NHS Information Governance Consultancy
NHS Information Governance consultancy and Data Security and Protection Toolkit compliance services flexibly designed by our UK leading NHS Information Governance consultants to enable you to ensure that the right people can access, the right data, at the right time. Providing you with all of the advice and support you need to process NHS patient data and systems in compliance with the Data Security and Protection Toolkit (DSP Toolkit), National Data Guardian’s 10 Data Security Standards, the UK Data Protection Act 2018 and the General Data Protection Regulation. Empowering better care, digital innovations and data sharing initiatives by embedding Information Governance, Data Protection and Privacy best practices into your organisations processes and systems by design and by default. In addition to our Information Governance Consultancy and DSP Toolkit compliance services, we offer a comprehensive range of NHS Information Governance training,Cyber Security Vulnerability Scanning,GDPR Consultancy,and DPO Services.
DATA SECURITY AND PROTECTION TOOLKIT
Our DSP Toolkit compliance services are designed to provide you all of the advice and support you need to comply fully with the DSP Toolkit. Enabling you to utilise patient data for safer and better care, outcome measurement, quality improvement, research and much more. We provide DSP Toolkit and NHS Information Governance consultancy services to world renowned health & social care organisations (commissioner and provider), technology firms, academic institutions,charities. From large organisations like the Department of Health, NHS England and UCL, to small hospices, GP practices and Med Tech startups, we have over 10 years of experience of working across the entire health and socialcare spectrum.
- Simplify compliance processes (including the DSP Toolkit)
- Access & process patient data in a compliant manner
- Identify mitigate data protection and cyber security risks
- Align people, processes & technologies with your business strategy
- Engage patient’s & key-stakeholders (including the Information Commissioners Office)
- Overcome data sharing and Information Governance challenges
- Implement data protection privacy by design and by default
ENABLING THE RIGHT PEOPLE, TO ACCESS TO THE RIGHT INFORMATION, AT THE RIGHT TIME
Our extensive experience of unravelling complex Information Governance challenges faced by organisations has taught us that the underlying issues are often as much cultural, as they are legal and technical.
Our NHS Information Governance Consultancy and DSP Toolkit services are designed to bring clarity to the picture. We share the lessons, we have learned (and continue to learn) from having helped organisations UK and International organisations across the entire Health & Social Care spectrum. Our NHS Information Governance Consultants listen carefully to what your needs are and work closely with you to identify and embed the right controls for your organisation. However small or complex the challenge you face, our Information Governance Consultants are here for you.
IG SMART SOLVE’S BOTH BASIC
- IG Training & Awareness
- Data Protection & Security Toolkit Compliance
- N3 Connection
AND, COMPLEX NHS INFORMATION
GOVERNANCE CHALLENGES:
- Sharing data for integrated care-delivery
- Obtaining consent for secondary uses
- Measuring the privacy impact of new care models
- Integrating & Interoperating clinical IT systems
- Implementing Cloud & IoT in a compliant manner
- Ensuring compliant contract’s for suppliers & joint venture’s
- Mitigating privacy, quality & cybersecurity risks
- Processing data off-shore (including US Privacy Shield)
- Preparing for the new EU general data protection regulation
NHS INFORMATION GOVERNANCE CONSULTANCY THAT PUTS YOU AND YOUR PATIENTS FIRST
We have developed a strong international reputation for providing clear and concise information governance advice, and implementing proportionate and pragmatic information governance solutions that enable world leading care solutions providers to deliver better care by having access to accurate, complete and meaningful information at the point of care.
We have yet to find an information governance challenge that our leading information governance consultants have not been able to help organisations to overcome.
IG SMART IS TRUSTED BY
Client Testimonials
“IG Smart provide a fantastic external Data Protection Officer service. Knowledgeable and responsive IG help us to navigate an otherwise tricky area of compliance and ensure we appropriately address and overcome all of our privacy concerns. We are in safe...
Oliver Bourne
Vice President, Legal and Compliance - EU and LATAM Glenmark Global Pharmaceuticals
View Case Study
IG Smart have provided us with quality subject matter experts surrounding GDPR and Privacy risk based analysis and remediation; supplying qualified senior information security and experienced DPO and specialists.
