nhsmail office 365 applications deployment · the transition to office 365 (o365) will provide...

of 22

NHSmail Office 365

Applications Deployment Clinical safety considerations

May 2020

O365 Applications Clinical Safety Considerations

of 22

Contents 1. Introduction .................................................................................................................. 3

2. Purpose ......................................................................................................................... 3

3. NHS Clinical Safety Standards .................................................................................... 3

4. O365 Apps and Clinical Use ........................................................................................ 3

5. Overview Core O365 Applications .............................................................................. 4

6. Supporting Services .................................................................................................... 6

7. Appropriate and Inappropriate Use ............................................................................. 7

8. Controlling the Risks ................................................................................................... 8

9. Third-Party Apps .......................................................................................................... 9

10. Next Steps ................................................................................................................. 9

11. More information ...................................................................................................... 9

Appendix 1 – Example Hazards, Impacts and Controls .................................................. 10


of 22

1. IntroductionThe transition to Office 365 (O365) will provide users with access to several 'core' O365

applications as standard. Additional apps can also be made available by the Local

Administrator dependent on the licence type assigned to the user profile. A single NHSmail

O365 tenant will host the apps, and the NHS Directory has been synchronised with the O365

Online directory (Azure Active Directory), allowing users to access the apps with their existing

username and password.

2. PurposeThis document outlines the clinical safety considerations for clinical use in relation to the local

implementation of the NHSmail O365 apps. Local organisations can use this content to

develop their safety case in line with the requirements of the NHSmail Clinical Safety Standard.

3. NHS Clinical Safety StandardsThe NHS has two Health IT clinical safety standards: DCB0129 and DCB0160. These

standards are mandatory under the Health and Social Care Act 2012. The ultimate goal of the

standards is to ensure that HIT systems are developed and deployed safely, having

considered all potential hazards and ensuring that all identified safety-related risks are

proactively managed. To ensure that clinical safety is implemented throughout the entire

system lifecycle, both safety standards must be considered.

DCB0129 DCB0160

Safe development and delivery Safe deployment and use

4. O365 Apps and Clinical UseThe O365 applications are not specifically intended for clinical use, however, as they will be

used in a clinical environment, it is important to consider the clinical risks associated with their

inappropriate or unauthorised use. It is also necessary to ensure that contingency measures

are in place should the whole, or part of, the HIT system become unavailable.

The O365 apps support many use cases, but their overarching purpose is to enhance

collaboration between users, teams, services and organisations, including externally

approved (Allow-listed) organisations. The use of collaboration services involves the

transmission and storage of confidential patient information, and this is associated

with many possible information governance and data security risks. The safety

standards define harm as the "death, physical injury, psychological trauma and/or damage

to the health or well-being of a patient". As a collaboration service, the risk of

psychological harm resulting from the inappropriate sharing or storage of sensitive

information is, therefore, a legitimate hazard for consideration under the standards.

The recommended risk analysis should be conducted within the context of an overall risk

management system in place within the health organisation and broader health information

governance processes. IG and security risks managed in their respective workstreams, for


of 22

example, can be referred to within the Clinical Safety Case, reducing unnecessary duplication.

What is important is to assess the identified clinical risks and where required, ensure that these

are controlled and mitigated.

5. Overview Core O365 Applications The following O365 apps will be made available subject to licence type. The majority of clinical

users will be assigned an E3 license. In addition to the listed apps, all users will have access

to Office on the Web and Office Mobile, enabling them to access Word, Excel and PowerPoint

from any device.

Microsoft O365 App Purpose E3 Default Setting

Core

Exchange Online Email accessible from web-browser, desktop or mobile clients.

Enabled Yes

Forms Produce surveys, quizzes, polls.

Disabled No

OneDrive for Business and Office Online

Personal document storage from any device

Enabled Yes

Planner Team task management. Enabled Yes

Power Automate (formerly Flow)

Streamline repetitive tasks and paperless processes.

Enabled Yes

PowerApps Build apps without the need for code expertise.

Enabled Yes

Search Single, unified and consistent search experience across O365 services/enterprise.

Enabled Yes

SharePoint Online Document management, storage and collaboration.

Enabled Yes

Shifts (formerly Staff Hub)

Scheduling management for frontline workers.

Enabled Yes

Stream Video content management. Enabled Yes

Sway Content and sharing creation Disabled No

Teams Team collaboration space including chat and A&VC.

