Skip to main content

Putting the recommendations of the 2016 National Data Guardian (NDG) and Care Quality Commission (CQC) reviews into practice

What the government and health and care bodies are doing to carry out the recommendations of these reviews, as set out in 'Your data: better security, better choice, better care'.

The government response to the NDG review of data security consent and opt outs and the CQC Review Safe data, safe care is called Your data: better security, better choice, better care. It was published in July 2017and accepts all the recommendations of the reviews. It includes an implementation plan, including an extra £21 million to increase the cyber resilience of major trauma sites and to improve NHS Digital's national monitoring and response capabilities.

The government response covers two areas, data security and the opt-out.

Data security

The government has agreed the 10 data security standards, which are on page 53, and has slightly amended standard 6 on cyber security to strengthen it further. The full implementation plan is on page 65.

NHS England has ensured that the 10 data security standards are reflected as requirements for the NHS standard contract and General Medical Services (GMS) Contract General Medical Services (GMS) Contract requirement, which came into force in April 2017. The CQC consultation on new inspection frameworks for GPs and adult social care is open until 8 August 2017 and the frameworks are planned to be published later in the year. Read the current CQC frameworks.

To build local performance and boost capability, NHS Digital has established the Data Security Centre which provides a number of services including CareCERT, supporting health and care organisations to secure their own cyber resilience and respond to cyber incidents.

NHS Digital has already produced and is testing the alpha version of the redesigned Information Governance Toolkit, as recommended by the NDG and CQC reviews. It is centred on assuring local implementation of the NDG's 10 data security standards. The new Information Governance Toolkit will be in place by April 2018 and will incentivise organisations to report near misses. If you want to be kept informed of progress on the redesigned IG Toolkit, email

The opt-out

NHS Digital will develop, test and prepare the national data opt-out for introducing the national opt-out with all stakeholders.

By September 2017, NHS Digital's data register will set out the benefits of how data released by NHS Digital has been used, in a way that is easy for the public to understand.

Join the IGA mailing list to get regular updates about the implementation of these plans.

Read the full implementation plan on page 65 of Your data: better security, better choice, better care..

Last edited: 1 August 2018 7:58 am