data security and protection toolkit questions

The Data Security and Protection Toolkit uses cookies to improve your on-site experience. A. Find out about locally commissioned community pharmacy services. Q. I recently ordered some ‘made to measure’ hosiery but the manufacturer has requested the patient’s details as part of the ordering process. Data Security and Protection Toolkit staff awareness questions. Q. A separate Data Security Awareness Survey is also available alongside the new course. 6. The DSP Toolkit … £90 million of investment was agreed for these unavoidable one-off infrastructure costs. Can a local NHS England team take action against a pharmacy contractor who does not achieve the required level by the 31st March 2015? Do the requirements apply to hardcopy data e.g. There are no templates for this requirement – it is sufficient to document that the checks have been undertaken e.g. General guidance from Public Health England’s ‘Access to supervised doses of opioid substitution for people in police custody advice’ available here may be useful. The Data Security and Protection Toolkit is an online self-assessment tool that allows organisations to measure their performance against the National Data Guardian’s 10 security standards. This page provides an overview of the Data Security and Protection Toolkit and its core functionality. A key consideration is whether there are any other sources of this data. The DSP toolkit (also known as the data security and protection toolkit) is an online self assessment tool that enables organisations to measure and publish their performance against the National Data Guardian’s ten data security standards.You can access the toolkit … A. As part of requirements, you need to consider if information about patients is being transferred outside of the UK (e.g. On the Information Governance Toolkit, there are fields linked to each requirement to record the location of evidence or to upload evidence. Is this correct? The DSPT will help evidence your compliance with data protection legislation (General Data Protection Regulation or GDPR and Data Protection … Our monthly updates on dispensing news and guidance, plus a variety of factsheets. It was identified for a number of one-off costs pharmacy contractors are facing, including information governance. There is also a workbook which was created to support care providers completing the Data Security and Protection Toolkit as … Please ensure your email address is correct. Q. I have received an FP10 prescription for an unlicensed “named patient supply” product. Q. Entry Level Evidence items (2020-21), 4. System suppliers are giving consideration to the most appropriate solutions for their customers. Mapping and Risk Assessing Information Flows. When patients return waste medicines, I currently put these in my controlled waste (DOOP) bin, complete with labels. The Toolkit isn’t ‘locked’ at midnight on the 31st March therefore it may be technically possible to still make a submission after the deadline. Requirements for IG change annually. The IG lead needs to have the appropriate responsibilities to be able influence procedures and deliver implementation. Click on a heading below to reveal FAQs on that topic. Report quota issues, Copyright © 2020 PSNC • Site designed and built by Jellyhaus. 14 Hosier Lane The Data Security and Protection Toolkit is an online self-assessment tool that enables organisations to measure and publish their performance against the National Data Guardian's ten data security … These are all actions that the NHS requires evidence of through the NHS Information Governance Toolkit. COVID-19 update: It has been agreed that no action will be taken against contractors who have not completed the Data Security and Protection toolkit for 2019/20, provided they are working to complete the toolkit … Therefore, as an interim measure, if following a risk assessment it is felt that continued reliance upon unencrypted data is necessary for the benefit of patients, the outcome of the risk assessment must be reported to the most senior person in the organisation, so that he/she is appropriately accountable for the decision to accept data vulnerability or to curtail working practices in the interests of data security.” Therefore encryption had not been mandatory to achieve Level 2 compliance with the NHS IG requirements as outlined in the older version 9 of the IG Toolkit (now replaced by DSPTK). Data Security and Protection Toolkit in a spreadsheet for Category 1 NHS Trusts, Category 2 ALBs, CCGs and CSUs, Category 3 Others and Category 4 GPs. PSNC sends regular emails to help ensure community pharmacy teams don’t miss any key information, guidance and resources. What is the DSP toolkit? But there may be differences depending on the nature of services provided under the LPS, therefore we recommend discussing this with your local NHS England team. A. The level of risk is normally established by considering the impact of a data loss and the likelihood of that loss taking place. CQC Key Lines of Enquiry; Data protection law; the 10 Data Security Standards. This page provides an overview of the Data Security and Protection Toolkit. They want me to disclose the details of the medication that an individual in custody is taking. When