K
Kinetix AI labs
Compliance & Security

Built for NHS Compliance

Security and clinical safety aren't afterthoughts — they're the foundation of everything we build.

Security & Safety

Comprehensive Compliance Framework

GPCopilot meets and exceeds NHS security, data protection, and clinical safety requirements.

DCB0129 / DCB0160 Clinical Safety

GPCopilot follows NHS Digital's clinical risk management standards. A Clinical Safety Case Report is maintained, with hazard analysis and risk mitigation for every AI-assisted coding decision.

HL7 FHIR Interoperability

All NHS API interactions use standard HL7 FHIR resources (R4 for PDS and Terminology, STU3 for GP Connect). No proprietary data formats — full standards compliance.

Data Protection & GDPR

Patient data is processed in accordance with UK GDPR, the Data Protection Act 2018, and the NHS Data Security and Protection Toolkit (DSPT). Data minimisation is applied at every stage.

Encryption & Transport Security

All data is encrypted in transit using TLS 1.2+. NHS Spine connections use mutual TLS (mTLS) with NHS-issued certificates. Sensitive configuration is never stored in plaintext.

Authentication & Authorisation

NHS API access uses signed JWT assertions with RSA keys (RS512). Application-level security includes API key authentication and JWT-based session tokens with role-based access control.

Full Audit Trail

Every document, every coding decision, every clinician review is logged with structured timestamps. Workflow events are tracked from upload to GP record update — nothing happens without a trace.

UK Data Sovereignty

All data processing and storage occurs within UK Azure regions. Patient data never leaves the UK. Azure OpenAI processing uses NHS-approved Azure tenancies with data processing agreements.

Human-in-the-Loop by Design

AI never makes clinical decisions autonomously. Every coded finding passes through a clinician validation gate before being filed to the patient record. Clinicians can approve, modify, or reject at any point.

Standards

Standards & Certifications

The frameworks and standards that GPCopilot adheres to.

DCB0129

Clinical Risk Management — Manufacturers

DCB0160

Clinical Risk Management — Deployers

DSPT

Data Security and Protection Toolkit

UK GDPR

General Data Protection Regulation

HL7 FHIR R4

Fast Healthcare Interoperability Resources

SNOMED-CT

Systematized Nomenclature of Medicine

NHS Spine

National network mTLS connectivity

MESH

Message Exchange for Social Care and Health