Compliance and Regulatory Assurance

Ensuring safe, secure, and accountable healthcare delivery.

At Flux Medical Limited, we are committed to meeting the highest standards of clinical safety, data security, accessibility, and operational integrity. Below is a summary of our compliance framework across key regulatory domains.

Data Protection & UK GDPR

We fully comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. All personal and health data is processed lawfully, fairly, and transparently, with strict access controls and retention procedures in place.

We follow best practices for:

  • Lawful data processing under Articles 6 and 9

  • Data minimisation and purpose limitation

  • Privacy by design and Data Protection Impact Assessments (DPIAs)

  • Staff confidentiality and mandatory data protection training

Our full [Privacy Policy] and [Cookie Policy] explain how we collect, store, and protect data across our services.

Care Quality Commission (CQC) Registration

Flux Medical Limited is preparing for registration with the Care Quality Commission (CQC) as an independent healthcare provider in England.

Our services are being developed in line with the CQC’s five key domains:

  • Safe

  • Effective

  • Caring

  • Responsive

  • Well-led

Our policies, governance frameworks, and clinical operating models are aligned to ensure full CQC readiness from the outset.

NHS Data Security and Protection Toolkit (DSPT)

Flux Medical Limited complies with the NHS Data Security and Protection Toolkit, confirming our commitment to meeting the 10 National Data Security Standards.

This ensures:

  • Confidential handling of patient information

  • Secure information sharing with NHS partners

  • Governance processes for data protection incidents

  • Mandatory staff training on data and cyber security

We complete annual DSPT submissions to maintain up-to-date assurance.

ICO Registration

We are registered with the Information Commissioner’s Office (ICO) as a data controller.
 Registration Number: [Insert ICO Registration Number]

This confirms our legal responsibility for personal data under the Data Protection Act 2018 and UK GDPR.

Cyber Essentials and ISO Certification

We are actively working towards Cyber Essentials certification, a government-backed scheme that protects against common online threats.

We are also aligning our internal systems with the requirements of:

  • ISO 27001 – Information Security Management

  • ISO 9001 – Quality Management

  • ISO 13131 – Telehealth Services (as applicable to future digital offerings)

These frameworks underpin our digital services, from AI-powered triage to remote consultations.

Accessibility Statement

We are committed to ensuring that our website and digital tools are accessible to all users, including those with disabilities.

Our site is developed in line with Web Content Accessibility Guidelines (WCAG) 2.1, aiming for Level AA compliance. Features include:

  • Keyboard navigation support

  • Clear text contrast and structure

  • Mobile and screen reader compatibility

We welcome feedback on accessibility. Please contact info@fluxmedical.co.uk if you encounter any barriers.

Clinical Governance and Risk Management

Flux operates under a structured clinical governance framework led by senior clinicians, supported by:

  • Policies aligned with CQC, GMC, and NMC standards

  • Incident reporting and quality improvement systems

  • Clinical audit, patient feedback, and safeguarding procedures

  • Regular governance reviews and board oversight

This ensures our services are not only compliant, but safe, transparent, and continuously improving.

Ongoing Assurance

As our service portfolio expands, we will continue to meet or exceed the standards required by commissioners, regulators, and professional bodies.

If you are a commissioner or professional stakeholder seeking further assurance, please contact us for supporting documentation or to request our governance pack.

📧 info@fluxmedical.co.uk
 📄 Supporting documents available on request.