Sussex Digital In Reach Team NEWSLETTER
DSPT DEADLINE - 30th June 2024
Have you completed yours?
If your organisation has previously completed the Data Security and Protection Toolkit (DSPT) – the online self-assessment on keeping information safe – you will need to ensure it is kept up to date. Don’t let the hard work go to waste by allowing your DSPT to lapse.
You need to complete the DSPT at least once a year, and the deadline for 2023/24 is 30 June 2024, so you still have time to do it. If your DSPT is out of date, it means you cannot use it as evidence of your data protection and cyber security arrangements.
If you have used the DSPT before, all the information will still be there on your toolkit. You just need to review, update, and republish. If nothing has changed in your arrangements, this can be done in a matter of minutes In fact, we are currently running workshops to help you republish your DSPT during your lunch hour (we know that a lunch hour is a luxury not often afforded to social care)
If you cannot access your toolkit, or if you have any problems logging in or changing administrator details, contact the DSPT helpdesk based in Exeter: tel 0300 303 4034 or email: exeter helpdesk@nhs net
We have always found the Exeter helpdesk very helpful, so do not hesitate to contact them
Alternatively, we can draft an email on your behalf, although you will still have to send it yourself
If you completed your DSPT to Approaching Standards previously, this year you will need to reach Standards Met.
Better Security, Better Care Programme, we offer free support to help you complete the toolkit and keep your information safe We can provide tailored support whether you are completing the DSPT for a single site or multiple services in your care group, and we can guide you through everything you need to consider and have in place For example, if you find that you do not have certain policies or procedures in place, you can access free templates and adapt them for your organisation
New Training - Some providers may be struggling to ensure staff are trained on data protection and cyber security One of the most challenging requirements is to train 95% of your staff every year Our colleagues at Better Security, Better Care have produced a free e-learning course designed to meet this requirement Staff can complete the course and online assessment and share a certificate with you so that you can record how many people have successfully completed the training. Find out more and access the e-learning resources.
Benefits - All care services are recording and sharing more information with more organisations than ever before. You have a legal responsibility to keep sensitive data safe, but it can be difficult to know where to start. The DSPT is a comprehensive, up-to-date tool to ensure that you have the right policies, procedures, and practices in place to keep paper and digital records safe.
The DSPT will help you to comply with GDPR, commissioners’ data management expectations, and CQC’s new Single Assessment Framework under “Well Led” Governance, management, and sustainability. It can also open up new business opportunities. You must have an up-to-date DSPT if you deliver or wish to deliver services under NHS contracts, access NHSmail, or take part in any healthcare record-sharing projects such as GP Connect or Plexus
Has bas you gro ano or y ODS DSP In R Fre
DSPT - We are here to help!
The Data Security & Protection Toolkit (DSPT) is essential for social care providers:
• It guides organisations through securing data, crucial for safeguarding health & social care information.
• Supports compliance with legal requirements like GDPR & the 10 Data Security Standards
• It promotes best practices in data security, ensuring confidentiality and integrity of service users' information.
• It enhances providers' reputation by demonstrating their commitment to data security, fostering trust among service users and families.
Aligned with the CQC's Single Assessment Framework (SAF), DSPT's emphasis on data security complements the SAF's focus on service quality and safety The link between DSPT and SAF in social care is strong because: All CQC registered care providers should complete the DSPT at least once a year We are holding 4 online events throughout June to help you complete your DSPT before the deadline of 30th June. These events are designed to support you to complete your DSPT in your lunch hour. →
If you need any help or support, you can not only attend one of our free webinars, but we can provide free, tailored one to one support at a time that suits you www.sussexdigitalteam.co.uk
Single Assessment Framework
There have been numerous webinars and presentations on the Single Assessment Framework, as it is one of the most significant and important changes in social care since the formation of the CQC
We have been in contact with several providers who have already been assessed using this new framework, and they have reported positive experiences. However, they are awaiting the official report before making any formal comments These early assessments indicate that the framework effectively highlights strengths and areas for improvement, providing a clear pathway to enhancing care quality.
To ensure you receive expert advice and are well-prepared for the new framework, we have arranged for specialist social care solicitors to give an online presentation These solicitors are well-versed in the legal intricacies of the social care sector and offer no-nonsense advice, putting everything into a clear legal framework.
In their presentation, they will cover what the Single Assessment Framework entails, how to meet its requirements, and any legal implications that might arise
Additionally, they will share experiences from providers who have already undergone their assessments, as well as any updates and changes since the last presentation. This will ensure you understand all the necessary details and requirements, helping you navigate this significant transition smoothly and confidently
Join us on 20th June, 10.30 - 11.30. Single Assessment Framework - CQC Changes to Inspection Systems
Claire Badzek claire@sussexdigitalteam.co.uk
Our new Single Assessment Framework
CQC’s new single assessment framework is based on a set of quality statements They are arranged under topic areas and describe what good care looks like
To develop the quality statements, CQC reviewed their existing assessment frameworks as well as using aspects of the Making It Real framework Making It Real was co-produced by Think Local Act Personal (TLAP) with a range of partners and people with lived experience of using health and care services It is a framework for how to provide personalised care and support aimed at people working in health, care, housing, and people who use services It contains a jargon-free set of personalised principles that focus on what matters to people
Quality statements are written in the style of ‘We’ statements from a provider, local authority and integrated care system perspective, to help them understand what CQC expect of them They are the commitments that providers, commissioners and system leaders should live up to in order to deliver truly person-centred care and support They also help to provide a benchmark of what good care looks like by linking to the relevant best practice standards and guidance
To read the full article, follow the link
New CQC Provider Portal
CQC are developing their new portal and you can sign up now.
