How to set up Wi-Fi

These policies and guidelines have been developed to help NHS organisations set up and provide NHS Wi-Fi across health settings. Following these policies and guidelines ensures that the service will be secure, scalable and as consistent as possible.

There are requirements that must be fulfilled, and guidelines that should be followed but aren't compulsory.

You should make sure the service you set up complies with your local ICT policies on:

• content filtering
• Acceptable use policies
• 'bring your own device' policies
• network capacity planning and monitoring

Each site will have different wireless networks available for different groups of users. You can decide how many you need, but as a minimum, each site must have three networks.

1. Corporate network for NHS Wi-Fi

The corporate network is for staff who have access to patient record systems. It must:

• have protected bandwidth to make sure it's always available
• be secure enough to carry sensitive patient information
• conform to the existing local Acceptable Use Policy (updated to cover Wi-Fi access if necessary)

2. Guest network for Wi-Fi

The guest network is for clinical staff members using a device that doesn't meet the security specification for the corporate site, and business visitors.

3. Public network for Wi-Fi

The public network is for patients, visitors and other members of the public. It provides internet access but isn't suitable for confidential information. It must:

• conform to a local Acceptable Use Policy (AUP): you must make sure an AUP is in place as part of implementation
• block access to illegal or inappropriate content, such as content listed by the Internet Watch Foundation
• use Wi-Fi landing pages to make the user experience consistent across NHS providers.

Access to streaming services should only be restricted during busy periods. You can decide to provide an additional paid-for service, or one subsidised by the care provider, for users who want unlimited streaming or high-bandwidth services.

You must set up the Wi-Fi public network so that every public user accesses Wi-Fi through a consistent NHS.UK landing page.

The NHS.UK landing page encourages the user to access:

• important public health messaging, for example via NHS England
• promoted services, such as Patient Online
• health information other healthcare websites
• local surgery information

The provider must set up a series of two screens, which take the user through the log-in process:

1. Wi-Fi registration and enrolment screen

2. NHS.UK post-authentication screen

The process must be followed as closely as possible, to maintain any pre-existing functionality that improves local NHS services to the public, such as automated appointment check-in.

Once Wi-Fi is set up, when a return user is recognised and automatically logged in, they will be taken directly to the NHS.UK post-authorisation page.

The NHS.UK post-authentication page must be displayed to all users.

1. Wi-Fi registration and enrolment screen

The registration and enrolment screen (example above) will be developed, hosted and maintained by the provider. It must provide a way for users to:

• sign up to the terms and conditions and Acceptable Use Policy they need to agree to before getting access
• register or re-authenticate with the service

The top banner above the registration form must be NHS blue, colour #005EB8, and include the white on blue NHS logo and the text 'Register for free NHS Wi-Fi' also in white.

2. Post-authentication screen

The post-authentication screen is hosted and maintained by NHS Digital. The provider must use this url for the landing screen, and must add the local ODS code for the local care setting or GP practice to the query string before calling the post-authorisation page, for example, https://www.nhs.uk/captive-WiFi-portal/post-auth/?ODSCODE=M83050 If it's not possible to use the ODS code of the local care setting or practice, the provider should use the ODS code of the parent CCG. Using ODS codes will enable accurate location-based services to be displayed.

The page currently contains content from NHS.UK. Later, this page will be changed to show local information and services, defined by your ODS code. The provider is responsible for managing updates and maintenance of this local information.

NHS.UK are working on the capability to make this page display local GP practice information.

IP addressing and ports

For access to the landing pages, local url-based filtering should be based on the following:

www.nhs.uk port 80 and 443

We can't provide an IP range because NHS.UK is served via a global content delivery network.

Use of branding and advertising on Wi-Fi landing pages

W-iFi supplier branding and commercial advertising must not appear on the post-authentication page. Suppliers can only use their branding on the registration and enrolment page and, if used, the Acceptable Use Policy (AUP) screen. Commercial advertising can only be placed on the registration and enrolment page.

For any further help, please contact NHS England.