If your organisation accesses or processes NHS patient information, you must provide assurances to the NHS that you are practicing good information governance.
This assurance is undertaken by submitting an annual Data Security and Protection Toolkit (DSPT).
What is DSPT?
The DSPT is an online tool that enables relevant organisations to measure their performance against the data security and information governance requirements mandated by the Department of Health and Social Care (DHSC), notably the 10 data security standards set out by the National Data Guardian in the 2016 Review of data security, consent and opt-outs.
Who needs to complete a DSPT?
All organisations that have access to NHS patient data and systems must use this Toolkit to provide assurance that they are practising good data security and that personal information is handled correctly. Such organisations are required to carry out self-assessments of their compliance against the assertions and evidence contained within the DSP Toolkit.
How can Gemserv help you?
We are experts in completing DSPTs and have built a reputation for helping organisations meet these standards due to our experience of working with hospitals and the supply chain due to our knowledge and experience of cyber security and data protection.
Our holistic approach to the DSPT means that you will receive a critical insight into how your policies, procedures and processes operate in practice. In particular, as the DSPT will be changing to demonstrate compliance with the Cyber Assurance Framework (CAF) by 2024/25 our experience and skills will prepare your organisation for what needs to be achieved to demonstrate compliance to meet your regulatory requirements.
We offer a number of services
DSPT compliance support service
Bespoke consultancy service that delivers a detailed review of your organisation’s data protection and cyber security posture, including recommended corrective actions for achieving full compliance with the DSPT standards.
DSPT compliance support service
We will assist you in checking the requirements and reviewing the documentation and evidence you present. We will advise you of any recommendations and changes to be made for the submission.
Independent Assurance and Audit Service
We follow the DSPT independent assessment/guidance mandated framework that includes a risk rating against each of the 10 data security standards, an overall risk rating and an overall confidence rating.
Include implementation and remediation support to comply with relevant requirements.
DSPT for Moorfields NHS Foundation Trust Case Study
Our data privacy experts helped Moorfields Eye Hospital achieve compliance.
If you would like to know more about our work, or would like to speak with one of our experts, please complete our contact us form.
Manage Cookie Consent
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.