NHSmail is a centrally funded and managed secure email and communications service which is approved by the NHS for exchanging patient data.
The NHSmail service is available anywhere, over either the NHS N3 network or the open internet. The service can be viewed through a free web based client or alternatively pharmacies can choose to connect the service to a local email client they have purchased, for example Microsoft Outlook.
The key benefit of the service is its security, which means it can be used for transmission of patient information between health professionals. Examples of the types of information that can be transmitted through the service include patient MUR information and hospital discharge communications.
For a number of years, community pharmacies in England have been able to request a shared NHSmail account. To access a shared NHSmail mailbox, users must have their own personal NHSmail address which is linked to the shared mailbox. This is to allow different staff members to access the mailbox without sharing of login details.
NHSmail website NHSmail national helpdesk: 0333 200 1133
firstname.lastname@example.org (emails go directly to the national NHSmail team managing pharmacy accounts)
Quality Accounts, NUMSAS & how to get an NHSmail account
Having an NHSmail account is now a gateway criterion for the Quality Payments scheme and it is also necessary for any pharmacy that wishes to provide the NHS Urgent Medicine Supply Advanced Service (NUMSAS); both of these were introduced in December 2016.
In December 2016, NHS England and NHS Digital decided to introduce an interim approach to allocation of NHSmail accounts to pharmacies and Local Organisation Administrators (the local NHS managers of NHSmail) were told that they should no longer provide new NHSmail accounts to pharmacies. The new national process is in development and further details are expected to be released shortly.
Obtaining an NHSmail account for NUMSAS
If a pharmacy contractor wishes to obtain a shared NHSmail mailbox to allow them to provide NUMSAS, they should contact their local NHS England team, who will provide them with a link to a Citizen Space online form, via which a request for an account can be made.
All applications for NHSmail accounts to allow the provision of NUMSAS, which have previously been submitted to local NHS England teams, should be processed shortly; there is no need for contractors to re-apply for an account via the Citizen Space online form.
For any applications submitted via the above two routes before the end of May 2017, accounts should be setup by 7th June 2017 at the latest.
Obtaining an NHSmail account to meet the requirements of the Quality Payments scheme
If a pharmacy contractor has not asked for an NHSmail account in order to provide NUMSAS, and the pharmacy contractor applied for an NHSmail account by 1st February 2017 (by sending the previously specified details by email to email@example.com) to meet the Quality Payment criteria, the request has been recorded by NHS Digital and in May 2017, this group of contractors are expected to be sent an email request asking them to provide further information to NHS Digital to allow the creation of their NHSmail account(s). Pharmacy contractors will be asked to provide this further information via a new NHSmail registration portal.
If your pharmacy applied for an NHSmail account after 1st February 2017 (e.g. using the NHSmail registration email address), or is yet to apply, you will be able to do so during summer 2017 using the new NHSmail registration portal.
Arrangements to allow pharmacy multiples to centrally manage the rollout of NHSmail access are described on the NHSmail registration webpage.
NHSmail access for pharmacy locums
If a pharmacy locum requires an NHSmail account in order to be able to access a shared mailbox to provide NUMSAS, an NHSmail account can be requested on behalf the locum by the pharmacy contractor providing NUMSAS. If pharmacy locum requires an NHSmail account, but not to allow them to provide NUMSAS, they should await the launch of the new NHSmail registration portal in summer 2017.
Already have an NHSmail account for your pharmacy?
Some pharmacies already have an NHSmail account for their pharmacy. This may be a shared mailbox, which users log into using a personal NHSmail account (i.e. the shared mailbox cannot be logged into directly), or it may be an NHSmail account which has been created for the pharmacy using a personal NHSmail account. NHS England and NHS Digital want all pharmacies to have shared mailboxes which can only be accessed by authorised users who log in using their personal NHSmail account.
If you already have a shared mailbox – NHS Digital will put in place a process later in 2017 to ensure all such shared mailboxes are modified so that they conform to the approach now being taken to creating new pharmacy shared mailboxes. Further details on this process will be released in due course.
If you already have a pharmacy NHSmail account, but it is not a shared mailbox – follow the above process to request a shared mailbox. NHS Digital will publish guidance on what should be done with your existing NHSmail account in due course.
NHS Digital has developed a guide which explains how to make use of NHSmail: Guide for Community Pharmacies using NHSmail (March 2017). This guide includes information about:
- logging in;
- the Shared Mailbox Owner;
- email signatures;
- setting auto responses;
- what to do if your name changes;
- training links;
- forgotten password process;
- locked account process;
- using the NHS Directory to find people; and
- service status.
