NHSmail is a centrally funded and managed secure email service which is approved by the NHS for exchanging patient data.
The NHSmail service is available anywhere, over either the NHS N3 network or the open internet. The service can be viewed through a free web based client or alternatively pharmacies can choose to connect the service to a local email client they have purchased, for example Microsoft Outlook.
The key benefit of the service is its security, which means it can be used for transmission of patient information between health professionals. Examples of the types of information that can be transmitted through the service include patient MUR information and hospital discharge communications.
For a number of years, community pharmacies in England have been able to request a shared NHSmail account. To access a shared NHSmail mailbox, users must have their own personal NHSmail address which is linked to the shared mailbox. This is to allow different staff members to access the mailbox without sharing of login details.
Quality Accounts & how to get an NHSmail account (December 2016)
Having an NHSmail account is now a gateway criterion for the Quality Payments scheme and it is also necessary for any pharmacy that wishes to provide the NHS Urgent Medicine Supply Advanced Service (NUMSAS); both of these were introduced in December 2016.
From 1st December 2016, NHS England and NHS Digital decided to introduce a new central approach to allocation of NHSmail accounts to pharmacies and Local Organisation Administrators (the local NHS managers of NHSmail) were told that they should no longer provide new NHSmail accounts to pharmacies.
Quality Payments – Requesting an NHSmail account for your pharmacy
Community pharmacy contractors that wish to take part in the Quality Payments Scheme must:
- have an NHSmail account for their pharmacy by the review points (28th April 2017 and 24th November 2017) at which they wish to make a Quality Payments Scheme claim; or
- for the purposes of the 28th April 2017 review point, have evidence that they have applied for an NHSmail account by 1st February 2017.
NHS England and NHS Digital announced on 21st December 2016 that contractors that wish to apply for an NHSmail account for their pharmacy, to meet the requirement in point 2 above, can do so by emailing the following information to firstname.lastname@example.org (by 1st February 2017):
- Trading name of pharmacy;
- Owner’s name;
- Address, including postcode (for the premises the NHSmail address will apply to);
- Pharmacy ODS code (F code);
- Pharmacy telephone number; and
- Current pharmacy email address.
Contractors with multiple pharmacies may submit this information via one email, providing details for each pharmacy premises; this spreadsheet template can be used for collating the information on individual pharmacies within a group. For this reason, pharmacy teams working within multiple pharmacy groups may want to check with their head office before requesting an NHSmail address for their pharmacy.
Provision of new NHSmail accounts
The provision of new NHSmail accounts to pharmacies will be phased in line with NHS England’s plans for the roll out of the NUMSAS:
Phase 1 – December 2016 – Brighton and Hove CCG; Guildford and Waverley CCG; Blackpool CCG and Fylde and Wyre CCG; Nottingham City CCG; Cambridgeshire and Peterborough CCG
Phase 2 – January 2017 – East of England; North East; North West
Phase 3 – February 2017 – South East Coast; West Midlands; East Midlands; South West
Phase 4 – March 2017 – London; Yorkshire and Humber; South Central; Isle of Wight
To enable pharmacies in the Phase 1 areas to be able to register to provide the NUMSAS, an interim centralised approach was used to issue NHSmail accounts; pharmacies in the Phase 1 areas should have been contacted by their local NHS England teams to invite them to register for NHSmail mailboxes in early December.
Next steps from January 2017
In January 2017, further details will be requested from contractors that have submitted a request for an NHSmail account, in order to allow the creation of a pharmacy shared NHSmail account and individual NHSmail accounts for staff, including regular locum staff, that will be needed to access the pharmacy’s shared NHSmail account.
Already have an NHSmail account for your pharmacy?
Some pharmacies already have an NHSmail account for their pharmacy. This may be a shared mailbox, which users log into using a personal NHSmail account, or it may be an NHSmail account which has been created for the pharmacy using a personal NHSmail account. NHS England and NHS Digital want all pharmacies to have shared mailboxes which can only be accessed by authorised users who log in using their personal NHSmail account.
