NHS Dorset

• Home
• Health Services >
  • Dorset Community Health Services >
    • Community Hospitals >
      • Blandford Hospital
      • Bridport Hospital
      • Portland Hospital
      • St Leonard’s Hospital
      • Swanage Hospital
      • Victoria Hospital, Wimborne
      • Wareham Hospital
      • West Haven Hospital
      • Westminster Memorial Hospital, Shaftesbury
      • Weymouth Hospital
      • Yeatman Hospital, Sherborne
    • Community Nursing >
      • Community Nurses
      • Community Night and Twilight Nursing Servic
    • Continence
    • Contraception
    • Disability Action
    • District Nurses
    • Drugs and Alcohol Advice
    • Health Visitors
    • Infection Prevention and Control >
      • Events
    • Minor Injuries Unit
    • Occupational Therapy Services
    • Physiotherapy Services
    • Wheelchair Service
  • Other Community Based Services >
    • Cancer Services
    • Child and Family Support
    • Children's Therapy
    • Continuing Healthcare
    • Dorset Diabetic Eye Screening
    • Dorset Emergency Care Service
    • Practice Nurses
    • SmokeStop
    • Youth Advisory Service
  • Electronic Services >
    • Summary Care Record
    • Email Encryption
    • Electronic Prescription Service
  • Occupational Health
  • Primary Care Services >
    • GP Surgeries
    • Health Visitors
    • Dentists
    • Opticians
    • Pharmacies
    • Primary Care Mental Health
• Mental Health >
  • Care Pathway
  • Mental Health Act 2007
  • What is mental illness?
  • Improving Your Emotional Health
  • Services for Users and Carers >
    • Primary Care Mental Health >
      • Assessments
      • Carers Information
      • Counselling
      • Exercise Referral Scheme
      • Graduate Mental Health Worker
      • Mental Health Register
      • Self help
      • Self help book scheme
      • Self help clinics
    • Crisis Response
    • Drugs and Alcohol
    • Early Intervention Psychosis >
      • Early Intervention Psychosis Service
      • What is psychosis?
      • Causes of psychosis
      • How to help a friend or loved one
      • How to help if you have these symptoms
      • Psychosis links
    • Under 16s
    • Over 16 under 65
    • 65 and over
    • Psychology Services
    • Black and Minority Ethnic Communities
    • West Dorset Mental Health Forum
    • Advocacy Service
  • Useful Mental Health Links
• Healthy Living >
  • Public Health Team
  • Smoking Advice
  • Chlamydia Screening
  • Know Your Colour
  • Let's Get Active >
    • Exercise Referral
    • Sports Facilities
    • Healthy Walks
    • Active Dorset
    • Gallery
    • Useful Activity Links
  • Sex >
    • Latest News
    • Helplines
    • Sexual Health Links
  • Healthy Eating
  • Emotional Health
  • Drugs and Alcohol
  • Healthy Schools
  • Immunisation
  • Self-Care >
    • Self-management courses
    • Long term conditions
  • Resources
  • Public Health Documents
  • Expert Patient Programme
• Customer Care >
  • Complaints
    • Online Complaints Form
  • Comments
  • Concerns
  • Compliments
  • Patient Advice Liaison Service (PALS)
  • Making Experiences Count
  • Contact Us
  • Customer and Staff Surveys
  • Website Feedback
  • Is Treatment Available?
    • NHS Dorset Decision Making Process
    • Treatments and Medicines
    • What to do if...?
    • Further Information
• Getting Involved >
  • Dorset Health Network >
    • The Health Network
    • How to join
    • Members Only Area
    • Newsletters
    • Gallery
    • Useful Links
  • Patient and Public Involvement
  • Carers
  • Expert Patient Programme
  • Friends of the Practice
  • Friends >
    • Casterbridge
    • Yeatman Hospital
    • Victoria Hospital, Wimborne
    • Weymouth and Portland
• Market Engagement & Procurement
  • Working with Us
  • Current Tenders
  • Completed Tenders
  • Policies and Documents
  • Contact Us
  • Useful Links
• The Organisation >
  • History of the NHS
  • About The Trust
  • The Board
  • Professional Executive Committee
  • NHS Constitution
  • Security Management
  • Archive
• Working for us >
  • Latest Vacancies
  • About the Trust
  • Accommodation
  • Benefits
  • Childcare
  • Living in Dorset
  • Training and Development
  • Working with us
• Equality and Diversity >
  • Privacy and Dignity
  • Equality Legislation
  • Equality Schemes
  • Equality and Diversity Strategy and Action Groups
  • Equality Impact Assessments
  • Resources
  • Useful Links
• Publications >
  • Annual Reports
  • Audit Commission Reports
  • Board Papers
  • Care Quality Commission
  • Strategic Documents
  • Freedom of Information >
    • Freedom of Information Act 2000
    • Records Management
  • Minutes
  • Patient/Public Leaflets
  • Staff Newsletters
  • Policies
  • Community Newsletters
  • Archive
• Health Professionals Zone >
  • Clinical Governance >
    • Clinical Effectiveness
  • Community Pharmacy >
    • Community Pharmacy Information
    • Pharmacy Portal
  • Continuing Healthcare
  • Guidelines >
    • COPD Guidelines
  • Information Governance
  • Policies
  • Practice Based Commissioning >
    • PBC in Dorset
    • Service Redesign
    • FAQs
    • Improvement Foundation Support Programme
    • Key National Guidelines
    • Practice Based Commissioning Links
  • Research >
    • Clinical Trials >
      • Clinical Trials Team
      • Clinical Trials Studies
    • Adult Mental Health >
      • Dr Nick Kosky
      • Dr Alastair McDonald
    • Older Adults
      • Dr Steve Simpson
      • Dr Ian Johnson
      • Dr Sue Ball
      • Diane Beavis
    • Addiction
    • General Health
  • Self Care >
    • Expert Patient Programme
    • Promoting Self Care
  • Trade Union Information
  • Health Checks
• News >
  • Press Releases
  • Public Notices
  • Newsletters
  • Archive
• Contacting Us >
  • Patient Advice Liaison Service (PALS) >
    • Your Local PALS Contact
    • PALS Reports
  • Complaints
  • Contact Us
  • Customer and Staff Surveys
  • Website Feedback
• Have your Say >
  • Consultations
  • Sexual health questionnaire
• Out of Hours
• Useful Links

