RCPA Digital Bulletin – December 2025 – Registered Care Providers Association

Big Digitisation Announcements

The Department for Health and Social Care has set out a plan for all care providers to be fully digitised by the end of this parliament.

There are two criteria for a CQC registered provider to be considered fully digitised:

Using an assured digital social care record solution*
Meeting the ‘standards met’ level on the data security and protection toolkit (DSPT)

*you can view the list of assured solutions here – Assured solutions for digital social care records | Digitising Social Care

What does this mean for you?

The good – The adult social care sector is in a really strong position and already a great case study for rapid digitisation. Nationally over 80% of care providers are using a DSCR and 69% of providers are DSPT compliant. This has been rapid transformation with the Digitising in Social Care (DiSC) programme introducing the assured solutions list 5 years ago. The announcement by the DHSC aligns closely with the direction that social care is already moving towards and ties into the NHS 10 year plan.

The bad – Being fully digitised means using an assured DSCR solution. Over 80% of providers are using a DSCR solution however that includes systems that are not on the assured supplier list. If you use a DSCR that is currently not a part of the assured supplier list, you should contact your supplier to understand their position and if they intend to apply to be included on that list. You may also want to look at your current DSCR contract length and consider if moving to an assured solution is a viable option.

The beautiful future – The entire social care sector will be in a position to fully integrate into a wider health and care framework. Access to services such as GP connect, proxy access, and shared care records will become more accessible and data will be more easily accessible between health, social care, and other related services.

The other thing to consider – Technically, this change means that every CQC registered provider is now legislatively required to complete the DSPT. “All CQC-regulated adult social care providers in England must complete the DSPT. This is a legal requirement under the Health and Social Care Act 2012, as amended by the Health and Care Act 2022.” However – please note that there is not currently any enforcement of this mandation or ability to penalise providers who do not complete the DSPT. This may change in time.

Further information on being a fully digitised provider can be found here:

Inside the Government’s Big Digitisation Announcement (Digital Care Hubs podcast)

Free Data Security Health Check

How do you know that your data and cyber security is good enough?

You are likely to have already completed the Data Security and Protection Toolkit (DSPT). How confident are you that you’ve implemented all of the DSPT requirements effectively?

During the Data Security Health Check pilot that ran across the Southwest, of the providers who had DSPT completed to Standards Met, only 1.41% went through the health check process without needing recommendations for improvement. The DSPT is a fantastic tool for helping providers meet their obligations for data and cyber security, the health check process can give you the confidence on completing it to a higher standard.

A Data Security Health Check is a no strings attached process that reviews and provides feedback on all aspect of data protection and cyber security. A cyber security technical assessment is also carried out to confirm basic cyber security settings on your Windows computers.

If you are interested in a free Data Security Health Check, please contact Daniel Plummer at daniel.plummer@rcpa.org.uk

RCPA’s Caldicott Guardian Service

As part of your RCPA membership, you have the option to include the Caldicott Guardian service.

A CG is a specialist role that sits within the senior leadership of a health and social care organisation. The role represents and champions information governance and is sometimes referred to as the conscience of the company.

All health and social care organisations are required to have a CG. However, smaller organisations who don’t have the internal structure or budget to appoint one should have consideration for the CG principles or outsource the role.

If you would like more information about Caldicott Guardian and RCPAs service offer. Please contact Dan Plummer at daniel.plummer@rcpa.org.uk

Healthwatch Somerset Data Survey

Healthwatch Somerset are working with a variety of partners across Somerset to develop a data platform cantered around population heath management. This survey is designed to help understand data sharing and privacy knowledge within Somerset. While specifically designed for individuals, social care as a sector will form part of this work and your views are important.

Please see here for the survey – https://www.smartsurvey.co.uk/s/SomersetHealthDataSurvey/

Events

Upcoming digital, data, and cyber events:

Completing the Data Security and Protection Toolkit for the first time – Digital Care Hub

Tuesday 6^th of January 15:00 – 16:00

Review and republish your Data Security and Protection Toolkit – Digital Care Hub

Tuesday 20^th of January 15:00 – 16:00

Cyber in Care: The Deep, the Dark and the Hidden Dangers – Digital Care Hub

Wednesday 21^st of January 12:00 – 13:30

Caldicott Guardian Learning Network – Digital Care Hub

Thursday 22^nd of January 12:00 – 13:00 – This is a recurring network meeting.

See Events | Digital Social Care for future dates.