Pharmacy Appointment Scheduling: Systems That Actually Work
Transform your pharmacy appointment scheduling from chaos to clarity. Learn best practices for booking systems that reduce no-shows…

RxSure is built to meet the highest standards of data security, clinical safety, and regulatory compliance required by UK healthcare organisations. This page provides a central overview of our certifications, standards, and compliance documentation.
RxSure holds multiple certifications and compliance accreditations that demonstrate our commitment to protecting patient data and meeting UK healthcare standards. We are Cyber Essentials certified, fully compliant with the NHS Data Security and Protection Toolkit, and aligned with the DCB0129 clinical risk management standard. Our platform is registered with the Information Commissioner's Office under UK GDPR and the Data Protection Act 2018. These certifications are not simply badges on a page — they represent ongoing investment in security infrastructure, clinical governance, and regulatory alignment. Every certification undergoes annual review, and our compliance team works continuously to ensure that RxSure exceeds the minimum requirements set by bodies such as the GPhC, the ICO, and NHS Digital. You can review our full privacy policy and platform features for further detail.
UK Government-backed cybersecurity certification. Demonstrates that RxSure has essential controls in place to protect against the most common cyber threats.
NHS Data Security and Protection Toolkit. Meets the 10 National Data Guardian standards for handling health and care data. Required for all organisations processing NHS data.
Clinical Risk Management: its Application in the Manufacture of Health IT Systems. Ensures clinical safety is managed throughout the platform lifecycle with a designated Clinical Safety Officer.
Fully compliant with the UK General Data Protection Regulation and Data Protection Act 2018. Registered with the ICO (Registration: ZB261485).
Registered on the NHS Digital Onboarding Portal (ODS Code: U0S1A). Integrated with PDS, CIS2, MESH, and ODS R4 for NHS pharmacy service delivery.
Digital Technology Assessment Criteria — self-assessment in progress across all five domains: clinical safety, data protection, technical security, interoperability, and usability.
| ODS Code | U0S1A |
| Product | RxSure - Gateway |
| NHS APIs | PDS (Personal Demographics Service), CIS2 (Care Identity Service 2), MESH (Secure Messaging), ODS R4 (Organisation Data Service), GP Connect |
| Authentication | NHS CIS2 secure authentication |
| Onboarding Status | Complete |
| NHS Connection Agreement | Issued — April 2026. QASTCO Limited holds a valid NHS Connection Agreement for MESH API integration. |
| Data Standards | HL7 FHIR R4 for structured data exchange |
| API Documentation | Available on request for NHS organisations and integration partners. Contact contact@rxsure.co.uk |
RxSure protects patient data through a multi-layered security architecture designed to meet the stringent requirements of UK healthcare regulation. All data is hosted within the United Kingdom and encrypted both in transit using TLS/SSL and at rest using AES-256 encryption. Access to the platform is governed by role-based access controls combined with multi-factor authentication, ensuring that only authorised personnel can view sensitive information. Automated daily backups with thirty-day retention provide resilience against data loss, while continuous vulnerability monitoring and regular penetration testing identify and address potential threats before they can be exploited. Our security posture is validated through Cyber Essentials certification and the NHS DSPT assessment. For complete details on our data handling practices, see our privacy policy and security overview.
| Data Hosting | United Kingdom |
| Encryption in Transit | TLS/SSL (HTTPS enforced) |
| Encryption at Rest | Enabled |
| Access Controls | Role-based access, multi-factor authentication |
| Backup Frequency | Automated daily backups, 30-day retention |
| Uptime Target | 99.9% |
| Penetration Testing | Regular assessments conducted |
| Vulnerability Management | Continuous monitoring and patching |
RxSure maintains a clinical risk management framework aligned with DCB0129.
| Clinical Safety Officer | Navid-Ul-Khurram Kaleem, Pharmacist Independent Prescriber (GPhC: 2064676) |
| Clinical Safety Standard | DCB0129 — Clinical Risk Management for Health IT Systems |
| Hazard Log | Maintained and reviewed regularly. Clinical hazards identified, assessed, and mitigated. |
| Safety Case Report | Documented, covering all clinical workflows including NHS-integrated services |
| Medical Device Classification | Not a medical device — practice management and workflow tool |
| AI Consultation Assistant | Supplementary support only — all clinical decisions rest with the practitioner |
Clinical safety documentation is available for review by NHS organisations and regulatory bodies upon request.
