Before sending us a message check this FAQ.

Send a message

Please note: If you are submitting a query regarding the COVID-19 Vaccine service, please ensure your first port of contact is the ATOS Support Desk by emailing: vaccineservicedesk@england.nhs.uk
Any tickets regarding this service that are sent directly to Pinnacle will not be attended to.

For support or suggestions, questions or problems, click here to send a message to the PharmOutcomes team.

Send a Message

For support or suggestions, questions or problems please send us a message using the form below - we'll get back to you as soon as we can with an answer, usually within the same day. Remember to check any spam folder you may have for a response.

Please note: If you are submitting a query regarding the COVID-19 Vaccine service, please ensure your first port of contact is the ATOS Support Desk by emailing vaccineservicedesk@england.nhs.uk Any tickets regarding this service that are sent directly to Pinnacle will not be attended to. For any other queries, please continue with the form below.

Do not include Patient Identifiable data in your message to our helpdesk. Helpdesk uses normal email which is not a secure communication method.

Your login name, Pharmacy F-code, ODS code or Store number as appropriate
The name of your Pharmacy, Surgery or Commissioning Group as appropriate
After submitting a message, please do check your email for any response, as we may need clarification, or may not be able to reach you by telephone immediately.Responses will come from "Pinnacle Health Helpdesk", and you may need to check that responses are not hiding in a "junk" or "spam" folder in your email system.

Lost your password?

Click here to reset your account password with your Username and Email.

Reset Password

If you have lost your password, then you can fill in the two answers below and a link with be emailed to you immediately allowing you to reset your password

This must match the email address already registered on the system for your username.

Activation Code

Click here to get login in details for your new account with an activation code like this: AFD-3EG-DEP-RS0-KMG.

Activate Account

If you have received a letter or email with an Activation Code, then you can enter it here.


System News

Click here to view recent news about the PharmOutcomes system.

General Data Protection Regulation

This document is being updated regularly and is subject to change. Please check this document frequently for the most up to date information.

GDPR Assurance Statement

The General Data Protection Regulation (GDPR) came into force on the 25th May 2018 and, alongside the Data Protection Act 1998, replaced the old Data Protection Act.

Within this statement we want to highlight to our customers the measures we have put in place to ensure compliance with the GDPR where we hold or process personal data on your behalf.

Data Protection Officer

Pinnacle has designated a Data Protection Officer (DPO): Ian McKie, privacy@emishealth.com.

Ian is a certified EUGDPR Practitioner and is taking full responsibility for all matters relating to data protection and GDPR compliance. The DPO will ensure that we are accountable and transparent to the supervisory authorities.

Security and Business Continuity Measures

Pinnacle Systems Management works to ensure the confidentiality, integrity and availability of the personal data we store or process. We maintain appropriate technical and organisational security measures to protect personal data against accidental or unlawful destruction or loss, alteration, unauthorised disclosure or access.

In demonstration of this, we have achieved and maintain the following standards:

  • Data Security & Protection Toolkit
  • ISO27001:2017 certification for Information Security Management Systems
  • Cyber Essential Plus

For further information please request our Technical and IG Specification from privacy@emishealth.com.

Customer and End User Contracts

To adhere to the GDPR requirement, a data controller (our client) must appoint the data processor (Pinnacle) formally in writing, in our case, in the form of our Service Level Agreement and Data Processing Agreement.

The document must state that the personal data is processed only on documented instructions from the controller or to meet the requirements of EU or UK law. We have reviewed all of our agreements to ensure compliance. This ensures that relevant wordings are in place to cover aspects such as nature and purpose of the processing, the types of data processed and the obligations and rights of the controller.

Data Breaches

Under GDPR, we must notify any data breach to the controller without undue delay. Pinnacle therefore has processes and procedures in place for identifying, reviewing and promptly reporting data breaches to the relevant controller and assisting with any remedial action or reporting required. We would, however, stress that we have comprehensive technical and organisational security measures in place to mitigate against a data breach.

Data Subject Rights

Under GDPR there are significant enhancements to the rights that individuals enjoy with regards their personal data. Although there is a legal requirement for health data to be recorded and for those records to be kept for regulated time periods, Pinnacle can work with Clients in order to determine how best to facilitate.

Handling Data Subject Access Requests

Pinnacle Systems allow Clients to access information to answer these requests but are also willing to assist where required.

Retention Periods

Data is retained according to the current guidelines or the explicit instructions of the relevant Data Controller.

Please consult the detailed retention schedule (appendix 3) from NHS Digital, linked below:

Records Management Code of Practice for Health and Social Care 2016

Secure Erasure / Destruction of Personal Data

Pinnacle has procedures in place for the secure return/archiving/destruction of data when this is required.

Data Processing Agreements

The General Data Protection Regulation (and other data protection legislation) requires Data Controllers to formally agree the way in which third parties process personal data on their behalf and to record this in writing in a Data Processing Agreement (DPA).

All of our licence agreements have been updated to include DPA‘s, if you are a commissioner and have renewed your licence since January 2018 your licence agreement contains a DPA. You may choose to add an additional schedule with the specifics of your services if required.

If you do not licence directly from us you are subject to our EULA which you will find here https://phpartnership.com/EULA

Data Sharing Agreements

Some Clinical Service Commissioners have asked Pinnacle Health to sign a Data Sharing Agreement in order to process the data.

For the avoidance of doubt, Data Sharing Agreements are intended to be used between two or more Data Controllers and are not intended to be used between a Data Controller and a Data Processor. Data Processing Agreements have specific legal requirements that must be followed. Pinnacle Health has confirmed this with the Information Commissioners Office and written guidance from the ICO is available at ICO GDPR guidance: Contracts and liabilities between controllers and processors

Data Protection Impact Assessment (DPIA)

Pinnacle has put together a DPIA using all of the FAQ‘s that we have received on this subject and the guidance from ICO.

This document contains links to the evidence of our compliance with the questions and will assist you with your own documentation. If you would like a copy of this document please email privacy@emishealth.com