Name: Data Security and Protection Toolkit
Creator: NHS England

The Data Security and Protection (DSP) Toolkit is an online tool that enables relevant organisations to measure their performance against the data security and information governance requirements mandated by the Department of Health and Social Care.

This information standard is published under section 250 of the Health and Social Care Act 2012

This collection is published under the NHS Standard Contract.

data-security-and-protection-toolkit

NHS England

Data Security and Protection Toolkit

## Data Coordination Board

Acting under delegated authority from the Secretary of State for Health, the Data Coordination Board has approved a change to an existing information standard for publication under section 250 of the Health and Social Care Act 2012.

>You must comply with this change by the full conformance date specified below.

## Standard details

DCB unique identifier: DCB1605 Amd 27/2017

Name: Accessible Information, version 1.1

Approval date: 3 August 2017

Publication date: 10 August 2017

## Standard definition

This information standard aims to make sure that people who have a disability, impairment or sensory loss get appropriate information and communication support from NHS and adult social care services.

 It requires all applicable organisations to identify, record, flag, share and meet the information and communication support needs of patients, service users, carers and parents with a disability, impairment or sensory loss.

Successful implementation will lead to improved outcomes and experiences, and the provision of safer and more personalised care and services to those individuals who come within the scope of the standard.

## About this change

The standard has been updated following a post implementation review undertaken in early 2017. Changes to the standard include:
* Updates to the meaning of certain terms used, including changes to the definitions for ‘parent’ and ‘highly visible’. 
* Amendments relating to mental health service users and the Mental Capacity Act 2005, to improve clarity, especially regarding support for people who may lack capacity.
* Inclusion of advice regarding support for individuals with a learning difficulty.
* Updates to reflect the current position regarding the inclusion and transfer of data recorded using existing systems.

The revised Implementation Guidance reflects these updates and also includes additional guidance on sharing of information (including consent), use of email / text message to communicate with patients / service users, parental responsibility, and to address some other specific queries that have been raised about interpretation. There are no substantive amendments to the Requirements of the Standard and no substantive changes to the overall scope.

Scope (Health and Health Services: NHS Services, Adult Social Care

Applies to: This standard applies to – and therefore must be implemented and adhered to by – ALL providers of publicly-funded NHS, public health and adult social care services.

Effective implementation will require such organisations to make changes to policy, procedure, human behaviour and, where applicable, electronic systems

Impacts Upon: Commissioners must ensure that their commissioning and procurement arrangements with providers of health and / or adult social care reflect, enable and support implementation and compliance with this standard. They must also seek assurance from providers of their compliance with this standard.

Implementation of this standard impacts all suppliers providing systems to the above providers; suppliers should work with their customers to determine appropriate use

Legal authority This information standard is published under section 250 of the Health and Social Care Act 2012.

It supports compliance with obligations under the Equality Act 2010.

Link to further documentation: The Requirements Specification, Implementation Guidance and the Change Specification are available on the NHS Digital website:

 www.content.digital.nhs.uk/isce/publication/accessibleinformation

Further information is available on the NHS England website at http://www.england.nhs.uk/accessibleinfo

## Contacts

Sponsor: Rob Dickman, Senior Policy Manager, Department of Health

SRO: Olivia Butterworth, Head of Public Participation, NHS England

Business Lead: Sarah Marsay, Public Engagement Manager, NHS England

Help Desk: england.patientsincontrol@nhs.net

## Dates

Implementation and conformance dates: Conformance with this Standard was due by 31 July 2016. This Notice does not change that date. ==Organisations== which have not yet implemented the Standard should start to do so with immediate effect. Those organisations that are compliant should note the contents of the change documentation issued.

Post Implementation Review date: 31 July 2019

The Information Standards Notice declaring the publication of the Accessible Information standard, that defines a set of information that can potentially be shared between systems in different sites and settings, among professionals and people using services.

accessible-information-isn

Accessible Information - ISN

Accessible Information - Information Standards Notice - Change

Discover recognised published standards that help data work together for users in health and adult social care within England.

published-standards

Published standards

* [Home](https://standards.nhs.uk/)

## Browse by care setting

* [Hospitals](/search-results?care_setting=Hospital)
* [GP and primary care](/search-results?care_setting=GP+%2F+Primary+care)
* [Social care](/search-results?care_setting=Social+care)
* [Browse all care settings](/search-results)

