Enabling collaboration for health and social care
Policy and Guidance Materials
Welcome to the Policy and Guidance page. From this page, you can access all the policy and guidance materials you will need when using the NHSmail service.
As a user of the NHSmail platform you must operate in accordance to a clear set of guidance, policies and procedures to ensure you are using the service effectively, appropriately and safely. Please refer to the materials below to ensure you are adhering to all NHSmail guidance and policies.
NHSmail is available to organisations with a valid reason to use it. The NHSmail Access Policy provides full details.
Acceptable Use Policy
Whilst the design and operation of a secure email system is a key part of making sure it is secure, it is also an obligation of users to make sure they use the service properly and without doing anything to compromise the security of the information that they send or receive. For this reason, every NHSmail user is required to accept the Acceptable Use Policy when they register for the service. This is their promise to all NHSmail users and the public and patients we serve, that they will be mindful of the importance of the information that they share over NHSmail.
The NHSmail Service is approved for the exchange of clinical/sensitive data in line with the National Clinical Safety Case. The Service is not intended for storage of clinical information. Organisations are encouraged to review local processes and guidance in line with the NHSmail Policies and National Safety Case. The Safety Case is available on request from email@example.com.
Information Management Policies
Information is stored in the NHSmail service for a variety of reasons and is retained in accordance with our policies listed here:
Managing Accounts in Closed Organisations
Guidance on how to manage your NHSmail accounts if they need to be transferred into a replacement organisation or removed from the service if your organisation is closing (ODS code has been closed) or merging with another.
Push Connector Guide
Guidance on how to use Push Connectors
TANSync Filter Configuration Guide
Guidance on how to configure filtering within TANSync to control user account provisioning
TANSync is the replacement solution for Pull Connectors. This guide provides a description of the TANSync solution and the local requirements for setting up TANSync
TANSync Deployment Guide
Guidance on how to deploy TANSync for your organisation
User Provisioning Guide
Guidance on the different options for adding, updating and removing user data from NHSmail
Leavers and Joiners Guidance
This is a guidance document and outlines the actions that users and Local Administrators should take in relation to NHSmail accounts when a user joins and/or leaves an organisation
Accessing Mailbox Data
What a Local Administrator should do if access is needed to data in an NHSmail account where the user is unavailable or unable to give permission for access
Patient Identifiable Data (PID) should only be exchanged electronically when encrypted. NHSmail email sent to secure domains is automatically encrypted and complies with the pan-government secure email standard. NHSmail is accredited to the NHS secure email standard and is suitable for sharing patient identifiable and sensitive information.
When sending emails outside of NHSmail, use [secure] at the start of the email subject. [Secure] is not case sensitive. The NHSmail service will assess whether encryption is required.
• If the domain the email is being sent to is accredited, the email will be sent securely and no further encryption is required.
• If the domain the email is being sent to is not accredited, and therefore insecure, the NHSmail service will programmatically enforce the use of the encryption tool to protect the email data. The recipient will need to log into the Trend Encryption Micro portal to unencrypt the email before it can be read.
NHSmail works with the Government Digital Service (GDS) to regularly update the list of accredited domains regularly
Guidance is available on how to use the NHSmail encryption service.
There is a sharing sensitive information guide which details how patient identifiable data should be securely exchanged.
Accessing Encrypted Emails Guide
Guidance for recipients of encrypted emails sent from an NHSmail account including: opening and reading encrypted emails and sending an encrypted reply
Encryption Guide for Senders
Guidance on how to use the NHSmail encryption service to send encrypted emails to people not using NHSmail
Guidance to ensure your applications meet the supported NHSmail protocols
Cyber Security Guide
Guidance on how to keep your account and the NHSmail service safe and secure from common cyber threats including: spam, junk, spoofing and phishing
Email Gateway / Relay Service
Frequently asked questions (FAQs), general information and guidance on the Email Gateway / Relay Service provided by NHSmail.
Finding your Local Administrator LA
Guidance on how to find out the contact details of Local Administrator within your organisation.
This document provides an overview of the local organisation licensing requirements for NHSmail in England and Scotland.
Managing your mailbox quota
Guidance on how to ensure you do not breach your mailbox quota and ensure your account is not prevented from receiving or sending email.
Mobile Configuration Guide
Guidance on how to access the NHSmail service via your mobile device
Sub-domain Branding Guide
Frequently asked questions (FAQs) about sub-domain branding of users accounts.