Texting, emailing and messaging patients and service users guidance for patients and service users

This guidance covers information governance (IG) topics you need to think about when sending or receiving messages about health and care services by text, email or other types of messaging. It is for patients, service users, health and care professionals and IG professionals.

You will sometimes receive messages about your health and care services or on behalf of someone you care for. These might be texts, emails or other messages, such as messages in the NHS App and other messaging apps. This guidance explains how health and care organisations send these messages to you legally and responsibly.

Messages from health and care organisations

Health and care organisations might send you messages about your care. Examples include:

messages about treatment you have received
messages about an appointment you need to attend
messages about a prescription to collect
messages about vaccinations
messages about screening for illnesses

Suspicious messages

You should not open or respond to messages that seem suspicious. Examples of suspicious messages include:

messages asking you to pay for missing an appointment with a link to a payment website
messages asking you to book appointments with a link to a fake website (please see Stop! Think Fraud guidance for information on how to identify a fake website)

These may be sent by people trying to illegally obtain your data or defraud you. Other common features of scam messages include:

wrong spellings and poor grammar
links to illegitimate websites
urgency and emotion

You should never click on any links or provide any personal details if a message looks suspicious, or you do not know why it has been sent. If you are not sure, contact your health and care organisation who can confirm whether the message is safe

Contact preferences

Some health and care organisations may ask you how you prefer to be contacted, as part of registering or confirming contact details. For example, you may be asked if you are happy to be contacted by text, and email.

If you express a preference, as part of this your health and care organisation should use the method of contact you state when it is possible. There may be times when they need to use a different method of contact to make sure you get an important message, such as if your appointment is cancelled.

Objecting to receiving messages

Objecting

You can ask to never receive messages from your health and care organisation. This includes asking never to be contacted in certain ways, for example email or text. This is called ‘objecting’. Your right to object to your personal data being used by an organisation includes being able to object to your personal data being used to send you messages.

To object to receiving messages, you need to:

get in touch with your health and care organisation
ask not to be contacted, either entirely or in a certain way
give a reason why

The more information you can provide to your health and care organisation for your reason, the easier it is for them to understand your situation.

What will happen if you object

If you tell your health and care organisation not to send you messages, they will explain what could happen. After hearing your reason they may be able to respond to your concerns so that you decide your objection is no longer needed.

If your health or care organisation is not able to send you messages, this may make you have a worse experience using their services. For example, you may have to wait longer to receive messages about your care by post.

When you may still receive a message after objecting

Your health and care organisation would need to have a strong reason to message you by text, email or another method after you have objected to being contacted in that way and given a specific reason why.

See the example below for a situation where this might apply.

Example

You phone a hospital where you are going to have treatment. You say that you object to receiving text messages or emails from them, and give the specific reason that other family members can access your phone.

However, an appointment becomes available for urgent treatment you need within 48 hours. If the hospital contacted you by letter, you would not get the message in time to accept the appointment. The organisation might decide that this is a strong reason to still contact you by text and email.

A decision to override an objection is made carefully, based on your situation and reasons for objecting.

Communicating with someone else on your behalf

Messages about your care are confidential and can generally only be sent to you. They can only be sent to another person if:

you have given your consent for another person to receive messages about your care, acting as a proxy
you do not have capacity to make decisions about your health and care, and it has been agreed that another person can act as a proxy. This person would also need approval to receive messages on your behalf

You can ask to receive messages on behalf of someone else if they consent (agree) to it. If they do not have the ability to make decisions about their health and care, you can ask to receive messages for them if any of the below apply:

you have parental responsibility (if the person is under 18 years old)
you have a lasting power of attorney for health and welfare for them, which has been activated
you are a court-appointed deputy for them
you can provide evidence that you are acting in the person’s best interests

Based on your situation, a health or care organisation will decide whether they can give you access. Sometimes they won’t be able to. To find out more, you should ask the health and care organisation looking after the person you want to receive messages for.

Protecting your privacy

To protect your privacy, your health and care organisation will:

only include confidential health information in messages where it is necessary to do so
use messaging apps and services which have been approved by the organisation’s data security teams
ensure staff follow security policies, for example encrypting emails which is a way of electronically protecting them

There are also things which you can do to protect your own privacy.

For example, the NHS App. You can use the NHS App by creating an NHS login account and downloading it from your app store of choice. This enables health and care organisations to contact you in a secure way, in a place where only you can access the messages.

Do not share access to your phone, email or messaging apps

If another person has access, they will be able to see messages about your care. If you must share access to a phone, make sure to log out of your health messaging apps after you have used them.

Think about how you send messages

You may not be able to electronically protect the information you send when messaging your health or care organisation. It is sensible to not share any personal information in your messages unless it is necessary. You can always call your health organisation instead.

Keep your contact details updated

You are responsible for ensuring you provide the correct email address and mobile number to your health or care organisation. You must inform your health or care organisation of any changes. This will make sure your health and care messages are not sent to the wrong person.

Guidance for health and care professionals

ARTICLE

Texting, emailing and messaging patients and service users guidance for health and care professionals

This guidance covers IG topics you need to think about when sending or receiving messages about health and care services by text, email or other types of messaging.

Guidance for IG professionals

ARTICLE

Texting, emailing and messaging patients and service users guidance for IG professionals

This guidance covers information governance (IG) topics you need to think about when sending or receiving messages about health and care services by text, email or other types of messaging.

Last edited: 7 May 2026 12:51 pm