THIS PAGE IS UNDER REVIEW
With the implementation of Integrated Care Systems (ICS) and Integrated Care Boards (ICB), many organisations are potentially – in year two (beginning April 2023) – due to be marked as closed. This article is being reviewed and will be updated imminently.
This guide outlines the actions Primary / Local Administrators (PLAs / LAs) in England should take in relation to NHSmail accounts when an organisation’s Organisation Data Services (ODS) code is no longer valid (it has legally closed).
Organisations administered by the National Administration Service (NAS) should contact their relevant dedicated email support as outlined in Appendix 1.
ICS policy implementation
Transition Year (April 2022- March 2023)
The current ODS codes used to identify the 106 existing CCGs will be retained, not closed, to identify the former CCG geographical areas (adjusted where necessary to reflect boundary changes). There will be boundary changes to three organisations, which will involve certain elements of users/data/licences being split and moved between organisations.
In this situation, this will require these users/accounts/mailboxes/Teams plus all other relevant capabilities to be moved over to a new ODS code. This needs to be carefully planned and implemented to ensure retention of and access to larger mailboxes, licences, capabilities, and SharePoint quotas are maintained. This guidance will be updated as soon as possible to reflect the steps that organisations involved in the Transition Year boundary changes will need to consider as part of this.
Year Two (April 2023- March 2024)
The Year Two scope for ICBs and ICSs is yet to be defined but it is likely to involve organisations merging and require the users/data/licences to move and merge alongside. This is expected to result in a number of closed organisations and this will require the users/ accounts/ mailboxes/ Teams/ SharePoint plus all other relevant capabilities within the organisations to move over to a new legally open organisation. This article will be updated to reflect any Year Two scope once further information is available.
NHSmail accounts belonging to a closed organisation (an ODS code that has been legally closed) must be moved into a replacement, legally open organisation; either a newly created or an existing organisation.
Organisations regularly merge, close or open across the health and social care sector meaning changes to ODS codes occur. To ensure contact details are correctly reflected in the NHS Directory, NHSmail accounts must be owned by a legally open organisation with a valid ODS code.
NHSmail accounts belonging to a closed organisation (an ODS code that has been legally closed) must be moved into a replacement, legal, open organisation; either newly created or an existing organisation. If you are unsure if your organisation has legally closed, you can check this through two routes which are:
- Via the ODS portal (https://odsportal.hscic.gov.uk/Organisation/Search) where you can input your ODS code in the search tools and it will tell you the status of the ODS code
- Via the NHSmail portal (nhs.net). You will need to log in as an administrator (primary local admin or local admin) and navigate to admin, organisations menu. Search for the ODS code you are an admin of and click into it. Within the organisation details you will see a status as shown below. A closed org will have a status of “Closed”
Primary / Local Administrator preparation
- Run a report in the NHSmail Portal to identify all the NHSmail accounts in your closed organisation – reporting guidance is available in the Portal Local Administrator Guide, in section Information governance > Admin Reports.
Note: for organisations using NHSmail O365 Hybrid, run the Office 365 User License Allocation Report from within the Admin Reports area of the Portal.
- Liaise with your Human Resources (HR) department to find out whether all user accounts will need to be:
- transferred out of the closed organisation and into the replacement / new organisation
- marked as a ‘leaver’ and joined to a replacement / new organisation within 30 days
- marked as a ‘leaver’ and allowed to be deleted from the service
Note: for organisations using NHSmail O365 Hybrid, all NHSmail accounts which have an active O365 licence, will be revoked when an account is marked as a leaver and the data created in the account will remain intact but will not be accessible while in this state, where it will be deleted after 30 days.
If within 30 days, the account is transferred to the replacement / new organisation and an O365 licences assigned, the data and permissions will be reattached to the account.
Ensure when marking accounts as leaver that all disabled accounts, for example those disabled for maternity leave, long-term sickness etc are considered and not just accounts that are ‘active’ or ‘inactive’.
- Find out whether existing shared mailboxes will need to transfer into the
replacement / new organisation.
- If there is a local requirement/policy within your organisation to retain any data within the shared mailbox then please ensure this is carried out before transferring the shared mailbox to the replacement / new organisation or alternatively deleting it. This protects data that is only relevant to the closed organisation.
