Thinking of an NHS AQP Contract or Full Service Contract?
If your business is looking at future NHS contracts, either AQP or Full Service provision then planning ahead is a must. Do not leave it until you see an advert posted or hear a rumour.
If you do business with the NHS then you will need to need use the Health & Social Care Network (HSCN) which used to be called N3. To be accepted for a connection your organisation must meet the new Information Governance and Security requirements which are held on the Data Security & Protection Toolkit (DSPT).
To gain access to the DSPT you must first apply to the Organisational Data Service who will then issue a code (ODS Code). This can be either a three alphanumeric or 5 digit alpha numeric. It is recommended that you register as an HQ address which will be a three digit alphanumeric eg XX1 and then register one service delivery site at least which will be allocated a five digit code eg XX1AB, Subsequent site cods will be XX1AC, XX1AD and so on. If you do not register in this way and you operate over several sites the users will have to log in and out each time they want to access each different site as opposed to logging in under the HQ code and having an overview of all sites. User access can still be restricted through the roles set up on the users Smartcard.
To request an ODS code contact the Exeter Helpdesk, part of NHS Digital.
Once you have registered and accessed the DSPT you may wonder what on earth you have committed to. Do not fear the NHS is full of jargon but the underlying requirements are essential for any sound business especially for ones handling personal sensitive data. Meeting all the DSPT standards will ensure that your organisation is GDPR ready and ISO 27001 compliant which is a business essential anyway.
Key supporting tasks are to identify a person who can fulfil the role of Caldicott Guardian. This is a person preferably from a clinical; background if your organisation is handling personal sensitive data. Another key role is the Senior Information Risk Officer (SIRO), this role is for a person at a senior level in the organisation who has a good understanding of information processing, storage, sharing and security. A third important role is the Information Asset Owner (IAO), depending on the size of your organisation other roles that the DSPT refers to may have to be the same person. All the applications forms to register these key roles can be found on the NHS Digital portal .
If you would like to know more about how we can support you then Contact Us.