All organisations that access or use NHS patient data must show that they have met the standards set out in the Data Security and Protection Toolkit (DSPT).
All organisations that use personal data (including health and care organisations) also need to be registered with the Office of the Information Commissioner. If your organisation is not already registered, you can apply online.
The DSPT is an online self-assessment tool that measures your organisation’s level of data security against a set of ten national standards.
There are two levels to work towards:
- ‘approaching standards’ status: Completing Approaching Standards on the Data Security and Protection Toolkit – Digital Social Care which is needed for social care organisations that deliver services under the NHS Standard Contract or that want to apply for NHSmail accounts
- ‘standards met’ which is the level all NHS organisations need to achieve and is recommended for social care organisations
If your organisation has not registered and completed a DSPT assessment for compliance already, at least to entry level, you will have to do this before you can apply for NHSmail.
Larger care providers with several sites may already have completed the DSPT and have an accredited secure email system registered with NHS Digital. Please check with your own organisation’s data protection or information governance teams for local information.
DSPT standards met level
We recommend that all social care organisations with an entry level assessment work towards the full ‘standards met’ accreditation within a year.
View the next sections in this guide: