To ask the Secretary of State for Health and Social Care, what steps his Department is taking to help ensure implementation of the DMARC email authentication system by all NHS Trusts.
Answered on
21 May 2020
NHSmail, an email service provided to National Health Service organisations by NHS Digital, is in use by over 90% of the NHS in England with over 1.3 million users. This service fully implements the Domain-based Message Authentication, Reporting and Conformance (DMARC) controls with a policy set to reject any emails that fail the DMARC checks.
Within all of health and social care there is a secure email standard to ensure email is securely exchanged. The information standard is published under section 250 of the Health and Social Care Act 2012 and all NHS organisations are required to give due regard to the standard. It also requires NHS organisations not using NHSmail to have a DMARC policy of ‘quarantine’ and an agreed timeline for implementing a ‘reject’ policy.