Enabled Yes

To Do Cloud-based task management application. It allows users to manage their tasks from a smartphone, tablet and computer.

Enabled Yes

Whiteboard Supports creative idea generation.

Disabled No


of 22

Note: Applications above where data does not reside in the United Kingdom will be disabled

by default by NHS Digital – See Data Protection Impact Assessment

The following table provides a summary of the key O365 application features.

EXCHANGE ONLINE

App Summary Key Features

Following the NHSmail refresh, you'll be able to access your emails, calendar and contacts through the Outlook desktop application, via a web browser (Outlook Web Access) and your mobile device.

▪ Seamlessly interact with fellow healthcare professionals

▪ Manage and co-ordinate meetings by sharing your calendar internally or externally

▪ Access your email from any device, anytime ▪ Arrange meetings with colleagues across

your entire health and social care network

TEAMS


You'll now have access to Teams, a hub for collaboration in Office 365. This application will enable you and your colleagues to send instant messages, make internal calls, share, edit and collaborate on files and documents all in one central, secure location. Everything you once did in Skype for Business can now be done in Teams, plus more.

▪ Talk to and collaborate with NHSmail colleagues from different organisations and locations in real-time

▪ Set-up audio and video conference meetings in Exchange Online

▪ Create a Teams site for project work, upload files and collaborate using persistent chat features

▪ Download and access Teams features on your mobile device

SHAREPOINT


Use SharePoint as a unified collaboration space for content, documents and tasks. Create a site and share files with a variety of audiences across NHSmail. Use SharePoint to discover, follow and search for specific files and sites through modern and visual layouts.

▪ Work on documents concurrently with other team members and see changes in real-time

▪ Set-up a structure to manage documentation efficiently across your organisation

▪ Build a landing page that provides updates about important events and news across your organisation

▪ Heavily customise the look and feel of the site to suit your local needs and requirements

ONEDRIVE FOR BUSINESS


With OneDrive for Business, you can upload, store and access work files from multiple devices. This secure cloud service connects you to all your files so that you can create and collaborate from anywhere, at any time.

▪ Upload, share and work on documents in real-time with different people and teams

▪ View and edit files on the go with the OneDrive mobile app

▪ Collaborate across organisations with anyone inside the NHSmail network

Yammer Social networking across the organisation

Disabled No


of 22

▪ Collaborate with approved guest user accounts

STREAM


Stream is a video service that allows you to create, share and interact with videos across your organisation. Share recordings, meetings or training sessions with individual colleagues or wider teams to aid collaboration and learning. Watch videos from across your organisation, in one central hub, at a time convenient for you.

▪ Upload, view and share relevant training videos across the NHS network

▪ Use video to share success stories ▪ Connect and collaborate virtually with

healthcare professionals across the NHSmail network

▪ Deliver more compelling and impactful communications through video, which can be embedded into other O365 applications

BOOKINGS (private beta users only)*

Microsoft Bookings is an appointment scheduling app that helps keep track of bookings across team calendars. Bookings can be used by a central administrator to schedule appointments on behalf of a team or service. Appointments made in the Bookings app will appear in the users Outlook and Teams calendars. The combination of these three apps provides a simple to use service for undertaking patient consultations.

▪ Configure team booking calendars and control the membership of each

▪ Schedule appointments across one or more team calendars

▪ Set appointment email reminders and reminder intervals

▪ Publish pre-configured appointment slots for direct booking

▪ Control who can view, book or delete/reschedule appointments

▪ Integration with Teams and Exchange Online Outlook calendars

* Bookings is currently only being used by a subset of users as a Virtual Visits private beta deployment.

6. Supporting Services To access the O365 applications users' login to the NHSmail service using their existing login

credentials. Microsoft's cloud-based identity and access management service enable this

process.

AZURE ACTIVE DIRECTORY

The Azure Active Directory (Azure AD) enterprise identity service enables users to access the O365 apps seamlessly, on any device. A copy of the NHSmail Directory is held on the NHSmail O365 tenant and is kept in sync so only authorised users can access the online resources.