Dan West
Global CIO Aimia ILS
View Case Study
We feel we have found our ‘IG Partner’ in IG Smart. It is a pleasure to work with Michael and the team and we have received an outstanding service. The support we have received has allowed us to learn and...
Louise Hankinson
Director – Quality and Standards Addvanced Solutions
View Case Study
We first came across, and were impressed with, IG Smart’s work with one of our partner organisations. This gave us the confidence to choose IG Smart to perform an internal audit and assess our readiness for the DSP Toolkit. IG...
Trevor Peacock
Head of Information Governance & Security University College London
View Case Study
Michael and his team at IG-Smart have done a fantastic job for us – we couldn’t have asked for more. We’re a fresh companyworking in a new space; IG-Smart took the time to truly understand our business before providing concise,...
Stephan Scanlan
Managing Director Jigsaw Technology Ltd
View Case Study
I chose IG Smart after having looked for a goodGDPR consultancy firmfor quitea decent amount of time, and I am very pleased with my decision.IG Smart has delivered the gap analysis we were aiming to have done withoutstanding quality. The...
Felix Pelegrino
Head of IT and Data Protection Manager Paul UK
View Case Study
IG Smart quickly enabled Aimia to reach GDPR readiness and implementation of the “privacy by design” framework in a highly efficient and time effective manner.
Richard Peake
COO & President AIMIA Loyalty Solutions - Asia Pacific
View Case Study
From limited knowledge of the expectations of GDPR the Certified Data Protection Officer course delivered by IG Smart took me with ease to a greater level of understanding and confidence.
Michael Feighan
Departmental Security Officer The Crown Office and Procurator Fiscal Service
View Case Study
It is my pleasure to recommend the consultancy and resourcing services of IG Smart Ltd. The company offers top-notch quality service and across the board we have been pleased with their work. One project in particular illustrates their attention to...
Marion Wilson
General Manager The Centre for Reproductive & Genetic Health
View Case Study
I would highly recommend IG Smart’s GDPR training courses. The ability to take a subject matter that albeit important, can often be dry, and bring this to life in a way that is easy to learn from is absolutely unique...
Steve Richards
Product Development & Compliance Manager DaXtra
View Case Study
We found the experience of working with IG Smart very reassuring. From the get go we were confident you could support the work we do in the University, and improve our information governance processes when faced with new challenges. You...
Lorraine Shaw
Liverpool John Moores University
View Case Study
Completing the Information Governance Toolkit for the first time is a daunting task. IG Smart worked alongside us to audit our practice, prepare our evidence, identify gaps and build an action plan to enable us to become level 2 compliant,...
David Pratt
Director of Strategy & Business Development The Myton Hospices
View Case Study
I’m happy to announce that the exam is passed and I am evaluated and found worthy the title CDPO (Certified Data Protection Officer) for the next three years. I would like to thank Michael Abtar - CEO IG Smart for...
Tor-Ståle Hansen
Country Lead Privacy at Capgemini
View Case Study
Get In Touch...
- Submit An Enquiry
- REQUEST PROPOSAL
- Request a Callback
Submit An Enquiry
REQUEST PROPOSAL
Request a Callback
FAQs
Do I need to complete the DSP Toolkit? ›
A: All organisations who process health and/or care data should complete the DSPT.
What is the information governance DSP toolkit? ›The Data Security and Protection (DSP) Toolkit is an online tool that enables relevant organisations to measure their performance against the data security and information governance requirements mandated by the Department of Health and Social Care, notably the 10 data security standards set by the National Data ...
Is DSPT mandatory? ›It is the duty of all health and care organisations that process personal data to report any data breaches to the Information Commissioner's Office (ICO) via the DSPT within 72 of discovering an incident.
How often do you need to submit the Data Security and protection toolkit? ›Health and care organisations that have access to NHS Patient Data and Systems should complete and publish a DSPT self-assessment every year against the standard to provide assurance that they are practising good data security and they are handling personal information correctly, including maintaining the security of ...
Who requires that we complete the Data Security and protection toolkit assessment? ›As part of the digital offer, The Data Security and Protection Toolkit (DSPT) should be completed by all CQC registered Care providers every year.
What are the levels of DSP toolkit? ›Standard 1 - Personal Confidential Data. Standard 2 - Staff Responsibilities. Standard 3 – Training. Standard 4 - Managing Data Access.
