1. About the acceptable use policy

1.1 The acceptable use policy explains how the NHSmail service should be used. It is your responsibility to ensure that you understand and comply with this policy. It ensures that:

1.1.1. You understand your responsibilities and what constitutes abuse of the service

1.1.2. Computers and patient data are not put at risk

1.2. If you have any questions about these terms and conditions, you should contact the NHSmail team at: feedback@nhs.net

1.3. The NHSmail team reserve the right to update this document as necessary.

2. General information about the NHSmail service

2.1. NHSmail services are established to help with the provision of health and social care and this should be your main use of the service. There may be circumstances under which it is necessary for someone other than yourself to view the contents of your files and folders within NHSmail, for example if you have a secretary or PA that organises your diary.

2.2. If you are a member of clinical staff you may use the NHSmail service in relation to the treatment of private patients in accordance with your own professional codes of conduct.

2.3. NHS staff contact details are provided to the NHS Directory to support healthcare and for the delivery of healthcare in the interests of patients, these details will be shared across the NHS.

3. Your responsibilities when using the service

3.1. General responsibilities:

3.1.1. You must not use the NHSmail service to violate any laws or regulations of the United Kingdom or other countries. Use of the service for illegal activity is usually grounds for immediate dismissal and any illegal activity will be reported to the police. Illegal activity includes, but is not limited to, sending or receiving material related to paedophilia, terrorism, incitement to racial harassment, stalking and sexual harassment and treason. Use of the service for illegal activity will result in the immediate suspension of your NHSmail account.

3.1.2. You must not use the NHSmail service for personal commercial gain. This includes, but is not limited to: marketing, advertising and selling goods or services.

3.1.3. You must not attempt to interfere with the technical components, both hardware and software, of the NHSmail system in any way.

3.1.4. When you set up your NHSmail account you must identify yourself honestly, accurately and completely.

3.1.5. You must ensure your password and answers to your security questions for the NHSmail system are kept confidential and secure at all times. You should notify your Local Organisation Administrator if you become aware of any unauthorised access to your NHSmail account.

3.1.6. Email messages are increasingly a source of viruses and they often sit within attached documents. NHSmail has anti-virus protection although occasionally, as with any email service, a new virus may not be immediately detected by the software. If you are unsure of the source of an email or attachment you should leave it unopened and inform your local IT services. You must not introduce or forward any virus or any other computer programme that may cause damage to NHS computers or systems. If you are found to be deliberately responsible for introducing or forwarding a programme that causes any loss of service, NHS Connecting for Health may seek financial reparation for this from your employing organisation.

3.1.7. You must not use the NHSmail service to disable or overload any computer system or network.

3.2. Responsibilities when using NHSmail email service:

3.2.1. You must not attempt to disguise your identity or your sending address.

3.2.2. You must not send any material by email that could cause distress or offence to another user. You must not send any material that is obscene, sexually explicit or pornographic. If you need to transmit sexually explicit material for a valid clinical reason then you must obtain permission from your local Caldicott Guardian. [Note: GPs may need to refer to the Caldicott Guardian at their local PCT].

3.2.3. You must not use the NHSmail service for harassment by sending persistent emails to individuals or distribution lists.

3.2.4. You must not forward chain emails or other frivolous material.

3.2.5. It is your responsibility to check that you are sending email to the right recipient, as there may be more than one person with the same name. Always check that you have the correct email address for the person you wish to send to - this can be done by checking their entry in the NHS Directory.

3.2.6. Email is admissible as evidence in a court of law and messages are classified as legal documents. Internal emails may also need to be disclosed under the Freedom of Information Act 2000. Emails should be treated like any other clinical communication and care should be taken to ensure that content is accurate and the tone is appropriate.

3.3. Responsibilities when using the NHS directory service:

3.3.1. It is your responsibility to make sure that your details in the NHS directory are correct and up to date.

3.3.2. You must not use the NHS directory to identify individuals or groups of individuals to target for commercial gain, either on your behalf or on that of a third party.

3.4. Information Governance Issues

3.4.1. The General Medical Council (GMC) Good Medical Practice guidance requires doctors to keep clear, accurate and legible records. It is important that emails do not hinder this. You should ensure that relevant data contained in emails is immediately attached to the patient record. Failure to do so could have implications to patient safety.

4. Using NHSmail to exchange sensitive information

4.1. The NHSmail service is a secure service. All information that is sent within the service (i.e. from an '@nhs.net' to an '@nhs.net' address) is encrypted whilst in transit. This means that NHSmail is authorised for sending sensitive information such as clinical data between NHSmail addresses. If you intend to use the service to exchange sensitive information you should adhere to the following guidelines:

4.1.1. You should make sure that any exchange of sensitive information is part of an agreed process. This means that both those sending and receiving the information know what is to be sent; what it is for and have agreed how that information will be treated.

4.1.2. Caldicott principles should apply whenever sensitive information is exchanged.

4.1.3. As with printed information, care should be taken that sensitive information is not left anywhere that it can be accessed by other people, e.g. on a public computer without password protection.

4.1.4. When you are sending sensitive information you should always request a delivery and read receipt so that you can be sure the information has been received safely. This is especially important for time-sensitive information such as referrals.

4.1.5. You must not hold patient identifiable data in your calendar if your calendar is shared with other people who may not be involved in the care of that patient.

4.1.6. If patient identifiable information is visible to other people, it is your responsibility to make sure that those people have a valid relationship with the patient.

4.1.7. You must always be sure that you have the correct contact details for the person (or group) that you are sending the information to. This is especially important if you are sending information using the fax or SMS services. If in doubt you should check the contact details in the NHS Directory.

4.1.8. You may only use the NHSmail service for patient referrals if Choose and Book has not yet been implemented in your organisation; the Choose and Book service is unavailable to you for some reason, or the service you need to refer to is not available via Choose and Book