▪ Single-Sign-On (SSO) using existing NHSmail login credentials

▪ Strong authentication and conditional access policies

▪ On-premise and Online directories maintained in sync

MULTIFACTOR AUTHENTICATION

Multifactor Authentication (MFA) provides an additional layer of security when signing into NHSmail via a web browser or mobile app. Currently, Local Administrators have MFA enabled on their accounts as standard. Users sign-in to their account using their username and password, and additionally, a one-time passcode, which is

▪ Access to Portal protected even if the user password is compromised

▪ Can be used without network connection if authenticator app is used


of 22

sent to the users registered mobile device via a text message, or the MS Authenticator App can be used.

7. Appropriate and Inappropriate Use Below are some examples of appropriate vs inappropriate use.

O365 App Appropriate Use Inappropriate Use

Teams Hosting an online consultation with a patient after assessing their suitability. Verifying their identity, recording consent and updating the clinical notes as soon as the meeting has concluded.

Hosting a video consultation without a clear understanding of the contingency plan should the patient be unable to access the service or if it was to fail during the session. Failing to maintain the patient health record.

Exchange Online Using NHSmail (nhs.net) to send patient confidential patient information, such as a discharge summary, to the patients GP and using the NHSmail encryption service when sending email to non-nhs.net recipients.

Emailing patient confidential patient information to a non-secure email address, e.g. the patient's Gmail account, without using secure encryption.

SharePoint Using a secure folder to share a patient assessment with the multi-disciplinary team before the meeting. Permissions management is used to limit who can view the file and what actions can be performed, e.g. editing, deleting or downloading. The file is uploaded to patient health record following the meeting and subsequently removed from the SharePoint folder.

Sharing of patient assessment in a public folder without restriction. Content retained indefinitely and patient health record updated with delay or not at all.

OneDrive for Business Updating patient assessment on a secure mobile device (using mobile device management policies) and then uploading it to the patient health record before deleting it from the OneDrive app.

Continuing to maintain the patient assessment on a mobile device that is not secure and neglecting to upload it to the patient health record and remove it from the app once updated.

Stream Sharing of patient case review recording in a private folder and only to authorised members who were unable to attend the meeting. Permissions have been set to prevent downloading and further sharing of the file.

Sharing of a file in a public folder without restricting who can access it or what actions can be performed on the file.


of 22

8. Controlling the Risks Once the risks have been identified, controls can be put in place to manage the risks. The

following table provides an example of the most commonly used control types and how each

can be used to manage the risks associated with the use of Teams for patient consultations.

Control Type DCB0129 DCB0160

Service Management / Service Desk Add O365 health status to the NHSmail Portal Service Status page.

Service Desk should be aware of the most commonly encountered troubleshooting issues to resolve issues quickly.

Policy Update NHSmail Acceptable Use Policy to O365 apps.

Local policies should be updated to cover the acceptable use of the Teams app. These should be communicated, maintained, and compliance monitored.

Standard Operating Procedures Produce SOP for hosting patent consultations, clearly defining contingency measures in the event of failure.

Training and Guidance Teams guidance materials produced added to NHSmail Portal, covering usability, system requirements and installation.

Ensure end-users of aware of Teams guidance and offer additional training where required. Customise training for patients.

System Design O365 Teams is a high availability service and all data is encrypted in transit and at rest.

Asses network bandwidth to ensure it is sufficient to support use of Teams app without any performance issues.

Configuration Asses the O365 apps and make any configuration changes to protect patient confidential information, e.g. Data Loss Prevention Policies.

Ensure Mobile Device Management policies have been configured for users accessing NHSmail apps, such as Teams on their device.

Test Assurance Application integration testing has been undertaken to ensure that global configuration settings have been applied that the core functions and

Test any local business process changes required to support remote patient consultations using Teams.


of 22

features operate as intended.

Communications Communicate Teams guidance to Local Administrators through the Portal, LA Bulletin and Webinar.

Communicate Teams service to end-users and ensure guidance materials, policies and SOP are made known.

9. Third-Party Apps Some apps, in particular Teams, provides access to additional services, such as Zoom video

and bots that can be integrated to clinical systems, using middleware such as Medxnote to

support clinical messaging workflow, e.g. communication of lab results. These apps are not

part of the NHSMail core service offering and should be assessed by each organisation as

part of their DCB0160 responsibilities.

10. Next Steps Compliance with the DCB0160 standard does not need to be an onerous activity. It should be commensurate with the degree of clinical risk associated with the HIT system. How the O365 applications are used will differ between organisations, and so this can only be determined at a local level. Organisations already have policies in place that can be used, for example, email, information governance and record-keeping policies. These can be updated and referenced within the Hazard Log to create a traceability to the hazard controls.

