National Data Guardian panel focuses on DSPT, cyber assessment framework and national data opt-out reform - htn

3 days ago

The group of experts responsible for safeguarding national data recently got together to talk about improvements to the data security and protection toolkit (DSPT), cyber assessment framework, and changes to the national data opt-out system.

The National - Figure 1 — Photo Health Tech Newspaper

The blog talked about how the NHS England and Department of Health and Social Care are planning to introduce a new cyber assessment framework in the DSPT. This framework is meant to improve upon the national data guardian's data security standards. The panel also mentioned a suggestion to gradually phase out these standards and replace them with the new framework, which they believe will be just as strict, if not stricter, than the current DSPT standards.

The group talked about how shifting to a results-focused approach could help with making decisions, moving away from simply checking off boxes to meet requirements, and ultimately aiding in the identification and reduction of risks. They pointed out that when reviewing the 10 NDG security standards, it was discovered that data breaches were often the result of problems with people, procedures, and technology, highlighting the importance of strong leadership in addressing these challenges.

The group emphasized the importance of communicating with stakeholders for the cyber assessment framework. They suggested that the national data guardian should release a public statement with NHSE and DHSC colleagues to clarify why they support adopting the information standard that aligns with the new framework. They also stressed the need to make it known that this change is an improvement on current standards, not a replacement of the NDG standard.

The conversation then turned to discussing plans to update the national data opt-out (NDOO), with the DHSC data policy team stating that a large public engagement effort is scheduled for later this year to involve the public in this matter. NHSE and DHSC will form a group to provide guidance on this. Concerns were raised that the purpose of the public engagement (as currently outlined) "may not be clear or well-defined enough to encourage actionable feedback from participants" and it was proposed that the focus should be narrowed or clearer options for opt-out reform should be presented for discussion. The data policy team agreed to consider these suggestions and assured that there will be more opportunities for engagement as the work progresses, with this discussion serving as an initial chance for input before the design phase begins.

Another important point talked about in the meeting was the data project about reasonable expectations. The project manager from the National Data Guardian's Office mentioned that the co-design phase is taking longer than expected, but this extra time is necessary to make sure the materials are accurate before moving on to the next phase. Communication materials are being created and will be shared with the rest of the team for feedback.

You can read the complete summary of the meeting minutes here.

In September of last year, we posted a message urging health and social care workers to share patient care information. This message came from NHSE and was supported by national data guardian Dr. Nicola Byrne, information commissioner John Edwards, and England's chief medical officer Professor Chris Witty.