Personal Confidential Data (PCD) should only be exchanged electronically when encrypted. NHSmail email sent to trusted domains is automatically encrypted and complies with the pan-government secure email standard. NHSmail is accredited to the Health and Social Care secure email standard and is suitable for sharing Personal Confidential Data.
When sending emails outside of NHSmail, if the domain is not trusted use [secure] at the start of the email subject. [Secure] is not case sensitive.
Trusted domains that need no additional action or protection:
Guidance is available on how to use the NHSmail encryption service.
Guidance is available which details how Personal Confidential Data should be securely exchanged:
Guide for Health and Social Care Email Users
This guide highlights what email addresses are known to be secure (protected email in transit and upon receipt) and which addresses should use the email encryption tool as well as providing guidance on email signatures and a useful summary page on sharing sensitive information.
Guide for Health and Social
This guide provides organisations with information on the DCB1596 secure email specification, electronic and digital signatures, sending and receiving sensitive information for organisations that use NHSmail and detail for organisations that run their own email service
Guide for Government
This guide provides government organisations that need to exchange personal confidential data and sensitive information with health and social care organisations with information on the NHSmail service, the DCB1596 secure email specification, locally procured accredited email services and locally procured non-accredited email services. Information is also included on electronic and digital signatures