NHS expands email choice as first supplier accredited with data standard

3 Jul 2015, 12:26 pm

Microsoft’s cloud-based email Office 365 has been accredited with the NHS’s Secure Email Standard ISV1596 which defines how to handle patient data and manage email security and staff procedures.

Bedford-AE.[1]Microsoft is the first non-NHS organisation to become compliant with the standard, which covers the basic level for secure storage and transmission of patient identifiable data by an email system.

“The NHS Secure Email Standard treats all email as having the potential to include patient identifiable data, and therefore ensures that the end-to-end process of delivery and storage is secure for all email”, said a Microsoft spokesperson.

“In the near future, all NHS organisations will be required to use an email service compliant with the NHS Secure email standard to be able to send and receive patient data with the NHS Mail service” he said. He added that many NHS organisations’ current email service are due an upgrade and there is the requirement to become compliant with the NHS Secure Email standard, which is overseen by the Standardisation Committee for Care Information.

The move to make Office 365 compliant means that NHS organisations now have the choice to gain compliance for their own internal service or migrate to NHSMail (accounts ending in @nhs.net). NHSmail is a secure national email service which enables the safe and secure exchange of sensitive and patient identifiable information within the NHS and with local and central government.

The spokesman said: “Using Office 365 saves on the cost of becoming compliant, the cost of physically upgrading the current email service, and on the operational workload of maintaining and backing up in house email”.

Alastair Dick, Account Technical Strategist, Microsoft UK elaborated. “While there is a cost to migrate to Office 365, there wouldn’t be the additional cost of meeting the standard and, as Office 365 is cloud based, it is maintained and backed up by Microsoft, as opposed to an individual organisation having to provide the appropriate backup and storage facilities and then operationally manage them”.