What is the NHS digital Toolkit? ›The Data Security and Protection Toolkit is an online self-assessment tool that all organisations must use if they have access to NHS patient data and systems.
What standards must practices meet for DSP? ›NHS Digital defines these standards as: People - Ensure staff are equipped to handle information respectfully and safely, according to the Caldicott Principles. All staff ensure that personal confidential data is handled, stored and transmitted securely, whether in electronic or paper form.
What is the purpose of a data governance tool? ›Data governance is the collection of processes, policies, roles, metrics, and standards that ensures an effective and efficient use of information. This also helps establish data management processes that keep your data secured, private, accurate, and usable throughout the data life cycle.
Who is required to comply with national data opt out policy? ›All organisations providing or coordinating publicly-funded health or adult social care in England will need to comply with the opt-out, even if the organisation's headquarters are outside England. This includes private, voluntary sector and independent organisations and adult social care.
What are the 3 leadership obligations? ›
The process of becoming a leader never stops. It's ongoing — and it hinges on three fundamental obligations: listening, communicating, and acting as your most authentic self.
What does DSPT stand for? ›Data Security and Protection Toolkit (DSPT)
What is the DSP toolkit incident reporting tool? ›The Data Security and Protection Toolkit includes a tool for reporting data security incidents to the Information Commissioner's Office, the Department of Health and Social Care and NHS England. Organisations must notify a breach of personal data within 72 hours.
What are the components of Data Security NHS? ›Data Security can be broken down into three areas: Confidentiality, Integrity & Availability.
What is the DSPT in health and social care? ›The DSPT is a free, online self-assessment of health and social care providers' data security and protection policies, procedures and processes.
Who is responsible for monitoring data protection? ›The primary role of the data protection officer (DPO) is to ensure that her organisation processes the personal data of its staff, customers, providers or any other individuals (also referred to as data subjects) in compliance with the applicable data protection rules.
Who is responsible for data protection and information security? ›A company's CISO is the leader and face of data security in an organization. The person in this role is responsible for creating the policies and strategies to secure data from threats and vulnerabilities, as well as devising the response plan if the worst happens.
What is DSP data security? ›In simple terms, a Data Security Platform (DSP) is a type of data security solution that aims to combine a suite of traditionally siloed security tools. Most Data Security Platforms will combine functionality designed to locate and protect data on-premises and in the cloud.
What is DSP skills? ›The most important skill needed in order to be a DSP is a strong sense of empathy. Since DSPs must put the wants and needs of the people they support first, they must be able to connect to and relate to people of all abilities. Other important skills for DSPs include: Excellent interpersonal skills.
What is DSP for radio? ›Short for "digital signal processing", a DSP system manipulates audio signals to achieve a certain goal. Some DSP systems can work with video and other data as well.
What is the purpose of digital toolkit? ›
The Going Digital Toolkit helps countries assess their state of digital development and formulate policies in response. Data exploration and visualisation are key features of the Toolkit.
What is the new name for NHS Digital? ›The merger of NHS Digital and NHS England comes ahead of the incorporation of the body responsible for the education and training of the health workforce – Health Education England – into the new NHS England on 1 April 2023.
Is the NHS a data controller? ›NHS Digital is the Controller for most of our processing of personal data and is registered as required by Data Protection legislation.
What are the three leadership obligations of DSP? ›These requirements are across the three leadership obligations under which the data security standards are grouped: people, process and technology.
How many Data Security standards are there NHS? ›All health and care organisations are expected to implement the 10 National Data Guardian (NDG) standards for data security. These standards are designed to protect sensitive data, and also protect critical services which may be affected by a disruption to critical IT systems (such as in the event of a cyber attack).
What are the three key activities for information security as per the standard of good practice for information security? ›When we discuss data and information, we must consider the CIA triad. The CIA triad refers to an information security model made up of the three main components: confidentiality, integrity and availability.
What are the 4 pillars of data governance? ›- Identify distinct use cases. ...
- Quantify value. ...
- Improve data capabilities. ...
- Develop a scalable delivery model.
- A statement of purpose, more commonly, a mission statement.
- Data governance objectives that you can measure.
- Metrics that you will use to assess the goals.
- Clearly defined roles and responsibilities for various components of data governance.