Yes. RxSure is fully compliant with the UK General Data Protection Regulation and the Data Protection Act 2018, and is registered with the Information Commissioner's Office under registration number ZB261485. We have completed a comprehensive Data Protection Impact Assessment covering all health data processing workflows, and we maintain a Data Processing Agreement for every pharmacy partner. Patient data classified as special category data is processed under Article 9(2)(h) of UK GDPR, which permits processing for healthcare provision. We also meet all ten National Data Guardian standards assessed through the NHS Digital DSPT framework, and we adhere to all eight Caldicott Principles when handling patient-identifiable information. In the event of a data breach, our incident response process ensures notification to the ICO within seventy-two hours.
| Data Controller | Qastco Limited (for business data) |
| Data Processor | Qastco Limited (for patient data, on behalf of pharmacies) |
| ICO Registration | ZB261485 |
| DPIA | Completed — covers all health data processing workflows |
| DPA | Data Processing Agreement available for all pharmacy partners |
| Caldicott Principles | Adhered to for all patient-identifiable data |
| Special Category Data | Processed under Article 9(2)(h) UK GDPR — healthcare provision |
| Breach Notification | Within 72 hours to ICO, without undue delay to data controllers |
RxSure aligns with the following NHS standards and frameworks:
| DSPT | Data Security and Protection Toolkit — compliant |
| DCB0129 | Clinical Risk Management for health IT manufacture — compliant |
| National Data Guardian Standards | All 10 standards addressed |
| Caldicott Principles | All 8 principles applied to patient data handling |
| DTAC | Digital Technology Assessment Criteria — pending (clinical safety, data protection, security, usability) |
| Legal Entity | Qastco Limited |
| Trading As | RxSure |
| Company Number | 13426888 |
| Head Office | 934 Stockport Road, Manchester, M19 3AB, UK |
| Stoke Office | 9 Howard Place, Shelton, ST1 4NN, UK |
| ICO Registration | ZB261485 |
| VAT Registration | 441 9425 93 |
| Contact | contact@rxsure.co.uk |
Full details of our data protection and legal obligations are set out in the following documents:
For copies of our DPIA summary, Data Processing Agreement, clinical safety case, or hazard log, please contact contact@rxsure.co.uk.
The NHS Data Security and Protection Toolkit (DSPT) is an online self-assessment tool that allows organisations to measure their compliance against the ten National Data Guardian security standards. Any organisation that has access to NHS patient data or NHS systems is required to complete the DSPT annually. RxSure completes the DSPT assessment each year and meets all mandatory assertions, covering areas such as staff training, data access controls, incident response, and business continuity. Our DSPT status can be verified through the NHS Digital portal.
RxSure maintains a clinical risk management framework aligned with DCB0129, the NHS standard for manufacturers of health IT systems. We have a designated Clinical Safety Officer who oversees the hazard log, safety case report, and clinical risk assessments for all platform features. Every new feature undergoes clinical risk evaluation before release, and all clinical workflows — including NHS-integrated services — are covered by our safety case documentation. Clinical safety reports are available for review by NHS organisations and regulatory bodies on request. Our approach ensures practitioner decisions are supported safely within RxSure's platform features, aligned with GPhC professional standards.
Yes. Qastco Limited, the company behind RxSure, is registered with the Information Commissioner's Office under registration number ZB261485. This registration confirms that we process personal data in accordance with UK GDPR and the Data Protection Act 2018. Our registration covers all data processing activities including patient health records, pharmacy partner data, and business operations. You can verify our registration status directly on the ICO public register. For full details on how we handle your data, see our privacy policy.
Yes. RxSure holds Cyber Essentials certification, the UK Government-backed scheme that helps organisations guard against the most common cyber threats. The certification covers five key technical controls: firewalls, secure configuration, user access control, malware protection, and patch management. Achieving Cyber Essentials demonstrates that our infrastructure meets a verified baseline of cybersecurity, which is increasingly required by NHS commissioners and healthcare procurement frameworks. We review and renew our certification annually to maintain compliance with evolving threat landscapes. Learn more about our security measures.
From Our Blog
Transform your pharmacy appointment scheduling from chaos to clarity. Learn best practices for booking systems that reduce no-shows…
How pharmacy allergy alert systems prevent potentially fatal medication errors. Learn about effective allergy checking and the technology…
Transform pharmacy staff onboarding from paperwork marathon to streamlined digital process. Get new starters compliant and productive faster.