How to set up NHS WiFi in secondary care settings
Full technical guidelines, network specifications and technical reporting requirements.
On this page
Technical and security policies and guidelines
Service Set Identifiers (SSIDs) - wireless networks for different groups of NHS WiFi users
Setting up NHS WiFi landing pages
Reporting on usage of NHS WiFi in secondary care
NHS Digital has developed policies and guidelines to help NHS organisations set up and provide NHS WiFi across health settings. Following these policies and guidelines ensures that the service will be secure, scalable and as consistent as possible. There are requirements that must be fulfilled, and guidelines that should be followed but aren't compulsory.
Download NHS WiFi for secondary care settings policies and guidance [262.88KB] for a full list of the technical specifications your chosen solution needs to meet.
You should make sure the service you set up complies with your local ICT policies on:
- Content filtering
- Acceptable use policies
- 'bring your own device' policies
- network capacity planning and monitoring
Each site will have different wireless networks available for different groups of users. You can decide how many you need, but as a minimum, each site must have three networks.
1. Corporate network for NHS WiFi
The corporate network is for staff who have access to patient record systems. It must:
- have protected bandwidth to make sure it's always available
- be secure enough to carry sensitive patient information
- conform to the existing local Acceptable Use Policy (updated to cover WiFi access if necessary)
2. Guest network for NHS WiFi
The guest network is for clinical staff members using a device that doesn't meet the security specification for the corporate site, and business visitors.
3. Public network for NHS WiFi
The public network is for patients, visitors and other members of the public. It provides internet access but isn't suitable for confidential information. It must:
- conform to a local Acceptable Use Policy (AUP): CCGs must make sure an AUP is in place as part of implementation
- block access to illegal or inappropriate content, such as content listed by the Internet Watch Foundation
- use NHS WiFi landing pages to make the user experience consistent across NHS providers. The landing page is mandated and a condition of funding
Funding for secondary care providers is designed to cover a service that will provide basic internet browsing, rather than services that will accelerate bandwidth demand. Services over and above this (for example high bandwidth streaming) are out of scope of central funding and should be met through local funding arrangements.
You must set up the NHS WIFI public network so that every public user accesses NHS WiFi through a consistent NHS.UK landing page.
The NHS.UK landing page encourages the user to access:
- important public health messaging, e.g. via NHS England, Public Health England, etc
- promoted services, such as Patient Online
- health information, such as NHS Choices and other healthcare websites
- Local care setting information
The provider must set up a series of two screens, which take the user through the log-in process:
1. NHS WiFi registration and enrolment screen
2. NHS.UK post-authentication screen
The process must be followed as closely as possible, to maintain any pre-existing functionality that improves local NHS services to the public, such as automated appointment check-in.
Once NHS WiFi is set up, when a return user is recognised and automatically logged in, they will be taken directly to the NHS.UK post-authorisation page.
The NHS.UK post-authentication page must be displayed to all users.
1. NHS WiFi registration and enrolment screen
The registration and enrolment screen (example above) will be developed, hosted and maintained by the provider. It must provide a way for users to:
- sign up to the terms and conditions and Acceptable Use Policy they need to agree to before getting access
- register or re-authenticate with the service
The top banner above the registration form must be NHS blue, colour #005EB8, and include the white on blue NHS logo [1.99KB] and the text 'Register for free NHS Wi-Fi' also in white.
2. Post-authentication screen
The post-authentication screen is hosted and maintained by NHS Digital. The provider must use this url for the landing screen, and must add the ODS code for the local care setting to the query string before calling the post-authorisation page, for example, https://www.nhs.uk/captive-WiFi-portal/post-auth/?ODSCODE=M83050 If it's not possible to use the ODS code of the local care setting, the provider should use the ODS code of the parent organisation. Using ODS codes will enable accurate location-based services to be displayed.
The page currently contains content from NHS.UK. Later, this page will be changed to show local information and services, defined by your ODS code. The provider is responsible for managing updates and maintenance of this local information.
In the future, we will work with you to make this page display local GP practice information, similar to what is provided on these pages:
We're currently investigating what can be extracted from the NHS Choices Provider Information Management Service (PIMS), and will work with CCGs to agree what should be displayed. We expect this to happen later this year.
IP addressing and ports
For access to the landing pages, local url-based filtering should be based on the following:
www.nhs.uk port 80 and 443
We can't provide an IP range because NHS.UK is served via a global content delivery network.
Use of branding and advertising on NHS WiFi landing pages
WiFi supplier branding and commercial advertising must not appear on the post-authentication page. Suppliers can only use their branding on the registration and enrolment page and, if used, the Acceptable Use Policy (AUP) screen. Commercial advertising can only be placed on the registration and enrolment page.
Analytics for the NHS WiFi landing pages
We will collect analytics for the landing pages, and monitor click-through rates to individual landing page icons. This data will help us refine the landing pages and improve the user journey. It won't affect any tracking you are implementing.
Once the solution is fully implemented in all secondary care settings, each trust must submit monthly reports to the NHS WiFi project team on both corporate/staff and citizen/patient activity. Reporting should start on the month after your implementation is complete.
To support the reporting requirement, your WiFi service should be configured to measure the following, for both Corporate/Staff and Citizen/Patient Wi-Fi activity separately, for each individual NHS trust, on a monthly basis:
Number of new registrations
The accumulated total number of new registrations recorded for the WiFi service during the reporting period. A new registration is defined as the generation of a new, unique account to facilitate access for an individual to the WiFi service.
Number of unique devices
The accumulated total number of unique device connections recorded using the WiFi service during the reported period. A unique device should be defined from its MAC address used during the WiFi session, or equivalent unique identifier.
Number of sessions
The accumulated total number of sessions recorded using the WiFi service during the reported period. A session starts from the time a user uses a device to connect to the WiFi network until connectivity is stopped.
Bandwidth usage (GB)
The accumulated total amount of data transmitted/received across the WiFi service during the reporting period.
Usage time (minutes)
The accumulated length of time where active WiFi usage was recorded for all sessions within the reporting period.
Further information will follow on the process for submitting this and the reporting format.We're sharing these reporting requirements with the major internet service providers (ISPs).
For any further help, please contact firstname.lastname@example.org, putting 'deployment query' in the title.