Skip Navigation
Search site

This is our old website. Most information can now be found on our new NHS Digital website. Let us know what you think.


Secure Email

About this information standard

This information standard defines the minimum non-functional requirements for a secure email service, covering the storage and transmission of email, including where email is used for the sharing of patient identifiable data. The standard includes:

  • the information security of the email service
  • transfer of sensitive information over insecure email
  • access from the Internet or mobile devices
  • exchange of information outside the boundaries of the secure standard.

Version 2.1 has been released to clarify some of the requirements around penetration testing and accreditation. Note that no Change Specification has been issued due to the brevity of the change; the Information Standards Notice provides the full detail.

This information standard is published under section 250 of the Health and Social Care Act 2012. An Information Standards Notice (see below) provides an overview of scope and implementation timescales and the other listed documents provide further detail for those who have to implement the information standard.

Current release

Release date28/09/2017
Release numberAmd 77/2017
Release titleVersion 2.1
Key documents
More information

More guidance is available from the developer webpages on the NHS Digital website

Previous release

Release date

Release numberAmd 3/2016
Release titleVersion 2
Key documents
Previous releases

Please see the ISB website for information on Version 1

Close iCM Form