You must create a new account to use this portal
Follow the link to see what you can do on the new portal.
Create your accoun tal
Nicole Ridgewell from Lester Aldridge Solicitors & Law Firm will be joining us for our Single Assessment Framework event on 20th June.
In this webinar, Nicole Ridgewell will summarise the key changes and actions that CQC regulated services should be taking now to understand the Single Assessment Framework and to help prepare for thor next inspection
She explains ‘The CQC is in the process of embedding the biggest changes in its regulatory framework that the sector has seen in over a decade, including significant changes to the way in which it gathers evidence, assesses registered care services, and reaches ratings Whilst the day-to-day delivery of care may not change, all CQC-regulated services providing care will need to aware of and prepared for the significant changes in CQC’s approach, including frequency of assessment by CQC, the criteria against which the care will be assessed (including a couple of new areas which will be subject to scrutiny), and the process for determining ratings ’
GUEST COLUMN: ICO on how to stay on right side of GDPR
UK businesses have had to comply with General Data Protection Regulation (GDPR) since 2016, but still businesses fall foul of the laws surrounding data privacy
e Chris Taylor, head of regulatory policy projects for the Information Commissioner’s ce (ICO), explains how care homes can stay GDPR-compliant and avoid the regulator’s ervention.
ou have responsibility for running a care home, data protection compliance needs to be naged so that the rights of residents are respected e UK General Data Protection Regulation (UK GDPR) applies to processing of personal a carried out by organisations in the UK, and is regulated by the Information mmissioner’s Office (ICO), the UK’s independent body for upholding information rights e ICO is not only here to uphold the law, but also to empower organisations to safely use the personal information they hold Operating in the care home sector, using personal data effectively and safely is an essential part of your role. Compliance with the UK GDPR will ensure protection of residents’ personal information as well as that of staff working in the care home
The first step in achieving compliance is to have policies in place to ensure that handling of any personal data is in line with the UK GDPR. Read the full article: ICO on how to stay on right side of GDPR
ICO: Transparency in health & social care
The ICO has prepared a guidance document for organisations who deliver health & social care services, or those who process health & social care information The guidance is also aimed at anyone in health & social care who are involved in preparing and delivering transparency information to the public
This information will help organisation understand:
● what data protection transparency means for health and social care organisations;
● how to develop effective transparency material;
● how to provide transparency and privacy information to people; and
● the factors to consider when assessing your organisation’s level of transparency
To read this comprehensive article, please follow the link: Transparency in health and social care | ICO
ICO reminds healthcare organisations about keeping patient data secure
Following reports of a data breach at the London Clinic, the Information Commissioner’s Office (ICO) would like to remind all healthcare organisations about the importance of keeping patient data secure.
Patient data is highly sensitive information that must be handled with care. When accessing healthcare and other vital services, people need to trust that their medical information is safe and only available to authorised employees
Healthcare organisations should ensure:
Staff are thoroughly trained: Organisations should have data protection training in place that is role-specific, tailored and relevant to the tasks being completed. Staff should feel confident in handling people’s personal data safely and securely It must be clear to staff about what records they are allowed to access
Appropriate technical measures are in place: Appropriate measures, such as passwords and access controls, should be in place to ensure personal information can only be seen by people who need to use it
Staff are clear on the data breach reporting process: An organisation must report misuse of personal data to the ICO if there is a risk to people’s rights and freedoms, which is often the case with sensitive medical information This must be reported within 72 hours of becoming aware of the breach
For organisations | ICO
Shared Care Records - Shared Safely
Shared Care Records enable care professionals to view an individual's medications, previous treatments, test results and any other relevant care information when it's needed. This is helping to improve the care people receive by making the sharing information faster, safer and more secure.
Watch this short video which highlights the benefits of shared care records and how to access these records safely
https://youtu be/g6BLptAIFNA?si=hxLaHcXbKttVVQyu
Choosing the right solution for your Digital Care Records
Once you have decided to start using digital social care records (DSCRs), you will need to find the right software solution for your organisation. There are many different options available, so it’s important to take time to consider your needs thoroughly.
Working out what you need
When choosing the right DSCR for your organisation, you need to decide what the system needs to do. Think about what’s essential and what’s optional.
All assured suppliers offer basic, required features, so it’s important to consider what additional features you might need.
See the full list of Assured Suppliers: View the assured solutions list
Ransomware - is there a threat?
