Introduction

Health and care systems that send and receive email need to ensure their email service meets the secure email standard as detailed below in the requirements section. Example secure email services are:

• NHSmail - On Premise Exchange

• Locally operated Solutions based variously on Microsoft Office 365 or Exchange

Where a system needs to systematically send a large volume of emails then application accounts are available via NHSmail.

Requirements

If an organisation uses or provides an email capability within a health and care system, the email part of the selected system must comply with the DCB 1596 standard, covering secure email configuration.

Further guidance on the secure email standard is available via the NHS Digital website.

NHSmail and Office 365 have met/meet the email system section of the accreditation requirements. There is then the organisation section of the accreditation requirements to meet. NHSmail have on behalf of organisations that use the service completed the organisation requirements of the standard. For those that use Office365 each organisation will need to complete those parts themselves as it relies on NHS policy.

The Implementation and Business Change function within NHS Digital run engagement sessions covering the secure email requirements via regular online WebEx sessions. To learn more please email feedback@nhs.net

Compliance, Assurance & Testing

NHSmail publishes out standard Microsoft Exchange and Skype for Business APIs. Development against these APIs should follow the guidance contained on the Developer Network and adhere to the ‘Acceptable use’ policy. There is no formal compliance process for NHSmail API development other than that described within the Developer Network guidance and caveats. It should be noted that no test environment is provisioned for external developers wishing to use the published NHSmail APIs.

Roadmap