PHMEG members who wish to share confidential information by email are strongly encouraged to use encryption software to do so.

The NHS planned to implement an encryption strategy several years ago, but this plan was quietly dropped. The HPA has also, despite pressure from PHMEG, declined to introduce such a strategy. Instead, it has prohibited the use of  email (or required the cumbersome use of non-public-key encryption) where patient identifiable information (PII) is involved, despite this often being the quickest and most efficient means of communication. 

Previously PHMEG encouraged its members to use "Pretty Good Privacy" software, which could be downloaded from www.pgpi.com, and was free for non-commercial use; but the version that was free for non-commercial use is not compatible with most modern computer operating systems; and HPA policies prevent health protection units from purchasing PGP, even when they wish to do so from their own budgets.

PHMEG continues to apply pressure for its members to be able to use encrypted emails, so that where it is necessary to share PII with colleagues, this can be done without risks to patient confidentiality, or the delays and inefficiencies caused by using alternative means of communication.

This page was last updated on 30/07/2007.