SECURE EMAIL INFORMATION FOR CARE PROVIDERS
NHS.mail – Secure, Fast and Free Communication
To create new NHS Mail accounts, Registered Care Providers should publish their Data Security and Protection Toolkit (DSPT) to “Approaching Standards”, which means answering just 27 questions about how you manage Data Protection and Cyber Security risks.
The DSPT is a free annual self-assessment and publishing to either “Approaching Standards” or “Standards Met” ensures NHS mail remains available to Care Providers for free.
The DSPT may also be your key to unlocking other NHS digital platforms, it helps answer KLOEs, it is about to become a contractual requirement for commissioned services and is a recognised way of asserting GDPR compliance. Lots of support and guidance around DSPT, including registering and publishing, can be found here.
What is secure email?
Email was developed when the Internet was a much smaller place, to standardize simple messaging between people using different kinds of computers. Because of this, and changes to the Data Protection Laws (GDPR), anyone who collects or sends personal data must now use a secure email, such as NHS Mail. NHS Mail is currently available for free to Care Providers, by filing a simple form. We can help you.
To support delivery of care, Providers have NHS Mail or a secure email, to enable e-prescriptions, share information across systems and essential digital services
There are 2 routes you can take to ensure your email is secure by NHS England Standards:
NHSmail – see more information below
Secure email accreditation – more information available here
Signing up to NHSmail
Once you have completed your DSPT and met either ‘Approaching Standards’ or ‘Standards Met’, you are eligible for NHSmail.
Sign up at this link: NHSmail 2 Portal Home
The application will be processed by the national administration service, who will send you your log-in details.
Each home can have a shared mailbox which multiple members of staff can have access to, allowing users to send emails ‘on behalf’ of the mailbox. A shared mailbox needs to have at least one “owner” and one “member” linked to the shared account and only the nominated owner(s) can delegate access to the mailbox to others. See Training Guide for NHSmail for how to give and remove access.
Please note that registering for NHS mail is for new users only.
If you have an NHS mail account already then please see the FAQs below and the Training Guide for NHSmail.
Please also note, this is for CQC registered services only.
Help with NHSmail
If you have a query or are experiencing issues with NHSmail refer to the guidance documents and FAQs below under ‘Guidance Documents’.
If you are unable to find an answer to your query, email or call the National Administration Service Helpdesk via the details below.
Phone number: 0333 200 1133
To find out how to sign into your account, reset a password, change password, add people to a shared mailbox and more, access this document:
The below guidance document provides information on how to safely share personal confidential data via email.
In addition to the above resources, please see below for some FAQs regarding NHSmail.
|My account has been deactivated. How do I recover it?||
You can reactivate your account by signing into it as usual (including your shared site mailbox).
If this does not work, email, or call the national administration service:
0333 200 1133
|What do I do if I am locked out of my NHSmail account?||
Email or call the national administration service:
0333 200 1133
If you are unable to answer your security questions, the helpdesk will use your mobile phone number to authenticate you. If you do not have a mobile number on the directory, the shared mailbox owner will need to contact the helpdesk to confirm they can authenticate you and reset your password.
|People have left the organisation and we have lost access to the shared mailbox. How do I regain access?||
Email or call the national administration service:
0333 200 1133
Keep note of the Incident Ticket Number allocated to you as this will be needed for any follow up support needed.
|What do I do if I am moving to another social care provider or leaving social care altogether?||
If you are leaving your organisation, you need to email email@example.com to notify them so that they can mark your account as a ‘leaver’. After 30 days, accounts marked as ‘leavers’ will be permanently deleted.
If you are moving to another social care provider, you will also need to inform firstname.lastname@example.org so they can mark you as a ‘joiner’ to your new organisation.
For more information, access the Leavers and Joiners Guide
|What do I do if my name changes?||
If your name changes, for example, you get married and change your surname, you should email email@example.com, who will edit your name and update your email address.
Your old email address will remain associated with your new account. If another user sends an email to your old email, it will be re-directed to your new email address.
|How do I hide my mobile number from the NHS Directory?||
It is not recommended for any user to remove their mobile number, especially if you are the owner of shared mailbox, as this will be used by the helpdesk for any authentication checks.
However, to hide your mobile number:
Click ‘Hide mobile number from address book’ option
|How many user accounts I am allowed?||
The default account allowance is up to 10 named user accounts and 1 shared mailbox per site
If you require more than 10 accounts, this is the process to follow:
You will need to provide:
Email template (to be completed by care provider and sent to NAS helpdesk – as mentioned above)
Dear Care Admin Team,
We require new user accounts for our shared mailbox. The new users will take our shared mailbox total to over ten users. We require these extra accounts because [insert justification reason]
Number of new users required: x
|How do I activate and use my NHSmail account?||Click here to watch the video|
|How to add your NHSmail account to Outlook?||Click here to watch the video|
|How do I add an NHSmail account for another member of staff?||Click here to watch the video|
|How to add users to your shared online mailbox||Click here to watch the video|
|How to open your shared mailbox||Click here to watch the video|
|How to reset your password||Click here to watch the video|
|How to close your NHSmail account||Click here to watch the video|
|How to log out of NHS mail||Click here to watch the video|
|How to use NHSmail on your iPad||Click here to watch the video|
Data breaches reported in the social care sector 2021/22 – ICO Analysis
The ICO’s analysis shows for the year 2021/22 so far, 188 personal data breaches have been reported by social care organisations (note, this is those that are reported, there may be others that go unreported).
The majority (87%) are non-cyber incidents. The most common of these is where data was emailed to the wrong recipient (25% of all incidents reported) closely followed by incidents where paperwork or data was lost or stolen (34%).
The most common cyber incidents reported are phishing attacks (15% of all reported incidents).
(Cyber incidents = where there is a clear online or technological element which involves a third party with malicious intent.)
What you can do to stay safe:
- Double check you have the correct recipient in your To or CC fields or are using the Bcc field when necessary. This can be reinforced through ensuring your induction and annual refresher training covers data protection and cyber security good practice. NHSmail will do the rest to keep sensitive information secure.
Using NHSmail will reduce the need for paperwork and reduce the risk of data being lost or stolen as it is a secure service.
- Ensure you have good data protection and cyber security policies and procedures in place.
- By completing and publishing your DSPT, this will tell you how best you can do this and is the prerequisite for your access to NHSmail.