The NHSMail Portal help pages provides guidance for all of the O365 applications and

services, including an encryption guide for NHSmail, O365 Teams deployment and information

governance considerations guide and Mobile Device Management guide. The NHSmail

Acceptable Use Policy, which all users are required to accept before accessing the NHSmail

service, also includes key areas of consideration that can be used to develop the Hazard Log.

Some example hazards impacts, and controls have been provided in Appendix A to support

you in developing your Hazard Log.

Reminder

▪ Email delivery is not guaranteed

▪ Users should comply with the NHSmail Acceptable Use Policy

▪ The patient health record should always be maintained

11. More information Further information on the NHSmail O365 Service is available from NHS Digital by contacting the NHSmail helpdesk.

https://support.nhs.net/service-status/

https://support.nhs.net/knowledge-base/acceptable-use-policy/

https://support.nhs.net/knowledge-base/acceptable-use-policy/

of 22

Appendix 1 – Example Hazards, Impacts and Controls

Overview

The following table includes an example of some O365 app hazards, together with their potential causes and controls. The list is not intended

to be exhaustive but has been provided to support local organisations to develop their own Clinical Safety Case and Hazard Log.

Application Area Hazard Name Description Impact Example Controls

Exchange Online Email Failure to undertake mailbox hygiene

End-user may not undertake routine mailbox hygiene.

Mailbox quota exceeded, preventing the receipt and sending of emails.

Local Administrator can use the mailbox report to proactively support users to manage their mailbox so that it does not reach its limit.

Exchange Online Email End-user neglect/memory lapse

End-user neglects to update the patient health record or forgets to do so.

Clinical decisions are taken without full knowledge of clinical information.

Local organisations should have clear policies on record keeping, including the transcription of electronic communications.

Exchange Online Email Email encryption requirement

End-user is unaware of the requirement to use email encryption when sending confidential patient information to a non-accredited or non-secure email or is unaware of how to use the functionality.

Confidential patient information may be compromised.

NHSmail Portal help pages includes guidance on the importance of using email encryption in protecting confidential patient information, including how to apply the secure encryption keyword tag and use of the Outlook 'Set Permissions' feature.

Exchange Online Email Encryption classification selection

System error preventing the selection of the Secure Classification from the drop-down list within Outlook.

User unable to apply encryption classification.

User can add [secure] free text label to the email subject field.

Exchange Online Email Encryption keyword tag

End-user error in applying the subject line 'secure' keyword tag to the email.

Encryption may not be applied

Label not case sensitive and can be placed


of 22

anywhere in the email subject field.

Exchange Online Email Removal of secure keyword encryption tag from the email

End-user removes the secure encryption keyword tag from the email chain and forwards the email to one or more newly added email recipients.

Encryption may not be applied

Encryption will persist even if emailed forwarded to additional users.

Exchange Online Email Malicious actor

NHSmail system is targeted by external or internal intrusion attempts, e.g. phishing, permission override

System or service may be compromised

Email gateway content filtering is performed to remove malicious content.

Exchange Online Email Password policy

Weak password used, password compromised, e.g. shared by the user or stolen/leaked.

NHSmail account may be compromised

NHSmail enforces complex password setting rules.

Exchange Online Email Mobile device compromised

Data on the end-user mobile device is compromised, e.g. the device is hacked, data is unprotected at source or rooted device is used.

Confidential patient information is compromised

NHSmail Mobile Device Management policy can block and remote wipe devices that have become compromised.

Exchange Online Email Shared Mailbox membership

A user may be added to a Shared Mailbox (SMB) in error, either by the Local Administrator during set-up or by the SMB owner following its creation.


SMB membership should be actively managed by the mailbox owner, and a verification step following its creation should be used.

Exchange Online Email Contact selection error

End-user error in selecting intended recipient contact details, e.g. email auto-complete feature error or selection of incorrect contact from NHS Directory.

Confidential patient information is compromised.

The autosaved email addresses can be deleted, or the user can disable the autosave feature.


of 22

Exchange Online Email False positives

Message hygiene capability prevents the exchange of legitimate email, referred to as a 'false positive' (A false positive occurs when a website, URL, infected file, or email message is incorrectly determined by Gateway filtering software to be of an unwanted type).

