NHSmail is a centrally funded and managed secure email and communications service which is approved by the NHS for exchanging patient data.
The NHSmail service is available anywhere, over either the NHS N3 network or the open internet. The service can be viewed through a free web based client or alternatively pharmacies can choose to connect the service to a local email client they have purchased, for example Microsoft Outlook.
The key benefit of the service is its security, which means it can be used for transmission of patient information between health professionals. Examples of the types of information that can be transmitted through the service include patient MUR information and hospital discharge communications.
For a number of years, community pharmacies in England have been able to request a shared NHSmail account. To access a shared NHSmail mailbox, users must have their own personal NHSmail address which is linked to the shared mailbox. This is to allow different staff members to access the mailbox without sharing of login details.
NHSmail website NHSmail national helpdesk: 0333 200 1133
firstname.lastname@example.org (emails go directly to the national NHSmail team managing pharmacy accounts)
Quality Accounts, NUMSAS & how to get an NHSmail account
Having an NHSmail account is now a gateway criterion for the Quality Payments scheme and it is also necessary for any pharmacy that wishes to provide the NHS Urgent Medicine Supply Advanced Service (NUMSAS); both of these were introduced in December 2016.
Obtaining an NHSmail account for NUMSAS – If a pharmacy contractor wishes to obtain a shared NHSmail mailbox to allow them to provide NUMSAS, they should contact their local NHS England team, who will provide them with a link to a Citizen Space online form, via which a request for an account can be made.
Obtaining an NHSmail account to meet the requirements of the Quality Payments scheme – If a pharmacy contractor has not asked for an NHSmail account in order to provide NUMSAS and the pharmacy contractor applied for an NHSmail account by 1st February 2017 (by sending the previously specified details by email to email@example.com) to meet the Quality Payment criteria, the request has been recorded by NHS Digital.
In late June 2017, NHS Digital launched a portal website via which this group of contractors will be asked to provide further details in order that an email account can be created for their pharmacy. Following the launch of the portal website, NHS Digital has started to email contractors to ask them to visit the portal, in order to complete the process to obtain an email account. Contractors should expect to receive an email from NHS Digital over the next few weeks.
If your pharmacy applied for an NHSmail account after 1st February 2017 (e.g. using the NHSmail registration email address), or is yet to apply, you will be able to do so during summer 2017 using the new NHSmail registration portal;
Pharmacy Multiples – Arrangements to allow pharmacy multiples to centrally manage the rollout of NHSmail access are described on the NHSmail registration webpage.
NHSmail access for pharmacy locums – If a pharmacy locum requires an NHSmail account in order to be able to access a shared mailbox to provide NUMSAS, an NHSmail account can be requested on behalf the locum by the pharmacy contractor providing NUMSAS. If pharmacy locum requires an NHSmail account, but not to allow them to provide NUMSAS, they should await the launch of the new NHSmail registration portal in summer 2017.
Already have an NHSmail account for your pharmacy?
Some pharmacies already have an NHSmail account for their pharmacy. This may be a shared mailbox, which users log into using a personal NHSmail account (i.e. the shared mailbox cannot be logged into directly), or it may be an NHSmail account which has been created for the pharmacy using a personal NHSmail account. NHS England and NHS Digital want all pharmacies to have shared mailboxes which can only be accessed by authorised users who log in using their personal NHSmail account.
If you already have a shared mailbox – NHS Digital will put in place a process later in 2017 to ensure all such shared mailboxes are modified so that they conform to the approach now being taken to creating new pharmacy shared mailboxes. Further details on this process will be released in due course.
If you already have a pharmacy NHSmail account, but it is not a shared mailbox – follow the above process to request a shared mailbox. NHS Digital will publish guidance on what should be done with your existing NHSmail account in due course.
NHS Digital has developed a guide which explains how to make use of NHSmail: Guide for Community Pharmacies using NHSmail (June 2017). This guide includes information about:
- logging in;
- the Shared Mailbox Owner;
- email signatures;
- setting auto responses;
- what to do if your name changes;
- training links;
- forgotten password process;
- locked account process;
- using the NHS Directory to find people; and
- service status.
Q. How do I activate my personal NHSmail account?
Once you have received your username (sent to the email address which you registered with) and the temporary password sent to your mobile phone number, you can activate your account by:
- Navigating to nhs.net;
- Clicking the login button;
- Entering your NHSmail username; then
- Typing the password sent to your mobile phone.
More information on how to activate your account is available in Guide for Community Pharmacies using NHSmail (March 2017).
Q. I have not received a password for my pharmacy’s shared mailbox; how do activate the shared mailbox?
You do not need to activate a shared mailbox and you will not receive a password for a shared mailbox, because all authorised users of the shared mailbox access the mailbox using their personal NHSmail account.
