If you are an organisation which has access to or processes NHS patient information, you must provide assurances to the NHS that you are practicing good information governance. This is assurance is undertaken by submitting a Data Security and Protection Toolkit (DSPT), an annual submission your organisation needs to submit by 30 June every year.
If you deliver services under an NHS contract, use a shared health and care records system or apply for NHS mail, you must complete one. You are contractually required (under the NHS standard conditions and Department of Health and Social Care policy) to provide these assurances if you process NHS patient information. Similarly, all CQC-registered organisations are strongly encouraged to complete a DSPT submission even if they do not necessarily process NHS patient information to demonstrate their compliance.
Depending on what type of organisation you are, you are required to give differing levels of assurance to the NHS, split across 4 categories. This means that everyone’s DSPT is different, and often requires different assertions on the level of your compliance.
We are experts at completing DSPTs, and have built a reputation for helping organisations meet the standards where their previous providers have failed. Not only will we help make sure you achieve ‘Standards Met’, we will help you stand up to audit from the NHS, and we will speak to the auditors on your behalf if you are ever audited.
When you procure us to help complete your DSPT, we will work diligently to collect all the relevant information from you, draft responses and collate documentation into evidence folders which stand up to audit. We will send the toolkit off on your behalf, only consulting you with appropriate risks you need to be aware of. We provide a full post-DSPT report, detailing areas to improve of in next year’s submission as well as our honest assessment of how your organisation handles data security and protection.
This toolkit assesses 10 security standards as set out by the National Data Guardian:
We go every extra mile to complete the toolkit to the very best of our ability, and using us to complete your DSPT gives you the peace of mind that you are in safe hands and that you will meet the standards of the DSPT. Where you don’t have a practice in place which is required, we will draft any necessary documentation and work with you to get that practice in place before the submission is due.
DSPT submissions cannot be completed overnight, so the earlier you get in contact with us, the better your submission and overall practices is going to be.
When it comes to DSPTs, we offer two main styles of services:
Organisations hugely vary, so please get in touch with us to arrange a 30 minute free consultation or to get a quote on how we can help you.
We provide a full data protection and information governance consultancy service to all our clients who engage with us. We provide flexible packages and services to make sure that you only pay for what you need, so you aren’t paying for unnecessary services. Whatever you and your organisation need, we are here to help.
