Data security and protection in healthcare

The deadline for the NHS Data Security and Protection Toolkit may not be until June 2023, but with support funding anticipated to be released in late 2022, now is the perfect time for healthcare organisations to prepare. Find out everything you need to know.

Following many high-profile cyber security breaches and business continuity disruptions within the healthcare industry, NHS organisations must now assess and report their security levels via the NHS Data Security and Protection Toolkit (DSPT). The aim of the toolkit is to prevent events, which lead to Trusts becoming un-operational, costing valuable time and money.

The deadline for the Data Security and Protection Toolkit is 30th June 2023, with a baseline publication required from NHS Trusts, ALBs, CSUs and ICBs by 28th February 2023. However, some organisations are already experiencing challenges passing the assessment and there are concerns that without the right support they won’t be ready by the June deadline.

What challenges are healthcare organisations facing in passing the DSPT assessment?

The main challenge NHS trusts and organisations are facing is an IT security skills shortage. Finding and retaining specialists that can look after security comprehensively is costly and time consuming, and often trained employees will leave for higher salaries elsewhere.

Because of this, the NHS has become reliant on point products, and the limited digital skills organisations do have to deal with sophisticated, ever evolving cyber attacks are stretched.

What is the NHS Data Security and Protection Toolkit?

The Data Security and Protection Toolkit is an online self-assessment tool that ensures that every healthcare organisation has a framework in place to support lawfulness, fairness, and transparency through several policy and digital measures. All organisations with access to NHS patient data and systems must use it to measure their performance against the National Data Guardian’s 10 data security standards, safeguarding good data security practice and personal information.

Covering four categories over 34 areas, it positions standards and policies within Cyber Essentials Plus, ISO27001, and PSN IA.

How do healthcare organisations meet the requirements of the Data Security and Protection Toolkit?

Working with a trusted partner to create a GAP analysis, deploy technology that supports policy process, governance, risk and compliance, and implement and manage a robust security strategy supports you to meet the requirements of the DSPT.

Our NHS full circle service enables NHS Trusts and healthcare organisations to meet their goals.

Microsoft Windows Defender

NHS Trusts are now mandated to use Microsoft Windows Defender, which provides extremely valuable data and gives an accurate picture of your organisation’s security posture.

This data alongside the right tools allows us to benchmark the output and gain insight into how your organisation compares with the national standard. We can also identify any potential challenges and highlight what we need to do to remediate any shortfalls.

Analysis and management

With limited resources and time, often a Trust’s approach will be disconnected making the process more challenging and leading to an inaccurate output of your security posture. However, working together with us on an initial GAP analysis and then remediation is your key to success. We also support with the ongoing management of care certificates.


Get support with your Data Security and Protection Toolkit today 

Arrange a call with our specialists now

Ben Lopez
Ben Lopez

Ben has been working in public sector IT for nearly 20 years, building out teams to help invigorate change through digital transformation. He has a genuine and unwavering goal to enhance patient care for the benefit of generations to come.

See all posts by Ben Lopez