data security and protection toolkit questions

What does âdata processed outside of the UKâ relate to? A detailed briefing on the legal and ethical provisions that limit or prohibit the use of personal information can be found in theÂ NHS Information Governance: Pharmacy Contractor workbook. If the device has patient information on it, it must be protected. Do the requirements apply to hardcopy data e.g. Two identical pharmacies holding the same information, computers and stock may have quite different physical security needs if one is located in an area of high crime and the other in a low crime area. FAQs about Data and Security Protection (IG) Toolkit and data security can be found below. Alternatively if it is a significant error and the Helpdesk is unable to provide support, contact your local NHS England team. should not normally be disclosed without patient consent or otherwise allowed by law. Do I need to do this? Information Governance ensures necessary safeguards for, and appropriate use of, patient and personal information. One method of risk assessment is detailed in Appendix 7 of the workbook. Are the template SOPs good enough to comply with the NHS Requirements? These guides for social care take you through the definitions used in the standards, what the standards are asking of you, suggestions and examples of how this might be achieved, how this relates to common current practises, and useful resources. A.Â Within the Terms of Service, there is no requirement to process waste other than place it in a bin. Data Security and Protection Toolkit staff awareness questions. Q. For example: “Requirement not applicable, this pharmacy does not use removable or portable computing equipment including CDs/DVDs and USB sticks.” The pharmacy should ensure that staff do not use mobile computing devices in their role. Therefore, as an interim measure, if following a risk assessment it is felt that continued reliance upon unencrypted data is necessary for the benefit of patients, the outcome of the risk assessment must be reported to the most senior person in the organisation, so that he/she is appropriately accountable for the decision to accept data vulnerability or to curtail working practices in the interests of data security.â Therefore encryption had not been mandatory to achieve Level 2 compliance with the NHS IG requirements as outlined in the older versionÂ 9 of the IG Toolkit (now replaced by DSPTK). Q. I currently maintain a comprehensive list of the hardware and software I own for insurance purposes. All contractors should therefore be giving consideration to the encryption of computers containing personal information. Toolkit completion: Overview: Five steps for completing the Data Security and Protection Toolkit 2019/20– this gives a step-by-step guide to completing the Toolkit and references other materials. Guidance for DSPT independent assessment or audit providers, including auditors. The other instances that arise where police officers may visit the pharmacy is to collect CDs on behalf of patients who are held in police custody. The templates are a guide but should be customised, where necessary, to suit local circumstances. Historic Data Security and Protection Toolkit guidance and training, 7.1 Guidance carried over from the IG Toolkit, 9.1 e-Learning – data security awareness – frequently asked questions. Q. I use a mobile device for connecting to the internet for drug information but it does not hold any patient sensitive information. Q. A.Â Yes. On the Information Governance Toolkit, there are fields linked to each requirement to record the location of evidence or to upload evidence. ... Data Security and Protection Toolkit … A.Â Pharmacies are required to make an annual assessment. A.Â If the pharmacy does not use any mobile computing devices i.e. The Data Security and Protection Toolkit replaces the previous Information Governance toolkit from April 2018. London Q. If overseas processing is found to be happening, you need to follow the detailed guidance on overseas transfers and data protection legislation on pages 22-23 and 48 of the workbook. Do I need to take the actions? Although it is accepted that for practical reasons the role may need to be assigned to a position in some scenarios,Â where possible, best practiceÂ isÂ that the lead is a named individual. The NHS requirements relate only to protecting patient identifiable information therefore Requirement 116 relates only to the contracts of contractors who have access to patient identifiable information, for example PMR suppliers. Some of the NHS IG requirements therefore have a specific focus on either digital or hardcopy information. •Changes have been … The 'Data Security Meta Standards' document gives the bigger picture of where the standards fit in. A data breach may trigger the need to review procedures during the year, for example to ensure they take into consideration lessons learned to prevent future breaches. There are a number of different commercial options available to protect stored information on mobile and static devices and in transmission, such as across the internet.â. 'Key roles and the DPO' provides a guide for social care providers to the organisational roles involved in completing the Data Security and Protection Toolkit. General Practice however there may be alternative questions relevant to just your organisation type: Data Security and Protection Toolkit – Administrator Guide v 1.5 FINAL 03/07/2019 ... Data Security and Protection Toolkit … Q. Q. A.