NHSmail Enabling collaboration for health and social care

Acceptable Use Policy


General information about NHSmail

Your responsibilities when using NHSmail

Using NHSmail services to exchange sensitive information


This document explains how the NHSmail service should be used. It is your responsibility to ensure that you understand and comply with this policy. It ensures that:

If you have any questions about these terms and conditions, you should contact the NHSmail team at feedback@nhs.net (England) or nhsmail.scotland@nhs.net (Scotland) .

The NHSmail team reserves the right to update this document as necessary. A copy of the current version can be found at https://portal.nhs.net/Home/AcceptablePolicy

Supporting information can be found via the NHSmail Support pages at http://support.nhs.net/

General information about NHSmail

The NHSmail service includes the core services of secure email, the NHS Directory,Skype for Business Instant Messaging and Presence (IM&P), administration tools and aseries of top-up services. The top-up services available to you will depend on yourindividual organisation.

The NHSmail services have been provided to aid the provision of health and social careand this should be your main use of the service.There may be circumstances under which it is necessary for a designated and authorised person other than you, to view the contents of your files and folders within NHSmail. For example, if you have a secretary or PA that organises your diary.

If you are a member of clinical or care staff you may use NHSmail services in relation tothe treatment of private patients in accordance with your own professional codes of conduct.

Health and social care staff contact details are provided in the NHS Directory to supportthe delivery of health and care - these details will be shared across the entire NHSmail health and social care community.

All data retained within the service remains the property of the NHS.

NHSmail accounts are owned by:

and provided to NHS staff for their use. Where accounts are no longer used they are automatically removed after a period of inactivity as defined in the Data Retention Policy.

The NHSmail programme reserves the right to withdraw an NHSmail account from use should operational requirements dictate. This may include limiting service or complete de-activation..

Your responsibilities when using NHSmail

General responsibilities when using NHSmail

You must not use NHSmail to violate any laws or regulations of the United Kingdom or other countries. Use of the service for illegal activity is grounds for immediate dismissal and any illegal activity will be reported to the police. Illegal activity includes, but is not limited to, sending or receiving material related to paedophilia, terrorism, incitement to racial harassment, stalking, sexual harassment and treason. Use of the service for illegal activity will result in the immediate disablement of your NHSmail account

You must not use any of the NHSmail services for commercial gain. This includes, but is not limited to: unsolicited marketing, advertising and selling goods or services.

You must not attempt to interfere with the technical components, both hardware and software, of the NHSmail system in any way.

When you set up your NHSmail account you must identify yourself honestly, accurately and completely.

You must ensure your password and answers to your security questions for the NHSmail services are kept confidential and secure at all times. You should notify your Local Administrator if you become aware of any unauthorised access to your NHSmail account. You should never input your NHSmail password into any other website other than nhs.net sites. You will never be asked for your NHSmail password. Do not divulge this information to anyone, even if asked.

Email messages are increasingly a source of viruses which often sit within attached documents. NHSmail is protected by anti-virus and anti-spam software although occasionally, as with any email service, a new virus or spam message may not be immediately detected. If you are unsure of the source of an email or attachment you should leave it unopened and inform your local IT services. If you receive spam messages you should forward them to spamreports@nhs.net. You must not introduce or forward any virus or any other computer programme that may cause damage to NHS or social care computers or systems. If you are found to be deliberately responsible for introducing or forwarding a programme that causes any loss of service, NHS Digital or National Services Scotland may seek financial reparation from your employing organisation.

You must not use the NHSmail service to disable or overload any computer system or network. Where excessive account activity is detected your account could be suspended, without notice, to safeguard the service for all other users.

All communication you send through the NHSmail services is assumed to be official correspondence from you acting in your official capacity on behalf of your organisation. This should be in accordance with your local organisation's policies for exchanging data. Should you need to, by exception, send communication of a personal nature you must clearly state that your message is a personal message and not sent in your official capacity. This includes Instant Messaging.

You must familiarise yourself with the NHSmail support pages which include important policy documentation, service status information, training and guidance materials, information about known issues with the service and user/administration guides.

If you are accessing your NHSmail account from a non-corporate device i.e. a home computer, personally owned laptop or in an internet cafe, you should only access the service via the web at www.nhs.net and not through an email programme such as Microsoft Outlook, unless you have explicit permission from your own organisation to do so

Responsibilities when using the NHSmail email service

You must not attempt to disguise your identity, your sending address or send email from other systems pretending to originate from the NHSmail service

You must not send any material by email that could cause distress or offence to another user. You must not send any material that is obscene, sexually explicit or pornographic. If you need to transmit sexually explicit material for a valid clinical reason then you must obtain permission from your local Caldicott Guardian. [Note: GPs may need to refer to the Caldicott Guardian at their local CCG].

You must not use the NHSmail service to harass other users or groups by sending persistent emails to individuals or distribution lists.

You must not forward chain emails or other frivolous material to individuals or distribution lists.

It is your responsibility to check that you are sending email to the correct recipient, as there may be more than one person with the same name using the service. Always check that you have the correct email address for the person you wish to send to - this can be done by checking their entry in the NHS Directory.

Email is admissible as evidence in a court of law and messages can be classified as legal documents. Internal emails may also need to be disclosed under the Freedom of Information Act 2000, the Data Protection Act 1998 and amendments and Freedom of Information (Scotland) Act 2002. Emails should be treated like any other clinical communication and care should be taken to ensure that content is accurate and the tone is appropriate.

Responsibilities when using the NHS Directory service

It is your responsibility to make sure that your details in the NHS Directory are correct and up to date.

You must not use the NHS Directory to identify individuals or groups of individuals to target for commercial gain, either on your behalf or on that of a third party.

Information governance issues

The General Medical Council (GMC) Good Medical Practice guidance requires doctors to keep clear, accurate and legible records. It is important that emails and Instant Messages do not hinder this. You should ensure that relevant data contained in emails or Instant Messages are immediately attached to the patient record. Failure to do so could have implications on patient safety.

NHSmail is a communication tool to support the secure exchange of information and is not designed as a document management system. Documents, emails or messages that are required for retention/compliance purposes should be stored within your organisation's document management system in accordance with local Information Governance policies

Your organisation is entitled to seek access to the contents of your mailbox, sent/received messages or other audit data as required to support information governance processes without your prior consent. Such requests are strictly regulated with the process detailed in the NHSmail support pages.

Using NHSmail services to exchange sensitive information

The NHSmail service is a secure service. This means NHSmail is authorised for sending sensitive information, such as clinical data, between NHSmail and:

If you need to exchange sensitive data outside of the above secure domains, the NHSmail encryption tool must be used in accordance with the guidance materials available on the NHSmail support pages.

If you intend to use the service to exchange sensitive information you should adhere to the following guidelines:

Remember that personal information is accessible to the data subject i.e. the patient, under Data Protection legislation.