Data security and protection training
Data security and protection training
Pharmacies must ensure all staff who access confidential information undertake relevant regular data security and protection training.
The information governance (IG) lead(s) within the pharmacy will also undertake deeper learning and perform training analysis each year to determine training provision.
There are a number of options:
A standard data security training specifically for pharmacy staff is available within one or both of the below:
- Pharmacy data security and IG training (for induction or refreshment); or
- GDPR guidance for Community Pharmacy (short version) (Part 2) training booklet for staff
Alternative non-pharmacy specific training options
A range of free or commercial options will be available. Several free options include those listed below:
- National Cyber Security Centre (NCSC)
- Little Book of Cyber Scams guidance (Met Police)
- NHSX IG portal
- Keep I.T. confidential NHS campaign videos (NHS Digital)
Interactive courses (free)
- NHS Digital Online IG Training Tool “Data Security Awareness Level 1. One way for pharmacists and technicians to access the online interactive version is via Centre for Pharmacy Postgraduate Education (CPPE) access to e-Learning for Healthcare learning modules. Other versions are available such as: Microsoft Word version or a PowerPoint version. You may feedback on the materials*. This training is equivalent to the GDPR training booklet mentioned above so either training or any alternative equivalent can be completed to answer Toolkit question 3.3.1. Feed back about the training content: using contact form, or emailing email@example.com.
- BT Skills for Tomorrow – courses including data security ones.
Pharmacy IG leads require deeper training and expertise (see section below).
IG lead training
Becoming familiar with Community Pharmacy GDPR Working Party’s (made up of PSNC, NPA, CCA, AIMp, RPS, CPPE and CPW) Guidance for Community Pharmacy (Part 1), associated GDPR guidance, as well as PSNC’s IG guidance documents will support training.
Training analysis exercise (DSPTK)
The IG lead may undertake a training needs analysis (e.g. during their work related to the Data Security and Protection (IG) Toolkit annual submission and the question relating to training analysis). The IG lead may consider the different training needs for different staff members and the plan for the delivery of the training each year for staff (plus the delivery plan for training to new starters). IG leads can use this:
Whatever options are decided upon, within your role as IG lead, consider how the training resources and messages will help reinforce good data security lessons.
- Focus on the most important areas and target key staff
- Ask your staff – what worries them?
- Do they know how to spot emails from phishing scammers?
- Consider an annual training session on the topic in which staff are invited to comment about risk areas and how to mitigate risk of incidents in the year ahead.
- Repeat key messages in different ways, e.g. through posters.
- Make it visual by using pictures and posters.
- Use your IT system to convey key messages, such as via ‘pop ups’ on log in.
- Make data security a key component of any induction process.
Cyber Essentials (optional)
The Cyber Essentials scheme is a recognised cyber security assurance certification available for purchase. The Department of Health and Social Care recommended in their report that all formal “NHS organisations” meet this cyber security standard. In October 2018, it was reported in the HSJ that NHS Digital which runs the NHS’s national cyber services opposed adopting the recommendation.
Community pharmacies are not formally categorised within the “NHS organisations” category by DHSC and it is not a requirement for pharmacy contractors to meet this cyber security standard. But contractors may wish to do so. Contractors already submit IG assurances to NHS England via the Data Security and Protection (IG) Toolkit.
Past materials included:
- Paper-based training package: PSNC and the RPSGB worked with DH Informatics to publish a training booklet for staff entitled, “Information Governance Training Booklet for Pharmacy Staff”. A copy was posted to every pharmacy and PCT (Medicines Management Lead) in England on the 22nd January 2010. The training booklet can also be downloaded by clicking on the link below:
- Information Governance Training Booklet for Pharmacy Staff
Pharmacy IG leads are recommended to use newer materials (because of changes to the data security environment) – outlined within the ‘Basic training’ and ‘IG leads training’ sections above.
If you have queries about this webpage, please contact firstname.lastname@example.org.
Return to the section: Data security and information governance
Return to the section: Data Security and Protection Toolkit