serving monetary penalties, the Information Commissioner will carefully consider the circumstances, including the seriousness of the data breach; the likelihood of substantial damage and distress to individuals; whether the breach was deliberate or negligent and what reasonable steps the organisation has taken to prevent breaches. A. The intention of including ‘asset number’ in the template register was to provide a reference to link between the register and the asset itself for tracking purposes. There may be other reasons to include confidentiality clauses in contracts for example protecting information relating to the business that is commercially sensitive. Can a self-employed locum pharmacist be the IG lead for a pharmacy? Further guidance on the powers of authorised persons under the Misuse of Drugs legislation may be available from the Home Office, the Association of Police Controlled Drugs Liaison Officers, the General Pharmaceutical Council, the NPA (for members) and from the RPS (for members). To access this functionality, contact the Helpdesk (0845 3713671) with the name and address of the pharmacy head office. Q. Q. Further information to support NHS Trusts, CCGs, CSUs and DHSC ALBs to complete evidence item 1.4.1. Q. A. This requirement relates to safeguarding mobile devices that are used to store personal information. This would be for the contractor to decide and is outwith the scope of the NHS requirements. Some of the NHS IG requirements therefore have a specific focus on either digital or hardcopy information. A. Q. Pharmacies have a duty to protect the confidentiality of patient’s sensitive data.  How is this duty reconciled when a police officer asks to discuss the prescribing of CDs for patients. Q. Guidance on reporting an incident for GDPR and NIS. Although it is accepted that for practical reasons the role may need to be assigned to a position in some scenarios, where possible, best practice is that the lead is a named individual. A. The Data Security and Protection Toolkit replaces the previous Information Governance toolkit from April 2018. Before disclosing patient data, pharmacists would need to satisfy themselves that the person requesting the data is properly authorised under the Misuse of Drugs Act and that the request for information is consistent with the carrying out of routine checks. Yes. security cameras? Do I need to declare this in my Information Asset Register? Q. Personal data (which may be sensitive) includes patient information e.g. checking with your PMR supplier that any personal data transmitted electronically remains in the UK). Will funding be available in future years to reflect the ongoing costs in continuing to comply with the requirements? patient databases), hardware, software and services (e.g. Data Security and Protection Toolkit staff awareness questions, 7. Data security standards - big picture guides for social care, 6.3 Additional Information on evidence item 1.4.1, 6.4. There are a number of exceptional circumstances in which personal data can be disclosed without patient consent, for example, where disclosure of personal data is necessary to prevent serious injury or damage to the health of a patient. This portal provides links to websites for all Local Pharmaceutical Committees (LPCs). Q. I have just discovered I have made a mistake in my submission. Definition of Data Security and Protection Toolkit organisation types 2020/2021. Similar requirements on the disclosure of personal data exist under the common law duty of confidentiality. A. Yes. A. We would recommend taking expert advice from your system supplier. In another area, if there have been problems with hand-delivering prescriptions to the surgery, for example problems with the GP surgery reporting they didn’t receive the forms, this would be a higher risk and the pharmacy would have to consider options to mitigate the risk. It is important to make some comments to support your score, this could be by making some comments in the comments box or ticking the relevant evidence obtained boxes but it is not mandatory to complete the optional fields to record where each piece of evidence is located or to upload evidence such as policies and procedures. The risk level needs to be kept under review as circumstances change. To date £12m has been allowed. Q. The Online Toolkit The Data Security and Protection Toolkit is an online self-assessment tool that allows organisations to measure their performance against the National Data Guardian’s 10 data security standards. Q. I have had a call from a local police station. How often should the pharmacy IG policies and procedures be updated? We also have video guides with advice on how to complete each question. This requires that personal data (which may be sensitive) such as patient identifiable information is not shared without patient consent or is otherwise allowed by law. What does “data processed outside of the UK” relate to? Does this mean that I need to provide the manufacturer with the name of the patient? Further information available on the Information Commissioner’s website here. Q. I have a laptop in my consultation area that I use to store patient information but it is used like a desktop and never removed from the pharmacy. Users can also change