NHSMail: Secure email for Social Care Providers


Social Care Providers in Nottinghamshire can apply for NHSMail secure email now. NHSMail is a secure email service for sharing patient identifiable data (‘personal data’) and other sensitive information. NHSMail is approved by the Department of Health and Social Care for use by Social Care Providers. 


Usually Social Care Providers have to gain compliance with the DSPT before applying for an NHSMail account. DSPT remains the tool used by NHS Digital to confirm that organisations have suitable controls in place and can be trusted with this widely-used service. The rest of this web site (after you register) contains support materials for compliance with DSPT. 


To apply for your NHSMail account:
1. Use the MSWord form here [Link to form]. Do not edit or change the form. It is part of an automated approval system.
2. Type your answers into the form and send in MSWord format (not a PDF, photo or scan).
3. Choose two people to have accounts: usually the Manager (‘Owner’) plus their Deputy/Administrator/Senior Lead (‘Member’). You may choose to mark both as ‘Owner’ as this will allow two people to amend the portal for future updates.
4. Use personal email and personal mobile numbers for each person on the form. These are used only once to send registration details, but they must be unique (per person) and not for the organisation.
5. Return your form to the Midlands inbox at nhsi.miduecoperations@nhs.net and they will check your form for errors before submission and keep a record of your submission to help with any problems/delays.
6. Use the guidance note provided to understand what to fill in at each field and what the different terms mean [Link to guidance].


Common mistakes that lead to forms being rejected:
1. Amending the form.
2. Not using unique email addresses and mobile phone numbers.
3. Only putting one person’s details on the form.
4. Not using the correct ODS code (leaving the cell incomplete or using incorrect information, eg a closed code).

You can find your ODS code by putting your email in this search site: https://odsportal.hscic.gov.uk/Organisation/Search. If you are still having trouble, email dspt@notts-care-ig.net and someone will help you.


Once you have NHSMail – maintaining your account

1. Create a short change protocol document that covers when people join or leave to make sure you always have an Owner of the mailbox. Do not let the only mailbox owner leave the organisation without reassigning the account.
2. Think about having both Owners and Co-owners of the account.
3. The owner can add other staff to the mailbox as needed (making sure they are properly trained about the communication of personal data).  Members can read and send on behalf of the mailbox. Users can only read the email.
4. If you have problems with your NHSMail account, email careadmin@nhs.net as they are there to help any Providers who used the rapid onboarding offer.

NOTE: All CQC-registered care providers in England are expected to register with Data Security and Protection Toolkit (DSPT) by 30 September 2020. Information about this, and a link to the brief guidance can be found at: https://www.digitalsocialcare.co.uk/update-on-data-security-and-protection/ Please note that this deadline is simply to register with the DSPT, not to have met the compliance criteria by then. A new version of the DSPT for social care will launch in October that’s specifically designed for adult social care providers with questions that are more appropriate for social care organisations. This is being developed with the involvement of care associations across the country. Registration by 30 September 2020 is a necessary first step towards then meeting the DSPT and retaining use of NHS Mail. You can use this link to register: https://www.dsptoolkit.nhs.uk/Account/Register.