NHS Mail and Secure Email
 SECURE EMAIL INFORMATION FOR CARE PROVIDERS

NHS.mail – Secure, Fast and Free Communication

To create new NHS Mail accounts, Registered Care Providers should publish their Data Security and Protection Toolkit (DSPT) to “Approaching Standards”, which means answering just 27 questions about how you manage Data Protection and Cyber Security risks.

The DSPT is a free annual self-assessment and publishing to either “Approaching Standards” or “Standards Met” ensures NHS mail remains available to Care Providers for free.

The DSPT may also be your key to unlocking other NHS digital platforms, it helps answer KLOEs,  it is about to become a contractual requirement for commissioned services and is a recognised way of asserting GDPR compliance. Lots of support and guidance around DSPT, including registering and publishing, can be found here.

hide
To stay hidden
What is secure email?

Email was developed when the Internet was a much smaller place, to standardize simple messaging between people using different kinds of computers. Because of this, and changes to the Data Protection Laws (GDPR), anyone who collects or sends personal data must now use a secure email, such as NHS Mail. NHS Mail is currently available for free to Care Providers, by filing a simple form. We can help you.

To support delivery of care, Providers have NHS Mail or a secure email, to enable e-prescriptions, share information across systems and essential digital services

There are 2 routes you can take to ensure your email is secure by NHS England Standards:

NHSmail – see more information below

Secure email accreditation – more information available here

Signing up to NHSmail

Once you have completed your DSPT and met either ‘Approaching Standards’ or ‘Standards Met’, you are eligible for NHSmail.

Sign up at this link: NHSmail 2 Portal Home

The application will be processed by the national administration service, who will send you your log-in details.

Each home can have a shared mailbox which multiple members of staff can have access to, allowing users to send emails ‘on behalf’ of the mailbox. A shared mailbox needs to have at least one “owner” and one “member” linked to the shared account and only the nominated owner(s) can delegate access to the mailbox to others. See Training Guide for NHSmail for how to give and remove access.

Please note that registering for NHS mail is for new users only.

If you have an NHS mail account already then please see the FAQs below and the Training Guide for NHSmail.

Please also note, this is for CQC registered services only.

Help with NHSmail

If you have a query or are experiencing issues with NHSmail refer to the guidance documents and FAQs below under ‘Guidance Documents’.

If you are unable to find an answer to your query, email or call the National Administration Service Helpdesk via the details below.

Email: careadmin@nhs.net

Phone number: 0333 200 1133

Guidance Documents

To find out how to sign into your account, reset a password, change password, add people to a shared mailbox and more, access this document:

Training Guide for NHSmail

The below guidance document provides information on how to safely share personal confidential data via email.

Sharing Sensitive Information by Email

In addition to the above resources, please see below for some FAQs regarding NHSmail.

Question Answer
My account has been deactivated. How do I recover it?

You can reactivate your account by signing into it as usual (including your shared site mailbox).

If this does not work, email, or call the national administration service:

careadmin@nhs.net

0333 200 1133

What do I do if I am locked out of my NHSmail account?

Email or call the national administration service:

careadmin@nhs.net

0333 200 1133

If you are unable to answer your security questions, the helpdesk will use your mobile phone number to authenticate you. If you do not have a mobile number on the directory, the shared mailbox owner will need to contact the helpdesk to confirm they can authenticate you and reset your password.

People have left the organisation and we have lost access to the shared mailbox. How do I regain access?

Email or call the national administration service:

careadmin@nhs.net

0333 200 1133

Keep note of the Incident Ticket Number allocated to you as this will be needed for any follow up support needed.

What do I do if I am moving to another social care provider or leaving social care altogether?

If you are leaving your organisation, you need to email careadmin@nhs.net to notify them so that they can mark your account as a ‘leaver’. After 30 days, accounts marked as ‘leavers’ will be permanently deleted.