Email delivery failure Delivery and Read receipts can be used.

Exchange Online Email Email account monitoring

End-user fails to monitor their email account or ensure other NHSmail users or patients are aware when it is not being monitored.

Delays or omissions in care delivery.

Users can indicate when they are unable to access their email, for example, when on leave or sick, by using the out-of-office function.

Exchange Online Email End-user awareness End-user does not request an email delivery or read receipt.

The sender is unaware that email has failed to reach the intended destination

The sender should confirm safe receipt of the email by contacting the intended recipient.

Exchange Online Email Receipt failure Egress system failure to provide receipt during email transmission.

The sender is unaware that email has failed to reach the intended destination

The sender should confirm safe receipt of email by contacting the intended recipient

Exchange Online Email Browser incompatibility

End-user is unable to receive an email using a browser that is unsupported by Egress.

Recipient unable to access the encrypted email

NHSmail Portal help pages includes guidance on the minimum system, browser and device requirements needed to install and use the Egress Email Encryption and File Transfer Desktop Client.

Teams Instant Messaging

Missed message chat Message chat is missed, e.g. end-user fails to notice, or feature is

Delays or omissions in care delivery

Local organisations should ensure that a policy is created/updated to include IM&P acceptable use.


of 22

inconsistently used across team or service

End-users should be required to always ensure that messages relating to patient activity are received; users should never assume receipt or that messages have been read or actioned.


Message chat shared inappropriately

Confidential patient information accidentally shared in chat message with users who do not have a legitimate need to access the information.


A Forensic Discovery request can be used to investigate suspected data breaches. Details of the submission process are available in the NHSmail Portal help pages. Content search includes Chat and Channel Messages, Meetings, and Calls can be performed.


Unauthorised access to instant messages

Message chat may become compromised if the end-user device is not secure or if the user fails to comply with local IG and IM&P policies.


The IM&P applications are password-protected, and data is encrypted in transit and at rest.

Teams Audio & Video Permitted use

A&VC service is accessed by end-user who does not have the authorisation to use the application.


End-users should comply with local password protection policies, they should not be shared, and if stored, this must be done securely and always in accordance with local IG policy

Teams Audio & Video Desktop sharing

User shares full desktop and information is unintentionally shown, which is not for the intended audience.


Procedures and guidance to ensure that users only share the minimum amount of information and only after ensuring all attendees


of 22

have a legitimate need to view the content.

Teams Audio & Video Recording storage

A&VC recordings containing confidential patient information may be stored on a user's personal device or local hard drive without appropriate security, e.g. file encryption and password protection.


Teams recordings are uploaded to Stream, and folder permissions can be used to controls end-user actions, such as upload/download and sharing.

Teams Audio & Video Recording consent

Recording of confidential patient information without the consent of the meeting participants.


The local organisation will ensure that their consent policies are updated to include the use of NHSmail services or applications.

Teams Audio & Video Audio and Video (A&VC) performance

Bandwidth is insufficient to meet the demands of the remote conferencing/consultation services (bandwidth consumption will vary based on several factors, such as video layout, video resolution, and video frames per second).

Consultation is not possible due to jitter/latency or drop out.

A Quality of Service configuration can be used to prioritise packet delivery for video content.

Teams Audio & Video Storage of A&VC meeting files and notes

Documentation or notes made or received during A&VC meeting are not stored securely.


Each Teams site has a SharePoint documents folder associated with it, where stored content is encrypted and access to it is controlled.

Teams Audio & Video System requirements

The A&VC software is unavailable for download, or the patient is unable to install it onto their device, e.g. phone setting policies or software version may

Unable to provide video consultation

Patients who are unable, or do not wish to download the mobile or desktop app, can access Teams through the web-browser.


of 22

limit what apps can be installed.

Teams Audio & Video Teams application usability

End-user is unable to operate the A&VC software, preventing them from accessing or continuing with the consultation, e.g. may be unable to activate the camera or microphone.


If the patient is experiencing usability issues that are so significant that the video consultation cannot safely continue, an alternative communication channel can be used, e.g. revert to a phone call or offer a face-to-face appointment.

OneDrive/SharePoint Document Management

Data breach

Confidential patient information may be compromised, e.g. unauthorised account access, data shared with an unintended recipient or intercepted during transit.


