NHS England
NHS / Health Body
Noted
NHS England explains the NHSmail system's security and audit capabilities, noting that an email was recoverable and providing advice to the GP practice on future searches for missing documentation. They also describe the internal process for reviewing PFD reports. (AI summary)
View full response
Dear Coroner, Re: Regulation 28 Report to Prevent Future Deaths – Christopher John Bird who died on 19 September 2024.
Thank you for your Report to Prevent Future Deaths (hereafter “Report”) dated 23 September 2025 concerning the death of Christopher John Bird (“Chris”) on 19 September 2024. In advance of responding to the specific concerns raised in your Report, I would like to express my deep condolences to Chris's family and loved ones. NHS England is keen to assure the family and yourself that the concerns raised about Chris’s care have been listened to and reflected upon.
Your Report raised concerns with the reliability of the NHS.net email system. Specifically, an email sent from the mental health team on 28 August 2024, to confirm the psychiatrist’s approval of Chris recommencing the drug Quetiapine, appeared not to have been received by the GP surgery. The inquest heard that a forensic search for the email had been undertaken by the GP surgery, but it could not be found. The GP surgery and other unnamed surgeries were concerned that emails sent using the NHS.net system had gone missing and were not received, questioning its 100% reliability.
NHSmail
The whole of the NHS in England uses NHSmail, now called ‘NHS Connect’, which is a cloud-based secure encrypted Microsoft 365 email and office platform, utilising Microsoft's latest technology within an agreed Health Memorandum of Understanding (MOU). The technology and security supporting it has various mechanisms in place to address email audit and tracking when required.
NHSmail is used for clinical communications particularly between NHS organisations and best practice advice for its use is available on NHS England’s website. This best practice guidance advises that NHSmail practice inboxes (including generic or shared inboxes, which most GP practices have) should not be used for urgent clinical advice. Your Report does not specify whether the mental health referral in Chris’s case was National Medical Director NHS England Wellington House 133-155 Waterloo Road London SE1 8UG
20th November 2025
routine or urgent, however our investigations indicate that the referral was classified as routine, as detailed further below.
NHSmail is considered a reliable and resilient email platform, specifically designed and maintained for NHS business communications, with systems put in place to protect and recover from common IT failures like outages. While occasional incidents do occur, such as delayed arrival of emails in the destination mailbox, the overall reliability is strong, and service status is closely monitored and reported on the NHS support webpage, with disruptions usually resolved quickly and service continuity prioritized. All users of NHSmail are encouraged to contact their local administrator or service desk if they are experiencing any issues. If these cannot be resolved by the user’s local IT team, then there is a national NHSmail helpdesk which operates 24 hours a day.
Prior to the roll out of NHSmail across England, Clinical Safety Cases, Hazard Logs, and Data Protection Impact Assessments were undertaken to support the delivery of the service at a national level. Clinical Safety Cases are used to ensure any clinical risks, hazards and potential harms are identified prior to deployment and these are managed within either product development or within system adoption methodologies. The model uses joint data controllers and clearly sets out in the requirements of organisations using the service, that they have similar local-level policies in place.
Audit Trail and Tracking
NHSmail provides several layers of audit logging, including the ability for administrators and users to track actions in the NHSmail portal, such as account management, mailbox access, and system changes.
For message-level audit, NHSmail supports requesting read and delivery receipts in both Outlook and through the NHSmail web interface, allowing users to verify if an email has been delivered and/or opened by recipients. This is not an automatic process, and users must select whether they require a delivery and/or read receipt before sending an email.
NHSmail encrypted emails have a tracking log, showing when a recipient has accessed a message, supporting clinical and information governance compliance for sensitive communications.
Emails sent and received are retained on the NHSmail Connect platform for at least 2 years, making them available for forensic discovery and retrospective audit if needed.
These logs and metadata support robust investigations in the case of disputes or concerns about message transmission, delivery, or security events.
Further investigations into this specific matter
Forensic discovery searches are not something that can be done by individuals within a GP practice or their Integrated Care Board (ICB), and NHS England has a standard policy on how forensic searches must be undertaken.
All forensic search requests need to be made via the Helpdesk self-service request process, as published in the NHSmail Forensic Discovery guide.
All forensic search requests for emails or any other data within the NHSmail service are recorded for audit purposes.
NHS England can confirm that no forensic search request was made by the White Horse Medical Practice or their ICB in relation to this case. Therefore, any internal searches conducted by the practice would not have returned the results relating to any emails that had been deleted, whether intentionally or in error.
In light of your Report, NHS England has conducted a full forensic discovery search, the results of which are outlined below.
