Welcome to the NHSmail communications page. You can access all of our latest communications to Local Administrators (LAs) and end users from here. Use the drop-down fields to display the communications that are relevant to you.
LA Webinar – 3 July 2018
Slides from the July LA webinar, which provide updates on NHSmail service performance, platform clean-up of inactive accounts, Portal development, repeated account lockout guidance, Skype for Business – unavailability, anonymous access to NHS Directory, NHSmail Single Sign-On, anti-spoofing, NHSmail news and calendar federation. Please also see the recording of the webinar and the Q&A log.
LA Webinar on GDPR – 17 May 2018
Slides from the GDPR LA webinar held on 17 May 2018 are published in the ‘GDPR’ section of the Portal (found under Help>Policy and Guidance>GDPR>GDPR guidance for the NHSmail Live Service - England), together with the recording of the webinar.
LA Webinar - 28 March 2018
Slides from the March LA webinar, which provide updates on service status, account management lifecycle, application accounts, business continuity and disaster recovery testing, anti-spoofing, Skype for Business file sharing and recording and an update on the growth area. Please also see the recording of the webinarand the Q&A log.
LA Webinar - 28 February 2018
Slides from the February LA webinar, which provide updates on service status, deletion of inactive accounts, account management lifecycle, new Portal functionality, Skype for Business file sharing and recording, address book synchronisation, calendar federation, secure email standard, anti-spoofing and all user communications and survey. Please also see the recording of the webinar and the Q&A log.
LA Webinar - 24 January 2018
Slides from the January LA Webinar, which provides updates on service status, including update on ServiceNow email address, self-service password resets and account management lifecycle, new Portal functionality, secure email domains, N3 and HSCN, updated additional services catalogue and personal / patient data being received by the helpdesk. Please also see the recording of the webinar and the Q&A log.
LA Bulletin - 12 July 2018
Latest information on NHSmail service including anti-spoofing, Portal update, Outlook add-in tool to report phishing emails, Skype for Business – unavailability, repeated account lockout guidance, anonymous access to NHS Directory, O365 Hybrid, ‘NHSmail News’, calendar federation and platform clean-up of inactive accounts.
LA Bulletin - 4 June 2018
Latest information on NHSmail service including General Data Protection Regulation (GDPR), Microsoft Exchange 2013 ‘extended’ support, last Portal release, blocked accounts on NHSmail, account deletions, O365 Hybrid, Microsoft Windows 10 operating system licences with Advanced Threat Protection (ATP) and general service information – reminders.
LA Bulletin - 1 May 2018
Latest information on NHSmail service including General Data Protection Regulation (GDPR), last Portal release, resource mailboxes, Office 365 Hybrid – Azure Active Directory, anti-spoofing, Data Security and Protection Toolkit (DSPT), Microsoft Outlook calendar settings and BT Domain Name Service (DNS) change.
LA Bulletin - 9 April 2018
Latest information on NHSmail service including service status, last Portal release, upcoming Portal release, business continuity and disaster recovery (BCDR) testing, account management lifecycle, growth areas (pharmacy, dentistry, social care, optometry, locums / transient workers), Skype for Business – file sharing and recording, anti-spoofing and application accounts.
LA Bulletin - 14 March 2018
Latest information on NHSmail service including service status, latest Portal release, account management lifecycle, increasing mailbox sizes, all user communications / survey, Office 365 Hybrid, Skype for Business file sharing and recording, address book synchronisation / federation and calendar federation. General service information reminders including secure email domains, anti-spoofing, self-service password management and deletion of inactive accounts.
Details of the all-user broadcast on GDPR can be found in the ‘GDPR’ section of the Portal (found under Help>Policy and Guidance>GDPR>GDPR guidance for the NHSmail Live Service – England).
Self-service password reset function and hide your personal mobile number from public view
If you cannot access your NHSmail account and wish to reset your password, you can do this yourself rather than contacting your Local Administrator. This means you can access your account anytime out of hours rather than waiting for your Local Administrator to be available.