In England, there’s a cyber security strategy in place to enhance the resilience of health and adult social care systems against cyber attacks This strategy, which extends to 2030, emphasises the importance of protecting services and citizens’ data The five pillars of this approach focus on critical risks and workforce development1 Ransomware attacks continue to pose a significant threat, especially for sectors like social care that can sometimes operate on less-sophisticated IT systems These systems, often lacking robust cybersecurity protocols, can be vulnerable targets2 Ensuring cyber resilience is crucial for patient safety and overall care delivery.
If you fall victim to this cyber crime, what would you do? Do you have a plan? Would you pay the ransom? The National Cyber Security Centre has provided some guidance:
Guidance for organisations considering payment
Advice for organisations experiencing a ransomware attack and the partner organisations supporting them. Ransomware is the key cyber threat facing UK organisations In a ransomware attack, a cyber criminal group gains unauthorised access to an organisation’s network and uses malware to encrypt files and prevent access to data and devices The criminals then demand a ransom, usually in a cryptocurrency, in exchange for a decryption key to decrypt files and restore systems.
Victims of ransomware increasingly face an extortion threat, where the attacking cyber criminal group threatens to publish or sell stolen data unless a ransom is paid. But following payment, a victim may discover the attacker has lied about deleting the data & look to sell it to other criminals for profit, or repeat the threat of releasing it months, or even years, after the incident This guidance has been jointly developed by the insurance industry bodies ABI, BIBA, IUA and the NCSC. It is for organisations experiencing a ransomware attack and the partner organisations supporting them.
It aims to minimise the overall impact of a ransomware incident on an organisation and help reduce:
● disruption and cost to businesses
● the number of ransoms paid by UK ransomware victims
● the size of ransoms where victims choose to pay
The NCSC and the insurance industry bodies recommend victim organisations review the following guidance before paying a ransom to a criminal group This guidance is general in nature & does not override specific laws & regulations that may apply. The ultimate decision whether to pay the ransom is with the victim Being prepared for any incident is key & will help lessen the impact if one happens The NCSC offers comprehensive guidance, including how to develop an incident management capability & prevent ransomware in the first place
For the full article, follow the link.
The National Cyber Security Centre has released new guidance for organisations experiencing ransomware attacks and their support partners. It aims to minimise the impact of these incidents by reducing business disruption, ransom payments, and the size of ransoms paid. The guidance puts an emphasis on understanding the implications of paying a ransom and readiness to handle incidents effectively
Read the full article here with links to guidance, templates and support:
Announcement: New guidance from the National Cyber Security Centre on data breaches - Digital
Hub
Care
West Sussex Care Acolades 2024.
Congratulations to all the winners and nominees!
We would like to congratulate all the worthy winners at this year’s West Sussex Care Acolades.
The evening was a gathering of both care providers and sponsors, to celebrate the achievements of the past and ecognise inspirational work It ti t th k K St f
p , West Sussex County Council Lead Profession Quality Assurance & Market Support.
p
FREE EVENTS
Proxy Medication Ordering: A Bite-Sized Workshop
Tuesday 4th June: 11.00 - 11.30am
Powerpoint - Intermediate Level
Wednesday 5th June: 10.30 - 11.30am
Republish your DSPT in your lunch hour
Thursday 6th June: 12.30 - 1.30pm
Outlook Optimised: Mastering Communication for Care Excellence
Wednesday 12th June: 10.30 - 11.30am
Republish your DSPT in your lunch hour
Thursday 13th June: 12.30 - 1.30pm
An Introduction into using Chatbot Artificial Intelligence
Tuesday 18th June: 10.30 - 11.30am
Republish your DSPT in your lunch hour
Tuesday 18th June: 12.30 - 1.30pm
Single Assessment Framework - CQC Changes to Inspection Systems
Thursday 20th June: 10.30 - 11.30am
Republish your DSPT in your lunch hour
Tuesday 25th June: 12.30 - 1.30pm
Cyber Security in your care settingWednesday 26th June: 2 30 3 30pm
HOW SCAMSCEPTIBLE ARE YOU TODAY?
When it comes to being more susceptible to scams and fraud, things like tiredness, stress, and even time of day can play a huge role!
Criminals will take advantage of these emotions or external stressors in an attempt to steal your personal or financial information.
That’s why we’ve created a quiz so you can test how susceptible you are on any day, at any time, to a scam.
How ScamSceptible are you today? | Take Five to Stop Fraud (takefive-stopfraud.org.uk)
Join our Sussex Digital In-Reach Team Facebook group for discussions, training and up to date information designed for Sussex Care staff.
Nada Wakeford nada@westsussexpartnersincare.org
Brian Roberts brian@sussexdigitalteam.co.uk
Sarah McNally sarah@sussexdigitalteam.co.uk
Claire Badzek claire@sussexdigitalteam.co.uk
Natasha Fowler natasha@sussexdigitalteam.co.uk
Georgie Ind georgie@sussexdigitalteam.co.uk
Sam Harper sam@harperdigitalskills.co.uk
Or phone us on 07860 630063 www.sussexdigitalteam.co.uk
Join
Our Facebook