Microsoft Office 365 has achieved the English Health and Social Care Secure Email ISB 1596 standard, which allows Outlook to be used for emails containing personal and sensitive data.
ISB 1596 requires email service providers to meet a set of independently audited baseline controls that stick to a range of information governance policies and principles.
The standard is used to establish how personal and sensitive data, such as information that can identify a patient, is kept safe when using email, and enables staff to follow correct data handling procedures.
Microsoft proved through the use of independent evidence that Office 365 meets the requirements of ISB 1596, which it claimed is the first non-NHS service to do so.
Derrick McCourt, public sector general manager at Microsoft UK, explained that the standard sets the benchmark very high for establishing how data should be handled.
"Microsoft is pleased to have worked with the Health and Social Care Information Centre to meet this standard," he said.
"Microsoft takes the security and confidentiality of all our customers' data very seriously and this accreditation means that any organisation associated with the health and social care sector - including GP practices and hospitals - will be able to take advantage of the cost efficiency of Microsoft Office 365 email, safe in the knowledge they are compliant with this new, exacting standard."
Email across the NHS and affiliated organisations is handled by NHSmail, custom software designed for the healthcare service to meet government standards related to handling patient data and confidential information.
The Department of Health formally announced in June that Accenture had beat BT and three other rival firms to be awarded a £350m deal by the Crown Commercial Service to create a new email system for the NHS, dubbed NHSmail2, as reported by Health Investor.
Outlook for Office 365 gaining the ISB 1596 standard means that the NHS can have access to an alternative email client to those offered by internal government organisations.
Meeting the standards needed to provide email services to the NHS could give Microsoft a line into one of the largest organisations in the UK, something it would be keen to pursue after HMRC opted for Google over Microsoft for some internal apps.
A new RSA report urges coders to sign a 'Hippocratic Oath' before embarking on AI programmes.
IT security vendor believes APT33 is working for the Iranian government
Darktrace pushes machine learning to take some of the pressure off of IT and security teams
Google also gets its hands on HTC's IP in a non-exclusive deal