NHSmail Enabling collaboration for health and social care

Acceptable Use Policy

About this document

General information about the NHSmail service

Your responsibilities when using the service

Using NHSmail to exchange sensitive information

About this document

This document explains how the NHSmail service should be used. It is your responsibility to ensure that you understand and comply with this policy. It ensures that:

If you have any questions about these terms and conditions, you should contact the NHSmail team at feedback@nhs.net.

The NHSmail team reserves the right to update this document as necessary. A copy of the current version can be found at http://portal.nhs.net. Click the link to Acceptable Use Policy in the footer of the home page.

Supporting information can be found via the NHSmail Training and Guidance pages at [https://portal.nhs.net/Help/policyandguidance] (https://portal.nhs.net/Help/policyandguidance).

General information about the NHSmail service

The NHSmail service has been provided to aid the provision of health and social care and this should be your main use of the service. There may be circumstances under which it is necessary for a designated and authorised person other than yourself to view the contents of your files and folders within NHSmail, for example if you have a secretary or PA that organises your diary.

If you are a member of clinical staff you may use the NHSmail service in relation to the treatment of private patients in accordance with your own professional codes of conduct.

NHS staff contact details are provided in the NHS Directory to support the delivery of healthcare - these details will be shared across the NHS.

All data retained within the service remains the property of the NHS.

NHSmail accounts are owned by the Health & Social Care Information Centre on behalf of the Secretary of State for Health and provided to NHS staff for their use.

The NHSmail programme reserves the right to withdraw an email account from use should operational requirements dictate.

Your responsibilities when using the service

General responsibilities

You must not use the NHSmail service to violate any laws or regulations of the United Kingdom or other countries. Use of the service for illegal activity is usually grounds for immediate dismissal and any illegal activity will be reported to the police. Illegal activity includes, but is not limited to, sending or receiving material related to paedophilia, terrorism, incitement to racial harassment, stalking and sexual harassment and treason. Use of the service for illegal activity will result in the immediate suspension of your NHSmail account.

You must not use the NHSmail service for commercial gain. This includes, but is not limited to unsolicited marketing, advertising and selling goods or services.

You must not attempt to interfere with the technical components, both hardware and software, of the NHSmail system in any way.

When you set up your NHSmail account you must identify yourself honestly, accurately and completely.

You must ensure your password and answers to your security questions for the NHSmail system are kept confidential and secure at all times. You should notify your Local Organisation Administrator (LOA) if you become aware of any unauthorised access to your NHSmail account. You should never input your NHSmail password into any other website other than www.nhs.net. You will never be asked for your NHSmail password. E.g. by phone or email. Do not divulge this information to anyone, even if asked.

Email messages are increasingly a source of viruses which often sit within attached documents. NHSmail is protected by anti-virus software although occasionally, as with any email service, a new virus may not be immediately detected. If you are unsure of the source of an email or attachment you should leave it unopened and inform your local IT services. You must not introduce or forward any virus or any other computer programme that may cause damage to NHS computers or systems. If you are found to be deliberately responsible for introducing or forwarding a programme that causes any loss of service, the Health & Social Care Information Centre may seek financial reparation from your employing organisation.

You must not use the NHSmail service to disable or overload any computer system or network. Where excessive account activity is detected your account could be suspended without notice to safeguard the service for all other users.

All communication you send through the NHSmail service is assumed to be official correspondence from you acting in your official capacity on behalf of your Organisation. Should you need to, by exception, send communication of a personal nature you must clearly state that your message is a personal message and not sent in your official capacity.

You must familiarise yourself with the NHSmail Training and Guidance pages which include important policy guidelines, information about known issues with the service and user/administration guides.

If you are accessing your NHSmail account from a non-NHS device (i.e. a home computer, personally owned laptop or in an internet cafe) you should only access the service via the web at www.nhs.net and not through an email programme such as Microsoft Outlook unless you have explicit permission from your own organisation to do so.

Responsibilities when using the NHSmail email service

You must not attempt to disguise your identity or your sending address.

You must not send any material by email that could cause distress or offence to another user. You must not send any material that is obscene, sexually explicit or pornographic. If you need to transmit sexually explicit material for a valid clinical reason then you must obtain permission from your local Caldicott Guardian. [Note: GPs may need to refer to the Caldicott Guardian at their local PCT].

You must not use the NHSmail service to harass other users or groups by sending persistent emails to individuals or distribution lists.

You must not forward chain emails or other frivolous material to individuals or distribution lists.

It is your responsibility to check that you are sending email to the correct recipient, as there may be more than one person with the same name using the service. Always check that you have the correct email address for the person you wish to send to - this can be done by checking their entry in the NHS Directory.

Email is admissible as evidence in a court of law and messages can be classified as legal documents. Internal emails may also need to be disclosed under the Freedom of Information Act 2000 and the Data Protection Act 1988. Emails should be treated like any other clinical communication and care should be taken to ensure that content is accurate and the tone is appropriate.

Responsibilities when using the NHS Directory service

It is your responsibility to make sure that your details in the NHS Directory are correct and up to date.

You must not use the NHS Directory to identify individuals or groups of individuals to target for commercial gain, either on your behalf or on that of a third party.

Information governance issues

The General Medical Council (GMC) Good Medical Practice guidance requires doctors to keep clear, accurate and legible records. It is important that emails do not hinder this. You should ensure that relevant data contained in emails is immediately attached to the patient record. Failure to do so could have implications on patient safety.

NHSmail supports the secure exchange of information and is not designed as a document management system. Documents or emails that are required for retention/compliance purposes should be stored within your organisation's document management system in accordance with local Information Governance policies.

Your Organisation is entitled to seek access to the contents of your mailbox, sent/received messages or other audit data as required to support information governance processes without your prior consent. Such requests are strictly regulated with the process detailed in the training and guidance pages.

Using NHSmail to exchange sensitive information

The NHSmail service is a secure service, this means that NHSmail is authorised for sending sensitive information, such as clinical data, between NHSmail and

If you intend to use the service to exchange sensitive information you should adhere to the following guidelines