Our use of cookies We use necessary cookies to make our site work. Necessary cookies enable core functionality such as security, network management, website analytics and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions. The cookies collect information in a way that does not directly identify anyone. For more information on how these cookies work, please see our privacy policy.

To agree to our use of cookies, click the 'Accept' button.

Ensuring secure email communications

In recent years, regulatory, policy and legislative changes have put greater responsibility on social care businesses to handle and share personal data securely. Significant changes, originally planned for 31 March 2020 and now postponed to 30 September 2020, could affect how you share patient-sensitive information with medical and allied health professionals and your ability to deliver care safely. 

  • Fax machines will cease to be used by NHS organisations from 30 September 2020.  After that, the only way you will be able to share patient-sensitive data and make referrals to health services including your local doctor’s surgery, pharmacies, hospitals and community trusts will be by using a secure NHS-accredited email system such as NHS.net.
  • All organisations which hold or want to apply for a continuing healthcare contract (CHC) must adhere to the data protection requirements of their NHS contract which require them to be compliant with the Data Security and Protection Toolkit (the toolkit) to at least Entry Level, aspiring to Standards Met Level and have registered for an NHS.net account.



Data security and protection toolkit frequently asked questions


The data security and protection toolkit (DSPT) is a free online self-assessment tool that allows organisations to assess and publish their performance against ten data security standards. It's not just about technology - it's about any information you hold about any person including staff, residents or visitors.

All organisations, including social care providers, that access NHS patient data must provide assurance through the toolkit that they are able to process, handle and share personal data and information securely and assure themselves that they meet GDPR requirements.

The DSPT must be completed every year and runs annually from 1 April to 31 March. You can go in and out throughout the year to make updates at any time.

You’ll need to know your organisational data service (ODS) code to get access to national systems like the toolkit and NHSmail.

Find out more about the code and how to find it from the Digital Social Care website.


NHSmail is an encrypted email service which meets the secure email standard (DCB1596). This is required for sending emails to and from health and social care organisations. It has been approved by the Department of Health and Social Care for sharing patient identifiable sensitive information and it is freely available to social care organisations as it is funded by the NHS.




Social care providers are finding NHSmail is benefiting their service and people who use their service in other ways:

  • the system is easy, secure and convenient way to send and receive accurate and timely information such as medical and prescription notes, test results and CPN reviews.  After April 2020, NHSmail will be the only way you can send sensitive information to health services
  • less nursing and care staff time is spent doing paper work and making phone calls (an average of 10 hours per week of nurse’s time was freed up from phone calls in one case study)
  • it creates an improved audit trail and leads to increased safety of residents
  • residents and service users are benefiting from care staff and nurses spending more time with them
  • family can be given informed updates about their loved one’s health conditions more quickly
  • access to e-learning for health resources
  • The secure email system supports CQC KLOEs (2.8 Well Led)
  • You can list your job vacancies on the trac.jobs website which is for all health sector jobs and NHS vacancies

You can find information on registering a social care organisation for an NHS.net account on the support NHS website.



Any business that uses a fax machine or other non-secure means (for example unencrypted or out of date email systems) to share patient-sensitive information with or make referrals to health services such as doctors, pharmacies, CPNs, district nurses and tissue viability.

See the meeting the secure email standard on the digital NHS website to check if your email meets the standards required.


The Digital Social Care website has lots more information about the role of the toolkit in sharing information safely, the NHS 'axe the fax' campaign, and easy to follow advice and guidance on secure email systems.  You may find the  IT readiness self-assessment tool helpful in identifying your organisation's IT training and support needs.

The Care Providers Alliance website has toolkit and NHSmail templates.

Displaying 1 to 6 of 6

This page will contain regular updates of information, advice and guidance and training and support opportunities that will help your service to achieve toolkit compliance and register for NHSmail.



Secure communications mechanisms in Staffordshire

  • We have offered adult social care providers in Staffordshire access to an Office 365-based secure email account free of charge for a 12 month period.  This will help organisations to meet their GDPR requirements and to share information safely with health and social care services.
  • There will be a number of providers who will not have NHS-accredited email systems.  Those organisations can request that NHS service providers set up secure communications with them using Egress encryption service.  Egress supports NHSmail users to exchange information securely with users of non-accredited or non-secure email services, for example Gmail, Hotmail etc.  Egress is now live and in use throughout NHSmail, with additional features to be enabled in the coming weeks.

    The guidance document Accessing Encrypted Emails Guide for non-NHSmail Users explains how to register for the encryption service, open and read encrypted emails and how to send an encrypted reply.



Further information

You may find these pages useful:

  • our top tips before you get started on the data security and protection toolkit

There are no results that match your search criteria

Latest social care and health news

Keep going the extra mile - coronavirus cases in Burton's area of interest stabilise

People living in Burton where extra coronavirus advice is in place, are being told their efforts are having an impact but to be wary of complacency.
28 September 2020

People reminded about support to help them stop smoking

People in Staffordshire who smoke but want support to give It up are being reminded that help is at hand.
28 September 2020

Staffordshire residents and businesses urged to embrace new NHS app

The NHS Covid-19 app and QR check-in launches tomorrow (24 September) in England and Wales. This means that certain premises, including council-run venues, will be legally required to display NHS QR posters.
23 September 2020

Calls For Staffordshire To Lead The Way In Following New Covid-19 Rules

Residents and businesses in Staffordshire are being called on to lead the way in following new Covid-19 rules announced today.
22 September 2020

Visit the Staffordshire Newsroom