If in doubt, you should check the contact details in the NHS Directory or use the search bar within Teams. You must not use the NHSmail service to disable or overload any computer system or network. Where excessive account activity is detected, your account could be suspended, without notice, to safeguard the service for all other users. If your organisation has enabled the sharing of files or links using O365 collaboration tools including Teams, the same precautions must be adopted as stated above for email.
- If your organisation has enabled the sharing of files or links using O365 collaboration tools including Teams, the same precautions must be adopted as stated above for email.
- NHSmail facilitates the exchange of information but it may not determine the definitive position of a situation and should always be read in context of the situation it concerns.
- The NHSmail service is not responsible for the content of any user-created posting, listing or message made on the service.
- If your organisation already has another publicly funded email account, you are not eligible for NHSmail, for example ‘nhs.uk’,‘gov.uk’ or domains accredited to the secure email standard.
- You must ensure your password and answers to your security questions for the NHSmail services are always kept confidential and secure.
3 Responsibilities when using the NHS Directory service:
As an NHSmail account holder, you should expect to receive ad-hoc communications about NHSmail from NHS England and our suppliers of the service informing you of changes or important updates to the service that may impact your use. Caldicott and local Information Governance principles should apply whenever sensitive information is exchanged. Information you provide or upload to the service may be stored outside of the country in which you reside. This includes, but is not limited to unsolicited marketing, advertising, and selling goods or services. You must not use the NHS Directory to identify individuals or groups of individuals to target for marketing or commercial gain, either on your behalf or on that of a third party. It is your responsibility to make sure your details in the NHS Directory are correct and up to date.
Acceptable Use Policy
You must ensure your password and answers to your security questions for the NHSmail services are always kept confidential and secure. You should notify your Local Administrator if you become aware of any unauthorised access to your NHSmail account or believe your account to be compromised. You must never input your NHSmail password into any websites other than nhs.net sites, including social media sites.
It is your responsibility to ensure you regularly archive data, in accordance with your local archiving policy, contained within your mailbox and ensure your quota is not breached. Your organisation may decide to use Exchange Online Archiving to help you manage your mailbox quota. NHSmail is designed for the exchange of information and is not a storage solution and archiving should be carried out in line with your local policy and process. If you do not manage your mailbox quota you are at risk of your mailbox no longer being able to send or receive email, potentially compromising clinical safety.
Module 3: Sending and Receiving Emails
The private setting should always be applied if you are working on documents containing personal data of patients, staff, or others. If you choose to change the settings to public and use the ‘allow everyone’ setting you will publicly share content with across the platform. It is unlikely you would ever need to do this, and you may breach data protection, safety, and security protocols if you do so.
Outlook Web Access: Calendars
Sending an email with secure in the subject line will automatically protect the message for you if you are unsure if the system you are sending to is secure or not. Good practice is to share sensitive information via email as opposed to Teams messaging, as this will provide a clear audit trail. Your Local Administrator should be part of this process to ensure archived data is stored appropriately. If you continue to receive data in your new role within a different organisation this should be treated as a data breach and reported according to local governance policy and process. You must not use NHSmail to violate any laws, copyright or regulations of the United Kingdom or other countries. Use of the service for illegal activity is grounds for immediate dismissal and any illegal activity will be reported to the police.
All communication you send through the NHSmail services is assumed to be official correspondence from you acting in your official capacity on behalf of your organisation. This should be in accordance with your local organisation’s policies for exchanging data. Should you need to, by exception, send communication of a personal nature you must clearly state that your message is a personal message and not sent in your official capacity. When considering privacy settings, you must ensure you select the appropriate setting of private or public.
Communications made via the NHSmail service may be intercepted and security threat information shared with authorised government entities, like the National Cyber Security Centre. If it is likely that you may be sent personal and/or sensitive information you must make sure that the pin-up casino india data is protected. Unattended devices must be locked to ensure that data is protected in the event of the device being lost or stolen. You must always be sure you have the correct contact details for the person (or group) that you are sending the information to.
Ensure your calendar settings are set in accordance with your local organisation policies. It is recommended that all NHSmail user accounts enroll Multi-Factor Authentication (MFA) to enhance the security of the NHSmail platform. Further guidance on setting up MFA is available on the NHSmail support site – User Guides – NHSmail Support. NHSmail includes the core services of secure email, the NHS Directory, O365 including Teams and portal administration tools. There are a number of additional O365 Top-up and Add-on licence services which will only be available if your organisation has chosen to purchase and enable them. This series will provide you with learning materials designed to support you in using the new Outlook Web Access interface.
