Data Security and Protection Toolkit (DSPT)


It is essential to establish secure information sharing arrangements between Care Homes, GPs, other Healthcare Professionals and acute settings, which can only be done when all organisations are compliant with the Data Security and Protection Toolkit standards. We are striving for all Care Homes to be DSPT compliant so they can have access to NHSmail.

We aimed to increase overall compliance and support Care Homes from start to finish with completing their DSPT.

We aimed to increase the number of organisations completing Approaching Standards on the DSPT, which is needed for social care organisations that deliver services under the NHS Standard Contract or that want to apply for NHSmail accounts.


Of 557 provider locations within Norfolk and Waveney 83% meet the minimum standards for DSPT which is above the national average 79.87%

The team have developed communication channels to promote DSPT benefits to care providers, which has increased the engagement of providers who previously did not have support to reach digital maturity.

The team actively promote DSPT compliance in all regular communication and with individual care providers who are engaged in other workstreams.

We have established effective relationships with care providers which supports uptake as some still view the DSPT as ‘not essential’ and have commented “unless CQC make it mandatory, I haven’t got time”. DSPT compliance is promoted as a requirement to sign up for NHSmail and proxy access.  This includes encouraging the annual submission of DSPT to maintain compliance every year.

When there is a change of ownership and/or provider status we can support providers so continuity of care and secure communication will remain.

The team work collaboratively with Norfolk and Suffolk Care Support who have been commissioned by NHS Transformation to provide support for care providers in Norfolk and Waveney to complete DSPT.  Details of the support available can be found here Training on data protection and… | Norfolk & Suffolk Care Support (

For local DSPT information, advice and guidance email


DSPT demonstrates what Care Providers need to do to keep people’s information safe, and to protect their business from the risk of a data breach or a cyber-attack. It covers both paper and digital records and reassures everyone in the social care environment that data security is being taken seriously.

DSPT compliance for Care Providers supports the requirement to sign up for NHS mail, proxy access for ordering medication online and all other digital initiatives. This includes encouraging the annual submission of DSPT to maintain compliance every year.

For services with funded packages of care by the NHS, for example under continuing healthcare, there is a legal requirement to complete the DSPT every year.


“I know this is a scary task to complete, but the policy guidance provided to the wider team was beneficial so we could ensure staff were compliant with GDPR and IG. The most important thing for managers to remember is that the DSPT is a working document.” – Managing Director, Care Provider

“The DSPT was really easy once you get the guidance. We received help to upload and sort a lot of our documents. If I hadn’t had the DSPT support, I don’t think I would’ve completed it in time. It opened mine and my staff’s eyes more about data protection. There’s a lot more positivity around it now.” Care Home Deputy Manager

“I was given one to one support to enable me to complete the DSPT toolkit. I was treated with compassion and patience as I am not very techy.” Residential Care Home Manager.