NHSmail myth buster
This information is intended to address some of the common misconceptions about the NHSmail service. Not every aspect of NHSmail is covered, so if you have additional issues you would like to address or if you would like to talk to us about any of the content of this page please email firstname.lastname@example.org.
Myth: Local NHS email services are as secure as NHSmail
Fact: NHSmail is the only NHS email service secure enough for the transmission of confidential patient information. Local nhs.uk services are NOT secure for this purpose – emails to and from these services aren't encrypted and the services aren't hosted in secure environments or operated under strict service management principles.
Trusts that procure local encryption services, bypass the use of the NHS Relay service which protects Trusts against viruses, spam and denial of service attempts. Trusts using their own encryption service also commit double spend by paying for a service that exists within NHSmail. Generally NHS organisations that don't use NHSmail use the NHS Relay service to transmit mail outside of their organisation.
NHSmail is endorsed by the British Medical Association, the Royal College of Nursing and the Chartered Society of Physiotherapy as a secure service. It's accredited to the Government 'RESTRICTED' security standard meaning that the whole NHSmail service, not just the link between systems, is fully secure, implementing government security cleared staff, regular independent penetration testing and highly physically secure premises with 24 hour patrols.
The security rating of NHSmail also means that users can securely email a range of other Government email services such as the Home Office, secure local government services, Police, MoD etc.
Myth: If a user leaves an organisation they can take business critical confidential information with them to their new role as they keep the same email address
Fact: It's entirely within an organisation's rights via local policies, to suspend a user's account, empty it of any business critical or confidential information and mark them as a 'leaver' prior to the user being able to have their NHSmail account flagged as a 'joiner' at their new organisation. This negates the risk of confidential information being taken with the leaver to their next post. It is the user's responsibility to ensure that any mail sent to them after they leave the organisation, relating to their previous job, is returned to sender.
Myth: The confidentiality of patient information is at risk as NHSmail is operated by a third party supplier and other NHS organisatons also have access to the data
Fact: There are very strict and severe contractual penalties imposed upon Cable&Wireless Worldwide if confidentiality is breached – this is in line with all NHS contracts. The supplier conforms to these requirements through a series of technical and procedural controls audited, for example, by the Communications Electronics Security Group (CESG), the Government's independent Information Assurance arm.
No staff from NHS CFH are able to gain covert access to email data held in any account. Any discovery requests are undertaken only through a strict governance model requiring local sign off from an HR director or CEO and the Programme Head for NHSmail.
Myth: Point-to-point encrypted TLS links between locally deployed email systems that bypass the Relay service, are a viable alternative to NHSmail
Fact: The Relay service scans email for viruses and spam and can queue email for up to five days in the event of a local system being unavailable. By bypassing the Relay service you accept the potential of denial of service attacks or message queuing/message flood risks that could occur if your email system is compromised. You could also receive email that contains viruses or spam from another organisation. Running a local email service in this way means a substantial overhead in set-up and management costs - not the case with NHSmail.
Myth: It's not possible to securely email patients or recipients from non-NHS organisations using NHSmail. For this reason, using a local TLS encryption solution is preferable
Fact: It's possible to securely email third parties using NHSmail, either by signing up the recipient for an NHSmail account under your organisation, or by encouraging them to register their organisation on the NHS Directory. Public sector recipients should be encouraged to use one of the other secure email domains, for example @gcsx.gov.uk for social services.
Encryption software can be used to email one-off recipients. For more information see the guidance document "Using security certificates to send encrypted information" in the NHSmail Training and Guidance pages (see section "Emailing sensitive and patient identifiable data").
Myth: It isn't possible to send data totally securely with NHSmail because encrypted attachments are not allowed
Fact: Encrypted attachments are not allowed via NHSmail because of the risk of them containing viruses or their potential for covert channelling of information. Encrypted attachments are not necessary within the secure domains (@nhs.net, @gcsx.gov.uk etc). If you need to send secure data to third parties, please refer to the previous fact.
Myth: There is an inconsistency between the policy set out by the Digital Information Policy Unit (DIPU) Sir David Nicholson's directive on data security, and the NHS CFH implementation of NHSmail
Fact: Sir David Nicholson and the DIPU stated that all portable NHS equipment should be protected by additional encryption to ensure the security of email and other documents stored on the machine.
This is not inconsistent with the NHS CFH implementation of NHSmail. In accordance with the policy, all NHS equipment should be encrypted and therefore data will be protected within a user's email client or web browser history.
NHSmail emails accessed outside of the NHS are protected by a secure login method which defaults to a public computer setting. This means that attachments cannot be downloaded to a public PC, negating the risk of data being recovered via the PC history or temporary files.
Guidance has been issued to users around the use of NHSmail at home and the best way of protecting data (available on the Policy and Procedure section of the NHSmail Training and Guidance pages).
Local policy may need to be updated to reflect the fact that NHSmail does give users greater flexibility but with that comes greater responsibility on how the service is accessed.
Myth: As a web based service, NHSmail takes up large amounts of bandwidth making other applications run slower
Fact: Over N3, NHSmail operates in reserved bandwidth (known as quality of service) ensuring that its consumption of bandwidth won't impact other services. This also ensures that there's no impact to the speed of NHSmail when, for example, staff are using the Internet.
Microsoft Outlook has been designed to process network operations as back-end tasks, hiding any network latency issues from users should they ever exist.
Regardless of being on a fast or slow network connection (i.e. a LAN or a mobile – GPRS or 3G) there will be no difference to the end user experience. Outlook Web Access is also optimised for bandwidth and offers a low bandwidth version if required.
