Using mobile devices within pharmacies

Pharmacy owners may choose to allow staff to use personal devices for work under a BYOD policy.

Research shows that across many sectors, staff often use personal devices for work—even when policies don’t allow it. BYOD policies are becoming more common in health and care settings. These policies should clearly explain what’s allowed and what’s not.

NHS England’s data security guidance (from the COVID-19 period) advised:

Staff can use personal NHSmail accounts via the Outlook app on smartphones (see section below). Also see the ‘Data security’ section of this page.

Pharmacy owners may wish to download and adapt:

Template 8B: BYOD and NHSmail policy (see DS templates webpage).

NHS England previously stated that BYOD policies remain “more important than ever.” There is central guidance is available via NHS England Cyber and data security hub and the NHS England IG portal.

NHSmail works on mobile devices and can check if the device meets security standards—like having a passcode and a recent operating system.

You can use NHSmail via the Microsoft Outlook app or a secure web browser. More info: NHSmail.

If you’re using NHSmail on a mobile device, keep in mind:

• Use passcodes or biometric security
• Set auto-lock in case the device is lost or stolen
• Prevent others from accessing the device
• Turn off message previews on the lock screen if needed
• Enable remote wipe in case of theft
• Keep apps and operating systems updated
• Review storage and archive settings
• Only connect to trusted WiFi networks (avoid public hotspots)

If a staff member leaves, remove NHSmail from their device and unlink personal accounts from shared mailboxes

See the BYOD section above for template policies that include NHSmail guidance.

Some system suppliers are testing mobile-friendly solutions—like giving laptops, tablets and smartphones secure access to clinical IT systems.

The Community Pharmacy IT Group (CP ITG) supports suppliers with greater mobile device use, and the item remains listed on the IT supplier wishlist.

NHS England is exploring wider use of mobile devices in NHS IT—for example, using virtual Smartcard certificates.

More info: NHS Care Identity Service 2.

The Data Security and Protection Toolkit includes a question about mobile device usage and  encryption.

This only applies to devices that directly process patient data—such as those provided by IT  suppliers and linked to Spine/EPS. IT suppliers confirm that these devices include appropriate encryption.

Personal devices that don’t handle patient data aren’t covered by this question. If you use a laptop that processes patient data, check with your IT support to confirm encryption is in place.

See the ‘Bring your own device policies’ section above.

More info: cpe.org.uk/ds

Avoid accessing sensitive work content over public WiFi hotspots. These networks are not secure and pose a risk to patient data.

Helpful tips for mobile device use:

• Set auto-lock and use it consistently
• Use secure passcodes or biometrics (NCSC recommends three random words, e.g. ‘planeyellowbread’)
• Keep your operating system and apps updated
• Connect only to secure WiFi networks
• Be cautious with downloads to avoid viruses
• Explore pharmacy staff apps that may support your work
• Use NHSmail via the Outlook app
• Remember: standard mobile apps are not a substitute for clinical systems
  

Return to the Pharmacy IT hub; Data security and information governance or IT A–Z index