All organisations that access or use NHS patient data must show that they have met the standards set out in the Data Security and Protection Toolkit (DSPT).
All organisations that use personal data (including health and care organisations) also need to be registered with the Office of the Information Commissioner. If your organisation is not already registered, you can apply online.
The DSPT is an online self-assessment tool that measures your organisation’s level of data security against a set of ten national standards.
There are two levels to work towards:
- entry level, which is needed for social care organisations that deliver services under the NHS Standard Contract or that want to apply for NHSmail accounts
- ‘standards met’ which is the level all NHS organisations need to achieve and is recommended for social care organisations
If your organisation has not registered and completed a DSPT assessment for compliance already, at least to entry level, you will have to do this before you can apply for NHSmail.
Larger care providers with several sites may already have completed the DSPT and have an accredited secure email system registered with NHS Digital. Please check with your own organisation’s data protection or information governance teams for local information.
5 steps to DSPT entry-level approval
There are 5 steps you need to take to get entry-level approval. It should take between 8 – 12 hours to finish the questionnaire and this doesn’t have to be done all in one go.
The steps are:
- Step 1 – register for the Data Security and Protection Toolkit
- Step 2 – complete your organisation profile, by answering a set of questions
- Step 3 – read the entry level evidence needs and start pulling this information together
- Step 4 – record your evidence in the toolkit
- Step 5 – publish your entry-level assessment
You can find a range of templates and more guidance on how to do an entry-level assessment on the Digital Social Care website. The guidance includes a workbook with checklists and other helpful information.
NHS Digital has also published two spreadsheets to help you record information to use in the Toolkit assessment:
DSPT standards met level
We recommend that all social care organisations with an entry level assessment work towards the full ‘standards met’ accreditation within a year.
View the next sections in this guide: