NHS email encryption
Dr Adrian Midgley (In the office)
ukcrypto at chiark.greenend.org.uk
Fri, 24 Aug 2007 15:11:50 +0100
From a PCT to its doctors etc
"The reason for the new email address is to meet requirements of the
Data Protection Act 1998 Principle 8 in line with the PCTs renewal of
the Data Protection notification to the Information Commissioner. Any
patient identifiable information sent from an ordinary email account (eg
ekcpct.nhs.uk or gp-g80000.nhs.uk) is not fully encrypted and therefore
open to interception and would constitute sending details outside the
EEA. This is not considered acceptable practice and will be in breach of
the Data Protection Act. nhs.net email accounts are encryption enabled,
therefore a secure way to send and receive patient identifiable
information."
The new one is SSL to server, SSL from server to reader.