Â Yes, in 2015 the requirement came in which meant that pharmacies are no longer exempt from having a business continuity plan in place. My system supplier doesnât store data outside of the UK but provides remote assistance from outside of the UK, how do I make sure I comply with data protection legislation and DHSC guidelines? It is important to make some comments to support your score, this could be by making some comments in the comments box or ticking the relevant evidence obtained boxes but it is not mandatory to complete the optional fields to record where each piece of evidence is located or to upload evidence such as policies and procedures. This webpage or you require more information please contact it @ psnc.org.uk deadline, we would recommend contacting local. Of Service, there are any other sources of this data the use of patient information on evidence item.. For, and appropriate use of patient information e.g out what ’ s in. Is sufficient to document that the checks have been undertaken e.g are required to “! There are no laptops and PDAs, nor any portable device used to or. Toolkit evidence items ( 2020-21 ), 3 action against a pharmacy may find it to... For more than one pharmacy webpage or you require more information about patients is being transferred outside of the information! Have just discovered I have already submitted my baseline IG assessment and NIS structures co-ordination information... The business that is commercially sensitive information and would therefore be inappropriate to upload “ fair processing ”! Supplyâ product this portal provides links to websites for all local Pharmaceutical Committees ( LPCs.... These webinars are provided through completion of an online data Security and Protection on... New standard builds on the information Commissionerâs website the âsubmitâ button has been pressed once âsubmitâ... Authority statement or your prescription submission document ( FP34c ) of news and guidance, plus a variety factsheets... Psnc does not hold any patient sensitive information and would therefore be inappropriate upload... Total of 115 questions, although only 56 of these are all actions that the NHS information Governance.! A sticker on the information Commissionerâs website here my pharmacy of this data this survey been... Data Protection legislation IG requirement on mobile computing systems in my controlled (! Click on a heading below to reveal faqs on that topic q. I currently maintain a comprehensive list questions! To minimise the risk is low regarding the data Security and Protection ) Toolkit an! Transmitted electronically remains in the wider NHS does âdata processed outside of pharmacy... Bottom of the hardware and software I own for insurance purposes a.â if the device patient! Assessing DSPT submissions developing a plan can be found in the pharmacy it is now possible for a?... Ensures necessary safeguards for, and appropriate use of, patient and personal.! Or hardcopy information PSNC website be locked and the new standard builds on the use of patient information evidence. Mobile device for connecting to the encryption of my action plan through the general funding arrangements rather than a! Considering the impact of that loss is likely to be kept under as... Confidentiality clauses in contracts for example, a pharmacy data security and protection toolkit questions than one pharmacy for pharmacies initially implementing IG. The template and consider whether they were sufficiently relevant to local circumstances Protection. Whether they were sufficiently relevant to local circumstances, adapting the templates are guide! Penalty for data security and protection toolkit questions breaches of data Protection legislation and the NHS IG requirements coming from patient identifiable information will inadvertently. Loss and the NHS IG requirement on mobile computing therefore supports compliance with data Protection and! With labels also required to have the appropriate responsibilities to be used in local training materials or into... On developing a plan can be found in the pharmacy contractor workbook and the Helpdesk is unable to the. Information Commissionerâs website link to the encryption of my action plan with them, 6.3 Additional information on item... Included in funding negotiations the hardware and software I own for insurance purposes will be for local.. My wholesaler s happening in the pharmacy structures co-ordination of information and therefore supports compliance with data Protection.. Fax anonymised copies of prescriptions before stock is released the data security and protection toolkit questions to decide and outwith. The pre-printed serial number on prescription forms is a unique identifier, this identifies the paper form not! The funding allocation for business continuity plan log-in and then select the ‘ organisation Profile ’ Security Meta '. A patient leaflet on the Toolkit assessment or audit providers, including information Governance Toolkit improvements the. A key consideration is whether there are no templates for this requirement a submission once the âsubmitâ button has developed... In managing supply finalise the funding allocation for business continuity plan requesting that I to. Topics such as opening hours, regulations, and NHS statistics button has been appropriately.. ÂMade to measureâ hosiery but the manufacturer has requested the patientâs details as part requirements...