Q. How do I activate my personal NHSmail account?
Once you have received your username (sent to the email address which you registered with) and the temporary password sent to your mobile phone number, you can activate your account by:
- Navigating to nhs.net;
- Clicking the login button;
- Entering your NHSmail username; then
- Typing the password sent to your mobile phone.
More information on how to activate your account is available in Guide for Community Pharmacies using NHSmail (March 2017).
Q. I have not received a password for my pharmacy’s shared mailbox; how do activate the shared mailbox?
You do not need to activate a shared mailbox and you will not receive a password for a shared mailbox, because all authorised users of the shared mailbox access the mailbox using their personal NHSmail account.
Q. I need more than three individual NHSmail accounts to link to the shared NHSmail mailbox to ensure I always have someone working who is able to access the account; how do I get more than three individuals accounts?
Your local NHS England team will be able to authorise more than 3 accounts to access the shared mailbox, but they will only do this where this is requested with a valid reason for needing them.
Q. I’m an extended hours pharmacy; how many people can access the shared mailbox in my pharmacy?
There is no restriction on the number of users who can be given access to a shared mailbox via their personal NHSmail account.
Q. Do I need a password to use my NHSmail account?
Yes, every user requires their own username and password to access NHSmail for both their personal and any shared mailbox they have been authorised to access.
Q. I have received details of the pharmacy’s shared NHSmail account but not my personal NHSmail account. What do I do?
If you have received details of your shared NHSmail account and not your personal NHSmail account, you should email firstname.lastname@example.org, explaining the issue and providing your first name and surname, the pharmacy’s ODS code (F code) and the email address of the pharmacy shared mailbox.
Q. I have received details of my personal NHSmail account but not the pharmacy’s shared NHSmail account. What do I do?
If you have received details of your personal NHSmail account and not your shared NHSmail account, you should email email@example.com, explaining the issue and providing your first name and surname and pharmacy’s ODS code (F code).
Q. I am an independent contractor who applied for a shared NHSmail account in January and I’ve yet not received my account.
If your pharmacy applied for an NHSmail account before 1st February 2017, in order to meet the Gateway criteria of the Quality Payments Scheme, your request has been recorded and you will receive an invitation to complete your registration during May 2017.
Q. If I email firstname.lastname@example.org how quickly will I get a response?
The Pharmacy admin team will endeavour to respond to your enquiry as soon as possible. The Pharmacy service desk is available between 9am – 5pm Monday – Friday excluding bank holidays and can be contacted at email@example.com.
Outside of these hours, simple tasks like password resets can be performed by the NHSmail National Service Desk (0333 200 1133). More complex tasks, that arise out of hours, can be logged by emailing firstname.lastname@example.org or by calling the National Service Desk (0333 200 1133) and these issues will be dealt with by the Pharmacy admin team when they are next available.
Q. Once I have my shared NHSmail account, how do I register to provide NUMSAS?
Once you have your pharmacy’s shared NHSmail account, you can proceed to registering to provide NUMSAS on the NHS BSA website. You must register using your pharmacy’s shared NHSmail account (including the NHSPharmacy prefix at the beginning of your email address) NOT your personal NHSmail account; if a personal NHSmail account is used to register to provide the service, your application will not be processed.
Q. What is the process for locum pharmacists wishing to obtain an NHSmail account because of the NUMSAS pilot?
NHSmail accounts can be requested by a pharmacy participating in the NUMSAS pilot – including for their locum pharmacists. If you require an NHSmail account outside of the NUMSAS roll out process you will need to wait until the new national process is available.
Q. A regular member of staff in my pharmacy has an individual NHSmail account; does this mean my pharmacy will meet the Quality Payments Scheme Gateway criterion for NHSmail?
Yes, if a regular member of staff in your pharmacy has an individual NHSmail account, which allows them to send and receive NHSmail, then your pharmacy will meet the NHSmail gateway criterion. However, PSNC strongly recommends that contractors should still apply for a premises specific shared NHSmail account. Using individual NHSmail accounts could mean that contractors face information governance (IG) challenges, for example, if a pharmacy manager resigned from working at a contractor’s pharmacy, the contractor would not be able to access any of the emails in the pharmacist manager’s personal NHSmail account, relating to their pharmacy.
Q. My pharmacy has an NHSmail account previously set up by the NHS Local Organisation Administrator, but it was not created as a shared mailbox. Is this sufficient to meet the gateway criterion of pharmacy staff being able to send and receive NHS mail?
NHS England and NHS Digital want all pharmacies to have shared mailboxes which can only be accessed by authorised users who log in using their personal NHSmail account. Since NHSmail accounts are likely to contain patient sensitive information, sharing log-in information (such as passwords) for NHSmail accounts with pharmacy team members would constitute a breach of NHS Information Governance requirements. Any pharmacies with such an account should request a new shared mailbox, however for the purposes of the Gateway criterion, the existing NHSmail account will meet the requirement.
