SECURE EMAIL INFORMATION FOR CARE PROVIDERS
NHS.mail – Secure, Fast and Free Communication
To create new NHS Mail accounts, Registered Care Providers should publish their Data Security and Protection Toolkit (DSPT) to “Approaching Standards”, which means answering just 27 questions about how you manage Data Protection and Cyber Security risks.
The DSPT is a free annual self-assessment and publishing to either “Approaching Standards” or “Standards Met” ensures NHS mail remains available to Care Providers for free.
The DSPT may also be your key to unlocking other NHS digital platforms, it helps answer KLOEs, it is about to become a contractual requirement for commissioned services and is a recognised way of asserting GDPR compliance. Lots of support and guidance around DSPT, including registering and publishing, can be found here.
All NHSmail account users – PLEASE NOTE!
NHSmail personal user accounts will be deactivated after 30 days of inactivity.
If you have a nhs.net user account, to keep it active please ensure you are using it regularly. Please log into the NHSmail portal at least every 30 days and send an email from your account.
*For more information regarding deactivated or deleted accounts, see the FAQs in the ‘Guidance Documents’ section below.
ALSO PLEASE NOTE!
Some NHS Trusts are now requiring care providers to have NHSmail in place to share hospital discharge information.
The national policy is that mail containing health and care information sent to and from health and social care organisations must meet the Secure Email Standard (DCB1596). There are two routes care providers can take to ensure their email meets the secure email standard (DCB1596):
- Secure email accreditation
For each of these you must first complete and publish the Data Security and Protection Toolkit to at least ‘Approaching Standards’.
To minimise delays to hospital discharges, please ensure you have either one of these forms of secure email in place.
There is more information about secure email here
What is secure email?
Email was developed when the Internet was a much smaller place, to standardize simple messaging between people using different kinds of computers. Because of this, and changes to the Data Protection Laws (GDPR), anyone who collects or sends personal data must now use a secure email, such as NHS Mail. NHS Mail is currently available for free to Care Providers, by filing a simple form. We can help you.
To support delivery of care, Providers have NHS Mail or a secure email, to enable e-prescriptions, share information across systems and essential digital services
There are 2 routes you can take to ensure your email is secure by NHS England Standards:
NHSmail – see more information below
Secure email accreditation – more information available here
Signing up to NHSmail
Once you have completed your DSPT and met either ‘Approaching Standards’ or ‘Standards Met’, you are eligible for NHSmail.
Sign up at this link: NHSmail 2 Portal Home
The application will be processed by the national administration service, who will send you your log-in details.
Each home can have a shared mailbox which multiple members of staff can have access to, allowing users to send emails ‘on behalf’ of the mailbox. A shared mailbox needs to have at least one “owner” and one “member” linked to the shared account and only the nominated owner(s) can delegate access to the mailbox to others. See Training Guide for NHSmail for how to give and remove access.
Please note that registering for NHS mail is for new users only.
If you have an NHS mail account already then please see the FAQs below and the Training Guide for NHSmail.
Larger providers with multiple sites, who have the necessary IT infrastructure and resourcing to carry out administration activities for their own NHSmail accounts, co-ordinated by their own Local Administrators can take the Self Management route. To apply, please complete the self-management application form here.
Please also note, this is for CQC registered services only.
Registering for non-CQC registered organisations
If your organisation has been commissioned locally and the commissioning organisation have stipulated the need for NHSmail, they should provide you with sponsor email accounts for the duration of your contract with them.
Help with NHSmail
If you have a query or are experiencing issues with NHSmail refer to the guidance documents and FAQs below under ‘Guidance Documents’.
If you are unable to find an answer to your query, email or call the National Administration Service Helpdesk via the details below.
Phone number: 0333 200 1133
To find out how to sign into your account, reset a password, change password, add people to a shared mailbox and more, access this document:
The below guidance document provides information on how to safely share personal confidential data via email.
In addition to the above resources, please see below for some FAQs regarding NHSmail.
|My account has been deactivated. How do I recover it?
You can reactivate your account by signing into it as usual (including your shared site mailbox).
If this does not work, email, or call the national administration service:
0333 200 1133
User accounts are deactivated or deleted as unused accounts present a security risk to the NHSmail platform.
Disabled accounts are classified as inactive whilst in a disabled state, they will remain on the platform for 18 months with no additional activity required.
New user accounts that have been set up but have not accepted the Acceptable Use Policy (AUP) or set security questions will be moved to inactive within 30 days from creation.
User accounts move from:
If your account has been deleted, please call the Helpdesk. They will be able to confirm if your account can be restored or not. If not, you will need to request a new account.
|What do I do if I am locked out of my NHSmail account?
Email or call the national administration service:
0333 200 1133
If you are unable to answer your security questions, the helpdesk will use your mobile phone number to authenticate you. If you do not have a mobile number on the directory, the shared mailbox owner will need to contact the helpdesk to confirm they can authenticate you and reset your password.
|People have left the organisation and we have lost access to the shared mailbox. How do I regain access?
Call the national administration service:
0333 200 1133
(Do not email)
Keep note of the Incident Ticket Number allocated to you as this will be needed for any follow up support needed.
|What do I do if I am moving to another social care provider or leaving social care altogether?
If you are leaving your organisation, you need to email firstname.lastname@example.org to notify them so that they can mark your account as a ‘leaver’. After 30 days, accounts marked as ‘leavers’ will be permanently deleted.
If you are moving to another social care provider, you will also need to inform email@example.com so they can mark you as a ‘joiner’ to your new organisation.
For more information, access the Leavers and Joiners Guide
|What do I do if my name changes?
If your name changes, for example, you get married and change your surname, you should email firstname.lastname@example.org , who will edit your name and update your email address.
Your old email address will remain associated with your new account. If another user sends an email to your old email, it will be re-directed to your new email address.
|How do I hide my mobile number from the NHS Directory?
It is not recommended for any user to remove their mobile number, especially if you are the owner of shared mailbox, as this will be used by the helpdesk for any authentication checks.
However, to hide your mobile number:
Click ‘Hide mobile number from address book’ option
|How many user accounts I am allowed?
The default account allowance is up to 10 named user accounts and 1 shared mailbox per site
If you require more than 10 accounts, this is the process to follow:
You will need to provide:
Email template (to be completed by care provider and sent to NAS helpdesk – as mentioned above)
Dear Care Admin Team,
We require new user accounts for our shared mailbox. The new users will take our shared mailbox total to over ten users. We require these extra accounts because [insert justification reason]
Number of new users required: x
Data breaches reported in the social care sector 2022 H1
The ICO’s analysis for the first half of 2022 shows the most common data breach incidents reported by social care organisations in that 6 month period were:
- Data emailed to incorrect recipient
- Loss/theft of paperwork or data left in insecure location
- Unauthorised access to information
What you can do to stay safe:
- Double check you have the correct recipient in your To or CC fields or are using the Bcc field when necessary. This can be reinforced through ensuring your induction and annual refresher training covers data protection and cyber security good practice. NHSmail will do the rest to keep sensitive information secure.
Using NHSmail will reduce the need for paperwork and reduce the risk of data being lost or stolen as it is a secure service.
- Ensure you have good data protection and cyber security policies and procedures in place.
- By completing and publishing your DSPT, this will tell you how best you can do this and is the prerequisite for your access to NHSmail.