Q. I need more than three individual NHSmail accounts to link to the shared NHSmail mailbox to ensure I always have someone working who is able to access the account; how do I get more than three individuals accounts?
Your local NHS England team will be able to authorise more than 3 accounts to access the shared mailbox, but they will only do this where this is requested with a valid reason for needing them.
Q. I’m an extended hours pharmacy; how many people can access the shared mailbox in my pharmacy?
There is no restriction on the number of users who can be given access to a shared mailbox via their personal NHSmail account.
Q. Do I need a password to use my NHSmail account?
Yes, every user requires their own username and password to access NHSmail for both their personal and any shared mailbox they have been authorised to access.
You will need to ensure your account remains active by changing your password at least every 90 days otherwise it may be de-activated or removed from the service.
Q. I have received details of the pharmacy’s shared NHSmail account but not my personal NHSmail account. What do I do?
If you have received details of your shared NHSmail account and not your personal NHSmail account, you should email firstname.lastname@example.org, explaining the issue and providing your first name and surname, the pharmacy’s ODS code (F code) and the email address of the pharmacy shared mailbox.
Q. I have received details of my personal NHSmail account but not the pharmacy’s shared NHSmail account. What do I do?
If you have received details of your personal NHSmail account and not your shared NHSmail account, you should email email@example.com, explaining the issue and providing your first name and surname and pharmacy’s ODS code (F code).
Q. I am an independent contractor who applied for a shared NHSmail account in January and I’ve yet not received my account.
If your pharmacy applied for an NHSmail account before 1st February 2017, in order to meet the Gateway criteria of the Quality Payments Scheme, your request has been recorded and you should receive an invitation to complete your registration during summer 2017.
Q. If I email firstname.lastname@example.org how quickly will I get a response?
The Pharmacy admin team will endeavour to respond to your enquiry as soon as possible. The Pharmacy service desk is available between 9am – 5pm Monday – Friday excluding bank holidays and can be contacted at email@example.com.
Outside of these hours, simple tasks like password resets can be performed by the NHSmail National Service Desk (0333 200 1133). More complex tasks, that arise out of hours, can be logged by emailing firstname.lastname@example.org or by calling the National Service Desk (0333 200 1133) and these issues will be dealt with by the Pharmacy admin team when they are next available.
Q. Once I have my shared NHSmail account, how do I register to provide NUMSAS?
Once you have your pharmacy’s shared NHSmail account, you can proceed to registering to provide NUMSAS on the NHS BSA website. You must register using your pharmacy’s shared NHSmail account (including the NHSPharmacy prefix at the beginning of your email address) NOT your personal NHSmail account; if a personal NHSmail account is used to register to provide the service, your application will not be processed.
Q. What is the process for locum pharmacists wishing to obtain an NHSmail account because of the NUMSAS pilot?
NHSmail accounts can be requested by a pharmacy participating in the NUMSAS pilot – including for their locum pharmacists. If you require an NHSmail account outside of the NUMSAS roll out process you will need to wait until the new national process is available.
Q. A regular member of staff in my pharmacy has an individual NHSmail account; does this mean my pharmacy will meet the Quality Payments Scheme Gateway criterion for NHSmail?
Yes, if a regular member of staff in your pharmacy has an individual NHSmail account, which allows them to send and receive NHSmail, then your pharmacy will meet the NHSmail gateway criterion. However, PSNC strongly recommends that contractors should still apply for a premises specific shared NHSmail account. Using individual NHSmail accounts could mean that contractors face information governance (IG) challenges, for example, if a pharmacy manager resigned from working at a contractor’s pharmacy, the contractor would not be able to access any of the emails in the pharmacist manager’s personal NHSmail account, relating to their pharmacy.
Q. My pharmacy has an NHSmail account previously set up by the NHS Local Organisation Administrator, but it was not created as a shared mailbox. Is this sufficient to meet the gateway criterion of pharmacy staff being able to send and receive NHS mail?
NHS England and NHS Digital want all pharmacies to have shared mailboxes which can only be accessed by authorised users who log in using their personal NHSmail account. Since NHSmail accounts are likely to contain patient sensitive information, sharing log-in information (such as passwords) for NHSmail accounts with pharmacy team members would constitute a breach of NHS Information Governance requirements. Any pharmacies with such an account should request a new shared mailbox, however for the purposes of the Gateway criterion, the existing NHSmail account will meet the requirement.
