Using mobile devices within pharmacies
Published on: 10th April 2020 | Updated on: 22nd May 2023
As technology improves and the NHS begins to incorporate more digital systems, pharmacy teams will start to benefit more from using mobile devices within their pharmacy premises – e.g. laptops, tablet devices and smartphones.
These mobile devices may be owned by the contractor or multiple head office, and some contractors may implement ‘bring your own device’ policies.
Work is being undertaken so that mobile devices can be more integrated with PMR and NHS systems, and so that the burden of using systems to record and view information is reduced.
Contractors may have a bring your own device (BYOD) policy which allows certain use of personal devices for work purposes.
Studies suggest that across sectors, employers are unable to stop staff using personal devices for some work and the use of BYOD policies are increasingly common within and outside of health and care. Such policies should set out what type of use is allowed and what type of usage is not.
NHSX data security guidance issued during the COVID-19 pandemic explained: “You can use your own devices to support video conferencing for consultations, mobile messaging where there is no practical alternative. Reasonable steps to ensure this is safe include: setting a strong password; using secure channels to communicate e.g. tools/apps that use encryption; and not storing personal/confidential patient information on the device unless absolutely necessary and appropriate security is in place.”
Personal NHSmail can be used within Smartphone Outlook app (see section below). See also the ‘Data security’ section of this webpage.
Pharmacy contractors may wish to download, adapt and use:
NHSX have communicated that Bring Your Own Device policies are ‘now more important than ever’. NHSX BYOD guidance is available from within the NHSX IG portal.
NHSmail works on mobile devices. It can auto-detect whether the device is suitably secure e.g. passcode and a recent operating system.
NHSmail may be used with the Microsoft Outlook smartphone app or within suitably up-to-date web browsers. Additionally, consider information at: NHSmail.
Pharmacy NHSmail users that wish to use NHSmail on mobile devices will also have to be aware of various practical considerations, such as:
- Passcode/biometrics settings.
- Auto-lock options if the device is not used for a period (in case of theft)
- Preventing access by others.
- Considering adjusting auto-preview of messages on home-screens if required.
- Having the ability to remotely wipe the device if stolen.
- Keep devices and apps up to date – so that security patches are applied.
- Storage and archive settings.
- Only connect to trusted WiFi networks e.g. avoid accessing sensitive data via public WiFi such as coffee shop WiFi which is less protected.
- Processes if a member of staff will leave the pharmacy (the account may be removed from the personal Outlook app and the staff member or pharmacy team may unlink the personal account from the shared pharmacy mailbox once this becomes required).
See also BYOD template policies which include NHSmail clauses (section above).
Your system suppliers may be further piloting and exploring use of more mobile devices within pharmacies – e.g. laptops, tablet devices and smartphone being given appropriate access to patient medication record (PMR) information.
NHS Digital continues to explore greater usage of mobile devices for NHS IT, for example the use of mobile devices which include virtual Smartcard certificates. Read more at: NHS Care Identity Service 2.
The Data Security and Protection Toolkit (Toolkit) includes a question about use of mobile devices and encryption.
The scope of the question is limited to mobile devices directly processing patient data e.g. mobile devices that may have been provided by PMR supplier and linked to Spine/EPS. PMR suppliers have explained where they provide a Spine-linked mobile device suitable encryption protection is in place. Personal devices not processing patient data are not within the scope of the question. If you use a laptop and patient data flowing through you may wish to check with your IT support that encryption is in place.
See also the section ‘Bring your own device policies’ on this webpage.
Read more about data security and the Toolkit, and the mobile device questions at: cpe.org.uk/ds.
Staff should be aware that access of sensitive work via a mobile device to sensitive work content over public WiFi hotspots is not appropriate because of the security limitations with public hotspots.
Some suggested tips:
- Locking or maintaining auto-lock settings are particularly important for your mobile devices.
- Use secure biometric options or secure passcodes /passwords: NCSC recommend that a strong and memorable password is created by choosing three random words, e.g. ‘planeyellowbread’.
- Keep your operating systems up-to-date to protect security.
- Connect to secure WiFi, and act cautiously if connected to free hotspots.
- Be cautious of downloads in case of virus risk.
- Learn about pharmacy staff apps which you could add to your device.
- Consider using NHSmail with Outlook mobile device apps
- Standard apps for mobile devices are not replacements for your clinical systems.
If you have queries on this webpage or you require more information please contact firstname.lastname@example.org. To share and hear views about digital developments with like-minded pharmacy team members, join the CP Digital email group today.
Go to the IT webpage: Mobile messaging
Go to the IT webpage: NHSmail
Return to the IT section: Pharmacy systems & apps
Return to the IT section: Communications across healthcare
Return to the IT section: Data security and information governance