NHSmail and HSCN Lorraine Amor Care Homes Project NHSmail and HSCN Lorraine Amor

What is the Project Scope? Why? Progress- quick overview Objectives What is the Project Scope? Why? Progress- quick overview Data Protection Security Toolkit NHSmail encryption service

www.dsptoolkit.nhs.uk NHS mail HSCN Broadband connection The Project: NHS mail HSCN Broadband connection in order to attain either, need to complete the Data Security & Protection Toolkit (DSPT) www.dsptoolkit.nhs.uk

Why is completing the Toolkit beneficial? Provides a framework to ensure the confidentiality and security of personal information Helps with CQC fundamental standards – KLOEs 10 Data Security Standards (National Data Guardian) GDPR Focuses on any gaps or areas of improvement Access to NHS Services – NHSmail and HSCN CQC Essential Standard 21 includes the requirement to ensure that patients are protected against risk of unsafe or inappropriate care and treatment arising from lack of proper information about them, by means of maintenance of accurate patient records that include appropriate information and document in relation to their care and treatment. It also includes the requirement that patients can be confident that their personal records including medical records are accurate, fit for purpose, held securely and remain confidential.

Progress –A Quick Overview:- Activity # homes IGTK – Published at Level 1 23 IGTK – Published at Level 2 32 NHSmail activated 27 HSCN activated 1 HSCN in process 4

Registration Fulfilling Criteria Completing the DSPT Registration Fulfilling Criteria Based on People, Processes and Technology Mandatory assertions (required standards) Submission Publication (by 31 March 2019 or sooner)

Guidance and Resources At: https://www.careprovideralliance.org.uk/data-security-and-protection-toolkit.html ‘Tool tips’ guidance to accompany the assertions in the new toolkit An updated Guide for Registered Managers An updated Guide for Staff ‘Big Picture’ Guides (overall view of 10 Data Standards, including ‘How to’ Guide with model answers)

NHSmail encryption service The NHSmail service has an encryption feature that allows users to exchange information securely with users of non-accredited or non-secure email services e.g. nhs.uk (please note that *.secure.nhs.uk is considered secure), gmail, Hotmail. This means that organisations using NHSmail can send emails to those that don’t have NHSmail and these emails can be accessed and read securely. When sending emails outside of NHSmail, use [secure] at the start of the email subject. [Secure] is not case sensitive. The NHSmail service will assess whether encryption is required. If the domain the email is being sent to is accredited, the email will be sent securely and no further encryption is required. If the domain the email is being sent to is not accredited, and therefore insecure, the NHSmail service will programmatically enforce the use of the encryption tool to protect the email data. The recipient will need to log into the Trend Encryption Micro portal to unencrypt the email before it can be read. Guidance is available on how to use the NHSmail encryption service.

Q & A