Open, secure and built for interoperability


Lenus breaks down data silos and and enforces the industry-backed Fast Healthcare Interoperability Resources (FHIR) standard.

It supports two-way exchange of patient-generated health data - such as patient-reported outcomes and data from devices and apps - with data held in clinical systems.

Open industry standard protocols for authentication and authorisation such as Open ID Connect and OAuth2 allow for third party integration in a recognised and secure way.

Lenus allows for federated authentication to your organisation: log in through Lenus to digital services with third-party accounts or identity providers, such as active directory for NHS.

Privacy by default

Patients own their data. Dynamic consent puts patients in control of their data and provides a granular, transparent approach to data sharing.

Lenus is compliant with User-Managed Access protocols. This enables patients to authorise the sharing and access to data that they own.


Lenus is developed to be secure by default.

It’s been fully audited for protection of the data, consent, ownership rights and interaction workflows of all users and applications interacting with the platform.

All data is encrypted, both in transit - using TLS1.2 over HTTPS - and at rest, using storage accounts and data stores.

Secrets management ensures sensitive platform and service configuration are secured and encrypted and are not accessible to any party except the platform or service itself.

It’s built to comply with the best practice recommendations for platform-as-a-service (PaaS) web applications in the NHS.


Lenus and selected services are certified as Class I under EU Medical Device Regulations (MDR).

Our quality management system is compliant with the requirements of International Standard BS EN ISO 13485:2016.

Third party assessments ensure continuing compliance to the changing regulatory landscape.

Developer resources

Lenus is built with an API-first architecture for security and healthcare data exchange.

Developers can request access to our developer portal to manage and configure integration between services and the Lenus platform. Here they can access a sandbox environment to interact with Lenus.

Support from the platform development team in the creation of your services and when completing the platform service assurance process.

Cloud native and Azure optimised

We use the industry-leading Microsoft Azure cloud to support all our services.

Azure enables us to build on the power and capability of PaaS to develop, deploy and manage a modern cloud platform.

Cloud-native services allow us to respond to the dynamic needs of modern digital services. We can scale vertically and horizontally to meet current and future demands.

  • Azure app service
  • Azure serverless technologies
  • Azure SQL database
  • Azure key vault
  • Azure storage

Deployment model

Fully integrated build and release pipelines create immutable, auditable and repeatable processes that support efficient delivery of services and platform features.

All third party services are required to participate in the platform service assurance process. This validates integrations with the platform and ensures compliance with security and governance best practice.

We can deploy within client controlled Azure tenancies using infrastructure as code.