##  Browse by topic

* [Appointments](/search-results?topic=Appointment+%2F+scheduling)
* [Access to records](/search-results?topic=Access+to+records)
* [Vaccination](/search-results?topic=Vaccination)
* [Browse all topics](/search-results)

## Browse by type

* [Technical standards and specifications](/search-results?standard_category=Technical+standards+and+specifications)
* [Record standards](/search-results?standard_category=Record+standards)
* [Data definitions and terminologies](/search-results?standard_category=Data+definitions+and+terminologies)
* [Browse all standard types](/search-results)
* [Current standards](/search-results)
* [Browse future standards](/future-standards)
* [Browse about standards](/about-standards)
    * [What is interoperability](/about-standards#what-is-interoperability)
    * [What we mean by standards](/about-standards#what-we-mean-by-standards)
    * [Benefits to patients and staff](/about-standards#benefits-to-patients-and-staff)
    * [Report a gap in standards](/about-standards#report-a-gap-in-standards)
* [Help and resources](/help-and-resources)
    * [Standards Directory mailbox](/help-and-resources#data-standards-directory-mailbox)
    * [Standard development bodies](/help-and-resources#standard-development-bodies)
    * [Discussion forums](/help-and-resources#discussion-forums)
    * [Technology regulations](/help-and-resources#technology-regulations)
    * [Platforms for buying and selling IT](/help-and-resources#platforms-for-buying-and-selling-it)
    * [Design kits and case studies](/help-and-resources#design-kits-and-case-studies)
* [Accessibility statement](/accessibility-statement)
* [Cookies](/cookie-policy)
* [Privacy](/privacy-policy)
* [About this service](/about-this-service)
    * [What this service does](/about-this-service#what-this-service-does)
    * [Who this service is for](/about-this-service#who-this-service-is-for)
    * [What standards are included](/about-this-service#what-standards-are-covered)
    * [Who manages this service](/about-this-service#how-this-service-works)
* [Feedback](https://metadata.atlassian.net/servicedesk/customer/portal/20) 

A sitemap for the NHS Standards Directory

site-map

Site map

This accessibility statement applies to the NHS Standards Directory. 

We want as many people as possible to be able to use this website. For example, this means you should be able to:
* change colours, contrast levels and fonts
* zoom in up to 300% without the text spilling off the screen
* navigate most of the website using just a keyboard
* listen to most of the website using a screen reader
* we have also made the website text as simple as possible to understand

[AbilityNet](https://mcmw.abilitynet.org.uk/) has advice on making your device easier to use if you have a disability.

## How accessible this website is
We know from several accessibility reports that parts of this website are not fully accessible.

### Usability issues
We have identified some issues that, although do not fail to meet Web Content Accessibility Guidelines (WCAG) 2.1, may prove challenging for users of the website. These include:
* some heading levels in the homepage increase by more than one level at a time
* some additional features within the filter section of the Current standards page may be beneficial for some blind users, such as the option to reset the filter options
* the details component used in standard listing pages is problematic for VoiceOver users
* the feedback link below the main menu does not include the destination as part of the hypertext
* when Window’s default colour inversion is used the search input is difficult to decipher for users with low vision
* nested lists in some of our content pages can make reading slow and difficult to some screen readers
* links to websites or software that we do not own or manage and so cannot guarantee their accessibility

We are actively working to address these issues as part of an ongoing programme to improve the accessibility of this website.

### Other websites that the directory signposts to
Many of the links to standard documentation that we signpost use PDFs which are not fully accessible to screen reader software. Some of these PDFs are required to access the specification or implementation guidance for the standards.

If you're having problems using these PDFs, contact the standard owner for advice.

## Feedback and contact information
We are always looking to improve the accessibility of this website. Contact england.interop.standards@nhs.net if you have an accessibility query including:
* issues with accessing information or using this website
* an accessibility problem not listed on this statement
* any positive feedback about this website's accessibility

## Enforcement procedure
If you contact us with a complaint and you are not happy with our response, [contact the Equality Advisory and Support Service (EASS)](https://www.equalityadvisoryservice.com/).
The Equality and Human Rights Commission (EHRC) is responsible for enforcing the [Public Sector Bodies (Websites and Mobile Applications) (No. 2) Accessibility Regulations 2018 on legislation.gov.uk](https://www.legislation.gov.uk/uksi/2018/952/contents/made) (the "accessibility regulations").

## Technical information about this website's accessibility
We're committed to making this website accessible, in accordance with the accessibility regulations.

