Secure Email Consultation

Closed 13 Jan 2014

Opened 26 Nov 2013


There are a number of different email services in health and social care with differing security levels and interoperability requirements. This becomes an impediment to sharing sensitive or personal data between organisations. In theory all the systems are governed by the same law, regulations and standards yet in practice this is not the case.

This standard establishes the minimum requirements for email systems in health and care. The intention is not to impose significant requirements on organisations but instead to establish the minimum acceptable level.  Where possible they will refer to health and care, Government and international standards (e.g. BS ISO/IEC 27001).

Why your views matter

This consultation has been initiated by the Health and Social Care Information Centre (HSCIC), on behalf of the Information Standards Board (ISB) to ensure the standard is proportionate, fit for purpose and achieves its aims.

The standard uses requirements based upon public sector policy and developed with a wide range of organisations including NHS Trusts, Local Authorities and the IT industry. The consultation builds upon this work to give a formal voice to wider views.

What happens next

This consultation will be running along side the ISB assurance process and any feedback from this will be fed into amendments to this standard.


  • All Areas


  • CIOs
  • Heads of Information
  • Information Managers


  • Information Security
  • Email
  • Information Sharing