NHS Digital has signed UK security software firm Egress to bolster the security of NHSmail and provide added encryption to outgoing messages.

Egress Protect will be integrated into NHSmail to offer enhanced protection and improve user experience, NHS Digital said.

The software enables users of NHSmail to send encrypted emails to unsecure domains, including patients and other areas of the health and care system.

It also offers automatic decryption for inbound email. This allows those recipients of NHSmail emails that are encrypted using Egress Protect to read and reply via an online portal or using Egress’ app for Microsoft Outlook integration.

Following an initial pilot phase, Egress is now the new provider for sending sensitive emails from NHSmail accounts encrypted to external email accounts, NHS Digital said.

Chris Parsons, programme head for NHSmail at NHS Digital, said: “NHSmail is already a safe, secure email system, used by almost 1.5 million health and care professionals enabling them to send sensitive information and deliver effective care.

“The partnership with Egress will continue to build on this, delivering an effective user experience, supporting security and compliance with GDPR with detailed auditing and reporting.”

Tony Pepper, Egress chief executive, added: “We are delighted to be working with NHS Digital to improve the NHSmail experience for healthcare practitioners and patients throughout the UK.

“Modern and efficient healthcare requires an accessible and secure communication network built on the best data security and IT architecture available.

“We look forward to an ongoing relationship with NHS Digital, supporting them in the delivery of this critical communication network.”

NHSmail is the largest closed secure email network in the UK.

While it is touted as a secure service, information sent to Digital Health News in January revealed that NHSmail was not fully compliant with its own secure email standard for six months between July 2019 and January 2020.

Specifically, the DMARC block policy for NHSmail, a requirement of  necessary for health and social care organisations to ensure sensitive and confidential information is kept secure, had not been implemented by July 2019 as directed in NHS Digital’s conformance statement.

DMARC was correctly configured shortly after Digital Health News approached NHS Digital on the matter.