Care Homes April 2026 8 min read

Can UK Care Homes Use Bespoke Software?

The short answer is yes. There is no law or regulation that requires care homes to use software from the NHS Assured Solutions List. The list exists to control access to government funding, not to define what software a care home is allowed to run. This article sets out exactly what is legally required, what is needed for funding, and what CQC actually looks at during inspections.

Speak to us about care home software · +44 7494 618 651 · Mon to Fri, 9am to 6pm

What the law actually says

The governing legislation for care records is Regulation 17 of the Health and Social Care Act 2008 (Regulated Activities) Regulations 2014. It requires providers to maintain records that are:

Accurate, with no errors or omissions in essential information
Complete, covering the full picture of a person's care needs and the support provided
Legible and clear
Up to date, with entries made without undue delay
Secure, with appropriate access controls and privacy protections
Accessible when needed, by the people who need them

Regulation 17 is entirely technology-neutral. It does not mention the Assured Solutions List. It does not mention specific software vendors. It does not require digital records at all. The legal obligation is to keep good records, in whatever format achieves that. CQC's own guidance confirms that "both paper and electronic records can be held securely" providing they meet Data Protection Act 2018 requirements.

A bespoke system that produces records meeting these requirements is fully compliant with the law. There is no regulation that prohibits a care home from commissioning its own software.

What the Assured Solutions List actually is

The Assured Solutions List is a procurement framework run by NHS England under the Digitising Social Care (DiSC) programme. Software vendors apply to be included and are assessed against a set of core capabilities covering functionality, security, data interoperability, and clinical safety standards.

Its purpose is to control access to government funding. The NHS invested over £150 million to help care providers adopt digital social care records, distributed through Integrated Care Systems (ICSs) around the country. To receive that funding, a care home must choose a system from the Assured Solutions List. That is the only consequence of the list.

The Assured Solutions List is not mentioned in any statute or statutory instrument. No legislation requires care homes to use it. It is a quality mark and a funding gateway.

What a care home loses by not using an assured system

One thing: eligibility for NHS digitisation funding.

If your local ICS is offering funding to subsidise the first year or two of a subscription system, and that funding represents a significant amount, you need to factor it into the comparison. A home that could receive £15,000 toward an off-the-shelf system is comparing a subsidised option against an unsubsidised one.

Check what funding is actually available to you. The NHS digitisation funding has been distributed unevenly across ICS areas, and much of the original allocation has already been spent. The programme's target of 80% adoption was broadly achieved by March 2025. If your area's funding has been exhausted, the Assured Solutions List becomes irrelevant to your purchasing decision. Ask your ICS directly.

There is nothing else a care home loses by using bespoke software. There is no penalty, no compliance risk, no CQC consequence, and no legal exposure.

What CQC actually looks at

CQC inspectors assess the quality of the records, not the origin of the software. Their guidance states that they evaluate digital records "just like paper records" against the quality statements in the assessment framework.

During an inspection, CQC looks for evidence that:

Care plans are person-centred, up to date, and reviewed regularly
Medication administration is recorded accurately in real time
Incidents are documented with circumstances, actions taken, and follow-up
Risk assessments are current and linked to care plans
Staff records show training, DBS checks, and competency evidence
Audit trails show who made each entry and when

None of these requirements specify what software produced the records. A bespoke system that generates complete, accurate, accessible records will satisfy an inspector in exactly the same way an off-the-shelf system does. The inspector does not ask what vendor you use.

Speak to us about care home software · +44 7494 618 651 · Mon to Fri, 9am to 6pm

DSPT: it assesses the organisation, not the software

The Data Security and Protection Toolkit (DSPT) is an annual self-assessment that CQC increasingly expects care providers to complete. It covers 10 data security standards set by the National Data Guardian, including data governance, staff training, access controls, and incident reporting.

The DSPT assesses the care home as an organisation. It evaluates policies, procedures, and security practices. It does not assess or require specific software. A care home using bespoke software can complete the DSPT in exactly the same way as one using Person Centred Software, Birdie, or any other platform. The toolkit's own guidance confirms it applies to "any information that care providers hold about any person, including paper records."

MODS and PRSB: requirements on assured vendors, not on care homes

Two other acronyms come up in discussions about care home software regulation: MODS (Minimum Operational Data Standard) and PRSB (Professional Record Standards Body) standards.

MODS defines the essential data fields that digital social care records should capture. It is a requirement on software vendors who want to remain on the Assured Solutions List. The specification was published for assured suppliers to implement. It is not a direct legal obligation on care homes. A bespoke system could voluntarily align with the MODS data fields, but there is no legal requirement to do so.

PRSB standards (including the "About Me" standard and the Personalised Care and Support Plan standard) are conformance requirements for Assured Solutions List placement. Vendors must implement these standards to be listed. Again, there is no legislation requiring care home software in general to hold PRSB conformance. The standards are system-agnostic and could be implemented in a bespoke system voluntarily.

Is there any upcoming legislation that changes this?

As of April 2026, no pending or planned legislation has been identified that would make the Assured Solutions List legally mandatory, prohibit bespoke software, or require specific certifications by law.

The government's approach to digital social care records has consistently been incentive-based: funding, support, the assured list, and public targets for adoption rates. It has not been mandate-based. The "Care Data Matters" roadmap sets out policy aspirations for data collection and digital maturity, but these are goals, not legislation.

CQC could, in theory, tighten its expectations around digital records in future assessment frameworks. But as of now, CQC still assesses records quality regardless of format and regardless of software origin.

The summary

Question	Legal mandate?	Funding requirement?	CQC expectation?
Must use Assured Solutions List	No	Yes	No
Can use bespoke software	Yes (permitted)	Not for funding	Yes, if records meet standards
DSPT compliance	Practically expected	Required for funding	Yes, increasingly expected
MODS compliance	No	Yes (for assured vendors)	No
PRSB conformance	No	Yes (for assured vendors)	No
Digital records required at all	No (paper still legal)	N/A	Increasingly expected

Who should consider bespoke care home software

The regulatory position is clear: any care home can use bespoke software. The practical question is whether it makes sense for your situation.

Bespoke is strongest when:

You have already digitised and your current off-the-shelf system is not working well. You have used whatever funding was available. You are now evaluating whether to renew or switch. This is the market where bespoke competes on its merits, not against a subsidised alternative.
You run multiple sites with different operating models that subscription platforms cannot accommodate without expensive customisation.
You need integrations with specific pharmacy dispensing systems, NHS clinical systems, or existing HR and finance software that off-the-shelf platforms do not support.
You want to own the system outright and control its future development, rather than being dependent on a vendor's product roadmap and pricing decisions.

Off-the-shelf is strongest when NHS digitisation funding is available and significant, when standard workflows fit well enough, and when speed of implementation is the priority.

The decision should be based on cost, fit, and control. Not on a mistaken belief that regulation requires you to use an assured vendor.

Industry Page

Care Home Software by ESRE Media