdf, rtf

Acumin Spam

Unfortunately your submission has been declared spam. Please try again.

Vacancy

Success

Thank you for submitting your vacancy.

Register

Create an account to register your contact details, sign up for job alerts and upload your CV

Success

Thanks for registering for Acumin alerts. To get the most out of Acumin's service why not register with us?

Upload only doc, docx, odt, pdf format file.
- Practitioner
- Commercial

I agree to the terms and conditions and to be contacted by recruiters:

I agree to receive marketing communications relevant to my job search:

I agree to receive Jobs By Email for the following professions:
- Business Continuity Management
- Counter Fraud
- Cyber Security
- Executive Management
- Governance & Compliance
- Information Security & Risk Management
- Penetration Testing & Digital Forensics
- Sales and Marketing
- Sales Engineering
- Security Management
- Technical Security
- Information/Risk Assurance
- Identity Management
- Application Security
- Security Architecture
- Dev/Sec Ops
- DV & SC Cleared Jobs
- Programme & Project Management
- CISO/CSO

Submit a Vacancy

Use the form below to submit a vacancy