Our use of cookies We use necessary cookies to make our site work. Necessary cookies enable core functionality such as security, network management, website analytics and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions. The cookies collect information in a way that does not directly identify anyone. For more information on how these cookies work, please see our privacy policy.

To agree to our use of cookies, click the 'Accept' button.

National lockdown: Stay at home

Ensuring secure email communications

In recent years, regulatory, policy and legislative changes have put greater responsibility on social care businesses to handle and share personal data securely. Significant changes, originally planned for 31 March 2020 and now postponed to 30 September 2020, could affect how you share patient-sensitive information with medical and allied health professionals and your ability to deliver care safely. 

  • Fax machines will cease to be used by NHS organisations from 30 September 2020.  After that, the only way you will be able to share patient-sensitive data and make referrals to health services including your local doctor’s surgery, pharmacies, hospitals and community trusts will be by using a secure NHS-accredited email system such as NHS.net.
  • All organisations which hold or want to apply for a continuing healthcare contract (CHC) must adhere to the data protection requirements of their NHS contract which require them to be compliant with the Data Security and Protection Toolkit (the toolkit) to at least Entry Level, aspiring to Standards Met Level and have registered for an NHS.net account.



Data security and protection toolkit frequently asked questions


The Digital Social Care website has lots more information about the role of the toolkit in sharing information safely, the NHS 'axe the fax' campaign, and easy to follow advice and guidance on secure email systems.  You may find the  IT readiness self-assessment tool helpful in identifying your organisation's IT training and support needs.

The Care Providers Alliance website has toolkit and NHSmail templates.


The data security and protection toolkit (DSPT) is a free online self-assessment tool that allows organisations to assess and publish their performance against ten data security standards. It's not just about technology - it's about any information you hold about any person including staff, residents or visitors.

All organisations, including social care providers, that access NHS patient data must provide assurance through the toolkit that they are able to process, handle and share personal data and information securely and assure themselves that they meet GDPR requirements.

The DSPT must be completed every year and runs annually from 1 April to 31 March. You can go in and out throughout the year to make updates at any time.

You’ll need to know your organisational data service (ODS) code to get access to national systems like the toolkit and NHSmail.

Find out more about the code and how to find it from the Digital Social Care website.


NHSmail is an encrypted email service which meets the secure email standard (DCB1596). This is required for sending emails to and from health and social care organisations. It has been approved by the Department of Health and Social Care for sharing patient identifiable sensitive information and it is freely available to social care organisations as it is funded by the NHS.




Social care providers are finding NHSmail is benefiting their service and people who use their service in other ways:

  • the system is easy, secure and convenient way to send and receive accurate and timely information such as medical and prescription notes, test results and CPN reviews.  After April 2020, NHSmail will be the only way you can send sensitive information to health services
  • less nursing and care staff time is spent doing paper work and making phone calls (an average of 10 hours per week of nurse’s time was freed up from phone calls in one case study)
  • it creates an improved audit trail and leads to increased safety of residents
  • residents and service users are benefiting from care staff and nurses spending more time with them
  • family can be given informed updates about their loved one’s health conditions more quickly
  • access to e-learning for health resources
  • The secure email system supports CQC KLOEs (2.8 Well Led)
  • You can list your job vacancies on the trac.jobs website which is for all health sector jobs and NHS vacancies

You can find information on registering a social care organisation for an NHS.net account on the support NHS website.



Any business that uses a fax machine or other non-secure means (for example unencrypted or out of date email systems) to share patient-sensitive information with or make referrals to health services such as doctors, pharmacies, CPNs, district nurses and tissue viability.

See the meeting the secure email standard on the digital NHS website to check if your email meets the standards required.

Displaying 1 to 6 of 6

This page will contain regular updates of information, advice and guidance and training and support opportunities that will help your service to achieve toolkit compliance and register for NHSmail.



Secure communications mechanisms in Staffordshire

  • We have offered adult social care providers in Staffordshire access to an Office 365-based secure email account free of charge for a 12 month period.  This will help organisations to meet their GDPR requirements and to share information safely with health and social care services.
  • There will be a number of providers who will not have NHS-accredited email systems.  Those organisations can request that NHS service providers set up secure communications with them using Egress encryption service.  Egress supports NHSmail users to exchange information securely with users of non-accredited or non-secure email services, for example Gmail, Hotmail etc.  Egress is now live and in use throughout NHSmail, with additional features to be enabled in the coming weeks.

    The guidance document Accessing Encrypted Emails Guide for non-NHSmail Users explains how to register for the encryption service, open and read encrypted emails and how to send an encrypted reply.



Further information

You may find these pages useful:

  • our top tips before you get started on the data security and protection toolkit

There are no results that match your search criteria

Latest social care and health news

More businesses asked to sign up to deliver rapid testing

More businesses in Staffordshire are being offered the opportunity to take part in a rapid Covid-19 testing programme for their employees.
19 January 2021

Staffordshire Residents Without Covid Symptoms Urged to Book Tests as New Community Testing Centres Open on Monday

People who must leave their homes during the lockdown are being urged to keep getting tested - as eight new Community Testing Centres open across Staffordshire on Monday. (January 18)
15 January 2021

County's mass Covid testing blitz ramped up

A fleet of "Let's Get Tested" vans are to be rolled out across the county to bolster Staffordshire County Council's efforts to tackle Covid-19 and test more people without symptoms.
15 January 2021

Alton Towers Steps In To Help In Covid Battle

Alton Towers Resort is to test both local people and Resort staff without Covid-19 symptoms, as part of efforts to curb the rise in cases across Staffordshire.
12 January 2021

Visit the Staffordshire Newsroom