NHSmail is available to organisations with a valid reason to use it. The NHSmail Access Policy provides full details.

Whilst the design and operation of a secure email system is a key part of making sure it is secure, it is also an obligation of users to make sure they use the service properly and without doing anything to compromise the security of the information that they send or receive.

For this reason, every NHSmail user is required to accept the NHSmail acceptable use policy when they register for the service. This is their promise to all NHSmail users and the public and patients we serve, that they will be mindful of the importance of the information that they share over NHSmail.

Information is stored in the NHSmail service for a variety of reasons and is retained in accordance with our policies. The NHSMail Data Retention and Information Management policy defines the scope of data held and details the recovery of data. The process to request this is available in the The NHSmail Access to Data policy on the NHSmail portal help pages. 

Our responsibilities for data protection are explained in the Transparency Information document located within the General Data Protection Regulation section of the NHSmail portal help pages