Data Loss Prevention policies have been configured to protect sensitive information, e.g. can identify any document containing an NHS number that is stored in any OneDrive for Business or SharePoint site and prevent it from being shared. Alternatively, a policy tip can be displayed to the user with IG guidance, which can be overridden, but is audited. Additional DLPs can be configured by organisations to meet local IG policy and service requirements.


Version control

The lack of a structured version control mechanism may result in end-user confusion and delay when attempting to retrieve the most up to date patient information.

End-user confusion in locating the most recent documentation.

SharePoint version control can be used to track and manage stored content, including check out/in feature.


of 22


Default sharing rules

Information sharing rules may be too restrictive, preventing the legitimate sharing and viewing of patient information.

If a user does not have access to a site, library or file they can use the access request feature to submit a request to the resource owner who can accept or reject the request.


File deletion

File containing patient information may be accidentally deleted, resulting in the loss of patient information.


When files are deleted, they are sent to the 'first-stage' Recycle Bin and can be restored by the end-user if within the 93-day recovery period. When an end-user deletes a file from the first-stage Recycle Bin it is sent to the 'collection' Recycle Bin where it can be recovered if within the 93-day recovery period. After 93 days the local Administrator can raise a service request to the Contractor Service Management Team and if within the 180 global retention period the content can be restored


Unable to locate file End-user may be unable to locate the stored patient information.


By default, all uploaded files are indexed and searchable. The Site owner can also search the Audit Log to see what actions have been performed on missing or hidden content


Storage capacity reached

Storage capacity is reached, preventing the uploading, editing or saving of new content.


Local Administrators can manage SharePoint site quotas and distribute


of 22

according to local team and service requirements


File size/type Unable to upload file, e.g. due to file size, type or file naming restriction.

Delays or omissions in care delivery.

All commonly used file types are supported, and guidance is provided on the NHSmail Portal help pages


File upload sync

File or library fails to synchronise.

Document changes not captured.

Synchronisation is also possible in offline mode.

Bookings (private beta only)

Scheduling Bookings calendar retrieval

Booking administrator is unable to locate or access the appointment calendar/s.

Unable to schedule a patient appointment.

Local organisations should ensure that the calendar naming logic used in the Bookings service is communicated to each team member.


Scheduling Appointment email is not sent/received

End-user may fail to attend the consultation if they do not receive confirmation of the appointment, e.g. appointment confirmation email not sent, not received, or received but not seen or accidentally deleted. (the automated sending of Bookings appointments does not support delivery/read receipts).

Delay as patient appointment needs to be rescheduled

The Bookings app enables appointment reminders to be set, both for the patient and any end-user added to the invite (so long as they have an Exchange Online account). Reminder emails are sent as soon as an appointment is booked, cancelled or rescheduled, and they should be used to reduce the risk of non-attendance.


Scheduling Appointment conflict

The appointment is double-booked into the calendar appointment slot, causing a conflict and possible end-user confusion.

Delay as patient appointment needs to be rescheduled

Where more than a single appointment booking system is being used, the local organisation should ensure that a clear process is in place to mitigate against the risk appointments being omitted, duplicated or


of 22

erroneously cancelled or rescheduled.


Scheduling Calendar permissions Calendar permissions do not support user workflow

Delays in the booking and amendment of patient appointments.

The Bookings app roles can be allocated to support local business process and clinical workflow, e.g. a clinician can be allocated an administrator role if they are required to self-manage their appointment schedules.


Scheduling Bookings app unavailable

The Bookings app is unavailable

Unable to schedule new appointments or make changes to existing appointments.

Local organisations should ensure that the Business Continuity and Disaster Recovery plan provides contingency if the Bookings app is unavailable, covering how existing and new appointment bookings will be managed.


Scheduling External users

Users that have not migrated to Exchange Online or persons that the patient wants to attend the consultation with will not receive an automated appointment email, reminder email or any subsequent workflow notification email following any changes to the scheduled booking.

Additional attendees fail to attend the consultation.

End-users and patients should be provided with guidance on how to invite external users to participate in a consultation. This should also cover appointment reminders and their limitations so that all users are aware that any edits made to an existing appointment will not automatically notify external users.


Scheduling Appointment synchronisation failure

When an appointment is scheduled in the Bookings app, it should immediately synchronise with the users' Outlook and Teams

Failure to attend the appointment.

