We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
NHS Digital has launched the new Data Security and Protection Toolkit, replacing the previous Information Governance Toolkit, to help keep patient information safe.
The Data Security and Protection Toolkit is an online self-assessment tool that enables health and social care organisations to measure and publish their performance against the National Data Guardian’s ten data security standards.
All organisations that have access to NHS patient data and systems – including NHS Trusts, primary care and social care providers and commercial third parties – must complete the Toolkit to provide assurance that they are practising good data security and that personal information is handled correctly.
Dan Taylor, Programme Director for the Data Security Centre at NHS Digital, said, “The Data Security and Protection Toolkit is a powerful tool which health and care organisations will use to assess their cyber preparedness. This launch marks the start of a journey, with the Toolkit forming a foundation for long-term improvements in patient data security. The Toolkit is part of a number of new initiatives to build public trust in the way we secure their data.”
The Toolkit has been developed to be easier to use and with a simpler format, achieved through user feedback and significant engagement with colleagues across health and care. It is also designed to help organisations measure themselves against the National Data Guardian’s ten data security standards and key elements of GDPR.
Organisations which provide health services or connect to national systems will be required to complete the Toolkit annually. It will also support existing best practice, such as ISO27001 and Cyber Essentials Plus. This means where organisations already have accreditation, they will not be expected to complete all elements of the Toolkit, rewarding organisations which have already invested in recognised standards.
Over the course of the next year, working closely with the Care Quality Commission (CQC), elements of the Toolkit will be used to support the CQC’s Well Led inspections.
For more information, and to access the Data Security and Protection Toolkit, go to: https://digital.nhs.uk/data-and-information/looking-after-information/data-security-and-information-governance/data-security-and-protection-toolkit
Notes to editors
- NHS Digital is the national information and technology partner of the health and care system. Our team of information analysis, technology and project management experts create, deliver and manage the crucial digital systems, services, products and standards upon which health and care professionals depend. Our vision is to harness the power of information and technology to make health and care better.