8.1 e-Learning – data security awareness – frequently asked questions

e-Learning – data security awareness – level one (v3.0)

Q: Who needs to complete the data security awareness level one training?

The National Data Guardian (NDG) Review requires that all NHS staff undertake appropriate annual data security training and pass a mandatory test. This also includes non-permanent staff that have access to personal confidential information.

The NDG data standards requirements relating to staff are listed below:

- All staff ensure that personal confidential data is handled, stored and transmitted securely, whether in electronic or paper form. Personal confidential data is only shared for lawful and appropriate purposes.

- All staff understand their responsibilities under the National Data Guardian’s data security standards, including their obligation to handle information responsibly and their personal accountability for deliberate or avoidable breaches

- All staff complete appropriate annual data security training and pass a mandatory test, provided through the revised information governance toolkit.


Q: It says all staff undertake appropriate annual data security training and pass a mandatory test. What does this mean relating to the  95% training coverage in Evidence item 3.2.1?

To meet evidence item 3.2.1, 95% of all staff including new starters, locums, temporary, students and staff contracted to work in the organisation have completed their annual Data Security Awareness Training (including passing a mandatory test). The 95% can be made up of staff completing the National E-Learning system or using local training systems or materials where this has been agreed as covering with the learning objectives of the National E-Learning system.


Q: How do I access the data security learning?

Self-registration on e-learning for healthcare (e-LfH): 

Please click on the following link if you would like to register to access this learning material: https://portal.e-lfh.org.uk/Register

- If you already have an account with e-LfH, sign in and search for data security to access the course. 

- If you don’t have an account with e-LfH, click the register button and complete the registration form. You will then receive confirmation email from e-LfH. Follow the instructions in the email and once logged in, search for data security to access the course.


Organisation registration

If you are representing your organisation and would like to register a large number of employees, please follow the link below and complete the online form (survey). A member of the e-LfH support team will be in touch to discuss your requirements https://healtheducationyh.onlinesurveys.ac.uk/nhs-digital-data-security-awareness


Via the Electronic Staff Record (ESR)

If your organisation is registered with ESR with access to e-learning, please contact your local team.


Q: How long will it take to complete the learning?

The learning is split into four modules with an additional “welcome module”. Each module takes around 20 minutes to complete, can be completed in any order and concludes with an assessment.


Q: Do I get a certificate for completing the training?

The e-LfH system will record the pass marks and issue a certificate on successful completion of the five modules. The ESR system records a pass on the user’s record.


Q: What are the topics covered?

The topics covered in the four data security modules are:

- Introduction to data security awareness

- Introduction to the law

- Data security - protecting information

- Breaches and incidents.

Should you require more information about what is included within each module, please see https://portal.e-lfh.org.uk/Component/Details/544182 or the later FAQ on requesting the full SCORM files. 


Q: What is the pass mark?

The pass mark is 80% for each of the four modules.


Q: Can I only take the assessment without the need to go through all modules?

A separate assessment module has been created so that it is possible for the learner to only complete the assessment without the need to complete all other modules. A Pass or Fail mark will be recorded within the learners My Activity Reports section within the e-LfH hub. However, in order to get a certificate within the e-LfH hub, a learner must complete all five modules.


Q: Can my organisation develop a separate learning package?

Yes. The UK Caldicott Guardian Council has stated “that learning objectives are still considered met in those organisations that are adapting the e-learning package locally”. 

The UK Caldicott Guardian Council recognises there is a valid requirement to be able to adapt e-learning locally. 

Locally produced training will be reported to and signed off by the local organisation’s SIRO or Caldicott Guardian and all staff completing the training will have to achieve the 80% pass mark.

Details of the content of the Data Security Awareness Training to compare to local training are available on:



Q: How do I request administration rights for my organisation (for reporting purposes)?

Click on the following link to request administration rights:  https://supportnet.e-lfh.org.uk/support/home

For information on the authorisation process for reporting, please visit:



Q: How does my organisation obtain a SCORM (Sharable Content Object Reference Model) version so we can host the course on our own LMS?

Click the link below and fill in the online form to request access. A member of the e-LfH support team will be in touch to discuss your requirements:



Q: I work for a commercial third party currently undertaking the Toolkit assessment and provides services to the NHS. How do I gain access to the training and who needs to do it?

If your organisation already has an ODS code, click the link below and fill in the online form to request access. A member of the e-LfH support team will be in touch to discuss your requirements: https://supportnet.e-lfh.org.uk/support/home

For organisations who are not health or care organisations (registered with the CQC) only those staff who process health and / or care data  need to complete the data security awareness training.

Q: My organisation does not have an ODS code, how do I apply for one?

For ODS enquiries, please call the Exeter Helpdesk: 03003 034 034 or email: exeter.helpdesk@nhs.net


Q: Will there be any specialist training for this offered by NHS Digital this financial year?

Additional data security accredited training is being offered by NHS Digital this year, see https://www.dsptoolkit.nhs.uk/News/42 and keep an eye out on the news page for further details as they become available.


Q: Is there additional training for Caldicott Guardians?

The UK Caldicott Guardian Council have developed a free E-learning programme:

The programme offers three, audience specific modules:

A module for all staff

The aim of this session is to raise awareness and inform a broad range of staff from   across health and social care of the importance of Caldicott Guardians and confidentiality in their setting, organisation, or sector. The learning would benefit staff working in the NHS, adult social care, local authorities and private sector partners.

A module for new or existing Caldicott Guardians

This session is a starting point for the newly appointed Caldicott Guardian and an aide memoire for the more experienced. The learning explains how the role fits into the wider information governance assurance framework and will help Caldicott Guardians arrive at lawful and practical decisions regarding the protection and sharing of patient and service user information. It also looks at what sources of support and resources are available.

A module for senior staff who may need to appoint or support a Caldicott Guardian

This session is for members of senior leadership teams who may need to appoint, work alongside, or otherwise support a Caldicott Guardian. It explains the importance of the role, including how their work represents the best interests of patients and service users, and how Caldicott Guardians can impact the decision-making processes of the organisation.



Q: Is there additional training for SIROs?

NHS England are offering a free cyber security training course to Senior Information Risk Owners (SIROs) working in NHS trusts and Commissioning Support Units (CSUs).


For other sectors, we have a workbook and powerpoint which is has not been maintained but organisations can use.

Information Risk Management for SIROs and IAOs - PowerPoint - 28-03-2017-Published (1).pptx

Introduction to Risk Management for SIROs and IAOs - Workbook - 05-07-2017-Published.docx

Q: Is there a cost to access the learning?



Q: Have the data security awareness questions been incorporated into the ELearning yet?

Yes staff completing the Data Security Awareness Training via the E-LfH platform will be asked to compelte the survey questions once they have completed the training. A random sample of 5 of the 17 possible questions will be asked of staff to mimnimse the time taken. 


Q: How can we find out what our staff have answered in the survey?

In the admin tool of the E-LfH platform you can view reports of the number of staff who have answered the different alternative on each of the question. This will allow you to integrate it with any other soures to calculate your response to the Staff Awareness questions in the Toolkit.


Contact details

For queries regarding content, please contact the NHS Digital contact centre: enquiries@nhsdigital.nhs.uk

For support with technical, registration, password or access queries, please contact e-learning for Healthcare support team: https://supportnet.e-lfh.org.uk/support/home