- For shared mailboxes that are to be transferred to the replacement / new organisation, review all access to these mailboxes and shared folders to protect sensitive or patient information otherwise the original permissions will remain in place.
- Find out whether existing distribution lists (DLs) will need to transfer into the replacement / new organisation.
- Static and dynamic DLs can be transferred into the replacement / new organisation.
- Members of static distribution lists can be exported to a csv file and a new list created. The original DL in the closed organisation can be deleted, if no longer required. Distribution list membership should be reviewed at this time.
- Check for any existing duplicate NHSmail accounts by running the ‘Possible Duplicate User Report’ (reporting guidance is available in the Portal Local Administrator Guide, in section Information governance > Admin Reports) and:
- decide on the account that should be transferred (ensure duplicate accounts are not created for users when transferring between organisations)
- mark as a ‘leaver’ all accounts that are not required to be transferred
- Check for any additional services, for example larger mailbox quotas, and confirm whether the additional services are required to transfer to the replacement / new organisation. The additional services will be lost once the account is joined to a replacement / new organisation.
Note: The replacement / new organisation needs to ensure that an agreement has been signed with Accenture to keep any additional services on the mailboxes when it takes ownership of the account. Details can be obtained from email@example.com
- Work with your users to ensure any role / organisation related data or emails are locally archived in the closed organisation by using locally procured archiving solutions or using Outlook profiles to export content via .pst files.
- For organisations using NHSmail O365 Hybrid, check for guests invited by your organisation by running the Azure AD Guest Access Report.
Note: If any guest accounts are confirmed as no longer required in the new organisation, these can be deleted.
Tasks for the Primary LA (PLA) in ‘Closed’ organisations
- Ensure the organisation(s) which your users are transferring into is listed in the NHS Directory (you will need to be logged into your NHSmail account). If the organisation doesn’t have a ‘shortname’ allocated you’ll need to email firstname.lastname@example.org to set this up, providing the details of the organisation your users need to transfer into including the ODS code
Note: If you do not know what the ODS code is, the published quarterly files are available per organisation type via the NHS Digital website. If the new organisation doesn’t appear in the list, please email email@example.com for guidance. Organisations will be published in the NHS Directory as they become available from the ODS team.
- Ensure the replacement / new organisation has a nominated Primary Local Administrator (PLA). If you wish to become the PLA for the replacement / new organisation, please email firstname.lastname@example.org with the information below.
- Your name, role and current organisation name.
- The replacement / new organisation name and ODS
- If you are not the PLA for your existing organisation, please provide confirmation from the Head of HR or Head of IT in the replacement / new organisation that they support your request (please copy them in your request to email@example.com).
- If you wish to become an additional PLA within your organisation, please contact the PLA in the replacement / new organisation. All PLAs can set up additional PLAs, providing they have administrator rights for the organisation the requestor belongs to.
- Archive any mailbox content not being transitioned to the replacement / new organisation as per local policy.
- Any NHSmail accounts that are identified as needing to transfer into the replacement / new organisation should be marked as a ‘leaver’ and must be joined to the replacement / new organisation within 30 days by the relevant PLA / LA or they will be deleted.
If your organisation uses NHSmail O365 Hybrid, any account marked as a leaver will have their O365 licence revoked. The data remains intact but inaccessible until a licence is re-assigned to the account within 30 days.
Note: If you have PLA rights for both the closed organisation and the replacement / new organisation, you can use the ‘transfer’ function to avoid following the ‘leaver / joiner’ process. Further information is available in the Portal LA Guide > Editing a user account > Transferring a mailbox between organisations. Once the account is transferred and a need remains to continue with NHSmail O365 Hybrid a O365 licence must be re-assigned to the transferred accounts.
- If a disabled account needs to be transferred to a new / replacement organisation, the PLA / LA in the closed organisation would need to re-enable the disabled account before marking it as a ‘leaver’.
The PLA / LA in the replacement / new organisation would need to mark the account as a ‘joiner’ and then disable the account.
Note: If you have PLA / LA rights for both the closed organisation and the new / replacement organisation, you can use the ‘transfer’ function to avoid following the ‘leaver / joiner’ process.
