1 / 92

Data Security & Protection Toolkit Implementation Support

Data Security & Protection Toolkit Implementation Support. Train the Trainer Session. Learners’ Agreement Mobiles off or silent and out of sight please Ask questions seeks clarification No question is a stupid question-there will always be someone else in the room who benefits from the answer

griffin
Download Presentation

Data Security & Protection Toolkit Implementation Support

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data Security & Protection ToolkitImplementation Support Train the Trainer Session https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  2. Learners’ Agreement Mobiles off or silent and out of sight please Ask questions seeks clarification No question is a stupid question-there will always be someone else in the room who benefits from the answer Please contribute and allow others to contribute Confidentiality Time-keeping Housekeeping- Toilets/fire drills A very warm welcome https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  3. Introductions • Trainer • Delegates: • Name • Organisation • Organisation Type e.g. residential care / home care / nursing care etc. • Area • Level of understanding currently https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  4. Course Programme Introductions Background & Context What is the Data Security and Protection Toolkit? Guidance and Resources Break Completing the Data Security and Protection Toolkit NHSmail Q&A Close https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  5. Ice Breaker – Acronym Bingo https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  6. Background and Context https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  7. Dictionary Corner • What is the difference between data and information? • What on earth does “data processing” mean? • Who is a data controller/data processor? https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  8. Who do you share information with? https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  9. https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  10. What does “data breach” mean to you? https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  11. https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  12. Exercise: What would you do? Scenario • New resident arrives from hospital without a discharge letter at 6pm • There is no medication list • Medication bag contains two types of insulin • No dosing instructions for insulin other than “as directed” • Ward is not answering the phone! • Resident cannot tell you dosage due to poor cognition • Ambulance is long gone! What do you do? • On your tables discuss and come up with a solution. 5 mins https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  13. Why do we need to think about data security and protection? National Context • CQC KLOEs • New Data Protection Legislation • Caldicott Principles • National Data Guardian’s 10 data security standards • NHS • Contract compliance • Long Term Plan • Axe the Fax https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  14. Why do we need to think about data security and protection? Local Context https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  15. Well Led 2.8 “How does the service assure itself that it has robust arrangements (including appropriate internal and external validation) to ensure the security, availability, sharing and integrity of confidential data, and records and data management systems, in line with data security standards? Are lessons learned when there are data security breaches?” https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  16. Data Protection Act & GDPR • Data Protection Act 1998 has been superseded • General Data Protection Regulation • Data Protection Act 2018 https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  17. Individual Rights under GDPR https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  18. Principle of Accountability • Organisations must keep a record of how they use, store, share (etc.) data • If it’s not written down, it didn’t happen https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  19. Caldicott Principles https://www.gov.uk/government/groups/uk-caldicott-guardian-council https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  20. 10 data security standards https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  21. NHS Standard Contract • Compliance with the Data Security and Protection Toolkit has been a contract requirement since 2013 • Was not checked, but is now • Must be compliant by March 2019 • A new Entry Level has been introduced to help you through the process https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  22. What is the Data Security and Protection Toolkit? https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  23. What is it? Online, annual, data security self assessment Final deadline is 31st March each year Replacement for the IG Toolkit www.dsptoolkit.nhs.uk https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  24. Levels of Compliance https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  25. Guidance, Tools & Resources https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  26. www.careprovideralliance.org.uk/information-governance/ https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  27. What help is available? • Webinars – https://www.dsptoolkit.nhs.uk/News/40 • Templates • Staff guidance • Entry Level How-To Guide • Standards Met How-To Guide https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  28. BREAKWe will take the quickest of breaks to grab a quick cuppa and a comfort break-just 5 mins https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  29. Completing the Data Security and Protection Toolkit https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  30. How to Register • Go to: https://www.dsptoolkit.nhs.uk/Account/Register • You will need • your email address • your ODS Code (Organisation Code). If you don’t know your code • care homes can search here: https://odsportal.hscic.gov.uk/Organisation/Search • home care email: exeter.helpdesk@nhs.net. • If you are registering your organisation for the first time, you will be the Administrator. You will be responsible for completing your organisation’s profile and adding any other users. https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  31. Entry Level Evidence Items Do you understand what the evidence item is asking you to do? 1 = I don’t really know much about this/not very clear what it is asking of me 5 = I am quite clear what this is asking of me https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  32. Completing your organisation profile https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  33. https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  34. What do we need for entry level? 1.1.6 https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  35. Completing Evidence Items https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  36. Completing Evidence Items 2 https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  37. Completing Evidence Items 3 https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  38. https://www.careprovideralliance.org.uk/data-security-and-protection-toolkit.htmlhttps://www.careprovideralliance.org.uk/data-security-and-protection-toolkit.html https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  39. What do we need for entry level? https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  40. Registering with the ICO https://ico.org.uk/for-organisations/data-protection-fee/ https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  41. What do we need for entry level? https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  42. Exercise • What is personal data • Call out and we will write on the flipchart https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  43. Documenting your data processing • Must keep a record of your data processing • Lawful basis for processing • Who it’s shared with • Retention period • Purpose for processing • If it’s not written down, it didn’t happen https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  44. How to record your data processing https://www.careprovideralliance.org.uk/data-security-and-protection-toolkit.html https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  45. Step One: Information Audit • Record what personal information you have, where you keep it and why you have it. i.e. care plans are kept in…. employee records are kept here… • An information asset is a body of knowledge that is organised and managed as a single entity. • Personal data is information that relates to an identifiable, living individual. https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  46. Step One: Information Audit Is any of it special category data? https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  47. Step One: Information Audit • Risk assessment • What security procedures do you have in place? https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  48. ExerciseInformation Asset Register https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

  49. Information Asset Register (IAR) 1

  50. IAR 2

More Related