If you already have a shared mailbox – NHS Digital will put in place a process in 2017 to ensure all such shared mailboxes are modified so that they conform to the approach now being taken to creating new pharmacy shared mailboxes. Further details on this process will be released in due course – no action needs to be taken by contractors with an existing shared mailbox at this time.
If you already have a pharmacy NHSmail account, but it is not a shared mailbox – follow the above process to request a shared mailbox. NHS Digital will publish guidance on what should be done with your existing NHSmail account in due course.
There are a range of things that need to be considered when deciding whether to request an NHSmail account and in considering how the accounts should be used. The following issues to consider have been collated from feedback from pharmacists that have used the service.
- How often will the account be checked? Email can be a useful additional communication channel, but if the information being communicated to the pharmacy is time sensitive, the pharmacy must have procedures in place to ensure email is checked on a frequent basis;
- NHSmail supports the sending of attachments – problems can sometimes arise when attachments are sent to the pharmacy to view or edit, but the pharmacy doesn’t have the necessary software on their computer to support this. As there is a risk that unapproved software could interfere with the operation of a PMR system or invalidate a pharmacy’s maintenance contract with their supplier, it is important to check with suppliers before loading software on to pharmacy computers;
- Links in emails to external websites – many pharmacies have strict controls on what websites can be accessed from the pharmacy computer. In some cases staff can only access a list of sites that have been pre-approved by a company Head Office;
- Managing access rights – who will have access to the shared mailbox and how will this access be managed? What processes are in place to ensure access rights are maintained when there are staff changes?
- Storing information received – storing records of clinical communications is important for clinical governance reasons. NHSmail is designed to support the transfer of information, not the storage of information. Whilst some information could be copied across to the notes in the patient’s pharmacy record, particular consideration will need to be given to how attached documents are stored (including arrangements for data back-up and appropriate access controls);
- Sending patient information – NHSmail is the only NHS approved method for exchanging patient data by email, but only if both sender and recipient use an NHSmail account or if sending to another government secure domain such as GSi (*.gsi.gov.uk) or CJX (*.police.uk or .pnn.police.uk). In addition to ensuring the recipient account is secure, it is important to check that the recipient is prepared to accept the information by email, check that information is being sent to the correct email address and indicate the sensitive nature of data in the header;
- Information Governance – appropriate information governance procedures need to be put in place if NHSmail is used to transfer sensitive information. As NHSmail can be accessed anywhere, it is not possible to limit access rights to a particular location, for example from within a pharmacy. Also NHSmail can be linked to a wide range of mobile devices – if this option is used, provision needs to be made for the event that they are stolen or lost, for example a process to activate self-wipe capability. Approaches by which safeguards around the use of NHSmail could be integrated into existing IG resources required for compliance with the NHS Information Governance Toolkit include:
- Outlining the expectations on staff use of NHSmail in the pharmacy confidentiality code of conduct (Requirement 214).
- Outlining how personal information will be handled if received by email, for example in the pharmacy’s safe haven procedures (Requirement 322).
- Providing guidance on the use of NHSmail in the pharmacy’s data transfer procedures (Requirement 322).
- Where the service is accessed from mobile devices, providing additional guidelines for staff on mobile computing (Requirement 318).
- General guidance on the NHS Information Governance requirements can be found in the NHS IG section of this website.
- Regulatory information in business letters – a requirement was introduced by the Companies (Registrar, Languages and Trading Disclosures) Regulations 2006 for companies in the UK to include certain regulatory information (e.g. company registration number, place of registration and registered office address) in their ‘business letters’ (which includes emails). In October 2009, similar requirements were introduced for sole traders and partnerships (with special provision for partnerships of more than 20 persons) and Limited Liability Partnerships. Although individuals can set up personal ‘email signatures’ in NHSmail, there is no way at present, via the NHSmail service to set up an automatic footer/signature stamp so that a company can ensure all emails sent by their employees contain the necessary information. Failure to include the information required in the Regulations would be a breach of the Companies Act 1985, and could render companies liable to a substantial fine.
NHSmail national helpdesk: 0333 200 1133