Data and Cyber Security: A Firm Foundation for Integrating Health and Social Care Records

Keith Strahan is a registered social worker and a Council Member of the Faculty of Clinical Informatics, as well as being the Principal Clinical Lead on the NHS Digital Social Care Programme. Keith has kindly taken the time to discuss with us how the importance of data protection and cyber security provides a vital opportunity for collaboration within health and social care.

There are many benefits associated with the use of informatics and working securely online in health and the adult social care sector. Technology can enhance integration around the person and enable greater and faster information sharing. This allows us to improve the quality of care and support provided. This is so important because too often care providers, such as nursing homes, still receive information by fax, post or not at all.

As we use technology more, irrespective of our organisation, we must continue to do all we can to keep data safe and secure. It is essential to avoid or minimise any disruption to care and support.

Security breaches can occur in many ways, including when we use paper records, send information using fax machines and even verbally. However, the consequences of security breaches with digital information are potentially far more severe. This is because substantial amounts of information can be distributed more easily and to a far wider audience.

The Department of Health and Social Care recommends that all health organisations and adult social care providers in England complete the Data Security and Protection Toolkit (DSPT) as they will hold, process or share personal data.

This toolkit is an online self-assessment tool for data protection and cyber security which supports organisations in demonstrating compliance with the General Data Protection Regulation (GDPR), the Care Quality Commission’s Key Lines of Enquiry and the expected data security standards for health and social care.

Adult social care providers, including care homes and domiciliary care organisations, have been collaborating with NHS Digital to ensure the toolkit is suitable for the vast range of organisations (estimated 18,500 organisations, 39,000 establishments) and staff (estimated 1.49 million workers) that make up the sector. For many, completing the DSPT will be a new process.

Therefore an ‘Entry Level’ has been developed for the DSPT. ‘Entry Level’ compliance provides assurance that minimum regulatory requirements have been completed and allows access to NHSmail (as stated in the NHS Long Term Plan).

It is also a useful step on the way to achieve the DSPT ‘Standards Met Level’, where compliance indicates that all mandatory requirements have been met. It also shows that health and adult social care organisations are ready to participate in a wide range of secure, interoperable digital solutions. Over time, this really could have a positive impact on the care of individuals e.g. reducing medication errors in care homes and for whole system working. National, regional and local support for care providers to reach this level is therefore crucial. The involvement of care provider system suppliers will also be important.

Commissioned by the NHS Digital Social Care Programme, care providers have produced sector-specific guidance, available on the Digital Social Care website. These include ‘How to Guides’ for both the ‘Entry Level’ and ‘Standards Met Level’.

This website also contains updated sector specific guidance on cyber security which is the result of significant contributions from many agencies, including the National Cyber Security Centre. It provides advice on how to improve cyber security and has links to government approved trusted websites and training.

The National Cyber Security’s first ‘UK Cyber Security Survey’ showed that 42% of citizens expect to lose money to online fraud. Moreover, the key findings from the survey showed that only 15% of us know a great deal about how to protect ourselves from harmful activity. Analysis found that 23.2 million victim accounts worldwide used 123456 as a password!

The impact of a cyber breach or attack to organisations can also be significant and costly. The global ‘WannaCry’ attack in May 2017, which affected the NHS in the UK, reminds us all that it is worth taking necessary precautions.

According to the Department for Digital, Culture, Media and Sport’s Cyber Breaches Survey 2019, 32% of businesses and 22% of charities have identified breaches or attacks in the last 12 months. Among these organisations, the most common types of breaches or attacks are:

  • Phishing or scam emails (80% of businesses and 81% of charities who experience breaches or attacks)
  • Others impersonating an organisation in emails or online (28% and 20%)
  • Viruses, spyware or other malware, including ransomware (27% and 18%)

Data protection and cyber security therefore should be a high priority for us all. It can all seem quite daunting but there are many effective and relatively simple steps that can be taken to protect information and all those in health and social care organisations should make sure that these are acted on.

The benefits will be extensive and can help establish a safe and secure foundation for digital integration between health and adult social care now and in the future.