NHS DSPT

The NHS Data Security and Security Toolkit (DSPT) is an online self-assessment tool that is provided by NHS England. It helps businesses that access NHS data or systems ensure that they are handling personal and sensitive information securely, and in line with UK data protection laws, such as the Data Protection Act (2018) and GDPR.

DSPT is mandatory for organisations that have access to NHS patient data or NHS systems like NHSmail, such as trusts, general practices, care homes, charities, and even private sector suppliers that work with or alongside the NHS.

The DSPT exists to ensure that all organisations involved in the delivery of health and social care are aware of their responsibilities around information security, data protection, and patient confidentiality. By completing the toolkit, businesses can assess their compliance with the national data security standards and take actions where necessary to improve. The DSPT is one of the key methods used by the NHS to ensure that the personal and medical data of patients is treated with care and attention.

Each year, business that are required to follow the DSPT log into a portal and complete a self-assessment. This involves answering a series of questions that cover areas such as staff training, access controls, data sharing policies, cybersecurity measures, and how incidents would be managed if they were to happen. Businesses are also asked to provide evidence of your compliance, such as written policies, records of staff training, or logs showing that data backups are performed on a regular basis.

Once complete, the assessment is submitted and published to demonstrate compliance with the regulation. The number of questions and depth of evidence required will also depend on the size of the business.