Search Results
Forensic discovery has confirmed that a referral letter was sent from the White Horse Medical Practice via the electronic referral service (e-RS) to the community mental health team at 8:40am on 28 August 2024 by the GP administration team.
A response email was then sent from the local mental health service ( ), with the subject line ”, which was received by the practice on 28 August 2024 at 11:19am. The email was received into the email account. This is a shared mailbox which is accessible by 16 members of staff at the White Horse Medical Practice.
The email confirms referral to the Consultant Psychiatrist and that Quetiapine was recommended, to be recommenced as per the British National Formulary (BNF) guidelines as it was previously well tolerated by the patient.
In accordance with the NHSmail Clinical Safety Case, the NHSmail service is not intended for the long-term storage of clinical/patient data. Any valuable information contained in an email should be copied and recorded in the appropriate patient record.
The forensic search has also confirmed that the full text of the email from the mental health team had been copied into the patient summary and was available via the practice’s clinical system (EMIS). This indicates that the GP practice received the original email and attached the full email text into Chris’s summary notes, making them available to staff in the practice.
Having copied the contents of the email into the patient record, the original email then appears to have been deleted from the shared mailbox This was good practice by the GP administrators and in line with the NHSmail guidance.
As NHS England only retains an audit log detail for 180 days, it is not possible to confirm who deleted the email or exactly when. However, we have been able to recover the original email from the recoverable-items folder of the shared mailbox, a folder only visible to those undertaking the forensic discovery process.
Emails that are deleted by a user are moved to the recoverable-items folder for the purposes of retention and discovery. Had a forensic search request been made nearer the time (i.e. late 2024 or early 2025), the additional audit data would have been available. This information may be useful to the practice in the future if they believe any documentation to have gone missing or to not have been received.
Additionally, in this case we can see that there were two recorded attempts by the practice to contact Chris by telephone on 6 September 2024 and two online consultation requests by Chris on 13 and 16 September 2024.
I would also like to provide further assurances on the national NHS England work taking place around the Reports to Prevent Future Deaths. All reports received are discussed by the Regulation 28 Working Group, comprising Regional Medical Directors, and other clinical and quality colleagues from across the regions. This ensures that key learnings and insights around events, such as the sad death of Chris, are shared across the NHS at both a national and regional level and helps us to pay close attention to any emerging trends that may require further review and action.
Thank you for bringing these important patient safety issues to my attention and please do not hesitate to contact me should you need any further information.
Thank you for your Report to Prevent Future Deaths (hereafter “Report”) dated 23 September 2025 concerning the death of Christopher John Bird (“Chris”) on 19 September 2024. In advance of responding to the specific concerns raised in your Report, I would like to express my deep condolences to Chris's family and loved ones. NHS England is keen to assure the family and yourself that the concerns raised about Chris’s care have been listened to and reflected upon.
Your Report raised concerns with the reliability of the NHS.net email system. Specifically, an email sent from the mental health team on 28 August 2024, to confirm the psychiatrist’s approval of Chris recommencing the drug Quetiapine, appeared not to have been received by the GP surgery. The inquest heard that a forensic search for the email had been undertaken by the GP surgery, but it could not be found. The GP surgery and other unnamed surgeries were concerned that emails sent using the NHS.net system had gone missing and were not received, questioning its 100% reliability.
NHSmail
The whole of the NHS in England uses NHSmail, now called ‘NHS Connect’, which is a cloud-based secure encrypted Microsoft 365 email and office platform, utilising Microsoft's latest technology within an agreed Health Memorandum of Understanding (MOU). The technology and security supporting it has various mechanisms in place to address email audit and tracking when required.
NHSmail is used for clinical communications particularly between NHS organisations and best practice advice for its use is available on NHS England’s website. This best practice guidance advises that NHSmail practice inboxes (including generic or shared inboxes, which most GP practices have) should not be used for urgent clinical advice. Your Report does not specify whether the mental health referral in Chris’s case was National Medical Director NHS England Wellington House 133-155 Waterloo Road London SE1 8UG
20th November 2025
routine or urgent, however our investigations indicate that the referral was classified as routine, as detailed further below.
NHSmail is considered a reliable and resilient email platform, specifically designed and maintained for NHS business communications, with systems put in place to protect and recover from common IT failures like outages. While occasional incidents do occur, such as delayed arrival of emails in the destination mailbox, the overall reliability is strong, and service status is closely monitored and reported on the NHS support webpage, with disruptions usually resolved quickly and service continuity prioritized. All users of NHSmail are encouraged to contact their local administrator or service desk if they are experiencing any issues. If these cannot be resolved by the user’s local IT team, then there is a national NHSmail helpdesk which operates 24 hours a day.
