Skip to main content

Compliance and governance requirements

The rules, standards and legal requirements for using this service.

Overview

This section explains the rules and requirements that apply when using this service.

These ensure that information is handled safely, securely and in line with national policy and legal obligations.

Organisations and suppliers must meet these requirements when accessing, using or integrating with the service.

These requirements apply alongside onboarding and implementation guidance and must be followed throughout use of the service.


Principles for using this service

This service must be used in line with the following principles:

  • it is used for approved purposes, such as supporting direct care
  • access to information is appropriate to the role and context
  • systems and users handle data securely and responsibly

These principles apply across all use of the service.



Organisational responsibilities

Organisations using this service are responsible for:

  • ensuring appropriate use of the service
  • managing user access and permissions
  • maintaining compliance with applicable policies and standards

This includes monitoring how the service is used and ensuring it supports authorised activities.


Access and usage controls

Access to this service is controlled and may be limited by:

  • care setting or organisational context
  • approved use cases
  • system capability and configuration

Not all features or capabilities are available in all contexts.


Data protection and privacy

Use of this service must comply with data protection and privacy requirements.

This includes:

  • ensuring data is only accessed where appropriate
  • protecting personal and sensitive information
  • meeting obligations for transparency and accountability

Supporting documentation

Further guidance on compliance, governance and data protection may be provided through supporting documentation, policies and standards.


Last edited: 23 June 2026 1:03 pm