← Back to Home
Compliance Standards
Data Protection Act 2018 & GDPR
- Patient data encryption at rest and in transit
- Automatic deletion of data beyond retention periods
- Subject access request procedures
- Privacy impact assessments completed
NHS Information Governance Level 2
- Information risk assessment completed
- Data security and protection measures implemented
- Staff training and awareness programme
- Annual assurance reporting
HL7 v2.5 Standards Compliance
- Standard message segments (MSH, PID, ORC, OBR, OBX)
- Proper message encoding and validation
- Message acknowledgment handling
- Version negotiation support
SNOMED-CT Coding
- All tests and results use SNOMED-CT codes
- Regular updates from NHS Terminology Server
- Code validation and verification
- Clinical terminology accuracy
Audit & Logging
Comprehensive 7-year audit trail (NHS retention requirement):
- Every user action logged with timestamp
- Patient identifiers and clinical context recorded
- Data access and modifications tracked
- Login/logout events recorded
- Administrative changes logged
- System events and errors captured
- Immutable audit record storage
Security Features
- Authentication: NHS professional smartcard or username/password with MFA support
- Authorization: Role-based access control (RBAC) with location/department restrictions
- Encryption: TLS 1.2+ for data in transit, AES-256 for data at rest
- Session Management: 8-hour session timeout (NHS standard), automatic logout on inactivity
- Password Policy: 12+ characters, complexity requirements, regular change enforcement
- Account Lockout: 5 failed attempts triggers 30-minute lockout
- IP Whitelisting: Optional organisation-level IP restrictions
Professional Registration Verification
All clinical users verified against professional bodies:
- Doctors: GMC (General Medical Council) registration verified
- Nurses: NMC (Nursing & Midwifery Council) registration verified
- Other Professionals: HCPC (Health & Care Professions Council) verification
- Re-verification on password reset and role changes
- Suspension flagging when professional deregistered
Compliance Certifications
HL7 v2.5
SNOMED-CT
MESH Enabled
GDPR Compliant
NHS IG Level 2
Data Protection 2018