To use this functionality, you must:
1. Log into your account at www.nhs.net by clicking on 'Login' in the top right-hand corner of the page, use your current NHSmail credentials normally
2. Click on Profile
3. Enter your mobile number in the field provided
4. Tick the box if you wish to have your mobile number hidden. (The NHSmail helpdesk and your Local Administrator will still have access to this number for account administration purposes only).
Reviewing your security questions
1. Click on the ‘Security Questions’ tab within the ‘Profile’ page, shown above.
2. If you wish to change the questions and answers displayed, please follow the on-screen instructions.
3. Once you are happy, please click on the ‘Save’ button.
If you have forgotten your password, you can use the self-service password reset feature within the Portal.
1. Go to the NHSmail Portal at www.nhs.net.
2. Click on 'Login' in the top right-hand corner of the page.
3. On the standard login screen, you should click on the ‘Forgotten Password? Click here’ link:
4. Next, you will be asked to enter an email address for verification. Enter your NHSmail email address (nhs.net email) into the box provided and click on the ‘Next’ button.
5. You will now be asked to answer two of your security questions by providing the correct characters at a requested position within your three security answers. When complete, click on the ‘Next’ button and you will shortly receive a temporary password to use with your account via SMS message to your registered mobile device.
6. Return to www.nhs.net and login using your NHSmail email address and the temporary password that you have received. You will be asked to change your password immediately to something of your own choosing. Refer to the section below regarding choosing a new password to help guide you with the password complexity requirements for NHSmail.
Further guidance about the self-service password reset procedure is available via the Portal help pages. button.
Use secure passwords
Changing your password
Your NHSmail password expires every 90 days for security reasons.
1. Go to the NHSmail Portal at www.nhs.net.
2. Click on 'Login' in the top right-hand corner of the page and login using your current NHSmail credentials normally.
3. Click on ‘Profile’:
4. Click on ‘Change Password’:
Further guidance about changing your password is available via the support pages.
If you receive an error when attempting to change your password, check that it meets the requirements listed above and try again.
You should choose a password that is memorable to you but not easily guessable.
Please use the guidance below to ensure your password remains secure. Choosing ‘guessable’ passwords puts your NHSmail account at risk:
To change your password, please follow the guidance available in the above section on using the self-service password reset function.
Never send personal / patient / sensitive data to the NHSmail national helpdesk
When raising a call with the NHSmail national helpdesk please ensure you do not accidentally include patient or sensitive data when sending them information. For example, do not send:
The NHSmail helpdesk follows a strict information governance procedure if this occurs, but you should take responsibility for the data you have access to and ensure it is not accidentally shared with inappropriate recipients.
Populate or update your personal details in the NHS Directory
Your user profile contains contact information that is provided when your NHSmail account is created. This information is displayed in the NHS Directory to enable colleagues to find you and make contact.
You can edit your personal contact details, e.g. if your mobile number changes or if you want to add a personal description for yourself by logging into your account at www.nhs.net and selecting the ‘Profile’ tab.
Full guidance on updating your profile can be found within the Portal user guide Portal user guide.
Protect your NHSmail account from cyber attacks
In light of the widespread ransomware attacks in May and June 2017, it is more important than ever to remain vigilant over the emails received within your inbox.
The NHSmail Cyber Security Guide provides detailed information on how to identify spoof, junk or spam email with step-by-step instructions on how to report it. If you receive an email that is not from someone you know, or looks to be from someone you know but the content doesn’t appear genuine, please report it for investigation.
Manage your mailbox efficiently
You should regularly check your mailbox quota and keep within quota as when your mailbox is over quota, you will not be able to receive or send emails. You can check your mailbox quota in Outlook Web App by following the instructions below:
If you are using an Outlook desktop client, you can check your mailbox quota by clicking on file and your mailbox quota will be shown. For example:
When items are deleted out of the deleted items folder, they are kept for a further 180 days in a recoverable items area in line with the NHSmail Data Protection Policy. This recoverable items area is the same size as your mailbox quota (for example 4GB) and can also become full as it keeps the emails for 180 days meaning that you are unable to delete any more emails.
