Getting a secure email account

All organisations that access or use NHS patient data must show that they have met the standards set out in the Data Security and Protection Toolkit (DSPT).

All organisations that use personal data (including health and care organisations) also need to be registered with the Office of the Information Commissioner. If your organisation is not already registered, you can apply online.

Completing the Data Security and Protection Toolkit

The DSPT is an online self-assessment tool that measures your organisation’s level of data security against a set of ten national standards.

There are two levels to work towards:

  • entry level, which is needed for social care organisations that deliver services under the NHS Standard Contract or that want to apply for NHSmail accounts
  • ‘standards met’ which is the level all NHS organisations need to achieve and is recommended for social care organisations

If your organisation has not registered and completed a DSPT assessment for compliance already, at least to entry level, you will have to do this before you can apply for NHSmail.

Note: During the COVID-19 response, to ensure that all care homes could provide effective care NHS mail (or other secure email) has been implemented. To speed this up the DSPT requirement has been temporarily waived until the 30 June 2021. After this date the DSPT must be completed.

Larger care providers with several sites may already have completed the DSPT and have an accredited secure email system registered with NHS Digital. Please check with your own organisation’s data protection or information governance teams for local information.

5 steps to DSPT entry-level approval

There are 5 steps you need to take to get entry-level approval. It should take between 8 – 12 hours to finish the questionnaire and this doesn’t have to be done all in one go.

The steps are:

You can find a range of templates and more guidance on how to do an entry-level assessment on the Digital Social Care website. The guidance includes a workbook with checklists and other helpful information.

NHS Digital has also published two spreadsheets to help you record information to use in the Toolkit assessment:

DSPT standards met level

We recommend that all social care organisations with an entry level assessment work towards the full ‘standards met’ accreditation within a year.

View the next sections in this guide: