Acceptable Use Policy

Overview

This Acceptable Use Policy ("Policy") sets out the responsibilities and acceptable standards of conduct for authorised users accessing the Codara platform.

This Policy is incorporated by reference into the applicable SaaS Customer Agreement between Blue Sky Medic Ltd and the relevant healthcare organisation ("Customer").

By accessing or using Codara, users agree to comply with this Policy.

Authorised users

Access to Codara is restricted to authorised users approved by the Customer organisation, including clinicians, clinical coders, operational staff, administrators, and other authorised personnel.

Users must:

• use only their own assigned account credentials;
• keep authentication credentials confidential and secure;
• not permit any other person to access the platform using their account;
• immediately notify their organisation and Blue Sky Medic Ltd if they believe their account has been compromised.

Shared accounts are not permitted unless explicitly authorised in writing by Blue Sky Medic Ltd.

User responsibilities

Users are responsible for ensuring that their use of the platform complies with:

• applicable laws and regulations;
• NHS information governance requirements;
• local organisational policies;
• relevant professional and clinical standards.

Users must ensure that information entered into the platform is accurate and appropriate to the best of their knowledge and professional responsibilities.

Where the platform includes workflow support, reporting, documentation, or coding support functionality, users acknowledge that:

• Codara is a workflow and documentation support platform;
• outputs generated by the platform must be reviewed appropriately by the user;
• responsibility for clinical, coding, operational, and administrative decisions remains with the authorised user and their organisation.

Audit logging and monitoring

Users acknowledge and accept that:

• activity within the platform may be logged, monitored, and audited;
• actions performed within the platform may be attributable to individual named user accounts;
• audit logs may be made available to the Customer organisation for security, governance, operational, or investigatory purposes.

Monitoring is conducted in accordance with applicable legal and regulatory obligations.

Security requirements

Users must:

• comply with all applicable information security policies issued by their organisation;
• access the platform only through authorised methods and devices;
• take reasonable steps to prevent unauthorised access to patient or operational data;
• promptly report suspected security incidents, unauthorised access, credential compromise, or suspected vulnerabilities to their organisation and to contact@codara.co.uk.

Users must not:

• attempt to bypass security controls;
• interfere with platform availability or integrity;
• introduce malicious software or harmful code;
• attempt to access data or functionality beyond their authorised permissions.

Prohibited activities

Users must not:

• reverse engineer, decompile, disassemble, or attempt to derive source code from the platform except where prohibited from restriction by applicable law;
• scrape, systematically extract, or harvest data from the platform without authorisation;
• use the platform for unlawful, fraudulent, or malicious purposes;
• attempt unauthorised access to systems, accounts, infrastructure, or data;
• use outdated, unpublished, or unauthorised coding models or datasets within the platform where controlled versions are provided;
• use the platform in any manner likely to damage, disable, impair, or compromise platform operation or security.

Data exports and secondary use

Where the platform permits data export or reporting functionality, users must ensure that:

• exports are performed only where authorised by their organisation;
• any secondary use of data, including research, audit, planning, or reporting activity, is conducted in accordance with the Customer organisation's governance processes, lawful basis requirements, and applicable information governance obligations.

Suspension and enforcement

Blue Sky Medic Ltd may suspend or restrict access to the platform where:

• this Policy is breached;
• use presents a security, legal, or operational risk;
• continued access could compromise confidentiality, integrity, availability, or governance obligations.

Serious or persistent breaches may be reported to the Customer organisation in accordance with the applicable customer agreement and relevant governance obligations.

Changes to this Policy

We may update this Policy from time to time. Continued use of the platform following any update constitutes acceptance of the revised Policy.

Contact

For questions regarding this Policy, please contact contact@codara.co.uk.