To manage your mailbox and recoverable items area efficiently, you should delete items regularly rather than in bulk periodically.
As stated in the NHSmail Acceptable Use Policy, NHSmail is not designed as a document management system. Documents, emails or messages that are required for compliance or retention purposes should be stored within your organisation’s document management system in accordance with your local information governance policies
Instant Messaging and Presence is now available
NHSmail Skype for Business Instant Messaging and Presence (IM&P) is a secure tool that may allow you to chat to other colleagues using NHSmail across health and social care in real- time and check their availability. It is free to use.
Although Skype for Business has been switched on for all NHSmail users, your organisation may already have an alternative instant messaging service and may choose not to use Skype for Business. Please contact your local IT team for further information.
Instant messaging – Skype for Business can be used to send instant messages to others. You can save time using IM&P by asking a colleague a question when you need a quick response rather than calling or scheduling a meeting.
Presence – The presence indicator on IM&P will show others if you are available to receive and respond to instant messages. For example, you can set your presence status to available if you are free or to ‘busy’ if you are unable to receive instant messages because you are in meetings or away.
Audio and video conferencing is also available but at a cost to your local organisation and organisations must address the considerations for clinical use document before setting up functionality for their users. This can be used to connect with colleagues using voice and video. Further information can be obtained by contacting Accenture.
Learn how to send sensitive or patient data, using email, securely
If you need to send sensitive or patient data using email, you must make sure it is sent securely and only read by the intended recipient.
There are two options available to you:
NHSmail to NHSmail (@nhs.net to @nhs.net): NHSmail automatically encrypts emails when sending between one NHSmail account and another. For example, from firstname.lastname@example.org to email@example.com. All you need to do is send your email as usual and your content is automatically safe.
NHSmail to any other email address: If you are emailing someone that isn’t using an NHSmail account, you should always insert the word [secure] into the subject line to enforce encryption. This needs to be the first word in the subject line but is not case sensitive. Please see the encryption guide for details on what happens next.
If the address the email is being sent to is not secure (as in the above example), the NHSmail service will automatically enforce the use of the encryption tool to protect the data in the email. The recipient will need to log into, or register for if they have not done already, the Trend Micro Encryption Portal to open the email before it can be read.
If the address the email is being sent to is identified as secure even if it’s not an NHSmail address (this is done automatically once you press ‘send’), the email will be sent as is and no further encryption is required.
Full guidance is available on sharing sensitive information and how to use the encryption tool.
When contacting the national NHSmail helpdesk, you must not send sensitive / patient data or your NHSmail password.
Beware of fraudulent emails asking for the transfer of funds
There has recently been an increase in the number of fraudulent or 'phishing' emails being sent to NHSmail accounts, especially within GP practices.
Attackers are setting up email accounts on internet mail services in the name of an employee at a CCG , GP practice or supplier to make the address look real. The attacker then uses the email account to target a staff member at the CCG or GP practice. Recently the attackers have tried to convince staff to transfer funds to a UK bank account.
These attacks can be difficult to spot as the attacker establishes an email trail and the user expects a response containing instructions, a link or an attachment to act upon. Advice on how to spot fraudulent or phishing emails is contained in our Cyber Security Guide.
What to do if you receive a suspicious email
If you receive an email from what looks to be a familiar organisation or contact, which you believe to be suspicious such as an unusual payment request for goods/services, outside of the normal payment process, make sure you question it:
Downloading and viewing communications
Some of the links above will open a new tab in your browser, displaying the communication as a PDF. If you want to download the communication to your computer, right-click on the link and click 'Save Target As' or 'Save Link As' (depending on your browser). This will enable you to choose where you want to save the file.
Dates in previous communications
Dates in previous communications are subject to change. For the most up to date information on NHSmail, please see the Service Status page