NHSmail is accredited to the DCB1596 secure email standard and is a secure national collaboration service which enables the safe and secure exchange of official sensitive data within NHSmail and from NHSmail to other suitably accredited email systems.
Model policies have been provided and organisations using NHSmail should ensure that they either implement the NHSmail policies or put in place their own local policies and procedures:
1. Ensure there is a process in place to notify the NHSmail team upon becoming aware of any breach of security, including an actual, potential or attempted breach of, or threat to, the security policy and / or the security of the services or the systems used to provide the services.
2. Health and care organisations SHOULD set policies and procedures for the use of secure email using mobile devices and ensure the email service enforces them either with the model policies or their own.
3. Health and care organisations SHOULD comply with the provisions of DCB0160:Clinical Risk Management: its Application in the Deployment and Use of Health IT Systems. Wherever there is a clinical workflow using NHSmail, each clinical workflow should have a clinical safety case and a hazard log.
4.Health and care organisations MUST set policies and procedures for staff who use the secure email service to ensure that they understand how to use it appropriately and safely, including how to send emails to insecure email systems, such as those used by patients. This can be with the model policies or locally provided policies.