Data security and protection training

Data security and protection training

Pharmacies must ensure all staff who access confidential information undertake relevant regular data security and protection training.

The information governance (IG) lead(s) within the pharmacy will also undertake deeper learning and perform training analysis each year to determine training provision.

Basic training

There are a number of options:

A standard data security training specifically for pharmacy staff is available within one or both of the below:

Alternative non-pharmacy specific training options

A range of free or commercial options will be available. Several free options include those listed below:

Resources:

Videos

Interactive courses (free)

Pharmacy IG leads require deeper training and expertise (see section below).

IG lead training

Becoming familiar with Community Pharmacy GDPR Working Party’s (made up of PSNC, NPA, CCA, AIMp, RPS, CPPE and CPW) Guidance for Community Pharmacy (Part 1), associated GDPR guidance, as well as PSNC’s IG guidance documents will support training.

Training analysis exercise (DSPTK)

The IG lead may undertake a training needs analysis (e.g. during their work related to the Data Security and Protection (IG) Toolkit annual submission and the question relating to training analysis). The IG lead may consider the different training needs for different staff members and the plan for the delivery of the training each year for staff (plus the delivery plan for training to new starters). IG leads can use this:

DSPTK Template 3D: Training options and analysis (at DS templates webpage).

Training tips

Whatever options are decided upon, within your role as IG lead, consider how the training resources and messages will help reinforce good data security lessons.

Top tips:

  • Focus on the most important areas and target key staff
  • Ask your staff – what worries them?
  • Do they know how to spot emails from phishing scammers?
  • Consider an annual training session on the topic in which staff are invited to comment about risk areas and how to mitigate risk of incidents in the year ahead.
  • Repeat key messages in different ways, e.g. through posters.
  • Make it visual by using pictures and posters.
  • Use your IT system to convey key messages, such as via ‘pop ups’ on log in.
  • Make data security a key component of any induction process.

Cyber Essentials (optional)

The Cyber Essentials scheme is a recognised cyber security assurance certification available for purchase. The Department of Health and Social Care recommended in their report that all formal “NHS organisations” meet this cyber security standard. In October 2018, it was reported in the HSJ that NHS Digital which runs the NHS’s national cyber services opposed adopting the recommendation.

Community pharmacies are not formally categorised within the “NHS organisations” category by DHSC and it is not a requirement for pharmacy contractors to meet this cyber security standard. But contractors may wish to do so. Contractors already submit IG assurances to NHS England via the Data Security and Protection (IG) Toolkit.

Past materials

Past materials included:

  1. Paper-based training package: PSNC and the RPSGB worked with DH Informatics to publish a training booklet for staff entitled, “Information Governance Training Booklet for Pharmacy Staff”. A copy was posted to every pharmacy and PCT (Medicines Management Lead)  in England on the 22nd January 2010. The training booklet can also be downloaded by clicking on the link below:
  2. Information Governance Training Booklet for Pharmacy Staff

Pharmacy IG leads are recommended to use newer materials (because of changes to the data security environment) – outlined within the ‘Basic training’ and ‘IG leads training’ sections above.

If you have queries about this webpage, please contact it@psnc.org.uk.

 

Return to the section: Data security and information governance

Return to the section: Data Security and Protection Toolkit

Return to the Pharmacy IT hub or IT a-z index

Return to Contract and IT

 



Latest Contract & IT news

View more Contract & IT news >

Have you completed the DMS DoC?

Pharmacists and pharmacy technicians are reminded that they must complete the Discharge Medicines Service (DMS) Declaration of Competence (DoC) before...