NHSmail Enabling collaboration for health and social care


Policy and Guidance Materials

Welcome to the Policy and Guidance page. From this page, you can access all the policy and guidance materials you will need when using the NHSmail service.

As a user of the NHSmail platform you must operate in accordance to a clear set of guidance, policies and procedures to ensure you are using the service effectively, appropriately and safely. Please refer to the materials below to ensure you are adhering to all NHSmail guidance and policies.

  • Access Policy

    NHSmail is available to organisations with a valid reason to use it. The NHSmail Access Policy provides full details.

  • Acceptable Use Policy

    Whilst the design and operation of a secure email system is a key part of making sure it is secure, it is also an obligation of users to make sure they use the service properly and without doing anything to compromise the security of the information that they send or receive. For this reason, every NHSmail user is required to accept the Acceptable Use Policy when they register for the service. This is their promise to all NHSmail users and the public and patients we serve, that they will be mindful of the importance of the information that they share over NHSmail.

  • Clinical Safety

    The NHSmail Service is approved for the exchange of clinical/sensitive data in line with the National Clinical Safety Case. The Service is not intended for storage of clinical information. Organisations are encouraged to review local processes and guidance in line with the NHSmail Policies and National Safety Case. The Safety Case is available on request from feedback@nhs.net.

  • Information Management Policies

    Information is stored in the NHSmail service for a variety of reasons and is retained in accordance with our policies listed here:

  • Managing Accounts in Closed Organisations

    Guidance on how to manage your NHSmail accounts if they need to be transferred into a replacement organisation or removed from the service if your organisation is closing (ODS code has been closed) or merging with another.

  • Push Connector Guide

    Guidance on how to use Push Connectors

  • TANSync Filter Configuration Guide

    Guidance on how to configure filtering within TANSync to control user account provisioning

  • TANSync Overview

    TANSync is the replacement solution for Pull Connectors. This guide provides a description of the TANSync solution and the local requirements for setting up TANSync

  • TANSync Deployment Guide

    Guidance on how to deploy TANSync for your organisation

  • User Provisioning Guide

    Guidance on the different options for adding, updating and removing user data from NHSmail

  • Leavers and Joiners Guidance

    This is a guidance document and outlines the actions that users and Local Administrators should take in relation to NHSmail accounts when a user joins and/or leaves an organisation

  • Accessing Mailbox Data

    What a Local Administrator should do if access is needed to data in an NHSmail account where the user is unavailable or unable to give permission for access

  • Patient Identifiable Data (PID) should only be exchanged electronically when encrypted. NHSmail email sent to secure domains is automatically encrypted and complies with the pan-government secure email standard. NHSmail is accredited to the Health and Social Care secure email standard and is suitable for sharing patient identifiable and sensitive information.

    When sending emails outside of NHSmail, use [secure] at the start of the email subject. [Secure] is not case sensitive. The NHSmail service will assess whether encryption is required.
    • If the domain the email is being sent to is accredited, the email will be sent securely and no further encryption is required.
    • If the domain the email is being sent to is not accredited, and therefore insecure, the NHSmail service will programmatically enforce the use of the encryption tool to protect the email data. The recipient will need to log into the Trend Encryption Micro portal to unencrypt the email before it can be read.

    NHSmail works with the Government Digital Service (GDS) to regularly update the list of accredited domains regularly

    Guidance is available on how to use the NHSmail encryption service.

    There is a sharing sensitive information guide which details how patient identifiable data should be securely exchanged.

    Sending to legacy secure government domains

    Email sent to legacy secure government domains listed below will automatically be sent securely and directly to the recipient’s email system:

    *.gcsx.gov.uk for local government

    *.gsi.gov.uk and *.gsx.gov.uk for central government

    *.cjsm.net and *.pnn.police.uk for Police/Criminal Justice

    *.mod.uk for Ministry of Defence

    Note the legacy local and central government email domains (gcsx.gov.uk, gsi.gov.uk and gsx.gov.uk) will slowly stop being used and then switched off completely in March 2019, as all local and central government organisations migrate to using .gov.uk email addresses for all email communication as they adopt the government secure email standard.

  • Accessing Encrypted Emails Guide

    Guidance for recipients of encrypted emails sent from an NHSmail account including: opening and reading encrypted emails and sending an encrypted reply

  • Encryption Guide for Senders

    Guidance on how to use the NHSmail encryption service to send encrypted emails to people not using NHSmail

  • Windows XP users on NHSmail

    If using Microsoft software to access NHSmail, only access from Microsoft software in mainstream or extended support is assured. NHSmail does not support access from products that have ended extended support, even where an organisation may have taken out a custom support agreement. Any use of XP, or indeed any other unsupported product, is done so at your own risk and has no guarantee that it will work with NHSmail.

  • Applications Guide

    Guidance to ensure your applications meet the supported NHSmail protocols

  • Cyber Security Guide

    Guidance on how to keep your account and the NHSmail service safe and secure from common cyber threats including: spam, junk, spoofing and phishing

  • Email Gateway / Relay Service

    Frequently asked questions (FAQs), general information and guidance on the Email Gateway / Relay Service provided by NHSmail.

  • Finding your Local Administrator LA

    Guidance on how to find out the contact details of Local Administrator within your organisation.

  • Licensing Guide

    This document provides an overview of the local organisation licensing requirements for NHSmail in England and Scotland.

  • Managing your mailbox quota

    Guidance on how to ensure you do not breach your mailbox quota and ensure your account is not prevented from receiving or sending email.

  • Mobile Configuration Guide

    Guidance on how to access the NHSmail service via your mobile device

  • Sub-domain Branding Guide

    Frequently asked questions (FAQs) about sub-domain branding of users accounts.