Compliance with NHS AI guidance and assurance standards

Following the recent NHS England national guidance on the use of AI scribe technologies in clinical settings, we are proud to confirm that Lexacom software meets all applicable safety, regulatory and assurance requirements.

Lexacom products remain safe and appropriate for clinical use, with robust governance in place to support ongoing assurance at a local level.

• DTAC (Digital Technology Assessment Criteria)
• DSPT (Data Security and Protection Toolkit, organisation ID: 8J566)
• Cyber Essentials Plus
• Regular CREST-approved penetration testing
• ISO 27001 (Information Security) and ISO 9001 (Quality Management)
• DCB0129 clinical safety standard – led by a GMC-registered Clinical Safety Officer
• UK GDPR and the Data Protection Act 2018
• Clinical system integration via IM1

MHRA Class 1 medical device

Lexacom is a Class I medical device under the UK Medical Devices Regulations 2002 (UK MDR 2002). We acknowledge NHS England’s position that AI scribes fall under this classification where summarisation is used to support clinical documentation.

Our system is deployed within this framework, with clear controls to ensure the clinician retains full responsibility for clinical review, approval and record-keeping.

Trusted across the NHS for more than 25 years

Lexacom was founded by an NHS GP and continues to serve over 25,000 clinicians across UK primary and secondary care. With a 25-year track record, we understand NHS workflows and build products that deliver clinical accuracy, transparency and operational reliability.

We conduct regular CREST-approved penetration testing and operate a full risk and safety lifecycle in accordance with NHS and MHRA expectations.

Privacy-first architecture: Patient Shield®

Our Patient Shield® feature redacts personal identifiable data before any AI processing occurs, which aligns with GDPR data minimisation principles.

Find out more

• US court ruling could put NHS AI scribe tools in breach of data protection law
• First-of-its-kind tool safeguards NHS patient data amid rising confidentiality breaches
• All-new Lexacom platform offers endless possibilities in one solution

Clinical system integration via IM1

Lexacom solutions are fully integrated with major NHS clinical systems, including EMIS, SystmOne, and Vision, through IM1 pairing and open API standards. We maintain long-established relationships with system providers, ensuring stable interoperability and seamless user experience for clinicians and administrative teams.

Designed to work alongside clinicians

Lexacom’s Comprehension Engine® and AI summarisation are support tools, not decision-making systems. All outputs must be reviewed and validated by the clinician. This ensures that responsibility for clinical records remains with the professional, in accordance with MHRA and DCB0160 principles.

Available documentation for local governance

We provide all necessary documentation to support local assurance reviews, including Clinical Safety Case Reports, DPIAs, DTAC responses, and technical architecture summaries. These are available upon request from your account manager.