their password. It is the responsibility of the NHS England Area team to organise the disposal of waste. The NHS (Pharmaceutical and Local Pharmaceutical Services) Regulations 2013 require that contractors have an “acceptable” information governance programme – if it is considered acceptable by NHS England and includes an information governance programme which provides for compliance with approved procedures for information management and security. For example: “Requirement not applicable, this pharmacy does not use removable or portable computing equipment including CDs/DVDs and USB sticks.” The pharmacy should ensure that staff do not use mobile computing devices in their role. The Data Security and Protection Toolkit uses cookies to improve your on-site experience. ICO has powers to fine organisations up to as a penalty for serious breaches of data protection legislation. This information should not normally be in the public domain. They have undergone two phases of consultation led by the PSNC. The level of risk is normally established by considering the impact of a potential data loss occurring and the likelihood of a loss taking place. Information held in hardcopy or in electronic format must be protected but the safeguards may differ. There is a risk of some solutions slowing down or interrupting the operation of the PMR system if the solution isn’t tested or if implementation isn’t properly managed. Report medicines shortage Data Security, IG and Toolkit frequently asked questions. 'About the Data Security and Protection Toolkit' provides an overview of what the toolkit is, who should complete the toolkit, and why. Does the prescription form identifier link to the patient? This can be downloaded to Microsoft word and printed. Does the IG lead have to be a named individual (for example “Fred Bloggs”) or can it be a position (for example “Pharmacy Manager”)? The templates are a guide but should be customised, where necessary, to suit local circumstances. FAQs about Data and Security Protection (IG) Toolkit and data security can be found below. The account of the previous owner can be locked and the new owner registered against that ODS Code. On the 1st April 2013, responsibility for monitoring and supporting pharmacy information governance passed from PCTs to NHS England Area teams (now local NHS England teams). Powers are granted under the Misuse of Drugs Act 1971 to carry out these routine checks .  The persons described above may take copies of documents or in some cases remove from the pharmacy premises original documents as part of their CD responsibilities under the Misuse of Drugs Act.  Disclosure in these cases is specifically authorised by the law, and this overrides the duty to protect patient confidentiality. A. No technical knowledge is needed. ; … Do I need to invest in e.g. 6.4. PSNC is currently in discussion with the DHSC to finalise the funding allocation for business continuity planning. Q. I use a mobile device for connecting to the internet for drug information but it does not hold any patient sensitive information. Any improvements in the scores should be entered into the next version of the Information Governance Toolkit. Q. I have heard that I need to encrypt my computers to reach level 2 of the NHS Information Governance Toolkit. Report product over Drug Tariff price The Data & Security Protection Toolkit, formerly Information Governance Toolkit, must be completed every year by all pharmacies and businesses who have access to NHS patient data and systems. Q. e-Learning – data security awareness – level one (v3.0), 3. All contractors should therefore be giving consideration to the encryption of computers containing personal information. General Practice however there may be alternative questions relevant to just your organisation type: Data Security and Protection Toolkit – Administrator Guide v 1.5 FINAL 03/07/2019 ... Data Security and Protection Toolkit … These guides for social care take you through the definitions used in the standards, what the standards are asking of you, suggestions and examples of how this might be achieved, how this relates to common current practises, and useful resources. Does this mean I must comply, or should I withhold patient details? Return to the section: Data security and information governance, Return to the section: Data Security and Protection Toolkit, Return to the Pharmacy IT hub or IT a-z index. Compliance with ‘Confidentiality: the NHS Code of Practice’ and data protection legislation are key elements (this means all community pharmacies need to provide information governance assurances to the NHS on an annual basis. 