NHS Data Security & Protection Toolkit
Protecting sensitive patient information.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ...
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.
All organisations that have access to NHS patient data and systems must use the NHS toolkit to provide assurance that they are practicing good data security and that personal information is handled correctly.
The NHS Data Security and Protection Toolkit is an online self-assessment tool that allows organisations to measure their performance against the National Data Guardian’s 10 data security standards.
We have a long working history with the NHS on various consultancy and training projects and have extensive DSPT and CAF experience of delivering successful projects in security critical environments. We can enable your organisation to adopt the standards easily and quickly, and stay up-to-date with the NHS DSPT.
For a confidential conversation on how we could support your organisation – Call the team on 0121 559 6699 or email bestpractice@advent-im.co.uk
Anyone whom operates through a NHS Standard Contract must use the NHS toolkit to provide assurance that they are practising good data security and that personal information is handled correctly. Organisations such as (but not limited to); Medical Equipment Providers, Dentists, Opticians, Care Homes, Social Care Providers, IT Proviers etc will need to complete the DSPT online self-assessment.
From September 2024, The Data Security and Protection Toolkit (DSPT) changed to align with the National Cyber Security Centre’s (NCSC) Cyber Assessment Framework (CAF).
The CAF-aligned DSPT approach emphasises the use of principles and expert judgment to steer informed decision-making, aiming to achieve critical outcomes. This approach will influence how people, processes, and technology are assessed and validated in the realms of cybersecurity and information governance.
As part of the changes, a specific group of health and care organisations will be moving to the CAF-aligned DSPT in 24-25 and will see a new user interface when they log in to file their submission. These organisations are:
We can support you to plan your approach, scope your essential functions and allocate ownership of contributing outcomes ahead of your submission.
A high-level summary of recent changes (and an MFA reminder) is provided here for reference.