Version: 7.0.3 | Published: 13 May 2026 | Updated: 11 days ago
Summary
Reference Code:
DAPB0086 Amd 21/2025
Publication Version:
8.0.0
Type:
- Collections
- Information standards
Effective From:
01 August 2025
Applies To:
- All organisations have access to NHS patients and/or to their information
- All organisations which provide support services directly to an NHS organisation
- All organisations which have either direct or indirect access to national informatics services.
- Social care providers that provide care through the NHS Standard Contract
- Any party seeking approval for access to NHS patient information from either the Confidentiality Advisory Group or NHS England
Conformance Date:
30 June 2026
Assurance Expiry Date:
30 June 2027
Topics:
- Information codes of practice
- Information governance
- Security, Safety and Privacy
Care Settings:
- Community health
- Dentistry
- GP / Primary care
- Hospital
- Maternity
- Mental health
- Pharmacy
- Social care
- Urgent and Emergency Care
Alternate Name:
DSPT
Publication Date:
12 August 2025
Contact Point
Contact Point:
Collection/Extraction Details
Frequency:
Dataset publication or collection occurs once a year.
Documentation
Associated Media:
Description:
The DSPT is an online tool that enables relevant organisations to measure their performance against the data security and information governance requirements mandated by the Department of Health and Social Care, notably the 10 data security standards set by the National Data Guardian and the National Cyber Security Centre Cyber Assessment Framework.
All organisations that have access to NHS patient data and systems must use this toolkit to provide assurance that they are practising good data security and that personal information is handled correctly. Such organisations are required to carry out self-assessments of their compliance against the assertions and evidence contained within the DSPT.
Version 8 released. A summary of changes include:
- independent providers who are designated operators of essential services under Network and Information Systems directive (NIS) and Genomics organisations utilise the NCSC Cyber Assessment framework introduced into the DSPT in line with the Cyber Strategy for health and care
- rationalise evidence items where they are not applicable to the sector
- update requirements for primary care and social care in response to the threat landscape
- update requirements to respond to difficulties in interpretation experienced by organisations undertaking the DSPT in 2024-25
- update the requirements for IT suppliers to include the Department of Science Innovation and Technology code of practice for software vendors to improve the security of software provided to health and care organisations
Documentation Link:
Dependencies:
[object Object]
Review & Status
Contributor:
Department of Health and Social Care
Approval Date:
08 August 2025
Post Implementation Review Date:
30 June 2026
Scope:
Health Services, NHS Services, Adult Social Care
Technical Committee:
Data Assurance Board (DAB)
Dataset Identifier:
1b0dbe9f-6ffc-4c06-bf81-4d52681b1f24
Mandated:
Yes
Status:
active
Legal Authority 1
Legal Authority:
Section 250 of the Health and Social Care Act 2022
Legal Authority Description:
This information standard is published under Section 250 of the Health and
Social Care Act 2012, as amended by the Health and Care Act 2022, and persons
subject to this information standard must comply with the information standard
where it is relevant and may be subject to enforcement action if they fail to do
so within the required timeframes. Bodies that fail to submit a DSPT return may
be subject to enforcement action under the powers in the Health and Social Care
Act 2012, which may include fines.
Legal Authority 2
Legal Authority:
NHS standard contract
Legal Authority Description:
This collection is published under the NHS Standard Contract.
Origin
Name:
NHSE-SD Data Catalogue