Email Encryption

• Background
• How do I encrypt e-mails using the new system?
• Further Information
• Information for Blackberry Users
• FAQs

Background

Local guidance has already been issued to staff regarding the circumstances in which e-mails should be encrypted (basically those e-mails containing sensitive information such as ‘person identifiable’ data like name, address and postcode). This e-mail outlines new facilities available to you to encrypt sensitive e-mails. The existing facilities such as national NHS Mail (@nhs.net) and Secure Send (http://securesend.dorset.nhs.uk) are still available but you may prefer to use the new encryption facility that uses a system called ‘IronPort’. All NHS Trusts in the county of Dorset have installed identical ‘IronPort’ mail encryption systems.

Please note that when encrypting emails, attachments are also encrypted whether automated/seamless or manual encryption is used.

How do I encrypt e-mails using the new system ?

A. Automated / Seamless Encryption

Where e-mails are sent from PCT e–mail systems to NHS organisations within the county of Dorset using e-mail addresses ending in @something.nhs.uk for both the sender and recipient (such as @dorset.nhs.uk, @bp-pct.nhs.uk, @dchft.nhs.uk) these e-mails are automatically encrypted by the e-mail system. The e-mails are also automatically decrypted by the receiving organisation. No action is required by either the sender or the recipient. Please note the only exception to this rule is the Lyme Regis Medical Centre which uses its own mail server using @gp-J81088.nhs.uk. Therefore, sensitive e-mails sent to this Practice will need to be manually encrypted (see below).

