Compliance FAQs

The NHS Data Security and Protection Toolkit (DSPT) is an online self-assessment tool that allows organisations to measure their compliance against the ten National Data Guardian security standards. Any organisation that has access to NHS patient data or NHS systems is required to complete the DSPT annually. RxSure completes the DSPT assessment each year and meets all mandatory assertions, covering areas such as staff training, data access controls, incident response, and business continuity. Our DSPT status can be verified through the NHS Digital portal.

RxSure maintains a clinical risk management framework aligned with DCB0129, the NHS standard for manufacturers of health IT systems. We have a designated Clinical Safety Officer who oversees the hazard log, safety case report, and clinical risk assessments for all platform features. Every new feature undergoes clinical risk evaluation before release, and all clinical workflows — including NHS-integrated services — are covered by our safety case documentation. Clinical safety reports are available for review by NHS organisations and regulatory bodies on request. Our approach ensures practitioner decisions are supported safely within RxSure's platform features, aligned with GPhC professional standards.

Yes. Qastco Limited, the company behind RxSure, is registered with the Information Commissioner's Office under registration number ZB261485. This registration confirms that we process personal data in accordance with UK GDPR and the Data Protection Act 2018. Our registration covers all data processing activities including patient health records, pharmacy partner data, and business operations. You can verify our registration status directly on the ICO public register. For full details on how we handle your data, see our privacy policy.

Yes. RxSure holds Cyber Essentials certification, the UK Government-backed scheme that helps organisations guard against the most common cyber threats. The certification covers five key technical controls: firewalls, secure configuration, user access control, malware protection, and patch management. Achieving Cyber Essentials demonstrates that our infrastructure meets a verified baseline of cybersecurity, which is increasingly required by NHS commissioners and healthcare procurement frameworks. We review and renew our certification annually to maintain compliance with evolving threat landscapes. Learn more about our security measures.

From Our Blog

Related Reading