Full technical guidelines and network specifications.
Technical and security policies and guidelines
NHS Digital has developed policies and guidelines to help NHS organisations set up and provide NHS WiFi across health settings. Following these policies and guidelines ensures that the service will be secure, scalable and as consistent as possible. There are requirements that must be fulfilled, and guidelines that should be followed but aren't compulsory.
You should make sure the service you set up complies with your local ICT policies on:
Acceptable use policies
'bring your own device' policies
network capacity planning and monitoring
Service Set Identifiers (SSIDs) - wireless networks for different groups of NHS WiFi users
Each site will have different wireless networks available for different groups of users. You can decide how many you need, but as a minimum, each site must have three networks.
1. Corporate network for NHS WiFi
The corporate network is for staff who have access to patient record systems. It must:
have protected bandwidth to make sure it's always available
be secure enough to carry sensitive patient information
conform to the existing local Acceptable Use Policy (updated to cover WiFi access if necessary)
2. Guest network for NHS WiFi
The guest network is for clinical staff members using a device that doesn't meet the security specification for the corporate site, and business visitors.
3. Public network for NHS WiFi
The public network is for patients, visitors and other members of the public. It provides internet access but isn't suitable for confidential information. It must:
conform to a local Acceptable Use Policy (AUP): you must make sure an AUP is in place as part of implementation
block access to illegal or inappropriate content, such as content listed by the Internet Watch Foundation
use NHS WiFi landing pages to make the user experience consistent across NHS providers.
Access to streaming services should only be restricted during busy periods. You can decide to provide an additional paid-for service, or one subsidised by the care provider, for users who want unlimited streaming or high-bandwidth services.
Setting up NHS WiFi landing pages
You must set up the NHS WiFi public network so that every public user accesses NHS WiFi through a consistent NHS.UK landing page.
The NHS.UK landing page encourages the user to access:
important public health messaging, e.g. via NHS England, Public Health England, etc.
promoted services, such as Patient Online
health information other healthcare websites
local surgery information
The provider must set up a series of two screens, which take the user through the log-in process:
1. NHS WiFi registration and enrolment screen
2. NHS.UK post-authentication screen
The process must be followed as closely as possible, to maintain any pre-existing functionality that improves local NHS services to the public, such as automated appointment check-in.
Once NHS WiFi is set up, when a return user is recognised and automatically logged in, they will be taken directly to the NHS.UK post-authorisation page.
The NHS.UK post-authentication page must be displayed to all users.
1. NHS WiFi registration and enrolment screen
The registration and enrolment screen (example above) will be developed, hosted and maintained by the provider. It must provide a way for users to:
sign up to the terms and conditions and Acceptable Use Policy they need to agree to before getting access
register or re-authenticate with the service
The top banner above the registration form must be NHS blue, colour #005EB8, and include the white on blue NHS logo and the text 'Register for free NHS Wi-Fi' also in white.
2. Post-authentication screen
The post-authentication screen is hosted and maintained by NHS Digital. The provider must use this url for the landing screen, and must add the local ODS code for the local care setting or GP practice to the query string before calling the post-authorisation page, for example, https://www.nhs.uk/captive-WiFi-portal/post-auth/?ODSCODE=M83050 If it's not possible to use the ODS code of the local care setting or practice, the provider should use the ODS code of the parent CCG. Using ODS codes will enable accurate location-based services to be displayed.
The page currently contains content from NHS.UK. Later, this page will be changed to show local information and services, defined by your ODS code. The provider is responsible for managing updates and maintenance of this local information.
NHS.UK are working on the capability to make this page display local GP practice information.
IP addressing and ports
For access to the landing pages, local url-based filtering should be based on the following:
We can't provide an IP range because NHS.UK is served via a global content delivery network.
Use of branding and advertising on NHS WiFi landing pages
WiFi supplier branding and commercial advertising must not appear on the post-authentication page. Suppliers can only use their branding on the registration and enrolment page and, if used, the Acceptable Use Policy (AUP) screen. Commercial advertising can only be placed on the registration and enrolment page.
For any further help, please contact email@example.com, putting 'deployment query' in the title, or contact us on 0300 303 5678.