Secure emails
Where personal, confidential, or sensitive information needs to be sent using email, the email must be sent securely.
Your Mersey Care email (your.name@merseycare.nhs.uk) is accredited to the same security standard (DCB1596) as the NHSmail (NHS.net) service.
This means that you no longer need to use your NHSmail (NHS.net) email account to send secure emails, as this can be done from your Mersey Care email account. This should help save you time, as you no longer need to navigate two email systems.
Please note that the use of password protected documents is no longer Trust policy.
How do I send a secure email?
For guidance on how to send emails securely from your Mersey Care email account, please read your guide to sending secure emails (also pictured below).
Where an email cannot be sent securely, you can encrypt your email so that it cannot be read by anyone other than the intended recipient. Email encryption also ensures the message cannot be copied or forwarded on.
How do I encrypt my email?
Encrypting an email message means that the content of the email is converted from readable plain text into scrambled coded text. Only the intended recipient can unscramble and read the message.
To encrypt your email, type [secure] in front of your subject line as shown in the example below. When this message is sent, it will be sent as a secure encrypted message.
Important please note: If you have previously used the word [encrypt] or [RW4ENCRYPT] in front of your subject line, your email will have been sent as a secure encrypted message.
What will this mean for the email recipient?
The recipient may need to enter a one-time passcode to access the encrypted email. This passcode will be sent to their email address. Once the code is entered, the recipient will be able to access the encrypted email.
Read guidance on how to open an encrypted email
Further information and support
In line with NHS England guidance, organisations with secure email standard (DCB1596) can securely email each other without any further encryption required.
All organisations listed within DCB1596 Accredited Organisations (https://digital.nhs.uk/services/nhsmail/the-secure-email-standard#list-of-accredited-organisations) are secure to send and receive emails between each other without further encryption. This list is managed by NHS England.
Please be aware that your guide on sending secure emails will be updated as other NHS email domains are accredited to the DCB1596 secure email standard. As such, please always refer to the document review history to ensure you are referring to the most up-to-date guidance.
To protect confidential, person-identifiable information, all staff should remember the following:
- Where personal, confidential or sensitive information needs to be sent using email, the email must be sent securely (view guide).
- Only use Trust-approved email accounts (ending merseycare.nhs.uk or nhs.net).
- Never put person-identifiable information into the subject line of an email.
- Only use a person's initials and another identifier (e.g. NHS number, employee number, etc.) in the body of an email.
- Never use person-identifiable information to name any attachments.
- Ensure that a recipient's email address has been entered accurately or selected correctly from a provided address list.
Should you require any further information or support, please contact your IT Service Desk or Information Governance Team.