- Mark all accounts that are not required to be transferred to the new organisation as ‘leaver’ and after 30 days they will become eligible for automatic deletion. Make sure this includes any accounts that are disabled (you will need to re-enable any disabled accounts first before they can then be marked as a leaver).
- Transfer any distribution lists or shared mailboxes that will be required in the replacement / new organisation.
Note: Dynamic DLs will keep the old rules but will not work automatically. The owner / PLA will need to ensure the rules are updated otherwise sending to the dynamic DL will fail.
- Any shared mailboxes or distribution lists no longer required should be deleted in the administration tools. Be mindful that once deleted they cannot be restored.
- PLAs / LAs are prevented from creating any new NHSmail accounts in the ‘closed’
- Once the above work is complete, if your personal NHSmail account is still owned by the ‘closed’ organisation, mark it as a ‘leaver’ and ensure it is marked as a ‘joiner’ in your replacement / new employing organisation – don’t do this until all other work is complete.
- Rescind your LA rights for the ‘closed’ organisation (this will not affect your LA permissions in other valid NHS organisations).
Note: If your account is being marked as a ‘leaver’, the LA rights will be removed automatically.
Tasks for the Primary Local Administrator in the replacement / new organisation
Setting up Local Administrator rights in a replacement / new organisation
A Primary Local Administrator (PLA) must be created in every replacement / new organisation (email firstname.lastname@example.org if this hasn’t already been done).
PLAs in replacement / new organisations must:
- ensure they have strong links in place with the closed organisation PLA (if it isn’t the same person)
- mark accounts as ‘joiner’ within 30 days of being flagged as ‘leaver’ by the closed organisation
- assign PLA / LA permissions to support NHSmail administration activities as appropriate
For organisations on the NHSmail O365 Hybrid service, additional steps are required to ensure O365 services continue:
- the LA or PLA must create a new user policy assigned against the new organisation. Guidance on creating user policies can be found within the Hybrid Local Administrator Guide.
- Assign NHSmail O365 Hybrid licenses to accounts. If this is not done within 30 days of marking as ‘leaver’, after 30 days any data created or managed by an unlicensed Hybrid account will be deleted.
Access rights for shared mailboxes, static distribution lists, dynamic distribution lists and Local Administrator permissions
LA rights and shared mailbox, static distribution list (SDL) and dynamic distribution list (DDL) memberships are affected when being moved from one organisation to another.
|Does the membership / permission stay with the user after transition to a new organisation?|
|LA rights Primary/LA/Helpdesk||Shared mailbox
|Static DL membership||
Dynamic DL membership
Accounts managed by the portal administration tools
- After an account is marked as a ‘leaver’, if it is not joined to a new organisation within 30 calendar days it will be eligible for deletion and removed from the NHSmail service.
- Any LA permissions the user had will be removed when their account is marked as a ‘leaver’ or transferred to the replacement / new organisation; this applies to Primary / Local / Helpdesk administration
- A leaver will continue to be able to access a shared mailbox in the ‘closed’ organisation they have left unless the permissions are changed by the shared mailbox owner or until it is deleted.
- Users will continue to be able to access static distribution lists in the ‘closed’ It’s therefore important that PLAs / LAs liaise with users to agree a suitable timescale for deletion.
- Accounts marked as leavers will have their NHSmail O365 Hybrid license revoked and if a licence is not re-assigned in the new organisation within 30 days, any O365 data created or managed by the account will be deleted. This includes deletion of Teams they manage, OneDrive for Business content and SharePoint data.
Need extra help?
Please call the NHSmail helpdesk on 0333 200 1133 or email email@example.com
If you require any further information, please contact the NHSmail Live Service team at firstname.lastname@example.org
Links to further guidance
- NHSmail Leavers and Joiners Management Guide.
- NHSmail Local Administrator Portal Guide – specific guidance for Local Administrators including how to manage leavers and joiners on NHSmail.
- NHSmail Hybrid Local Administrator Guide
Dedicated email support is available for organisations administered by the National Administration Service (NAS), as outlined in the table below.
|Organisation type||Contact details for NAS|