Prior to the roll out of NHSmail across England, Clinical Safety Cases, Hazard Logs, and Data Protection Impact Assessments were undertaken to support the delivery of the service at a national level. Clinical Safety Cases are used to ensure any clinical risks, hazards and potential harms are identified prior to deployment and these are managed within either product development or within system adoption methodologies. The model uses joint data controllers and clearly sets out in the requirements of organisations using the service, that they have similar local-level policies in place.
Audit Trail and Tracking
NHSmail provides several layers of audit logging, including the ability for administrators and users to track actions in the NHSmail portal, such as account management, mailbox access, and system changes.
For message-level audit, NHSmail supports requesting read and delivery receipts in both Outlook and through the NHSmail web interface, allowing users to verify if an email has been delivered and/or opened by recipients. This is not an automatic process, and users must select whether they require a delivery and/or read receipt before sending an email.
NHSmail encrypted emails have a tracking log, showing when a recipient has accessed a message, supporting clinical and information governance compliance for sensitive communications.
Emails sent and received are retained on the NHSmail Connect platform for at least 2 years, making them available for forensic discovery and retrospective audit if needed.
These logs and metadata support robust investigations in the case of disputes or concerns about message transmission, delivery, or security events.
Further investigations into this specific matter
Forensic discovery searches are not something that can be done by individuals within a GP practice or their Integrated Care Board (ICB), and NHS England has a standard policy on how forensic searches must be undertaken.
All forensic search requests need to be made via the Helpdesk self-service request process, as published in the NHSmail Forensic Discovery guide.
All forensic search requests for emails or any other data within the NHSmail service are recorded for audit purposes.
NHS England can confirm that no forensic search request was made by the White Horse Medical Practice or their ICB in relation to this case. Therefore, any internal searches conducted by the practice would not have returned the results relating to any emails that had been deleted, whether intentionally or in error.
In light of your Report, NHS England has conducted a full forensic discovery search, the results of which are outlined below.
Search Results
Forensic discovery has confirmed that a referral letter was sent from the White Horse Medical Practice via the electronic referral service (e-RS) to the community mental health team at 8:40am on 28 August 2024 by the GP administration team.
A response email was then sent from the local mental health service ( ), with the subject line ”, which was received by the practice on 28 August 2024 at 11:19am. The email was received into the email account. This is a shared mailbox which is accessible by 16 members of staff at the White Horse Medical Practice.
The email confirms referral to the Consultant Psychiatrist and that Quetiapine was recommended, to be recommenced as per the British National Formulary (BNF) guidelines as it was previously well tolerated by the patient.
In accordance with the NHSmail Clinical Safety Case, the NHSmail service is not intended for the long-term storage of clinical/patient data. Any valuable information contained in an email should be copied and recorded in the appropriate patient record.
The forensic search has also confirmed that the full text of the email from the mental health team had been copied into the patient summary and was available via the practice’s clinical system (EMIS). This indicates that the GP practice received the original email and attached the full email text into Chris’s summary notes, making them available to staff in the practice.
Having copied the contents of the email into the patient record, the original email then appears to have been deleted from the shared mailbox This was good practice by the GP administrators and in line with the NHSmail guidance.
As NHS England only retains an audit log detail for 180 days, it is not possible to confirm who deleted the email or exactly when. However, we have been able to recover the original email from the recoverable-items folder of the shared mailbox, a folder only visible to those undertaking the forensic discovery process.
Emails that are deleted by a user are moved to the recoverable-items folder for the purposes of retention and discovery. Had a forensic search request been made nearer the time (i.e. late 2024 or early 2025), the additional audit data would have been available. This information may be useful to the practice in the future if they believe any documentation to have gone missing or to not have been received.
Additionally, in this case we can see that there were two recorded attempts by the practice to contact Chris by telephone on 6 September 2024 and two online consultation requests by Chris on 13 and 16 September 2024.
I would also like to provide further assurances on the national NHS England work taking place around the Reports to Prevent Future Deaths. All reports received are discussed by the Regulation 28 Working Group, comprising Regional Medical Directors, and other clinical and quality colleagues from across the regions. This ensures that key learnings and insights around events, such as the sad death of Chris, are shared across the NHS at both a national and regional level and helps us to pay close attention to any emerging trends that may require further review and action.
Thank you for bringing these important patient safety issues to my attention and please do not hesitate to contact me should you need any further information.