Going Above and Beyond
“It is your job as the organisation to take on the burden of being trustworthy.”
- Understanding Patient Data
Trust is not something that is (or necessarily should be) readily given to health tech suppliers. It needs to be earnt by constant and demonstrable trustworthiness. There are many ways that organisations can do this and today we’re going to talk about just one of them.
The DSP Toolkit
The Data Security and Protection Toolkit (or the ‘DSP Toolkit’) is an online self-assessment tool that allows organisations to measure their performance against the National Data Guardian’s 10 data security standards.
The standards were updated and submitting the DSP toolkit made mandatory for the whole of the NHS in the wake of the 2017 WannaCry ransomware attack on the NHS, which resulted in loss of data, operational damage and remedial work costing the NHS over £92m.
AccuRx’s Approach
At accuRx, we think it’s a great thing that every organisation handling patient data has to complete the toolkit once a year. We also think it’s great that you can easily find these organisations and see their ‘latest status’ on the NHS Digital website.
We think it’s less great that that’s all you can see. It’s one thing to search for accuRx and see that our status is ‘Standards Exceeded’ for the last two years but it’s quite another for you to be assured and convinced we are a trustworthy partner.
That’s why we wanted to go a step further and to actually show you how we have exceeded the requirements laid out in the toolkit. We made the decision to publish our answers for anyone to read.
You can see our transparent DSP Toolkit submission here.
Keeping patient data safe is at the heart of everything we do as a company. We live and breathe security and protection but we know that we can’t just say that and not offer our users or their patients any proof. We hope that by writing, in plain English, how we meet each of the NDG standards we have taken a step further to demonstrating that we are a trustworthy supplier.
Reflecting on the Process
Each time we have completed the Toolkit, we have also used it as a period of reflection as a company: to work out where things are good but could be better and to ensure that all our processes are as efficient and state-of-the-art as possible.
For example, as a company, we’ve grown pretty rapidly over the last 6 months, which means lots of new joiners. We took this period of reflection as a time to check in with every single member of staff to make sure that they had all the resources they needed to do their jobs effectively when it came to Information Governance. We’ve grown our IG Team, our internal knowledge centre has had a makeover, and we’ve run small group training sessions to make sure everyone is as confident as can be.
We know the work is never done when it comes to data protection and security but we hope that by giving you access to our actual answers, processes and assertions in the Toolkit, we have lived up to the key principles of our approach to privacy and security, by going above and beyond the standard requirements.
If you see anything you’d like to know more about, please feel free to get in touch with us via support@accurx.com