Your NHSmail Local Administrator has access to update details in the NHS Directory. NHSmail facilitates the exchange of information but it may not determine the definitive position of a situation and should always be read in context of the situation it concerns. I.e., patient notes may be exchanged using NHSmail but may not consider additional information added into the patient’s record. The NHSmail team reserves the right to withdraw an NHSmail account from use should operational requirements dictate. There may be circumstances under which it is necessary for a designated and authorised person other than you, to view the contents of your files and folders within NHSmail. Microsoft Teams Shared Channels allow users inside and outside of NHS-mail to chat and collaborate without the need to switch tenants.
Module 2: Welcome to Outlook Web Access (OWA)
Applications integrated with NHSmail single sign-on will redirect the user to enter their NHSmail credentials via the NHSmail portal. If you accidentally share sensitive or patient data with an incorrect recipient, it is your responsibility to report this in line with your local information governance policies and processes. It is your responsibility to ensure you are up to date with your local Information Governance training. To access NHSmail, health and care organisations must complete and publish the Data Security and Protection Toolkit as applicable to the organisation type. As with printed information, care should be taken that sensitive or personal information is not left anywhere it can be accessed by other people, e.g., on a public computer without password protection. You should make sure that any exchange of sensitive information is part of an agreed process.
Should you require multiple accounts, this would be a local organisation decision dependant on each use case. Attachments within calendar appointments are counted as part of your mailbox quota and should be regularly deleted to ensure your quota is not breached. Your organisation maintains day to day administration responsibility for your NHSmail account. If your use breaches this AUP or the Access Policy, your organisation has the right to undertake disciplinary procedures in accordance with your local HR policy. A copy of the current version can be found at Acceptable Use Policy – NHSmail Support.
This means that both those sending and receiving the information know what is to be sent, what it is for and have agreed how the information will be treated. It is your responsibility to check that you are sending email to the correct recipient as there may be more than one person with the same name using the service. Always check that you have the correct email address for the person you wish to send to – this can be done by checking their entry in the NHS Directory. If your organisation already has another publicly funded email account, you are not eligible for NHSmail, for example ‘nhs.uk’,‘gov.uk’ or domains accredited to the secure email standard. If you are a member of clinical or care staff, you may use NHSmail services in relation to the treatment of private patients in accordance with your own professional codes of conduct.
Reference Materials
You must not attempt to disguise your identity, your sending address or send email from other systems pretending to originate from the NHSmail service. Where there is a need to provide someone else with the ability to send email on your behalf, this should be done via the delegation controls within the service. Where an organisation wishes to send email on behalf of its staff the organisation may request the ability to do this via Impersonation accounts. Impersonation enables an application account to impersonate all user accounts within an organisation.
Remember that personal information is accessible to the data subject i.e., the patient or staff member, under General Data Protection Regulation (GDPR) legislation. When you are sending sensitive information, you should always request a delivery and read receipt (email) or recipient acknowledgement (Teams messaging) so that you can be sure the information has been received safely. It is your responsibility to check who has access to your SharePoint sites, Teams groups, is a member of your Yammer network or access to your OneDrive. The NHSmail Portal does not have an automated procedure to remove permission for individuals who have left your organisation. NHS England, in line with NHSmail governance framework, may authorise activity on the service to protect and manage it against external threats to maintain its security and integrity.
- Remember that personal information is accessible to the data subject i.e., the patient or staff member, under General Data Protection Regulation (GDPR) legislation.
- Your Local Administrator should be part of this process to ensure archived data is stored appropriately.
- You must abide by the local policies and regulations applicable for your organisation with regards to uploading of content to the O365 applications and collaboration tools.
- This includes, but is not limited to unsolicited marketing, advertising, and selling goods or services.
- Always check that you have the correct email address for the person you wish to send to – this can be done by checking their entry in the NHS Directory.
Get quick and convenient assistance with your NHSmail queries through NHSmail Guide. Our new chatbot allows you to raise and manage tickets and seek support – all from the same Teams chat.
Module 3: Sending and Receiving Emails
The NHSmail services have been provided to aid the provision of health and social care and this should be your main use of the service. It is very important to consider the implications of choosing settings as ‘public’ or ‘private’ in Teams as this setting allows you to manage sharing content with NHSmail users via Teams. The Skype for Business Learning Series will provide you with the skills and guidance on how to use, and make the most of, Skype for Business. The series covers content from sending an instant message to hosting audio and video conference calls. Where sensitive information is being saved, it is your responsibility to make sure the privacy settings of O365 collaboration tools are set to private.