More FAQs on Quality Payments can be found on the Quality Payments – FAQs page of the PSNC website.
Practical considerations related to use of NHSmail
There are a range of points that need to be considered when planning how NHSmail accounts should be used. The following issues to consider have been collated from feedback from pharmacists that have already used NHSmail.
- How often will the account be checked? Email is a useful additional communication channel, but if the information being communicated to the pharmacy is time sensitive, the pharmacy must have procedures in place to ensure email is checked on a frequent basis;
- NHSmail supports the sending of attachments – problems can sometimes arise when attachments are sent to the pharmacy to view or edit, but the pharmacy doesn’t have the necessary software on their computer to support this. As there is a risk that unapproved software could interfere with the operation of a PMR system or invalidate a pharmacy’s maintenance contract with their supplier, it is important to check with suppliers before loading software on to pharmacy computers;
- Links in emails to external websites – many pharmacies have strict controls on what websites can be accessed from the pharmacy computer. In some cases staff can only access a list of sites that have been pre-approved by a company Head Office;
- Managing access rights – who will have access to the shared mailbox and how will this access be managed? What processes are in place to ensure access rights are maintained when there are staff changes?
- Storing information received – storing records of clinical communications is important for clinical governance reasons. NHSmail is designed to support the transfer of information, not the storage of information. Whilst some information could be copied across to the notes in the patient’s pharmacy record, particular consideration will need to be given to how attached documents are stored (including arrangements for data back-up and appropriate access controls);
- Sending patient information – NHSmail is the only NHS approved method for exchanging patient data by email, but only if both sender and recipient use an NHSmail account or if sending to another government secure domain such as GSi (*.gsi.gov.uk) or CJX (*.police.uk or .pnn.police.uk). In addition to ensuring the recipient account is secure, it is important to check that the recipient is prepared to accept the information by email, check that information is being sent to the correct email address and indicate the sensitive nature of data in the header;
- Information Governance – appropriate information governance procedures need to be put in place if NHSmail is used to transfer sensitive information. As NHSmail can be accessed anywhere, it is not possible to limit access rights to a particular location, for example from within a pharmacy. Also NHSmail can be linked to a wide range of mobile devices – if this option is used, provision needs to be made for the event that they are stolen or lost, for example a process to activate self-wipe capability. Approaches by which safeguards around the use of NHSmail could be integrated into existing IG resources required for compliance with the NHS Information Governance Toolkit include:
- Outlining the expectations on staff use of NHSmail in the pharmacy confidentiality code of conduct (Requirement 214).
- Outlining how personal information will be handled if received by email, for example in the pharmacy’s safe haven procedures (Requirement 322).
- Providing guidance on the use of NHSmail in the pharmacy’s data transfer procedures (Requirement 322).
- Where the service is accessed from mobile devices, providing additional guidelines for staff on mobile computing (Requirement 318).
- General guidance on the NHS Information Governance requirements can be found in the NHS IG section of this website.
- Regulatory information in business letters – a requirement was introduced by the Companies (Registrar, Languages and Trading Disclosures) Regulations 2006 for companies in the UK to include certain regulatory information (e.g. company registration number, place of registration and registered office address) in their ‘business letters’ (which includes emails). In October 2009, similar requirements were introduced for sole traders and partnerships (with special provision for partnerships of more than 20 persons) and Limited Liability Partnerships. Although individuals can set up personal ‘email signatures’ in NHSmail, there is no way at present, via the NHSmail service to set up an automatic footer/signature stamp so that a company can ensure all emails sent by their employees contain the necessary information. Failure to include the information required in the Regulations would be a breach of the Companies Act 1985, and could render companies liable to a substantial fine.
Future developments related to NHSmail
Skype for Business Messaging (via NHSmail)
In the future community pharmacy staff may be able to “instant message” other NHSmail users via Skype for Business, for free, as part of the core NHSmail service.
For example, this could allow community pharmacy staff to communicate / instant message with:
- Staff from other community pharmacies;
- GP practice staff; or
- Care Home staff.
Audio & Video Conferencing (top-up service for NHSmail users)
Such a service may allow the ability to make audio/video calls and host conferences without telephone dial-in.
The Skype for Business Audio and Video Conferencing (A&VC) offering is anticipated to be available as a top-up service by April 2017.
Proof of concept pilots with a small group of organisations are currently running, with the aim of validating a number of use cases, including:
- Virtual multi-disciplinary team meetings;
- Virtual clinical peer to peer meetings; and
- Virtual consultations with patients.