Q. What to do if you are moving to another community pharmacy or leaving pharmacy altogether?
If you are leaving your pharmacy you will need to notify the shared mailbox owner who will remove your NHSmail account from the shared mailbox for the pharmacy that you are leaving. Your NHSmail account can be added to any new community pharmacy that you join by contacting the shared mailbox owner for that site. If you are the shared mailbox owner you will need to contact the national helpdesk desk at email@example.com or by calling 0333 200 1133 and ask for your permissions to be removed from the shared mailbox and advise who should now be added as the shared mailbox owner.
If you are leaving the pharmacy sector or not taking up a new role at another community pharmacy, please contact the pharmacy national helpdesk at firstname.lastname@example.org who will mark your account as a ‘leaver’. Your account will be permanently deleted after 30 days.
Pharmacy team members that transfer from a community pharmacy to clinical pharmacy roles with an NHS Organisation can transfer their NHSmail account to their new role by asking the NHSmail Local Administrator in their new organisation to mark their account as a ‘joiner’. This must be done within 30 days of the account being marked as a ‘leaver’ to ensure it is not deleted.
Note: NHSmail accounts that are marked as ‘leavers’ are permanently deleted after 30 days if no new organisation is identified. Additionally, NHSmail accounts that are not utilised for 90 days are de-activated and will be permanently deleted after a further 90 days.
Q. What to do if you are joining a community pharmacy and require an NHSmail account?
If you are joining a community pharmacy and already have an NHSmail account you will need to ask the shared mailbox owner to add your account to the premises shared mailbox. If you do not have an NHSmail account you will need to inform the shared mailbox owner. If the pharmacy has less than 3 user accounts the shared mailbox owner will need to contact the pharmacy national helpdesk at email@example.com to ask for your account to be created. You will need to provide the shared mailbox owner with your personal mobile phone number as your password will be sent to you via a text message. For further information on the use of mobile phone numbers see the Guide for community pharmacies using NHSmail.
If your pharmacy already has three user accounts the shared mailbox owner will need to email your NHS England local area team with reasons for why more than 3 accounts are required and ask them if they are happy to approve your additional account. If your additional request is approved NHS England will need to email the pharmacy national helpdesk at firstname.lastname@example.org stating that your additional account has been approved and ask for the account to be created. Again, you will need to provide your personal mobile phone number as your password will be sent to you via a text message.
Q. Why is my mobile phone number needed to set up my account?
A mobile phone number needs to be provided when applying for an NHSmail account as temporary passwords are sent via a text message.
When you log in to your account for the first time you are asked to accept the Acceptable UsePolicy (AUP). At this stage you will also be asked to set up security questions. These are required as you will need to be able to answer these questions if you are locked out of your account or have forgotten your password so that you can perform a self-service password reset. If you require a password reset and are unable to answer your security questions (or have not set them up yet) the helpdesk will use your mobile phone number to authenticate you.
Please note the mobile phone number provided as part of your NHSmail application is automatically added to the NHSmail directory but you can opt for this to not be visible. Guidance on how to do this is available in the Guide for Community Pharmacies using NHSmail.
It is not recommended that you remove your mobile phone number as this will be used by the helpdesk as part of the authentication checks. Please ensure your mobile phone number remains up to date.
Q. What if I forget my password, am unable to answer my security questions and do not have a mobile phone number which can be used as authentication?
You will need to speak to the shared mailbox owner of your premises account and they will need to contact the helpdesk to confirm they can authenticate you and ask them to reset your password. The national helpdesk will ask the shared mailbox owner to confirm the mobile phone number for the temporary password to be sent to. It is the responsibility of the shared mailbox owner to ensure local validation checks on individuals have been completed.
Q. I am a shared mailbox owner, what is my mobile phone number used for?
Shared mailbox owners are required to supply a mobile phone number that they have access to and be the primary point of contact for the national helpdesk to liaise with if another user in your branch forget their password and are unable to answer their security questions and do not have a mobile phone number that cannot be used as part of the authentication process.
Q. What if I cannot take my mobile phone to work?
If you are unable to take your mobile phone to work and are therefore unable to activate your account from a work computer you can log into your account for the first time from a home computer. You will receive an email to your personal email address which you supplied when registering which will contain your new email address and instructions on how to log into your account. If you do not have a home computer or the Internet you can make a note of your password and set up your account when you are at work. However, it is recommended that you have your mobile phone on you when signing into your account for the first time as the password will contain a mix of different characters and upper and lower case letters.
Q. What do I need to do if my pharmacy already has a shared mailbox sponsored by another organisation?
We are unable to change the format of your current shared mailbox. You will need to apply for a new shared mailbox. On your application please provide the email addresses of your current NHSmail user accounts so these can be linked to the new shared mailbox to prevent duplicate user accounts from being created.
