July 9th 2024
The collaboration between Oxfordshire Association of Care Providers (OACP) and Buckinghamshire Council represents a significant step forward in improving data and cyber security infrastructure within care services. This partnership is part of the Better Security, Better Care programme, which aims to strengthen the protection of sensitive information in the care sector.
Background
OACP are a Local Support Organisation under the Better Security, Better Care programme, offering free support and advice to care providers on data and cyber security issues. Their expertise has become increasingly vital as data breaches and cyber threats continue to evolve and target vulnerable sectors, including health and social care.
The challenge
Last summer, Buckinghamshire Council were aware of some data and cyber security issues relating to commissioned providers, which impacted service delivery within Buckinghamshire. The breaches not only posed a risk to sensitive personal information but also threatened the trust and safety of service users.
The response
Whilst the incidents were all managed separately, Buckinghamshire Council went one step further and collaborated closely with OACP to identify what learnings could be taken from the security failures to better support other local providers. This partnership focused on a thorough analysis of the incidents to identify learning points and the development of further actions to support improved data and cyber security protection measures.
The process
- Incident Analysis: The Integrated Commissioning Service at Buckinghamshire Council used a reflective learning process to examine the circumstances and response to each incident. The aim was to identify any learning that could be shared with providers, or which would help strengthen the service’s approach to managing cyber security incidents. This work provided a catalyst for closer partnership working between the Council and OACP to support providers to effectively manage data and cyber security.
- Using the DSPT: OACP delivered two detailed sessions to Local Authority Commissioners informing them about the Data Security & Protection Toolkit (DSPT) and how this can support providers. The aim was to ensure commissioners could use the DSPT as the basis for conversations with providers about data and cyber security, and where relevant signpost providers to OACP for support. OACP now provides the Council with regular DSPT compliance data for regulated care providers in Buckinghamshire. As a result, the service has started to have targeted conversations with commissioned providers who are not registered for the DSPT or who have not published. The service is also making sure that as contracts for care and support are updated, DSPT compliance is included as a requirement.
- Business Continuity Planning: Buckinghamshire Council and OACP jointly developed a Business Continuity Plan Audit Tool which the Council has used to audit provider plans. This built on learning from the reflective work, which suggested some providers impacted by the cyber incidents did not have thorough business continuity plans that included cyber security. This meant that when incidents happened, they were unable to refer to their continuity plan. The audit tool, which is now hosted on the Digital Care Hub website, provides both care services and commissioners with a checklist to see how assured they should feel about the plan in place.
- Continuous Improvement: Recognising that cyber threats are constantly evolving, OACP and Buckinghamshire Council committed to ongoing collaboration and partnership working to improve data and cyber infrastructure across their local area. The learning from this work has been shared with local providers, and both the Council and OACP are committed to continuing to work together, in dialogue with providers, to consider new opportunities for training and support.
Speaking on including the DSPT in contracts with care providers, Matilda Moss, Head of Integrated Commissioning at Buckinghamshire Council, said:
“Our partnership with the Oxfordshire Association of Care Providers (OACP) has been invaluable in supporting us to enhance the data and cyber security measures of commissioned providers. Through their support, we have been able to use the DSPT to help providers improve their data and cyber security processes.”
Outcomes
The proactive steps taken by OACP and Buckinghamshire Council are helping to bolster the cyber security infrastructure across care services in the county. Care providers are signposted to the free support available to them from Better Security, Better Care, enabling them to take steps to protect sensitive information more effectively. The ongoing collaboration will support a culture of continuous improvement and vigilance in data protection.
The partnership between OACP and Buckinghamshire Council serves as a model for how local organisations and partners can work together to enhance data and cyber security in the care sector. By focusing on education, support, and the implementation of robust security measures, they have created a safer environment for both care providers and service users.
Further information
- Watch a webinar recording where Buckinghamshire Council speak about the challenges and lessons learnt.
- Find and get in touch with the Local Support Organisation in your area.
- See free guidance and resources for Commissioners of care.