Guidance for sending secure email (including to patients)

Encryption is an additional security tool which means users can communicate securely to any type of email account.

How to use encryption when sending from NHSmail

All you need to do is add the word [secure] in the subject line of a message - with the inclusion of the square brackets. 

Before using the service:

• check local organisation policies and processes on sharing personal confidential data and sensitive information first which will take precedence over this guidance
• ensure you are familiar with the NHSmail Encryption guidance and process 

You should only use the NHSmail encryption capability if approved to do so locally.

When a patient receives an encrypted email, they will need to register for the service if they haven't done so already. 

Once registered they can then open the email in their internet browser. After logging in they will be able to view and reply to the email, confident that their information is safe and secure.

Patients will receive an email which looks like this:

When sending email from NHSmail to another secure service you do not need to take any action.

You will know if you have an NHSmail email address because it will end in nhs.net. 

Please note that nhs.uk systems who have not met the accreditation standards are not considered secure.

This table is a summary of email addresses that are known/not known to be secure:

You must never send confidential information to or from an email address which does not meet the necessary standards of security.

Your email provider may have a way for you to encrypt emails so that you can send confidential information securely and to the appropriate security standards. Please refer to your organisation’s IT policies for guidance or speak to a member of your IT team for further information.

Further information is available in the full encryption guide for NHSmail.