Security & compliance
Data protection and clinical safety for NHS deployments.
Aksh Health is designed for UK primary and secondary care with encryption, role-based access, immutable audit trails, and human approval on every clinical output.
Data residency and encryption
Clinical data is processed within UK and EU hosting boundaries appropriate for NHS workloads. Data in transit uses TLS. Data at rest uses platform-level encryption with tenant-scoped access controls.
- UK/EU data residency framing for NHS procurement conversations
- Encryption in transit and at rest by default
- Tenant isolation for multi-site practice deployments
GDPR Art. 9 special category data
Health data receives heightened protection under UK GDPR. Aksh Health maps consent, purpose limitation, data minimisation, and subject rights workflows for special category health information.
- Purpose limitation on clinical AI processing
- Consent and lawful basis scaffolding per deployment
- Data minimisation: only fields required for the clinical task
RBAC, audit logs, and session security
Role-based access control governs who can view, edit, and approve clinical outputs. NextAuth manages authenticated sessions. SHIELD records an immutable audit trail of AI recommendations and clinician decisions.
- Role-based access across GP, nurse, pharmacist, and admin views
- NextAuth session management with secure cookie handling
- SHIELD AuditEvent trail on Accept, Edit, and Reject actions
DCB0129 and DTAC pathways
Aksh Health is aligned with NHS clinical safety and digital technology assessment pathways. We do not claim certification. Our safety case documentation and hazard logs are in active development.
- DCB0129 clinical safety case in progress
- DTAC-aligned evidence scaffolding for procurement
- Hazard-aware workflow design with human-in-the-loop gates
MHRA-aware AI positioning
Aksh Health is a clinical decision support tool, not an autonomous diagnostic system. Every AI output requires named clinician review before it reaches a record or care pathway.
- Human-in-the-loop on all clinical outputs
- No autonomous diagnosis or treatment decisions
- Agent outputs staged as DRAFT until reviewer approval
EHR integration readiness
Aksh Health is designed to connect to EMIS Web and SystmOne through FHIR R4 ready integration paths. Production write-back remains gated behind organisation governance and clinical safety sign-off.
- FHIR R4 resource staging for clinician-approved outputs
- Integration health monitoring for connected practices
- External integrations configurable per tenancy
Ready to learn more?
Compliance badges describe aligned design pathways, not certification. See platform resources for architecture and compliance evidence.