STAGING

Don’t forget human input in data and cyber security

Don’t forget human input in data and cyber security

September 10th 2021

Resolve Care is a small, residential service for men with learning disabilities or autism in the North East. Graeme Stark, Service Development Lead, explains why they are using the Data Security and Protection Toolkit and what they are learning.

We have always known how essential it is to keep information secure. Although we are small, we have a tailor-made IT system in place. So we are confident that our core IT system is safe – but we want to continually test all our systems and practices to ensure they are good enough. That’s where the Data Security and Protection Toolkit (DSPT) comes in.

The DSPT supports ongoing learning

The Toolkit is really helping us to work through what we have in place and what we do, in a structured, comprehensive way. And it’s ongoing. We pride ourselves in being a learning organisation – and the toolkit works really well for us.

For example, we’re discovering that embedding best practice amongst the staff is just as important as having technologically secure systems in place. Simple human actions can either undermine or support the most sophisticated of systems. It’s basic things like making all staff aware of their responsibilities such as closing down their laptops, or locking an office door if they have paper or digital records open; thinking about how and where you store passwords. It’s often more about human input, not tech, and it’s great that the DSPT recognises that.

We are already changing what we are doing as a result of carrying out a self-assessment of our data protection arrangements using the DSPT. So, for example, we are updating our induction booklet and our employment contracts to include more on confidentiality and data protection. We’ve ran awareness-raising sessions for our staff, and we are supporting them to access training – including refreshing their existing knowledge on issues that change so quickly, like cyber security.

Keeping data safe is an ongoing, daily activity

We know that one-off training sessions aren’t enough. Keeping data safe – whether that’s paper or digital information – is an ongoing, daily activity for our staff. So we are going to make it a standard part of staff’s supervision sessions. We’re adapting the staff audit questions in the toolkit for use in routine supervision.

Our staff are also starting to recognise the benefits of the toolkit and the relationship to their work.

Julie Bainbridge, a housekeeper at one of our services, recently fed back:

“I have completed a Level 2 qualification in Data Protection & Security, this relates directly to the DSPT and how I need to manage access to data in my everyday work.”

And Elizabeth MacIntyre, who is our Hotel Services Manager/Tutor – told us:

“The DSPT is not a theoretical model, the principles of the DSPT need to be applied daily to ensure data is secure, here at Resolve we manage that carefully.”

NHSmail is an extra benefit

And of course being able to get access to secure email using NHSmail is an extra benefit. We could not have done that without reaching at least Approaching Standards on the toolkit.

Now that we are at Approaching Standards we’re reassured that we are meeting regulatory requirements. But we want to go further. Having attended a recent Better Security, Better Care webinar on how to reach Standards Met, I’m really confident that we can step up pretty easily to the next level.

Don’t treat it as a tick-box exercise

So my advice to any care provider – whatever their size – is to get on board with the DSPT. But don’t treat it as a tick-box exercise. Make it meaningful and consider not just your technical solutions, but the human input as well.

And don’t be put off by the number of questions on the toolkit. It’s a comprehensive self-assessment – so you would expect it to be detailed. But you can work through it over time, save your responses and go back to it. The freely available guidance on Digital Social Care is really clear, and of course there is direct support available from the Better Security, Better Care local support partners.

We’ve learned so much from using the toolkit already, and we will keep using it on a regular basis to continually improve our practice.

About Resolve Care

Based in the North East of England, Resolve Care is a privately-owned service providing specialised residential person-centred care for adult men with learning disabilities and autism. They run two residential services for 15 residents and employ 30 staff. Both services are rated as outstanding with the Care Quality Commission. https://resolvecare.com/

About the Data Security and Protection Toolkit and the Better Security, Better Care Programme

The Data Security and Protection Toolkit (DSPT) is an annual self-assessment for health and care organisations. It shows care providers what you need to do to keep people’s information safe, and to protect your business from the risk of a data breach or a cyber attack.

Better Security, Better Care is a freely available national and local support programme to help care providers to improve their data and cyber security by completing the DSPT.

Photo by Nick Morrison on Unsplash

 

View all success stories