### Compliance status
This website is compliant with the Web Content Accessibility Guidelines (WCAG) version 2.1 AA standard. This means we have addressed all the level A and AA accessibility issues identified through internal tests or raised by an external evaluator.

## Preparation of this accessibility statement
This statement was updated in November 2022.

This website was last tested in September 2022 by the [Digital Accessibility Centre (DAC)](https://digitalaccessibilitycentre.org/), who performed an expert user evaluation against all level A and AA success criteria of WCAG 2.1. A technical review to Web Content Accessibility Guidelines (WCAG) version 2.1 AA standard will be carried out in April 2024, with compliance to Web Content Accessibility Guidelines (WCAG) version 2.2 AA standard by September 2024. This website's accessibility will continue to be reviewed on a regular basis. 

Check how accessible our website is for disabled people and others.

accessibility-statement

Accessibility statement

Your privacy is important to us. This privacy policy covers what we collect and how we use, share and store your information.

This page tells you:

* about the information we may collect
* how we keep your data secure
* who we share your data with
* about your rights to see or change information we hold about you

## Information we may collect

You can leave feedback on some pages of the website or on a user survey. You can choose to share your email address if you want a reply by emailing the team directly on [england.interop.standards@nhs.net](mailto:england.interop.standards@nhs.net). Otherwise, we collect and store feedback anonymously.

### How we use cookies

Our website uses cookies. These are small files saved on your phone, tablet or computer when you visit a website. They store information about how you use the website, such as the pages you visit.

The law says that we can store cookies on your device if they are strictly necessary to make our website work. We need your permission for all other types of cookies before we can use them on your device.

We like to use analytics cookies that measure how you use our website and help us improve our service for future users but we only use these cookies if you say it's OK.

[Read our cookie policy](/cookie-policy) to find out more about the cookies we use and tell us if we can put analytics cookies on your device.

We sometimes use tools on other organisations' websites to collect data or to ask for feedback. These tools set their own cookies.

#### How we collect and store your data

If you interact with us on social media, we may receive some personally identifiable data about you, which is supplied by the channel you are using (for example, Twitter or Linkedin). This may include:

* your name
* social media handles (such as Twitter account name)
* location history (where you are contacting us from)
* images (such as your profile picture)

We will process and store your data in accordance with the terms and conditions and privacy policy of the platform in question. You should be aware that your use of these platforms is governed by the terms and conditions agreed between you and the platform, rather than with us.

We will not remove, duplicate or transfer your personal data from or between any of the social platforms that we use, except for when you give us explicit permission to do so or when we believe that we need to in order to respond to an urgent risk to health.

You should be aware that social networks may control some of the data associated with interactions between you (the user) and us (NHS Standards Directory) on their platforms. For example, we will be able to delete our own records of a private message conversation if you ask us to do so, but social networks may store a copy of this conversation that we are unable to access.

We recommend using the privacy tools built into the social networks in question to make sure you are able to exercise your rights appropriately.

#### Understanding how social networks use your data

Social networks use information about your online activity to build a profile of you. This data is then used (anonymously) to send you targeted adverts across various digital platforms.

You should be aware that interacting with accounts such as ours may help build the profile of you that social networks maintain, and that could potentially result in you receiving adverts about related issues.

This process of collecting data for advertising purposes is not controlled by the NHS Standards Directory, and we do not have access to the profiling data stored by social networks about you.


## Keeping your personal data secure

We convert your data into secure code (encrypt it) and store it on secure servers in England. A partner organisation is providing hosting services but has no say in how the information is used. There are no legal ways for their employees to see the data. Only approved people in the NHS Standards Directory team can see it.

If you shared your email with us as part of a survey, we will delete it after 2 years. At that point no one can identify you in the survey data.


## Data sharing

NHS England may share anonymous information on how the service is used internally.

### Legal powers

When you give us personal information, we may pass it on if the law says we must.

If you make a claim against us, we and other third parties such as our solicitors may need to look at this information.

We will not share your personal information with anyone else without your permission for any other reason.


## Your rights

You can:


* find out what information we hold about you, ask us to correct it if it's wrong, or delete it by emailing [england.interop.standards@nhs.net](mailto:england.interop.standards@nhs.net). 
* contact the [Information Commissioner's Office](https://ico.org.uk/), Wycliffe House Water Lane, Wilmslow SK9 5AF if you want to make a complaint about how we have managed your data

Check how we collect, use, share and store data for people visiting our website.

privacy-policy

Privacy policy

## What are cookies?

Cookies are files saved on your phone, tablet or computer when you visit a website.

