IG and cyber security training
IG and cyber security training
Pharmacies must ensure all staff who access confidential information undertake relevant IG training.
Note: About the new Toolkit question 3.3.1 which says: “Staff pass the data security and protection mandatory test… Level 1 Data Security Awareness training” but equivalent training is acceptable. NHS Digital has confirmed to PSNC that the question can be marked completed if equivalent training has taken place including the GDPR guidance for Community Pharmacy (Part 2) staff training booklet. In advance of the Toolkit deadline (31st March 2019) most contractors will already have trained all staff to this level during the GDPR implementation period which began in May 2018. If not, you must ensure 95% of all current staff have been trained.
Basic IG training
There are a number of options:
- GDPR guidance for Community Pharmacy (short version) (Part 2) staff training booklet: this has been made available to assist with staff training. See GDPR. As explained, this training is equivalent to the item below and if this training was used for staff, that can be used to confirm against Toolkit question 3.3.1.
- NHS Digital Online IG Training Tool “Data Security Awareness Level 1: One way for pharmacists and technicians to access the online interactive version is via Centre for Pharmacy Postgraduate Education (CPPE) access to e-Learning for Healthcare learning modules. Other versions are available such as: Microsoft Word version or a PowerPoint version. You may feedback on the materials*. This training is equivalent to the GDPR training booklet mentioned above so either training or any alternative equivalent can be completed to answer Toolkit question 3.3.1.
- Paper-based training package: PSNC and the RPSGB worked with DH Informatics to publish a training booklet for staff entitled, “Information Governance Training Booklet for Pharmacy Staff”. A copy was posted to every pharmacy and PCT (Medicines Management Lead) in England on the 22nd January 2010. The training booklet can also be downloaded by clicking on the link below:
- Information Governance Training Booklet for Pharmacy Staff
- Online Training Tool: A basic e-learning module targeted at pharmacy staff had been available via the online Information Governance Training Tool (IGTT). The resource was titled, ‘Information governance for pharmacy staff’ and was similar in content to the paper-based IG training booklet for pharmacy staff.
- Other equivalent options: Other equivalent training resources may also be used to meet this requirement, for example in-house training packages produced by multiple pharmacies.
*NHS Digital advised they welcome feedback if you have any suggestions as to the content of their Data Security Awareness Level 1 training, while you are using the materials, then the suggestions will be considered by NHS Digital for improving the e-learning module which is in development (and if necessary amending the interim products). If you would like to provide feedback about the content please use the NHS Digital contact form, or email email@example.com and mark your query for the attention of the Data Security Awareness Level 1 refresh project.
IG Lead training
Becoming familiar with Community Pharmacy GDPR Working Party’s (made up of PSNC, NPA, CCA, AIMp, RPS, CPPE and CPW) Guidance for Community Pharmacy (Part 1), associated GDPR guidance, as well as PSNC’s IG guidance documents will support training.
Cyber security training
National Cyber Security Centre (NCSC)
Visit the NCSC website for training materials.
The Cyber Essentials scheme is a recognised cyber security assurance certification. The Department of Health and Social Care recommended in their report that all formal “NHS organisations” meet this cyber security standard. In October 2018, it was reported in the HSJ that NHS Digital which runs the NHS’s national cyber services opposed adopting the recommendation.
Community pharmacies are not formally categorised as “NHS organisations” and it is not a requirement for pharmacy contractors to meet this cyber security standard. But contractors may wish to do so. Contractors already submit IG assurances to NHS England via the Data Security and Protection Toolkit (formerly the IG Toolkit).