Setting up and using secure email

Information about the health and care of people you support is very sensitive. Without a secure email system, emails could be intercepted and sensitive data accessed by the wrong people, even if you use strong passwords. 

This guidance will help you to understand the processes and procedures you must follow to meet the ‘secure email standard’ (called DCB1596). 

This is a standard that health and care organisations must meet to be sure that sensitive and confidential information is kept safe. 

Decide which email provider to use

You may choose to use NHSmail, another secure email provider, or accredit your own email service to the DCB1596 secure email standard. 

NHSmail is the national secure collaboration service for health and social care in England. It will help you to:

  • communicate with GP partners more easily 
  • order prescriptions more easily 
  • send secure and standardised patient discharge summaries 
  • increase collaboration over hospital admissions and appointments
  • have simpler processes for ordering blood and urine tests
  • reduce time on admin tasks 
  • access the NHS directory

If you are a small or medium care provider without the IT resources to accredit your own email service, we recommend using NHSmail. You will also be able to access support with setting up and managing your account from the National Administration Service (NAS).

To use NHSmail, you must first complete the Data Security and Protection Toolkit to at least ‘approaching standards’.