Secure Email
Defines the minimum non-functional requirements for a secure email service
About this standard
- Publisher
- NHS England
- Reference code
- DCB1596 Amd 75/2019
- Publication date
- 09/01/2020
- Publication version
- 2.3.0
- Status
- Active
Show definitions of statuses
Active. Active standards are stable, maintained and have been approved, assured or endorsed for use by qualified bodies.
Deprecated Deprecated standards are available for use and are maintained, but are being phased out, so new functionality will not be added.
Retired standards Retired standards are not being maintained or supported and should not be used.
- Standard type
- Information standards
- Technical standards and specifications
Show definitions of standard types
Collections. A Collection is a systematic gathering of a specified selection of data or information for a particular stated purpose from existing records held within health and care systems and electronic devices.
Extractions. An extraction is a type of collection that is pulled from an operational system by the data controller and transmitted to the receiver without additional processing or transcription by the sender.
Information standards. Information standards are agreed ways of doing something, written down as a set of precise criteria so they can be used as rules, guidelines, or definitions.
Technical Standards and specifications. Technical standards and specifications specify how to make information available technically including how the data is structured and transported.
- Contact point
Link to standard
- Documentation
- opens in a new tab
(opens in new tab)
- Applies to
- Public, private and third sector organisations commissioned to deliver publicly funded health, public health and adult social care
- Commissioned email service providers (any commissioned supplier providing email services within health and care)
- Commissioners of health and care within England
- Impacts on
- Implementation of this information standard impacts all IT service providers of email systems to the above providers and commissioners. IT service providers should work with their customers to determine necessary changes.
- Associated medias
- Conformance date
- 31/03/2020
- Effective from
- 31/03/2020
Topics and care settings
- Topic
- Information governance
- Security
- Care setting
- Community health
- Dentistry
- Hospital
- Maternity
- Mental health
- Pharmacy
- Social care
- Urgent and Emergency Care
Dependencies and related standards
- Related standards
- Data Security and Protection Toolkit DCB0086
- Clinical Risk Management: its Application in the Deployment and Use of Health IT Systems DCB0160
- Clinical Risk Management: its Application in the Manufacture of Health IT Systems DCB0129
- Information technology - Security techniques - Information security management systems BS ISO/IEC 27001:2013 - Requirements
- Information technology Security techniques Code of practice for information security controls BS ISO/IEC 27002:2013: Cabinet Office Guidance
- RFC5246 and RFC 8446 (TLS)
- RFC7208 (SPF)
- RFC6377 (DKIM)
- RFC7489 (DMARC)
- RFC8640 (TLS-RPT)
- RFC8461 (MTA-STS)
- NHS and social care data: off-shoring and the use of public cloud services
- Data Security and Protection Toolkit
Review Information
- Scope
- NHS Services, Health Services, Adult Social Care
- Sponsor
Managing Director of Platforms, Infrastructure and Live Services, NHS Digital
- Senior Responsible Officer
Neil Bennett, Service Director, Live Services, NHS Digital
- Business Lead
- Chris Parsons, Programme Head, NHS Digital
- Approval date
- 20/12/2019
- Post Implementation review Date
- 31/12/2020
Legal basis and endorsements
- Legal authority
Section 250 of the Health and Social Care Act 2012
This information standard is published under section 250 of the Health and Social Care Act 2012
More information
About this change
Introduces a change removing the requirement for a local organisation to implement a secure domain (secure.nhs.uk) in order to meet the standard.
Page last updated: 20 June 2024