For example, one of a healthcare organization's business drivers may be to ensure the privacy of patient-related data assets, requiring that sensitive data be securely managed as it flows through the business to ensure compliance with relevant government and industry regulations.
Can I ask the NHS to delete my data? ›Patients can view or change their national data opt-out choice at any time by using the online service at www.nhs.uk/your-nhs-data-matters or by clicking on "Your Health" in the NHS App, and selecting "Choose if data from your health records is shared for research and planning".
Do you have to opt-in for GDPR? ›
Opt-In under GDPR
In short, the GDPR requires consent to be opt-in. GDPR defines consent as “freely given, specific, informed and unambiguous” given by a “clear affirmative action.” It is not acceptable to assign consent through the data subject's silence or by supplying “pre-ticked boxes.”
Anyone who has an NHS number and has registered for care or treatment with the NHS in England can set an opt out if they wish to, even if they don't currently live in England.
What are the 3 C's of management? ›The next time you are leading your team, focus on your mindset and decide to be a three-C leader: competent, committed and with strong character. When we do that, our employees win, and when they win, we all win. Forbes Human Resources Council is an invitation-only organization for HR executives across all industries.
What makes a good NHS manager? ›'Too often we look for our own traits in other people'
Many agree that the other qualities needed to be a good and effective leader in today's health service include being able to set an example to others, decision-making, taking responsibility, a sense of humour, compassion and empathy.
It describes nine dimensions: leading with care, sharing the vision, influencing for results, engaging the team, evaluating information, inspiring shared purpose, connecting our service, developing capability, holding to account.
What is CTR code and toolkit? ›Care and Treatment Review Code and Toolkit
The main purpose of the CTR Code and Toolkit is to provide a solid framework for CTRs in order for them to be delivered to a consistently high standard across England, and to provide commissioners with the tools they need to carry out CTRs.
What are incident response tools and why are they important? Incident response is the process of detecting security events, taking the necessary steps for incident analysis and responding to what happened. This process is a critical aspect of information security but is lacking in many organizations.
What is the IG toolkit? ›The Information Governance (IG) Toolkit enables NHS suppliers and partners to assess themselves against the Department of Health's Information Governance policies and standards.
What is the DSP toolkit process? ›A: The Data Security and Protection Toolkit (DSPT) is an online self-assessment tool that allows organisations that process health and care data to measure their performance against the National Data Guardian's 10 data security standards.
What are the five 5 components of information security? ›The U.S. Department of Defense has promulgated the Five Pillars of Information Assurance model that includes the protection of confidentiality, integrity, availability, authenticity, and non-repudiation of user data.
What are the 4 pillars of network security? ›
Protecting the Four Pillars: Physical, Data, Process, and Architecture.
What is the DSP toolkit for care homes? ›The Data Security and Protection Toolkit (DSPT) is a really helpful annual self-assessment for health and care organisations. As a care provider, it shows you what you need to do to keep people's information safe, and to protect your business from the risk of a data breach or a cyber attack.
How long do you have to respond to a high severity alert? ›Your organisation should respond to high severity cyber alerts within 48 hours. In responding to the alert include being cognisant of what the alert is asking you to do, knowing if the alert is applicable to your infrastructure and going some way in mitigating the issue.
What is one of the software tools used to detect incidents and attacks? ›The OODA loop can help organizations throughout the incident response process, giving insight into which tools are needed to detect and respond to security events.
What is the datix reporting system NHS? ›Datix is a Risk Management Information System to collect and manage data on adverse events (as well as data on complaints, claims and risk). The purpose of collecting such data is to identify learning and implement improvement.
What is the abbreviation of Hscic? ›Health and Social Care Information Centre HSCIC National provider of information, data and IT systems for health and social care.
What are the severity levels for alerts? ›LogicMonitor categorizes alerts into one of three alert severity levels: critical, error, or warning.
What is the error burn rate? ›Burn rate of error budget
The burn rate tells you how fast you are consuming your error budget. A burn rate of greater than 1 indicates that if the currently measured error rate is sustained over any future compliance period, the service will be out of SLO for that period.
High Priority Alerts. Anything that wakes up a human in the middle of the night should be immediately human actionable. If it is none of those things, then we need to adjust the alert to not page at those times.