Myth: Local NHS email services are as resilient as NHSmail
Fact: As a hosted email service based on Microsoft Exchange, NHSmail offers all the same basic functions as a local email solution with a significantly higher level of design robustness.
The disaster recovery solution is based on dual-site, geographically separated data centres with active and standby nodes of all infrastructures in the primary data centre.
Data is synchronised across all three instances of the infrastructure so if a component fails in the primary data centre it will fail over to the standby node in the same data centre. If the data centre suffers a full outage, the service will fail over to the secondary data centre.
Myth: The NHSmail service is not reliable and users experience a lot of downtime
Fact: NHSmail is a business-critical enterprise email service, guaranteed by over 100 service level agreements with associated commercial penalties should the supplier fail to meet them.
Myth: Administering NHSmail accounts locally takes up too much time meaning additional workload and cost
Fact: Local email services require an in-house team of dedicated, trained email engineers e.g. Microsoft Exchange, operating on a 24x7x365 rota. An enterprise email system does not simply sit in a corner and run itself, it needs continuous monitoring and upgrading.
How for example would a trust take an Exchange service pack and fully regression test it before deployment into the production environment? The tasks of adding, removing or changing users on a local or central Exchange deployment are the same.
A user-friendly, front-end tool has been provided to allow users to undertake many of the tasks traditionally undertaken by local IT staff, freeing them up to focus on other areas. In addition, NHSmail users have access to a 24x7x365 national helpdesk.
The administration tools provided to local IT staff give access to all the Exchange functions without the need for specialist training in Microsoft Exchange and Active Directory technologies, further reducing the support cost and complexity within local organisations.
Myth: NHSmail doesn't provide enough storage, with the average mailbox size being just 200mb
Fact: Each NHSmail mailbox is subject to an upper limit – this enables us to guarantee service performance. NHSmail and email services in general should not be used as for data storage and patient data should be stored in an appropriate clinical system with proper archiving.
Currently it's possible to increase individual mailbox sizes at organisation level, however allocations must adhere to the following limits – 1GB mailboxes can account for 2% of an organisation's mailboxes; 500MB mailboxes can account for 3%; 200MB mailboxes for 80% and 50MB mailboxes for 15% of accounts across each organisation. It's worth noting that NHSmail users only keep an average of 70MB in their mailboxes.
Myth: You can't archive emails without using an Outlook client
Fact: It's possible to export mail and archive it from Outlook Web Access using the folder export tool and also possible to link some archive tools with NHSmail. For further information contact email@example.com.
Myth: Integration isn't possible with local applications such as instant messaging, collaboration or archiving
Fact: Local installations of all of the above can be fully integrated into NHSmail. If a business application is able to authenticate to a local Exchange server then it should be able to authenticate to an off-premises Exchange server as well.
If an application is unable to support authentication or TLS for example, then it should be able to connect directly to the Relay service which will accept any SMTP connection. For further information see the Applications Guide in the NHSmail Training and Guidance pages (see the section 'Mobile devices, applications and email programmes).
Myth: Staff details in the NHS Directory will be out of date if we move our local service to NHSmail - our connector takes data from our local email system which will have been decommissioned
Fact: The NHSmail connector service is able to pull information from a variety of data sources such as HR/resourcing systems that hold details of all staff in an organisation. LOAs can also manage the data manually using the NHSmail administration tools if the source of the connector is removed.
Myth: NHSmail email addresses are generic and don't reference the user's organisation.
Fact: All NHSmail email addresses end in '@nhs.net', but the email display name also shows the user's organisation name in brackets after the email address.
In the event that your organisation changes its name (via merger/demerger or reorganisation) the NHSmail service will automatically reflect the new name – you won't have to carry out a complex and expensive migration, as you would have to do on a locally hosted service.
Myth: We don't need to use the NHSmail SMS service, we have our own service locally which is preferable to NHSmail
Fact: Whilst your local SMS service might meet your functional needs, you are paying an additional charge for functionality which is available free with NHSmail. There are already plans in place for implementing inbound SMS, again with no cost to the Trust.
Myth: Using NHSmail is the same as offering staff Outlook Web Access (OWA) with a VPN token
Fact: NHSmail offers OWA access without the need for VPN tokens and the associated annual cost and support. It is also more secure - as the service is connected to the Internet it has been designed to protect against threats associated with such services, it also undergoes regular security testing under the Government CHECK and CTAS programmes.
Myth: NHSmail is only being sold to Trusts on financial savings. It's possible to provision Exchange 2007 for less than stated by NHS CFH
Fact: The published financial case study is based on Microsoft best practice for building a resilient Exchange service with no single point of failure and the facility to continue to operate following a complete loss of the primary location/data centre.
It's possible to implement a service at a lower cost than this, but to do so would not be making a like-for-like comparison with the service offered by NHSmail. It would also mean the Trust does not view email as a business-critical service.
Trusts should also take into account the non-financial benefits of NHSmail – security and the accreditation for the transfer of patient data; resilience and disaster recovery - no single points of failure with dual data centre design; high availability guaranteed by tough service level agreements; interoperability with existing deployments of local applications e.g. SharePoint, OCS, voicemail and archiving products.
Myth: We use shared public folders in our organisation which you can't do in NHSmail
Fact: Generic mailboxes fulfil this need, allowing the mailbox owner to delegate access to multiple users. The mailbox owner can add or remove access permissions without administrator authorisation.
Myth: With NHSmail we have to use the whole NHS Directory instead of a Directory for our own organisation
Fact: Not true, users can download organisation address books from the NHS Directory.