Once your new shared mailbox has been created please contact the Local Administrator of your sponsoring organisation to inform them that you have received a new shared mailbox via the national process and they can delete your old shared mailbox.
More FAQs on Quality Payments can be found on the Quality Payments – FAQs page of the PSNC website.
Practical considerations related to use of NHSmail
There are a range of points that need to be considered when planning how NHSmail accounts should be used. The following issues to consider have been collated from feedback from pharmacists that have already used NHSmail.
- How often will the account be checked? Email is a useful additional communication channel, but if the information being communicated to the pharmacy is time sensitive, the pharmacy must have procedures in place to ensure email is checked on a frequent basis;
- NHSmail supports the sending of attachments – problems can sometimes arise when attachments are sent to the pharmacy to view or edit, but the pharmacy doesn’t have the necessary software on their computer to support this. As there is a risk that unapproved software could interfere with the operation of a PMR system or invalidate a pharmacy’s maintenance contract with their supplier, it is important to check with suppliers before loading software on to pharmacy computers;
- Links in emails to external websites – many pharmacies have strict controls on what websites can be accessed from the pharmacy computer. In some cases staff can only access a list of sites that have been pre-approved by a company Head Office;
- Managing access rights – who will have access to the shared mailbox and how will this access be managed? What processes are in place to ensure access rights are maintained when there are staff changes?
- Storing information received – storing records of clinical communications is important for clinical governance reasons. NHSmail is designed to support the transfer of information, not the storage of information. Whilst some information could be copied across to the notes in the patient’s pharmacy record, particular consideration will need to be given to how attached documents are stored (including arrangements for data back-up and appropriate access controls);
- Sending patient information – NHSmail is the only NHS approved method for exchanging patient data by email, but only if both sender and recipient use an NHSmail account or if sending to another government secure domain such as GSi (*.gsi.gov.uk) or CJX (*.police.uk or .pnn.police.uk). In addition to ensuring the recipient account is secure, it is important to check that the recipient is prepared to accept the information by email, check that information is being sent to the correct email address and indicate the sensitive nature of data in the header;
- Information Governance – appropriate information governance procedures need to be put in place if NHSmail is used to transfer sensitive information. As NHSmail can be accessed anywhere, it is not possible to limit access rights to a particular location, for example from within a pharmacy. Also NHSmail can be linked to a wide range of mobile devices – if this option is used, provision needs to be made for the event that they are stolen or lost, for example a process to activate self-wipe capability. Approaches by which safeguards around the use of NHSmail could be integrated into existing IG resources required for compliance with the NHS Information Governance Toolkit include:
- Outlining the expectations on staff use of NHSmail in the pharmacy confidentiality code of conduct (Requirement 214).
- Outlining how personal information will be handled if received by email, for example in the pharmacy’s safe haven procedures (Requirement 322).
- Providing guidance on the use of NHSmail in the pharmacy’s data transfer procedures (Requirement 322).
- Where the service is accessed from mobile devices, providing additional guidelines for staff on mobile computing (Requirement 318).
- General guidance on the NHS Information Governance requirements can be found in the NHS IG section of this website.
- Regulatory information in business letters – a requirement was introduced by the Companies (Registrar, Languages and Trading Disclosures) Regulations 2006 for companies in the UK to include certain regulatory information (e.g. company registration number, place of registration and registered office address) in their ‘business letters’ (which includes emails). In October 2009, similar requirements were introduced for sole traders and partnerships (with special provision for partnerships of more than 20 persons) and Limited Liability Partnerships. Although individuals can set up personal ‘email signatures’ in NHSmail, there is no way at present, via the NHSmail service to set up an automatic footer/signature stamp so that a company can ensure all emails sent by their employees contain the necessary information. Failure to include the information required in the Regulations would be a breach of the Companies Act 1985, and could render companies liable to a substantial fine.
Future developments related to NHSmail
Skype for Business Messaging (via NHSmail)
In the future community pharmacy staff may be able to “instant message” other NHSmail users via Skype for Business, for free, as part of the core NHSmail service.
For example, this could allow community pharmacy staff to communicate / instant message with:
- Staff from other community pharmacies;
- GP practice staff; or
- Care Home staff.
Audio & Video Conferencing (top-up service for NHSmail users)
Such a service may allow the ability to make audio/video calls and host conferences without telephone dial-in.
The Skype for Business Audio and Video Conferencing (A&VC) offering is anticipated to be available as a top-up service by April 2017.
Proof of concept pilots with a small group of organisations are currently running, with the aim of validating a number of use cases, including:
- Virtual multi-disciplinary team meetings;
- Virtual clinical peer to peer meetings; and
- Virtual consultations with patients.