Skip to main content

How to set up NHS WiFi

Full technical guidelines and network specifications.

Technical and security policies and guidelines

NHS Digital has developed policies and guidelines to help NHS organisations set up and provide NHS WiFi across health settings. Following these policies and guidelines ensures that the service will be secure, scalable and as consistent as possible. There are requirements that must be fulfilled, and guidelines that should be followed but aren't compulsory.

Download NHS WiFi policies and guidance for a full list of the technical specifications your chosen solution needs to meet.

You should make sure the service you set up complies with your local ICT policies on:

  • content filtering
  • Acceptable use policies
  • 'bring your own device' policies
  • network capacity planning and monitoring

Service Set Identifiers (SSIDs) - wireless networks for different groups of NHS WiFi users

Each site will have different wireless networks available for different groups of users. You can decide how many you need, but as a minimum, each site must have three networks.

1. Corporate network for NHS WiFi

The corporate network is for staff who have access to patient record systems. It must:

  • have protected bandwidth to make sure it's always available
  • be secure enough to carry sensitive patient information
  • conform to the existing local Acceptable Use Policy (updated to cover WiFi access if necessary)

2. Guest network for NHS WiFi

The guest network is for clinical staff members using a device that doesn't meet the security specification for the corporate site, and business visitors.

3. Public network for NHS WiFi

The public network is for patients, visitors and other members of the public. It provides internet access but isn't suitable for confidential information. It must:

  • conform to a local Acceptable Use Policy (AUP): you must make sure an AUP is in place as part of implementation
  • block access to illegal or inappropriate content, such as content listed by the Internet Watch Foundation
  • use NHS WiFi landing pages to make the user experience consistent across NHS providers.

Access to streaming services should only be restricted during busy periods. You can decide to provide an additional paid-for service, or one subsidised by the care provider, for users who want unlimited streaming or high-bandwidth services.

Setting up NHS WiFi landing pages

You must set up the NHS WiFi public network so that every public user accesses NHS WiFi through a consistent NHS.UK landing page.

The NHS.UK landing page encourages the user to access:

  • important public health messaging, for example via NHS England
  • promoted services, such as Patient Online
  • health information other healthcare websites
  • local surgery information

The provider must set up a series of two screens, which take the user through the log-in process:

1. NHS WiFi registration and enrolment screen

2. NHS.UK post-authentication screen

The process must be followed as closely as possible, to maintain any pre-existing functionality that improves local NHS services to the public, such as automated appointment check-in.

Once NHS WiFi is set up, when a return user is recognised and automatically logged in, they will be taken directly to the NHS.UK post-authorisation page.

The NHS.UK post-authentication page must be displayed to all users.

1. NHS WiFi registration and enrolment screen

NHS WiFi registration and enrolment screen example

The registration and enrolment screen (example above) will be developed, hosted and maintained by the provider. It must provide a way for users to:

  • sign up to the terms and conditions and Acceptable Use Policy they need to agree to before getting access
  • register or re-authenticate with the service

The top banner above the registration form must be NHS blue, colour #005EB8, and include the white on blue NHS logo and the text 'Register for free NHS Wi-Fi' also in white.

2. Post-authentication screen

NHS WiFi post-authentication screen example

The post-authentication screen is hosted and maintained by NHS Digital. The provider must use this url for the landing screen, and must add the local ODS code for the local care setting or GP practice to the query string before calling the post-authorisation page, for example, If it's not possible to use the ODS code of the local care setting or practice, the provider should use the ODS code of the parent CCG. Using ODS codes will enable accurate location-based services to be displayed.

The page currently contains content from NHS.UK. Later, this page will be changed to show local information and services, defined by your ODS code. The provider is responsible for managing updates and maintenance of this local information.

NHS.UK are working on the capability to make this page display local GP practice information.

IP addressing and ports

For access to the landing pages, local url-based filtering should be based on the following: port 80 and 443

We can't provide an IP range because NHS.UK is served via a global content delivery network.

Use of branding and advertising on NHS WiFi landing pages

WiFi supplier branding and commercial advertising must not appear on the post-authentication page. Suppliers can only use their branding on the registration and enrolment page and, if used, the Acceptable Use Policy (AUP) screen. Commercial advertising can only be placed on the registration and enrolment page.


For any further help, please contact NHS England.

Last edited: 2 March 2022 9:44 am