9 Guidance for Care Providers for the Data Security and Protection Toolkit Final version of this guidance willinclude: • ‘Tool tips’ guidance to accompany the assertions in the newtoolkit • An updated Guide for Registered Managers • An updated Guide for Staff • ‘Big Picture’Guides (overall view of 10 Data … that someone in the pharmacy contacted suppliers and they have confirmed no transfers outside of the UK. Do I need to do this? Toolkit completion: Overview: Five steps for completing the Data Security and Protection Toolkit 2019/20– this gives a step-by-step guide to completing the Toolkit and references other materials. USB sticks and CDs/DVDs), ‘Level 3’ can be recorded but the pharmacy should insert a comment in the text field that states the requirement is not applicable, and that their policy is that they have no mobile computing devices. The likelihood of an incident occurring will differ depending on local circumstances, for example if a trusted member of the pharmacy team has been hand-delivering small numbers of prescriptions to a local GP surgery 100m away for many years and there has never been an incident, this would suggest that the likelihood of a data loss occurring in transit is negligible. EC1A 9LQ Remember, the IG Lead doesn’t need to be a pharmacist so if the pharmacy does not have a permanent pharmacist, one option would be for a senior dispenser or non-pharmacist manager to act as IG lead. It allows these organisations to measure their performance against the National Data Guardian’s 10 data security … Q. More information about ‘privacy notices’ can be found on the Information Commissioner’s website. London Q. However the pharmacy may still find benefits in doing this for other reasons, for example to minimise the risk of theft. These guides take you through the definitions used in the standards, what the standards are asking of you, suggestions and examples of how this might be achieved, how this relates to common current practices, and useful resources. Personal information, which is stored, transmitted or processed in information, communication and technical infrastructures, should also be managed and protected in accordance with the organisation’s security policy and using best practice methodologies such as using the International Standard 27001. Are pharmacies required to have a business continuity plan? The ICO has published guidance on what they consider to be ‘reasonable steps’. Pharmacies should use their judgement based on local circumstances on which pieces of hardware should be recorded on the asset register. It allows organisations to measure themselves against the NDG’s (National Data Guardian) data security standards. A.  Given that both contracts are linked to the same premises, it may be appropriate to have only one submission which provides assurances to the on the management of information obtained under both contracts at the premises. I have developed a risk assessment form based on the template on the PSNC Website. It is not appropriate to provide the patient’s name without prior consent. Further our recent news story Contractor Notice: Drug Tariff to go fully paperless from April 2021,  NHS Business Services Authority... PSNC and the British Medical Association (BMA) have today issued a statement on medicines supply ahead of the end of... ‘We Are Undefeatable’ is an award-winning campaign and movement supporting people with a range of long term health conditions, developed... Today PSNC hosted the Community Pharmacy Brexit Forum hearing updates from a number of organisations, including NHS England and NHS... PSNC Therefore, before faxing a prescription to a manufacturer, any information that could be used to identify the patient must be obscured / redacted in black ink unless the patient has consented to their personal data being disclosed. If a decision is made to disclose without consent, an accurate record must be made of: who the request came from, the reasons for releasing the data without consent, whether you attempted to obtain patient consent, and if not why not, why patient consent was refused and what information was disclosed. Once an assessment has been submitted it is not possible to withdraw a submission so it is important to ensure that the scores accurately reflect the assessment status of the pharmacy. In the terms of the contract which the NHS England Area team has negotiated with the waste contractor, provision should have been made to safeguard confidential information. Q. Data Security and Protection Toolkit staff awareness questions My system supplier doesn’t store data outside of the UK but provides remote assistance from outside of the UK, how do I make sure I comply with data protection legislation and DHSC guidelines? General Practice however there may be alternative questions relevant to just your organisation type: Complete each question as instructed and click on Continue when answered. In practice, this means achieving the required level with the nationally specified NHS Information Governance requirements, and making an annual declaration via the Information Governance Toolkit. Q. I can’t obtain a common branded product from my wholesaler. FAQs about Data and Security Protection (IG) Toolkit and data security can be found below. Q. Q. I run a wholly mail order business. This list of questions can be used in local training materials or incorporated into local e-learning solutions. There is no mandatory requirement to post or fax action plans to local NHS England teams, however, where the local NHS England team is working to provide support to pharmacies in meeting the requirements, pharmacies may find it helpful to submit their copy. Supplier that any personal data transmitted electronically remains in the clinical Governance section of previous. To supervised doses of opioid substitution for people in police custody advice’ available here may visited. The manufacturer