They store information about how you use the website, such as the pages you visit.

Cookies are not viruses or computer programs. They are very small so do not take up much space.

## How we use cookies

We only use cookies to:

* make our website work
* measure how you use our website, such as which links you click on (analytics cookies), if you give us permission

We do not use any other cookies, for example, cookies that remember your settings or cookies that help with health campaigns.

We sometimes use tools on other organisations' websites to collect data or to ask for feedback. These tools set their own cookies.

Check how we use cookies to collect and store information about visits to our website.

cookie-policy

Cookie policy

Discover future standards that could help data work together for users in health and adult social care within England. 
 Please note these are subject to change and are not guaranteed to become published or to be assured by an approved Standards Body. For more information or to propose a new standard, email <a href="mailto:england.interop.standards@nhs.net">england.interop.standards@nhs.net</a>.

future-standards

Future standards

### Standards Directory mailbox

You can contact the team who manage the Standards Directory by emailing england.interop.standards@nhs.net.

### Standard development bodies

[The Data Alliance Partnership Board](https://digital.nhs.uk/data-and-information/information-standards/information-standards-and-data-collections-including-extractions/data-alliance-partnership-board) approves information standards, data collections and extractions for health and adult social care in England. 

[Government Digital Service](https://www.gov.uk/government/organisations/government-digital-service) owns the [UK government’s API Catalogue](https://www.api.gov.uk/#uk-public-sector-apis) which lists public sector APIs. They also oversee the [Data Standards Authority](https://www.gov.uk/government/groups/data-standards-authority) which sets standards for data-sharing in government.

[HL7 UK](https://www.hl7.org.uk/) develops standards for exchanging electronic health information in the UK.

[NHS Digital](https://digital.nhs.uk/) owns the [NHS' API Catalogue](https://digital.nhs.uk/developer/api-catalogue) which lists APIs for use in the NHS. New APIs can be voted on in their [product backlog](https://nhs-digital-api-management.featureupvote.com). 

[The Professional Record Standards Body](https://theprsb.org/) develops standards for patient and care records. 

### Discussion forums

[FutureNHS](https://future.nhs.uk/) is a platform for health and social care professionals to connect.

INTEROPen is a place to discuss standards development and usage in health and social care. Their [discussion forum](https://interopen.ryver.com/application/login) is hosted on Ryver - email membership@interopen.org to join.

[Digital health networks](https://digitalhealthnetworks.net/) are where health and social care professionals can support the digital agenda through discussions and events.

### Technology regulations

The [NHS Service Standard](https://service-manual.nhs.uk/standards-and-technology/service-standard) and [GDS Service Standard](https://www.gov.uk/service-manual/service-standard) are standards for designing and building online services. [Point 17 of the NHS Service Standard](https://service-manual.nhs.uk/standards-and-technology/service-standard-points/17-make-your-service-interoperable) states that technology must implement standards that support interoperability. 

The [Technology Code of Practice](https://www.gov.uk/guidance/the-technology-code-of-practice) is a set of criteria to help government build or buy technology. 
 
The [Web Content Accessibility Guidelines](https://www.w3.org/TR/WCAG21/) are a requirement for all public sector websites and apps.

### Platforms for buying and selling IT

[GP IT Futures Capabilities & Standards](https://gpitbjss.atlassian.net/wiki/spaces/GPITF/overview?homepageId=1391134009) is a commercial framework for primary care technology.

[Health Systems Support Framework](https://www.england.nhs.uk/hssf/) is a commercial framework for non-clinical solutions related to population health management such as advanced analytics and digital infrastructure.  

[The Digital Social Care Records Dynamic Purchasing System](https://www.digitalsocialcare.co.uk/social-care-technology/digital-social-care-records-dynamic-purchasing-system/) is a commercial framework for solutions that digitise social care records.

### Design kits and case studies

[The NHS Design System](https://service-manual.nhs.uk/design-system) has design patterns and style guides for use in NHS digital services.

[The GOV.UK Design System](https://design-system.service.gov.uk/) has design patterns and style guides for use in all public sector digital services.

[NHS digital playbooks](https://www.nhsx.nhs.uk/key-tools-and-info/digital-playbooks/) show examples of how care pathways have been improved with technology.


Explore resources for the standards community in health and social care including links to discussion forums and government regulations.

help-and-resources

Help and resources

## What this service does

The directory is a source of recognised standards used by technologies in health and adult social care to exchange data in England. 

