Data Protection IG Toolkit National Developments Our Blogs

NHS Providers Told to Implement New Data Security Standards

The Department of Health (DH) has confirmed that the NHS IG Toolkit will be replaced by the new NHS Data Security and Protection Toolkit (DSP Toolkit) from April 2018. This is confirmed in a guidance document published this week by DH and NHS England to outline the 2017-18 requirements for organisations providing NHS services to implement the National Data Guardian (NDG) recommendations on NHS data security standards.

The new DSP Toolkit will replace the NHS Information Governance Toolkit from April 2018 and will be used for measuring progress in implementing the NDG ten data security standards and compliance with data protection legislation from April 2018.The new NHS data security standards and the 2017/18 DH requirements, apply to all NHS Providers and the Care Quality Commission (CQC) will now  consider how organisations are assuring themselves that the requirements outlined in the guidance have been implemented. At the end of the 2017/18 financial year, NHS Improvement will also ask NHS providers to confirm that they have implemented the NHS data security standards.

The DH guidance document sets out the steps all health and care organisations will be expected to take in 2017/18 to demonstrate that they are implementing the NHS data security standards. All organisations providing NHS services under the NHS Standard contract must now comply with the requirements set out in the document to meet their contractual obligations on data security and protection as laid out in NHS Standard Contract.

General Practices and Practitioners, contracted to provide primary care essential services to a registered list under the NHS standard General Medical Services (GMS) contract (or Personal Medical Services (PMS) or Alternative Provider Medical Services (APMS) contracts), must also comply with the requirements set out in the document, as part of the data security and protection requirements set out in their contract.

Essentially all Providers  in England including GP Practices are required to have a senior manager or Board member responsible for data security to comply with the new NHS data security standards.

The DH guidance also comes with a requirement for all staff to complete appropriate annual data security and protection training. This training is available online at from e-Learning for Healthcare.

For 2017/18, organisations are still required to achieve at least level two on the current Information Governance Toolkitbefore it is replaced with DSP Toolkit from April 2018/19 onwards.

Leave a Reply

Your email address will not be published. Required fields are marked *