Microsoft 365 is the first non-NHS email service to meet the secure health and social care email standard ISB1596, allowing users to send sensitive patient information.
The Health and Social Care Information Centre confirmed earlier this month that the email functionality of Office 365, a group of business applications, has met the requirements for the standard, which defines the minimum functionalities for the secure storage and transmission of email.
ISB1596 was published in February 2014 and is intended to make sure that email services adhere to information governance policies and principles and are set up to securely manage the personal and sensitive nature of health and social are data.
All organisations delivering health and social care services in the UK are expected to use email services that meet the standard by June 2016.
The only other email option for NHS providers that meets the standard is the internal email system NHSmail, which was launched more than a decade ago and has around 730,000 active users.
NHSmail will undergo a revamp in the next six months with Accenture recently awarded a £60 million contract to take over from previous supplier Cable and Wireless (now part of Vodafone). New features will include a larger mailbox and instant and video messaging via Microsoft Lync.
Speaking to Digital Health News, Suzy Foster, director of health and life sciences for Microsoft in the UK, said she expects a “peaceful co-existence” between NHS organisations that choose to use Office 365 and those on NHSmail2.
She added that Office 365 has some advantages, such as a greater ability to share information securely between health and social care services, as the system is “used extensively” across local authorities.
“This is something that really will enable users in a healthcare setting to communicate effectively with other public sector organisations,” said Foster.
She also mentioned that the cloud-based nature of the Office 365 email service means there is the potential to reduce costs for NHS organisations as there is no need for internal infrastructure or applications.
Foster described Office 365 meeting the ISB1596 standard as a “groundbreaking moment” for the company as it is the first time Microsoft has met a standard that relates specifically to patient data in the UK.
“It really does demonstrate that NHS professionals can use Office 365 mail online securely for the transfer of patient data.”
Microsoft began the accreditation process in September 2014, with the company providing evidence to confirm it is able to fulfil the necessary security requirements requested by the HSCIC.
Foster said: “We expected it to be difficult as we were dealing with patient data and that is really important. But we knew there was nothing we couldn’t do; it was just providing the evidence. We didn’t have to reconfigure Office 365.”