Data Security & Protection Toolkit Implementation Support

1. Data Security & Protection ToolkitImplementation Support Train the Trainer Session https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

2. Learners’ Agreement Mobiles off or silent and out of sight please Ask questions seeks clarification No question is a stupid question-there will always be someone else in the room who benefits from the answer Please contribute and allow others to contribute Confidentiality Time-keeping Housekeeping- Toilets/fire drills A very warm welcome https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

3. Introductions • Trainer • Delegates: • Name • Organisation • Organisation Type e.g. residential care / home care / nursing care etc. • Area • Level of understanding currently https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

4. Course Programme Introductions Background & Context What is the Data Security and Protection Toolkit? Guidance and Resources Break Completing the Data Security and Protection Toolkit NHSmail Q&A Close https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

5. Ice Breaker – Acronym Bingo https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

6. Background and Context https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

7. Dictionary Corner • What is the difference between data and information? • What on earth does “data processing” mean? • Who is a data controller/data processor? https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

8. Who do you share information with? https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

9. https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

10. What does “data breach” mean to you? https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

11. https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

12. Exercise: What would you do? Scenario • New resident arrives from hospital without a discharge letter at 6pm • There is no medication list • Medication bag contains two types of insulin • No dosing instructions for insulin other than “as directed” • Ward is not answering the phone! • Resident cannot tell you dosage due to poor cognition • Ambulance is long gone! What do you do? • On your tables discuss and come up with a solution. 5 mins https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

13. Why do we need to think about data security and protection? National Context • CQC KLOEs • New Data Protection Legislation • Caldicott Principles • National Data Guardian’s 10 data security standards • NHS • Contract compliance • Long Term Plan • Axe the Fax https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

14. Why do we need to think about data security and protection? LocalContext https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

15. Well Led 2.8 “How does the service assure itself that it has robust arrangements (including appropriate internal and external validation) to ensure the security, availability, sharing and integrity of confidential data, and records and data management systems, in line with data security standards? Are lessons learned when there are data security breaches?” https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

16. Data Protection Act & GDPR • Data Protection Act 1998 has been superseded • General Data Protection Regulation • Data Protection Act 2018 https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

17. Individual Rights under GDPR https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

18. Principle of Accountability • Organisations must keep a record of how they use, store, share (etc.) data • If it’s not written down, it didn’t happen https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

19. Caldicott Principles https://www.gov.uk/government/groups/uk-caldicott-guardian-council https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

20. 10 data security standards https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

21. NHS Standard Contract • Compliance with the Data Security and Protection Toolkit has been a contract requirement since 2013 • Was not checked, but is now • Must be compliant by March 2019 • A new Entry Level has been introduced to help you through the process https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

22. What is the Data Security and Protection Toolkit? https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

23. What is it? Online, annual, data security self assessment Final deadline is 31st March each year Replacement for the IG Toolkit www.dsptoolkit.nhs.uk https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

24. Levels of Compliance https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

25. Guidance, Tools & Resources https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

26. www.careprovideralliance.org.uk/information-governance/ https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

27. What help is available? • Webinars – https://www.dsptoolkit.nhs.uk/News/40 • Templates • Staff guidance • Entry Level How-To Guide • Standards Met How-To Guide https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

28. BREAKWe will take the quickest of breaks to grab a quick cuppa and a comfort break-just 5 mins https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

29. Completing the Data Security and Protection Toolkit https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

30. How to Register • Go to: https://www.dsptoolkit.nhs.uk/Account/Register • You will need • your email address • your ODS Code (Organisation Code). If you don’t know your code • care homes can search here: https://odsportal.hscic.gov.uk/Organisation/Search • home care email: exeter.helpdesk@nhs.net. • If you are registering your organisation for the first time, you will be the Administrator. You will be responsible for completing your organisation’s profile and adding any other users. https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

31. Entry Level Evidence Items Do you understand what the evidence item is asking you to do? 1 = I don’t really know much about this/not very clear what it is asking of me 5 = I am quite clear what this is asking of me https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

32. Completing your organisation profile https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

33. https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

34. Job Roles in the DSPT https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

35. What do we need for entry level? 1.1.6 https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

36. Completing Evidence Items https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

37. Completing Evidence Items 2 https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

38. Completing Evidence Items 3 https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

39. https://www.careprovideralliance.org.uk/data-security-and-protection-toolkit.htmlhttps://www.careprovideralliance.org.uk/data-security-and-protection-toolkit.html https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

40. What do we need for entry level? https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

41. Registering with the ICO https://ico.org.uk/for-organisations/data-protection-fee/ https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

42. What do we need for entry level? https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

43. Exercise • What is personal data • Call out and we will write on the flipchart https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

44. Documenting your data processing • Must keep a record of your data processing • Lawful basis for processing • Who it’s shared with • Retention period • Purpose for processing • If it’s not written down, it didn’t happen https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

45. How to record your data processing https://www.careprovideralliance.org.uk/data-security-and-protection-toolkit.html https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

46. Step One: Information Audit • Record what personal information you have, where you keep it and why you have it. i.e. care plans are kept in…. employee records are kept here… • An information asset is a body of knowledge that is organised and managed as a single entity. • Personal data is information that relates to an identifiable, living individual. https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

47. Step One: Information Audit Is any of it special category data? https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

48. Step One: Information Audit • Risk assessment • What security procedures do you have in place? https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

49. ExerciseInformation Asset Register https://www.careprovideralliance.org.uk/dspt-training-feedback-and-support.html

50. Information Asset Register (IAR) 1