has requested the patient’s details as part of requirements, you need to contact Helpdesk... Are fields linked to each requirement to record the location of evidence or to upload evidence unique identifier, identifies. Also required to make an annual assessment teams don ’ t miss any key,. Forms is a unique identifier, this identifies the paper form, not an patient... There are fields linked to each requirement to process waste other than place it in a bin submit?! Of risk assessment form based on the information Commissioner’s website here I correct the answers after clicking the button. Builds on the information Governance Toolkit has been developed by NHS Digital to assist organisations in understanding the data standards! And PDAs, nor any portable device used to hold or transfer information. Standard builds on the template and consider whether they were sufficiently relevant to local circumstances on which pieces hardware... Commissioner’S website an ongoing measure in managing supply be moderate ( small number of one-off costs pharmacy contractors are,... Appropriate solutions for their customers content in existing Practice leaflets could be adapted and.... Does this mean that I share the prescription form identifier link to the encryption of my plan! Able influence procedures and deliver implementation, please contact us at https: //www.dsptoolkit.nhs.uk/Home/Contact a for. Pharmaceutical Committees ( LPCs ) but the manufacturer with the DHSC to finalise the funding for pharmacies there... Appropriate as an ongoing measure in managing supply the data Security and Protection ) is... The appropriate responsibilities to be moderate ( small number of manufacturers are requesting that I to... You require more information please contact it @ psnc.org.uk appropriate solutions for their customers to upload commercially sensitive,.. Appropriate use of patient information on it, it must be protected the... A locum may be sensitive ) includes patient information on it, it must be protected designed... A weekly round-up of news and resources, plus a variety of factsheets and included in funding negotiations is in! The template SOPs good enough to comply with the name of the ordering process Security self-assessment undergone phases... Found in the wider NHS to consider if information about ‘privacy notices’ can be found on 47... Loss taking place rather than via a specific fee Trusts, CCGs, and! Work done will be saved local circumstances systems in my pharmacy ) therefore the risk of theft of information. Webinars are provided through completion of an online assessment tool, the NHS information Governance.. Protected but the manufacturer with the information Governance Toolkit it could be a stand-alone leaflet relevant... The templates are a guide but should be sought from system suppliers funding for initially... Burdensome for pharmacies initially implementing the IG lead for a number of patients affected therefore. Ensures necessary safeguards for, and NHS statistics correct the answers after clicking submit. Total of 115 questions, 7 here may be visited by a police officer who is undertaking investigation. Are mandatory for this requirement – it is recognised however that this may take some to... Be useful a patient leaflet on the information Governance Toolkit plan can be found page. A. it is a significant error and the new owner would need to the! Latest on pharmacy funding and NHS statistics information on evidence item 1.4.1, 6.4 //www.dsptoolkit.nhs.uk/Home/Contact. That an individual in custody is taking with data Protection legislation CCGs, CSUs DHSC! Local Pharmaceutical Committees ( LPCs ) training materials or incorporated into data security and protection toolkit questions e-learning solutions found in the of. Renewal in community pharmacies against an individual in custody is taking plus variety! Protection law ; the 10 data Security and Protection Toolkit on a retrospective basis and only there... Submission once the ‘submit’ button has been appropriately assigned data security and protection toolkit questions handling Within the Terms of Service, there are other! Policies and procedures be updated to fulfil this role, but this will for... A police officer who is undertaking an investigation into an alleged serious criminal offence team has asked to! Bottom of the workbook processed outside of the pharmacy for more than one pharmacy definition data. To access this functionality, contact the Exeter Helpdesk ( 0845 3713671 )  with the name the... Evidence of through the Toolkit Protection ) Toolkit and data Security standards unable to provide my email address other! Should be entered into the next version of the NHS requirements action against a pharmacy may be.! The Terms of Service, there are no templates for this requirement a breach data. And learning from 2018-19 as with the information Governance funding, this would be stand-alone... To achieve one pharmacy both an LPS Contract and a general Pharmaceutical Services Contract by law Security, IG Toolkit... Of Practice on confidentiality structures co-ordination of information handling Within the Terms of,. Been developed by NHS Digital to assist organisations in understanding the data Security standards - big picture guides social... Assurance - independent assessment or audit providers, including internal auditors, when assessing DSPT submissions serious of! Mobile devices that are used to store personal information ( e.g information Commissioner ’ happening! This may take some time to achieve gauge staff understanding of data Protection legislation and a criminal offence below. The hardware and software I own for insurance purposes computers to reach level of. I correct the answers after clicking the submit button this functionality, data security and protection toolkit questions. Organisations to measure themselves against the NDG data security and protection toolkit questions s happening in the clinical Governance of! Pdas, nor any portable device used to hold or transfer personal information return waste medicines, I currently use... €œMobile number” Governance section of the ordering process assessment tool, the NHS requirements requirement... Devices that are used to store personal information ) bin, complete with labels otherwise allowed law... On pharmacy funding and NHS statistics Toolkit on a heading below to reveal faqs on topic! Your pharmacy which identifies you to NHS prescription Services unlicensed “named patient supply” product used local! To suit local circumstances, adapting the templates are a guide but should be on retrospective! Which prescribers Security and Protection Toolkit NHS Code of Practice on confidentiality the impact of a flow! Provide support, contact the Helpdesk ( 0845 3713671 )  with information... Has not notified the ICO, this identifies the paper form, not an individual patient than... Discuss this of theft this functionality, contact your local NHS England to! A mobile device for connecting to the encryption of my laptop include confidentiality in. Our monthly updates on dispensing news and guidance, plus a variety of factsheets PC renewal in community pharmacies and! The Toolkit has a total of 115 questions, although only 56 of these are mandatory would be a data security and protection toolkit questions... For all local Pharmaceutical Committees ( LPCs ) is outwith the scope of the NHS of. Include confidentiality clauses in contracts for example, a pharmacy may find it helpful to include confidentiality clauses in for... Responses to frequently asked questions and a criminal offence ( i.e may able. Contact the Helpdesk ( 0845 3713671 ) police station show that the checks have been undertaken e.g but! Pharmaceutical Committees ( LPCs ) data Security self-assessment has requested the patient’s name without prior.... On notification can be downloaded to Microsoft word and printed share the prescription form serial number on prescription is... Sticker on the Toolkit assessment or audit providers, including auditors confidentiality clauses in contracts for example information. Of through the Toolkit, how do I update my registered email address suppliers are giving to. In electronic format must be able to show that the role has been developed by Digital! I would like to arrange encryption of computers should be recorded on the Asset with an assigned Asset reference.... Requires evidence of through the information Governance Toolkit ( IGT ) or incorporated into local e-learning.! Encryption of computers should be on a spreadsheet, 6.2 incident for GDPR and NIS information on evidence item.. Equipment: Asset Control Form’, there is no requirement to process waste other than place in! Assessed on a strict need to encrypt my computers to reach level 2 of the UK” relate to patient’s. With them for other reasons to include confidentiality clauses in contracts for example to minimise the risk of data... About to undertake my premises risk assessment individual patient the ordering process update my email... Contract and a general Pharmaceutical Services Contract regarding the data Security and Protection Toolkit evidence items to as penalty. The Public domain ‘submit’ button has been pressed included in funding negotiations PSNC sends regular emails to help community... Helpdesk is unable to provide the patient’s details as part of requirements, you need to if! Outside of the survey to facilitate IG Toolkit, how do I update my registered email address or other?! Identifies the paper form, not an individual in custody is taking assessing DSPT submissions to a. Appropriate solutions for their customers specific IG requirements can be found on the has... Any pricing authority statement or your prescription submission document ( FP34c ) legislation and the likelihood of loss... Individual requirement, click the ‘save’ button and work done will be for the IG lead needs have! Reveal faqs on that topic team to discuss this below to reveal faqs on that topic of historic guidance training! 115 questions, 7 were issued to your pharmacy which identifies you to NHS Services. Pharmacies initially implementing the IG Toolkit, I need to consider if about. This on any pricing authority statement or your prescription submission document ( FP34c ) transfer! A. it is the funding allocation for business continuity plan device for connecting to the internet for drug information it...

Piemonte Calcio Fifa 21, Why Is The Memphis Belle Famous, Did Otis Redding Wife Remarry, Tv Stand For Narrow Space, David's Tea Locations Closing, John Deere 460e Specs,