Compliance & Certifications
RxSure is built to meet the highest standards of data security, clinical safety, and regulatory compliance required by UK healthcare organisations. This page provides a central overview of our certifications, standards, and compliance documentation.
Our Certifications
Cyber Essentials
UK Government-backed cybersecurity certification. Demonstrates that RxSure has essential controls in place to protect against the most common cyber threats.
NHS DSPT
NHS Data Security and Protection Toolkit. Meets the 10 National Data Guardian standards for handling health and care data. Required for all organisations processing NHS data.
DCB0129
Clinical Risk Management: its Application in the Manufacture of Health IT Systems. Ensures clinical safety is managed throughout the platform lifecycle with a designated Clinical Safety Officer.
UK GDPR & DPA 2018
Fully compliant with the UK General Data Protection Regulation and Data Protection Act 2018. Registered with the ICO (Registration: ZB261485).
NHS Digital Onboarding
Registered on the NHS Digital Onboarding Portal (ODS Code: U0S1A). Integrated with PDS, CIS2, MESH, and ODS R4 for NHS pharmacy service delivery.
DTAC
Digital Technology Assessment Criteria — self-assessment in progress across all five domains: clinical safety, data protection, technical security, interoperability, and usability.
NHS Integration
| ODS Code | U0S1A |
| Product | RxSure - Gateway |
| NHS APIs | PDS (Personal Demographics Service), CIS2 (Care Identity Service 2), MESH (Secure Messaging), ODS R4 (Organisation Data Service), GP Connect |
| Authentication | NHS CIS2 secure authentication |
| Onboarding Status | Assurance in progress |
| Data Standards | HL7 FHIR R4 for structured data exchange |
| API Documentation | Available on request for NHS organisations and integration partners. Contact contact@rxsure.co.uk |
Data Security
| Data Hosting | United Kingdom |
| Encryption in Transit | TLS/SSL (HTTPS enforced) |
| Encryption at Rest | Enabled |
| Access Controls | Role-based access, multi-factor authentication |
| Backup Frequency | Automated daily backups, 30-day retention |
| Uptime Target | 99.9% |
| Penetration Testing | Regular assessments conducted |
| Vulnerability Management | Continuous monitoring and patching |
| Marketing Trackers | Marketing analytics (Meta, TikTok, Google Analytics) are used on the public website only. No marketing trackers are present on clinical portals (practitioner.rxsure.co.uk, patient.rxsure.co.uk) |
Clinical Safety
RxSure maintains a clinical risk management framework aligned with DCB0129.
| Clinical Safety Officer | Navid-Ul-Khurram Kaleem, Pharmacist Independent Prescriber (GPhC: 2064676) |
| Clinical Safety Standard | DCB0129 — Clinical Risk Management for Health IT Systems |
| Hazard Log | Maintained and reviewed regularly. Clinical hazards identified, assessed, and mitigated. |
| Safety Case Report | Documented, covering all clinical workflows including NHS-integrated services |
| Medical Device Classification | Not a medical device — practice management and workflow tool |
| AI Consultation Assistant | Supplementary support only — all clinical decisions rest with the prescriber |
Clinical safety documentation is available for review by NHS organisations and regulatory bodies upon request.
Data Protection
| Data Controller | Qastco Limited (for business data) |
| Data Processor | Qastco Limited (for patient data, on behalf of pharmacies) |
| ICO Registration | ZB261485 |
| DPIA | Completed — covers all health data processing workflows |
| DPA | Data Processing Agreement available for all pharmacy partners |
| Caldicott Principles | Adhered to for all patient-identifiable data |
| Special Category Data | Processed under Article 9(2)(h) UK GDPR — healthcare provision |
| Breach Notification | Within 72 hours to ICO, without undue delay to data controllers |
NHS Standards Alignment
RxSure aligns with the following NHS standards and frameworks:
| DSPT | Data Security and Protection Toolkit — compliant |
| DCB0129 | Clinical Risk Management for health IT manufacture — compliant |
| National Data Guardian Standards | All 10 standards addressed |
| Caldicott Principles | All 8 principles applied to patient data handling |
| DTAC | Digital Technology Assessment Criteria — pending (clinical safety, data protection, security, usability) |
Company Information
| Legal Entity | Qastco Limited |
| Trading As | RxSure |
| Company Number | 13426888 |
| Head Office | 934 Stockport Rd, Manchester M19 3AB, UK |
| Stoke Office | 9 Howard Place, Shelton, ST1 4NN, UK |
| ICO Registration | ZB261485 |
| VAT Registration | 441 9425 93 |
| Contact | contact@rxsure.co.uk |
Compliance Documentation
Full details of our data protection and legal obligations are set out in the following documents:
- Privacy Policy — How we collect, use, and protect data (UK GDPR, Caldicott, DSPT)
- Terms of Service — Platform terms, SLA, data breach process, DPA
- Disclaimer — Clinical safety, medical device classification, AI disclaimer
- Cookie Policy — Cookie usage and consent
- Accessibility Statement — WCAG 2.1 Level AA commitment
- Complaints Procedure — How to raise concerns
For copies of our DPIA summary, Data Processing Agreement, clinical safety case, or hazard log, please contact contact@rxsure.co.uk.