For example:

joe.bloggs@dorset-pct.nhs.uk to fred.smith@dchft.nhs.uk is secured automatically
andrew.brown@dorset.nhs.uk to jane.white@poole.nhs.uk is secured automatically
fran.smith@bp-pct.nhs.uk to Amanda.white@hotmail.com is not secure (use manual encryption)
simon.hughes@bp.nhs.uk to ann.harris@hampshirepct.nhs.uk is not secure (use manual encryption)
joe.bloggs@dorset-pct.nhs.uk to fred.smith@nhs.net is not secure (use @nhs.net accounts to send to other @nhs.net accounts – see Note 3 below)

B. Manual Encryption

Where confidential or sensitive e-mails are sent outside of NHS Trusts within the county of Dorset these need to be manually encrypted. You can do this by one of 2 methods:

1. Use [encrypt] in the subject header

E-mails can be encrypted by placing the phrase ‘[encrypt]’ in the subject header (without the quotes). This results in an encrypted e-mail being sent to the recipient. The subject line is not encrypted so sensitive information should not be placed there. The recipient can open the encrypted e-mail via a web-site. This requires password registration on the web-site – a link to this web-site is sent with the mail along with simple instructions for the recipient;

2. Mark the sensitivity of the e-mail as confidential

E-mails can be marked as confidential – see the message options when compiling an e-mail. Changing the sensitivity to confidential results in an encrypted e-mail being sent to the recipient. Again the subject line is not encrypted so sensitive information should not be placed there.

Where you send a manually encrypted e-mail, it might be a good idea to warn recipients beforehand that you are sending an encrypted e-mail. Guidance for recipients opening encrypted e-mails is sent with the e-mail in the non-encrypted part but further detailed guidance for 3rd parties is available at the following link:

• Instructions for registering with CRES for third parties

Further information

Here are a list of e-mail addresses that are automatically encrypted and we will keep this up-to-date as other sites are added. It is hoped that Local Authorities will soon adopt a similar solution which will deliver automated encryption between Dorset NHS and Local Authority organisations.

• List of automatically encrypted email domains

Please note that it is not yet possible to send encrypted mail using IronPort to NHSMail (@nhs.net). This is awaiting a software ‘fix’ to be applied to the national NHS mail system – we expect this to be applied in December. In the interim use @nhs.net to send sensitive e-mails to @nhs.net as this is encrypted.

• IronPort Devices - Information for Users

Finally please note that it is not possible to deliver seamless encrypted e-mail in all circumstances which requires no additional action on behalf of users or recipients. This would require shared and agreed standards with all individuals we e-mail which is currently not possible. However, this new encryption facility will be helpful in ensuring that the PCT meets its obligations in respect of NHS security standards.

go to top

Information for Blackberry Users

If you receive a manually encrypted message on a Blackberry (which will not be from local NHS Trusts as these are decrypted by our local encryption devices) forward the message you receive to mobile@res.cisco.com

The service will then send you an email message back with a temporary link that you can click to securely retrieve the message by using a web browser on your computer or Blackberry. for more information about using the Open Online method and the Open by Forwarding method, see the Registered Envelope online help at the following website https://res.cisco.com/websafe/help?topic=RegEnvelope

FAQs

Q: Why isn’t encryption enabled by default for all e-mails ?

A: It is technically possible to turn on encryption by default (we did consider doing this at some length) and this is our medium term aim. We could not enable it by default for these reasons:

1. About 10% of mails can’t be opened by recipients. They either have web filtering / blocking software installed by their organisation or they don’t have a java client software (plug-in) installed in the browser which is required to open the encrypted message
   
   
2. Mails sent to the national NHSmail service (@nhs.net accounts) cannot be opened in Outlook Web Access – this is a problem with MS Exchange Server 2007 – there is a fix available but Connecting for Health are not able to apply this until approximately December 2009 at the earliest. A significant number of our users use this service so this would severely disrupt mail flow which we must avoid.

On balance switching on encryption by default would disrupt mail flow which would be more of a risk (including clinical risk) – so we decided not to do it. Where messages cannot be opened by recipients users must fall back to other encryption methods that are available. We will re-consider enabling encryption by default in December 2009 when the national NHS mail service has been patched.