It is a signposting service only. It doesn’t include the full documentation for each standard. This can be found on the standard owner’s website.

This service is currently in development and is being tested and improved based on feedback. To report a problem or make a suggestion, email <a href="mailto:england.interop.standards@nhs.net">england.interop.standards@nhs.net</a>.

To learn more about why this service was needed and the future plans for it there is a <a href="https://digital.nhs.uk/blog/tech-talk/2022/discovering-data-standards-together">2022 blog written by the Product Manager</a> of the NHS Standards Directory.

[Find out more about standards](/about-standards).

## Who this service is for

This service is for anyone building or buying digital technologies for the NHS or local authority-funded adult social care services in England. 

This includes IT suppliers, healthcare providers and technology buyers such as procurement teams and framework operators.

## What standards are included

The directory lists all standards that are mandated at a national level as well as some standards that are not mandatory but are widely in use in England. These include: 

* all approved national [information standards](https://digital.nhs.uk/data-and-information/information-standards/information-standards-and-data-collections-including-extractions/publications-and-notifications/standards-and-collections#approved-standards-and-collections). These are assured by the [Data Alliance Partnership Board](https://digital.nhs.uk/data-and-information/information-standards/information-standards-and-data-collections-including-extractions/data-alliance-partnership-board) and issued with an Information Standard Notice, which means they are mandatory.
* APIs published in [NHS Digital's API Catalogue](https://digital.nhs.uk/developer/api-catalogue)
* record standards published by the [Professional Record Standards Body](https://theprsb.org/)

It also includes draft APIs and draft standards that are in the process of being assured at the national level.

More standards are likely to be added to the directory in the future. You can find [data collections and extractions on NHS Digital’s website](https://digital.nhs.uk/data-and-information/information-standards/information-standards-and-data-collections-including-extractions/publications-and-notifications/standards-and-collections#approved-standards-and-collections). 

When writing information around standards there is an aim to provide clear, accessible and useful metadata to enable everyone to understand it. Details of which can be read in this <a href="https://services.blog.gov.uk/2022/12/14/how-content-design-helped-to-frame-a-new-service-around-nhs-data-standards/">2022 blog on the use of content design to build the Standards Directory.</a>

## Who manages this service

This service is managed by NHS England and Improvement working closely with organisations involved in standards development. You can contact the standards directory team by emailing <a href="mailto:england.interop.standards@nhs.net">england.interop.standards@nhs.net</a>.

Check who owns and manages the NHS Standards Directory and what the service is for.

about-this-service

About this service

## What we mean by standards
This service contains standards, which we group into 4 categories:

*   **A Collection** is a systematic gathering of a specified selection of data or information for a particular stated purpose from existing records held within health and care systems and electronic devices.

[Browse collections](/search-results?standard_category=Collections).

*   **An Extraction** is a type of collection that is pulled from an operational system by the data controller and transmitted to the receiver without additional processing or transcription by the sender..

[Browse extractions](/search-results?standard_category=Extractions).

*   **Technical standards and specifications** specify how to make information available technically including how the data is structured and transported

[Browse technical standards and specifications](/search-results?standard_category=Technical+standards+and+specifications).

* **Information standards** are agreed ways of doing something, written down as a set of precise criteria so they can be used as rules, guidelines, or definitions.

[Browse information standards](/search-results?standard_category=Information+standards).

Not every standard that exists is listed in this service. You can [find out which standards are included](/about-this-service#what-standards-are-included). 

## Benefits of using standards
There are many benefits to using standards including:

* it’s more efficient to reuse existing approaches to recording or exchanging data than creating new ones
* it promotes quality by ensuring all care settings are aligned to standards that have been approved by qualified bodies
* it makes it easier to analyse data at the national level and see trends or problems if the data has all been standardised 
* it is essential to achieving interoperability, which would allow IT systems across the country to share data. An example of this is hospitals being able to update GP records directly using their own systems instead of sending emails

## Report a gap in standards
Work is underway to publish a process for people developing new standards. 

In the meantime, please notify us of plans to create new standards by emailing england.interop.standards@nhs.net. Local standards that apply at the national level may be uplifted for national use.  


Find out about the different types and benefits of standards in health and social care and how to report a gap in standards.

Data Security and Protection Toolkit

Information Standard Notice

Important: Full conformance date

Standard definition

Standard definition

About this change

Contacts

Dates