This is the new security upgrade that for most doctors in training prevents file downloads on non-NHS Lothian computers. The official Comms said it would have a small impact MCAS Comms (sharepoint.com) but a Trickle has attracted over 50 comments and a lot of emotion. Trainees had become used to using their work emails for more things, especially after it was sorted to allow their nhs.scot email to progress with them throughout a rotation through different health boards.

MED engaged with Lothian’s Digital & IT Department to prepare the following set of FAQs

1)      What is MCAS Cloud Security?

a.       This keeps the organisations data within the cloud and for the most part prevents files being downloaded, especially onto personal devices. It has been set up to allow download to OneDrive and to trusted devices such as NHS Lothian Laptops, and Office files [word/excel] can be easily previewed.

b.      It is relevant to any large organisation and is common outside the NHS. It is particularly important when thinking of clinical data to prevent this being shared outside NHS Scotland. This is usually accidental, but there have been ongoing data breaches which MCAS will help contain. Whilst we know most doctors are sensible and conscientious, it is the organisations view that the ongoing breaches justify this level of restriction for all.

c.       We also need to maximise the benefits that the NHS can get from the whole Office 365 package including using it for clinical purposes. This is not possible without excellent security. When Office 365 and Teams were rapidly rolled out during the pandemic, some security issues were put on hold to enable rapid deployment – but before we can use it clinically [see here for a blog post from Microsoft about what is possible]. There are three main things that need to be sorted before this innovation can occur:

                                                               i.      turning on MCAS, which has happened in Lothian and other boards will follow soon

                                                             ii.      making sure all MS Teams teams/channels have a home board, by ensuring they are prefixed by letters like NES/NHSS/LOTH

                                                            iii.      setting up a national identity management system [eg so if you work across two boards the system knows this is the same person].

d.      Now that MCAS is turned on, it IS safe to access NHS emails on a personal device – with certain restrictions as outlined in this guide which also has some helpful tips. Accessing Office 365 on a Personal Device (sharepoint.com)

                                                               i.      It is far less safe to forward work emails to a personal email as this means you risk forwarding on clinical information by accident.

2)      Why can’t I download PDFs?

a.       PDFs seem to have caused particular problems as (unlike Word and Word-For The-Web and similar for other Office 365 files) these don’t seem to preview well in Outlook-On-The-Web and are fiddly to see other ways. Thus there are a number of approaches.

                                                               i.      They can be saved to your one-drive and a better preview is available there – the save to a less-than-intuitive location but do save. The guide linked to in 1d above explains how to do this. They can then be opened in the browser, save to your one-drive/desktop and then opened in the Adobe previewer.

                                                             ii.      A better solution is being sought by Microsoft to allow a better preview of PDFs within Outlook-on-The-Web which will help a lot but isn’t here yet.

3)      Why can’t I upload to Teams / paste into Teams chat?

b.      Many doctors seem to be able to type into the chat but cannot paste into it. This is useful for efficient communication. It is blocked as part of MCAS to prevent inadvertent data sharing and this is not going to change, but there are ways to make sure you can do most things in Teams

                                                               i.      Make sure you are a full member of the Teams Team that the meeting is occurring in rather than just a guest. Ask the departmental admin / team owner to add you. Note that going forward many teams will be tagged to a health board so you will lose access when you rotate, but regional/national teams should have a regional/national tag so you can stay a member.

                                                             ii.      Rather than meet in a team/channel, you can ask for meetings to be set up as outlook meetings which have a unique teams link that all who have the meeting invite can use. This is less good for keeping a flow to the chat between meetings but is more accessible. Note you still won't be able to have full access if it is set up by non-NHS staff but better links between health and social care are being set up.

                                                            iii.      If you want to share a file but cannot upload, you can share an online file by pasting the link into the chat [assuming you can paste!] - you can paste intranet links to general sites but can also paste links to files in your one drive. People may need to ask you for access – and then you can say yes if you agree / know who they are. This guide explains a lot about sharing and collaborating using One Drive / Sharepoint Collaborate in OneDrive (sharepoint.com)

4)      When I rotate, will my One Drive follow me like my email?

c.       Yes, it will – until the end of your training – see the final point below

d.      However, teams tagged LOTH at the start will soon no longer be accessible to you once you have left Lothian. This feature isn’t turned on yet but will be soon and is an important part of making Teams ready for handling patient-identifiable data. If you are part of a national/regional team then it should have a prefix like NSS or NES and you should still have access.

5)      Will an NHS Lothian laptop help?

e.      Some trainees have access to a laptop and as a ‘trusted device’ this is better and it’s also easier to use the built in VPN to access clinical systems like TRAK. However, you do need the enhanced licence [see below] to use office products properly on a Lothian laptop including downloading attachments.

f.        If you do significant clinical work that cannot be done on a Wyse / the file needs downloaded, then discuss with your consultant / clinical director, about getting a laptop and enhanced licence.

6)      What does Remote Desktop Access add?

g.       This is a cheaper solution than a laptop / enhanced licence [£150 vs £1000], but the view you get once logged in is essentially the same as if you were on a Wyse machines

7)      Which licence should doctors in training have?

h.      According to this document, most doctors would count as ‘Information workers’ as they use documents a lot and certainly don’t have a role that just can be done on a tablet  - Understand frontline worker user types and licensing - Microsoft 365 for frontline workers | Microsoft Learn. A tablet might be enough for TRAK and basic email, but doctors have many more complex parts to their job plan that make an enhanced licence very helpful.

i.         NHS Scotland only bought a certain percentage of enhanced licences from Microsoft – not enough for every more complex role as this was prohibitively expensive – and so the decision was taken to give them to people who had NHS Lothian laptops. This might seem arbitrary, but the cost to NHS Lothian of Microsoft products is huge and does need to be balanced against other demands on the budget like IT infrastructure or clinical services.

j.        If there is a specific and genuine need for a trainee to have a laptop and enhanced licence for their NHS Lothian role [see here for a licences guide Changes -> Licensing (sharepoint.com) and we would recommend ‘F3 + Add Ons’] then this can be purchased by the clinical director / department management

k.       If you need it for a non-NHS Lothian role, such as a master's project, then you should be able to get an enhanced licence via the relevant university.

l.         Conversations are ongoing about rotating trainees and the right licence type as this would need to be coordinated by NES/Deanery.

2)      If I am moving from a training post to a non-training post, do I need to do anything?

a.       YES, YOU DO! Your nhs.scot trainee email is managed by NES. When you finish training, it will go inactive 30 days after your NES training stops.

b.      During this time, it can be moved over to NHS Lothian so you need to submit an eHealth form within that time, or a few days prior to ending training. EHealth need to know which department you are moving into etc. The form is Service Catalogue - Service Portal (service-now.com).

c.       It can be ‘retrieved’ after the 30 days but some information will be lost.

Dr Rob Waller, Associate DME, Medical Education Directorate

[compiled after discussion with the NHS Lothian Office 365 Team]