If you are moving to another social care provider, you will also need to inform careadmin@nhs.net so they can mark you as a ‘joiner’ to your new organisation.

For more information, access the Leavers and Joiners Guide

What do I do if my name changes?

If your name changes, for example, you get married and change your surname, you should email careadmin@nhs.net, who will edit your name and update your email address.

Your old email address will remain associated with your new account. If another user sends an email to your old email, it will be re-directed to your new email address.

How do I hide my mobile number from the NHS Directory?

It is not recommended for any user to remove their mobile number, especially if you are the owner of shared mailbox, as this will be used by the helpdesk for any authentication checks.

However, to hide your mobile number:

  1. Log in to your account
  2. Click ‘Profile’ in the navigation bar at top of the screen
  3. Click on ‘My Profile’ tab

Click ‘Hide mobile number from address book’ option

How many user accounts I am allowed?

The default account allowance is up to 10 named user accounts and 1 shared mailbox per site

If you require more than 10 accounts, this is the process to follow:

You will need to provide:

  • Justification for requiring the 10 plus accounts.
  • How many additional accounts are required
  • Confirmation that you already have access to 10 mailboxes and that they are actively being used.  (NAS helpdesk can check the activity of the SMB to see how many active/inactive users are already linked and will prompt the user to ensure any inactive accounts are logged into before the request can be progressed.)

 

  1. Once this has been sent to the helpdesk, they will issue you with a ticket reference number – keep a note of that.
  2. If they deem your justification is acceptable, and the Minimum Data Set (MDS) is met, the NAS helpdesk will ask you to complete an excel spreadsheet which they will send to you, detailing the new user details for each new account requested.  However, if the justification is not acceptable, the helpdesk will seek further guidance from NHS Digital and discuss solutions with you.
  3. The NAS helpdesk actions the request – once NAS has the MDS, they will aim to complete the request in 5 working days.
  4. NAS helpdesk will inform the user and update the automated ticket number that has been raised.

 

Email template (to be completed by care provider and sent to NAS helpdesk – as mentioned above)

Dear Care Admin Team,

We require new user accounts for our shared mailbox. The new users will take our shared mailbox total to over ten users. We require these extra accounts because [insert justification reason]

Number of new users required: x

How do I activate and use my NHSmail account? Click here to watch the video
How to add your NHSmail account to Outlook? Click here to watch the video
How do I add an NHSmail account for another member of staff? Click here to watch the video
How to add users to your shared online mailbox Click here to watch the video
How to open your shared mailbox Click here to watch the video
How to reset your password Click here to watch the video
How to close your NHSmail account Click here to watch the video
How to log out of NHS mail Click here to watch the video
How to use NHSmail on your iPad Click here to watch the video

Data breaches reported in the social care sector 2021/22 – ICO Analysis

The ICO’s analysis shows for the year 2021/22 so far, 188 personal data breaches have been reported by social care organisations (note, this is those that are reported, there may be others that go unreported).

The majority (87%) are non-cyber incidents.  The most common of these is where data was emailed to the wrong recipient (25% of all incidents reported) closely followed by incidents where paperwork or data was lost or stolen (34%).

The most common cyber incidents reported are phishing attacks (15% of all reported incidents).

(Cyber incidents = where there is a clear online or technological element which involves a third party with malicious intent.)

What you can do to stay safe:

  • Double check you have the correct recipient in your To or CC fields or are using the Bcc field when necessary.  This can be reinforced through ensuring your induction and annual refresher training covers data protection and cyber security good practice.  NHSmail will do the rest to keep sensitive information secure.

Using NHSmail will reduce the need for paperwork and reduce the risk of data being lost or stolen as it is a secure service.

  • Ensure you have good data protection and cyber security policies and procedures in place.
  • By completing and publishing your DSPT, this will tell you how best you can do this and is the prerequisite for your access to NHSmail.

List of Providers with NHS or Secure Mail


Skip to content