INTEGRATION IS THE FUTURE – DATA SHARING AND PROTECTION (DSP)

What lessons can Care Homes and the Voluntary, Community, and Social Enterprise (VCSE) Sector learn from recent successes in the integration of health and social care services and how can they best prepare for collaborative working arrangements in the future?

Recent data from the Office for National Statistics (ONS) makes for grim reading.  Between 2 March and 12 June 2020 19,394 people died with COVID-19 in care homes across England and Wales.  These shocking statistics are leading to an increased focus on role of care homes and the Voluntary, Community, and Social Enterprise (VCSE) sector and are prompting the acceleration of existing plans to improve their integration with local health and social care services.

Much of this work to integrate care services has been underway for a number of years.  In 2013, 14 local areas were selected to act as Integrated Care Pioneers, tasked with demonstrating ambitious and innovative approaches to efficiently delivering person-centred and co-ordinated care across their local health and care systems.  The Five Year Forward View, published in October 2014, also highlighted the importance of integrated care.  Even at that early stage there was an acknowledgement of the role of care homes and the VCSE sector, however, the main focus at the time was on the integration of different health services within an area and linking these with social care services.

With the national, regional and local focus now rapidly shifting towards care homes and the VCSE sector, it may be helpful for those soon to be caught up in ambitious plans for rapid change to consider what lessons can be drawn from previous efforts to integrate services.  By understanding what challenges are to be expected it may be possible to get ahead of the game and prepare effectively for the transition towards ‘new ways of working’.  This can also allow an organisation to help proactively drive change, ensuring this occurs in a manner which works for them rather than becoming a passenger in the change process.

One of the key challenges identified during efforts to improve integration between health and social care services was the need to build trust between organisations and teams who had not historically worked together so closely.  Strangely, there is often a reluctance to acknowledge and accept that different sectors which are subject to different standards, regulatory frameworks and resourcing levels will inevitably exhibit differences in their approach to certain activities.  Focussing on differences rather than similarities can be seen as unhelpful, however initial scepticism and distrust is to be expected and the detrimental impact this can have should not be downplayed or disregarded.

In some cases, perceived differences may well be entirely unfounded, or it may be that some differences are perfectly acceptable in the given context.  Simply by increasing communication between teams and exposing people to how others work and operate can be enough to overcome many of these challenges.  The important output from an exercise like this, however, is not to necessarily accept differences where they exist but to identify and highlight those differences which are likely to be a hindrance to integrating services so that these can be tackled head on.

Arguably some of the most significant challenges to overcome when integrating services relate to the need for effective and efficient information sharing between professionals and across organisational boundaries.  This is an area in which differences between organisations and sectors are very likely to be identified and which are unlikely to be tolerable.  Under the General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA18), organisations (data controllers) face potentially significant penalties if they negligently or carelessly share confidential or personal data with others in a manner which puts that information, or the individuals it relates to, at risk.  It can also result in compensation claims being brought against them by aggrieved individuals.  It is important therefore that everyone who will need to share or receive information as part of an integrated service or system have confidence that those they are working alongside have equivalent measures in place to protect it.

Data Security and Protection (DSP) Toolkit

The key standard which all health and social care providers currently strive to meet is the NHS’ Data Security and Protection (DSP) Toolkit.  This describes itself as follows:

The Data Security and Protection Toolkit is an online self-assessment tool that allows organisations to measure their performance against the National Data Guardian’s 10 data security standards.

All organisations that have access to NHS patient data and systems must use this toolkit to provide assurance that they are practising good data security and that personal information is handled correctly.

Being able to provide partners with appropriate assurance around the data security arrangements within your organisation helps to smooth the path to service integration.  If everyone can be confident that you are meeting (or even exceeding) the same standards that they too are required to adhere to, this can help to build trust in those early days and allows efforts to focus on how services can best be designed and delivered, confident that these foundational measures are in place across all partners.

Integrated services can normally be delivered much more quickly when existing and established technology can be exploited.  The DSP Toolkit paves the way for care homes and VCSE sector organisations to adopt or access a range of NHS and Local Authority systems to support integration.

Firstly, the DSP Toolkit is a mandatory requirement for obtaining access to the Health and Social Care Network (HSCN).  HSCN access is often necessary in order to access health and social care information systems and services.  Most care homes and VCSE sector organisations are unlikely to have an HSCN connection currently and this may become a fundamental barrier to integration.  Taking steps now to ensure HSCN access could be implemented quickly, if required, could be hugely beneficial to service transformation.

The DSP Toolkit is also a pre-requisite for obtaining access to the NHS’ secure NHSmailemail system and the associated Microsoft Teams platform which sits alongside this.  Both of these tools enable encrypted communications to be sent and received between professionals as well as facilitating secure video conferencing to support Multi-Disciplinary Team (MDT) working. NHSmail and Microsoft Teams currently underpin the vast majority of communications between health and social care providers and so are likely to also be the tools of choice for bringing care homes and the VCSE sector into the fold.

The DSP Toolkit will also normally be used as a minimum standard to allow organisations to access shared care records or other IT systems used to support patient care.  Many regions across the country now have shared care records in place and will be looking for ways to make this available to other organisations involved in delivering care.  Ensuring DSP Toolkit compliance will again put organisations at the front of the queue for negotiating access to shared care records.

Lastly, any organisation seeking to contract with the NHS to deliver services as part of integrated care models will find that DSP Toolkit compliance is a mandatory requirement under the standard NHS contract.  Without a DSP Toolkit in place, organisations may struggle to bid for or win NHS contracts or may be excluded from participating in integrated care services on an equal footing to others.

The 8foldGovernance team have extensive experience in supporting the completion of NHS Data Security and Protection Toolkit (DSPT) submissions for all categories of organisation.

Our service is designed for organisations with limited or no experience with the DSPT requirements. For more information, see our DSP Rapid Toolkit service web page.