Hello. I have a query about the Data Security and Protection Toolkit …
NHS Digital state that it is a policy requirement from the Department of Health and Social Care that all organisations physically processing confidential patient information under ‘section 251 support’ maintain appropriate security assurance for the duration of the application activity. They further state that security assurance for organisations processing confidential patient information within England is provided by the Data Security and Protection Toolkit (DSPT). (To evidence this, confirmation is required from NHS Digital that an organisational submission has achieved a ‘Standards Met’ grade.)
We are not registered with DSPT; up until now we have argued that we should not be required to complete this given that we are certified to BS27001 for Information Security. This argument has been successful on occasion but is usually hard won and takes up a lot of time and energy in arguing our case.
We have just hit the problem again for another of our studies and we’re keen to understand what the issues are and whether we should just ‘bite the bullet’ and submit to DSPT.
Any information, advice or general thoughts much appreciated.
Thanks,
Jennifer
Quality Manager
Robertson Centre for Biostatistics
Tel: 0141 330 3122
Institute of Health and Wellbeing
College of Medical, Veterinary and Life Sciences
The University of Glasgow, charity number SC004401