Local organisations should undertake testing on any newly configured calendars to ensure that appointments made in the


of 22

Calendars. Errors in the calendar sync process may result in the appointment not showing in the calendar.

Bookings app populate the member calendars and that the appointment details match.


Scheduling Booking confirmation

When scheduling an appointment using the Bookings app, no on-screen confirmation is presented to the user to indicate that an appointment has been successfully booked.

User is unaware that an appointment has not been scheduled, resulting in delay or omissions in care

After scheduling an appointment, the Administrator should verify the appointment details by checking the Bookings calendar screen.


Scheduling Appointment confirmation response misalignment

When an appointment is scheduled in the Bookings app, it will immediately synchronise with the user's Outlook and Teams Calendars. The user can then accept, reject or tentatively accept, but these responses only apply to the user's calendar, and not the original booking, e.g. a declined appointment will remain active in the Bookings app.

The declined appointment is not removed from bookings schedule, resulting in delay or omissions in care

Local organisations should have procedures in place to manage end-user appointment responses, ensuring that the Bookings calendar is updated as soon as an end-user rejects an appointment. Tentative acceptance also needs to be monitored so that there is no ambiguity in the appointment acceptance status.


Scheduling Calendar membership acceptance

When a Bookings calendar is created by the global Administrator (Accenture) each user must be added as a member to enable appointments to be scheduled by the Bookings administrator. The calendar membership

Appointments cannot be scheduled for team members, resulting in delay or omissions in care

When an end-user is added to a calendar by the Bookings administrator, they will receive an email to notify them of this. An important action message will be displayed in red font, alerting the user that they must approve their membership.


of 22

must also be accepted by the end-user before an appointment can be scheduled. The system will not update the bookings administrator to let them know that this has been done. Delays to membership acceptance may result in appointment delays.

All O365 Apps Active Directory

Active Directory synchronisation failure

Component failure or configuration error prevents synchronisation of the end-user objects.

Local and Online directory mismatch, may result in unauthorised access to O365 applications

The Local Administrator should verify that the end-user access has been removed following the AD synchronisation process.


Active Directory synchronisation delay

Delay or failure of Azure Active Directory Connect to synchronise end-user user objects/password, e.g. Data validation failure, duplicate attributes, sync capacity threshold reached.

User is unable to authenticate and access their NHSmail account.

A validation failure reason will be displayed on-screen to the end-user.


Network connectivity Network connectivity. User is unable to authenticate and access their NHSmail account.

Only the replication process is dependent on site to site connectivity. Each data centre will remain site-independent which ensures AD services are not be impacted should the site to site link fail.

All O365 Apps Access Password management

Invalid password/account lockout/expired password.

Unable to access NHSmail account.

End-Users can use the self-service password reset feature or contact the Local Administrator who can perform an account unlock.


of 22

All O365 Apps Access System set-up Desktop/device/Client - Setup or configuration is incorrect.

Unable to access O365 resources.

An O365 Refresh guide is available on the NHSmail Portal detailing the system requirements and pre-requisites.

All O365 Apps (Local Admin)

Authentication MFA server

MFA server failure prevents the processing of MFA requests, e.g. processes on the MFA backend leading to resource exhaustion to complete end-user authentication requests.

Local Administrator may be unable to access Portal and carry out admin activities such as account unlock, password reset and account creation.

Local business continuity plans should ensure that no Local Administrator is the single point of failure and that in the event of MFA outage, authenticated users should remain logged into their accounts to allow end-user administration activities to continue.


Authentication Verification code

The MFA verification code is requested by the end-user, but it is not received, or the user is unaware that it has been delivered.


End-user should ensure that the notification settings on their mobile phone are enabled so that phone calls, messaging app, or authentication app, such as Microsoft Authenticator, sends the alerts. (push notifications are not required, but they are a useful alert and help to ensure that the verification method is completed in a timely way).


Authentication Authentication device

The end-user device that has been registered to receive the MFA verification code is unavailable, inactive or does not have network access.


NHSmail Portal help pages include an MFA guide, which includes the app methods available, registration and set-up and sign-in instructions.


of 22


Authentication MFA configuration

Microsoft MFA Authenticator app cannot be downloaded or fails to function.


NHSmail MFA policy allows the user to receive the verification code using several methods, including phone call and SMS.

nhsmail office 365 applications deployment · the transition to office 365 (o365) will provide...

Documents