All staff are responsible for making sure emails are sent to the right individual(s), using the correct process and only containing the minimum necessary information which is essential and appropriate (in line with Data Protection legislation and Caldicott Principles).
To protect confidential, person-identifiable information staff must ensure the following is adhered to when sending via email:
- Only use Trust-approved email accounts (ending nwbh.nhs.uk or nhs.net)
- Never put person-identifiable information into the subject line of an email
- Only use a person's initials and another identifier (eg NHS number, employee number, etc.) in the body of an email
- Never use person-identifiable information to name any attachments
- Ensure that a recipient's email address has been entered accurately or selected correctly from a provided address list.
Please note that the use of password protected documents is no longer Trust policy.
Emails going external to the Trust's network and being sent to an insecure email address MUST be further protected by adding encryption. This is done by typing [ENCRYPT] into the email subject line (or [secure] when using NHSmail). The recipient of the email will need to register with the encryption software and create a password (one time only process). The message will then arrive as a password protected PDF document. The password created can be used to open subsequent encyrpted emails. Please note that this still requires you to be certain that the recipient's email address is correct.
The Secure Email Quick Reference Guide provides further clarification on secure email addresses and any necessary action required.
Please see the Digital Security and Acceptable Uses Procedure for further information around the use of email and eCommunications.