Email (IT)

Email (IT)

Published on: 27th May 2021 | Updated on: 11th February 2026

About NHS.net Connect

Pharmacy owners are encouraged to use NHS.net Connect (formerly called NHSmail) as their main email system wherever possible. NHS.net Connect is a secure, managed service approved for sharing patient information between healthcare professionals.

Although NHS.net Connect has been rolled out nationally, some pharmacy owners may also use other email services. NHS.net is the only NHS-approved method for emailing patient data—but only when both the sender and recipient use NHS.net accounts.

NHS.net Connect

Read more: NHS.net Connect.

Email phishing

Phishing is a type of cyber-attack where someone sends a fake email to trick the recipient into:

Giving away sensitive information, or
Clicking a link or opening an attachment that installs harmful software.

Phishing attacks have become more advanced in recent years.

For training and guidance, see: Data security training and National Cyber Security Centre guidance.

Scam email case study (Feb 2026): GDPR and DPO themed emails

There have been a recent increase in scam emails being sent to community pharmacies.

Some of these messages falsely claim that the pharmacy is under investigation for a data protection or GDPR compliance breach.

These emails can appear convincing at first glance. However, they often feature significant warning signs and should be deleted without responding.

Typical features of the scam

May be sent from free webmail accounts, such as Gmail, rather than official domains used by the NHS, the Information Commissioner’s Office
Claims that the pharmacy is subject to a mandatory GDPR investigation
Threats of urgent deadlines or potential enforcement action

Key reassurance for pharmacy teams

The ICO does not initiate regulatory action through unsolicited emails sent to general inboxes.

NHS England and the DHSC would never direct pharmacies to respond to a private company regarding a GDPR investigation.

Data security guidance including on DPOs can be found on our data security pages and within our Data Security and Protection Toolkit (DSPTK) guidance.

What pharmacies should do

Do not open any attachments.
Do not click links.
Mark it as spam and/or delete
Report suspicious messages to report@phishing.gov.uk.
If the message arrived via an @nhs.net inbox, use the NHSmail phishing‑reporting function.

Mailing lists

An email mailing list is a group of names and email addresses used to send messages to multiple people at once.

Organisations using mailing lists should follow proper procedures and comply with data protection laws.

Top tips

Top tips:

Check your spam folder occasionally—but be cautious of phishing emails that may appear there.
Ask your email provider to flag external emails to help spot messages pretending to be from colleagues.
Use an out-of-office message if no one will be available to reply to emails.

Info for LPCs

Local Pharmaceutical Committees (LPCs) can choose their own email providers. LPCs may also keep mailing lists of pharmacy owners, which often include NHS.net Connect and other email addresses.

There’s no national system for LPCs to automatically receive NHS.net Connect accounts.

Pharmacy owners using NHS.net Connect must complete the Data Security and Protection Toolkit (DSPTK) during each reporting period.

NHS.net Connect doesn’t offer an automatic way to contact pharmacy owners within an LPC area. LPC members who also work in community pharmacies may have NHS.net Connect accounts through their pharmacy role.

Return to the Pharmacy IT hub

For more information on this topic please email it@cpe.org.uk

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
is-pharmacy	30 days	Hides the 'Do you work in community pharmacy?' hero prompt if the user has already selected 'yes'

Latest Digital & Technology news

Pharmacies urged to be alert to GDPR themed scam emails

Data Security & Protection Toolkit 2026: Community Pharmacy England guidance available

Register for our Data Security and Protection Toolkit 2026 Workshop

CPPE launches Digital healthcare learning gateway

NHSmail becoming NHS.net Connect: New Launchpad homepage coming soon

New report sets out opportunity to make community pharmacies cornerstone of neighbourhood health

IT update: More Pharmacy First referrals flowing directly into pharmacy systems

Funding & Reimbursement Shorts: Claiming payment for EPS prescriptions

NHS App research opportunities

NHSmail is becoming NHS.net Connect – what pharmacy teams need to know

Reminder: Prescription Item Reports: Your monthly breakdown of NHS payments

Share your views: NHS App development and scan-to-shelf