Ensuring secure email communications
In recent years, regulatory, policy and legislative changes have put greater responsibility on social care businesses to handle and share personal data securely. Significant changes, originally planned for 31 March 2020 and now postponed to 30 September 2020, could affect how you share patient-sensitive information with medical and allied health professionals and your ability to deliver care safely.
- Fax machines will cease to be used by NHS organisations from 30 September 2020. After that, the only way you will be able to share patient-sensitive data and make referrals to health services including your local doctor’s surgery, pharmacies, hospitals and community trusts will be by using a secure NHS-accredited email system such as NHS.net.
- All organisations which hold or want to apply for a continuing healthcare contract (CHC) must adhere to the data protection requirements of their NHS contract which require them to be compliant with the Data Security and Protection Toolkit (the toolkit) to at least Entry Level, aspiring to Standards Met Level and have registered for an NHS.net account.
Data security and protection toolkit frequently asked questions
- Answer:
The Digital Social Care website has lots more information about the role of the toolkit in sharing information safely, the NHS 'axe the fax' campaign, and easy to follow advice and guidance on secure email systems. You may find the IT readiness self-assessment tool helpful in identifying your organisation's IT training and support needs.
The Care Providers Alliance website has toolkit and NHSmail templates.
- Answer:
The data security and protection toolkit (DSPT) is a free online self-assessment tool that allows organisations to assess and publish their performance against ten data security standards. It's not just about technology - it's about any information you hold about any person including staff, residents or visitors.
All organisations, including social care providers, that access NHS patient data must provide assurance through the toolkit that they are able to process, handle and share personal data and information securely and assure themselves that they meet GDPR requirements.
The DSPT must be completed every year and runs annually from 1 April to 31 March. You can go in and out throughout the year to make updates at any time.
You’ll need to know your organisational data service (ODS) code to get access to national systems like the toolkit and NHSmail.
Find out more about the code and how to find it from the Digital Social Care website.
- Answer:
NHSmail is an encrypted email service which meets the secure email standard (DCB1596). This is required for sending emails to and from health and social care organisations. It has been approved by the Department of Health and Social Care for sharing patient identifiable sensitive information and it is freely available to social care organisations as it is funded by the NHS.
- Answer:
Social care providers are finding NHSmail is benefiting their service and people who use their service in other ways:
- the system is easy, secure and convenient way to send and receive accurate and timely information such as medical and prescription notes, test results and CPN reviews. After April 2020, NHSmail will be the only way you can send sensitive information to health services
- less nursing and care staff time is spent doing paper work and making phone calls (an average of 10 hours per week of nurse’s time was freed up from phone calls in one case study)
- it creates an improved audit trail and leads to increased safety of residents
- residents and service users are benefiting from care staff and nurses spending more time with them
- family can be given informed updates about their loved one’s health conditions more quickly
- access to e-learning for health resources
- The secure email system supports CQC KLOEs (2.8 Well Led)
- You can list your job vacancies on the trac.jobs website which is for all health sector jobs and NHS vacancies
- Answer:
Any business that uses a fax machine or other non-secure means (for example unencrypted or out of date email systems) to share patient-sensitive information with or make referrals to health services such as doctors, pharmacies, CPNs, district nurses and tissue viability.
See the meeting the secure email standard on the digital NHS website to check if your email meets the standards required.
This page will contain regular updates of information, advice and guidance and training and support opportunities that will help your service to achieve toolkit compliance and register for NHSmail.
Secure communications mechanisms in Staffordshire
- We have offered adult social care providers in Staffordshire access to an Office 365-based secure email account free of charge for a 12 month period. This will help organisations to meet their GDPR requirements and to share information safely with health and social care services.
Further information
You may find these pages useful:
- our top tips before you get started on the data security and protection toolkit