A new online self-assessment tool that enables organisations to measure their data security against national standards has been launched.
The Data Security and Protection Toolkit, which replaces the previous Information Governance toolkit, has been designed to ensure that patient data is secure.
All organisations that have access to NHS patient data and systems, including NHS trusts, primary care and social care providers and commercial third parties, must complete the toolkit to provide assurance that they are practising good data security and that personal information is handled correctly.
Their performance is measured against the National Data Guardian’s ten data security standards.
Dan Taylor, programme director for the data security centre at NHS Digital, said: “The Data Security and Protection Toolkit is a powerful tool which health and care organisations will use to assess their cyber preparedness.
“This launch marks the start of a journey, with the Toolkit forming a foundation for long-term improvements in patient data security.
“The Toolkit is part of a number of new initiatives to build public trust in the way we secure their data.”
The toolkit has been designed to be easier to use with a simpler format.
Organisations that provide health services or connect to national systems will be required to complete self-assessments annually.
The launch of the toolkit was prompted by the WannaCry ransomware attack in May 2017.
Following the attack, NHS England’s chief information officer, Will Smart, recommended a tool for assessing organisations’ cyber-defences was made available by April 2018.
23 May 2018 @ 17:35
This is lame.
There is an international standard for Data Security – ISO 27001.
Although this is mentioned in the document, this should be the default.
NHS organisations should be externally audited against a meaningful standard, and not a bunch of wishy washy aspirations.
Either security and IG matters, in which case do it properly, or do not bother doing it at all.