NHS England, NHS Improvement 30 October 2017
- This document sets out the steps all health and care organisations will be expected to take in 2017/18 to demonstrate that they are implementing the ten data security standards recommended by the National Data Guardian, and further details regarding the assurance framework for April 2018 onwards.
- From April 2018 the new Data Security and Protection Toolkit (DSP Toolkit) replaces the Information Governance Toolkit (IG Toolkit).
- General Practices, contracted under the NHS standard GMS, PMS or APMS contract, must comply with the requirements set out in this document. Some requirements will be implemented by the commissioner of the GP IT & GP Information Governance Support Service on their behalf.
- Five key dates requiring action by health and care organisations
- November 2017: New Data Security and Protection Toolkit replaces the Information Governance Toolkit which will be piloted with users.
- February 2018: All organisations will have access to the new Data Security and Protection Toolkit from January 2018 to familiarise themselves with the approach to measuring implementation and compliance, including how they might apply it to their organisation from April 2018.
- April 2018: Further guidance will be published to support organisations to use the new Data Security and Protection Toolkit.
- April 2018: All organisations will now be required to complete the new Data Security and Protection Toolkit.
- May 2018: The EU General Data Protection Regulation, and Security of Network and Information Systems Directive, come into force. This will increase the legislative data security and protection requirements on health and care organisations.
