Patient booking, on your own domain, with the regulator in mind.

Every independent UK healthcare practice has the same operations problem at the front door. The phone rings between 8am and 6pm. The receptionist takes the call, opens the appointment book, finds a slot, reads it back, writes it down, and hangs up. Multiply by every patient. Add the no-shows.

The numbers are not anecdotal. NHS England's own published data has consistently put missed GP appointments at over 7.6% of all bookings — around 15 million wasted appointments a year, with private clinic and dental no-show rates routinely reported above 30% when no reminder system is in place. NHS England has framed this as a public-finance problem, not just a clinic-by-clinic one.

The reason it stays bad: the obvious fix — charging a no-show fee — is not available to NHS-funded services. NHS patients cannot be charged a fee for missing an appointment under the NHS Constitution and standard GMS contract terms. Private GP and private dental practices can charge a fee, but most don't, because the friction of pursuing £20–£50 fees from upset patients destroys the relationship. So the operational lever is not punitive — it's reminders + self-cancel + reschedule that returns the slot to the queue.

Add to that: paper diaries don't sync to clinical systems. Receptionists carry information the partners never see. When a receptionist leaves, the patient communication style leaves with them. That's a continuity-of-care problem dressed up as an HR one.

The Bookings module — already running on salons, podiatrists, physiotherapists across the network — runs in a healthcare-shaped configuration. The differences are not cosmetic; they're in the data model.

NHS clinical-coded service types

Service categories on a healthcare instance are mapped to UK clinical-system service codes. The starting catalogue:

• GMS appointment (NHS-funded general practice) — 10-min or 15-min default; routine / urgent / telephone flags; non-chargeable; tied to the patient's NHS number if you collect it.
• Private GP appointment — 20-min or 30-min default; same-day flag; deposit configurable (a typical £40 deposit on a £150 consultation cuts no-shows ~50%).
• NHS dental (UDA-bearing) — Band 1 / Band 2 / Band 3 selectors, mapped to the UDA values for accurate diary forecasting; emergency-slot flag.
• Private dental — examination / hygienist / treatment with explicit cost; treatment-plan continuation flag for multi-session work.
• Physiotherapy — assessment vs follow-up vs MSK class; insurer-pay flag (Bupa / AXA / Vitality / WPA) with provider code captured at booking time.

Patient self-cancel up to 24 hours

Every booking confirmation SMS + email carries a single-use reschedule / cancel link valid until 24 hours before the appointment. After the cutoff the link expires and the patient is asked to phone the practice. This is the lever that actually returns missed slots to the diary: a 7am cancellation goes back into the booking queue the same morning, and your receptionist hears about it as an automated alert instead of a phone call.

Automated SMS reminders — 48-hour and 24-hour

Two reminders by default: 48 hours before (the rescheduling window — most patients who'll cancel do so here once prompted) and 24 hours before (the confirmation window — reduces the day-of no-show). UK SMS is sent from a sender-name ID, with mandatory opt-out, in conformance with ICO + Ofcom marketing-message guidance. Reminder content is configurable but never includes clinical detail by default — the SMS reads "Reminder: appointment tomorrow at 09:30 with Dr Smith. Reply STOP to opt out. Reschedule via the link in your booking email." not the reason for the visit.

Practitioner calendars + clinical-room constraints

Each GP / dentist / physiotherapist has a calendar with their own clinical sessions, leave, and CPD blocks. Treatment rooms are modelled as separate resources where appropriate — a dental hygiene appointment needs the hygiene room and the hygienist; the booking flow respects both constraints.

The list of regulated verticals on this site has four entries. Healthcare is the steepest. Three reasons:

Patient identifiable information is special-category data under Art. 9 GDPR

A booking record on a healthcare instance contains a patient's name, contact details, and — implicitly, by virtue of being on a healthcare provider's system — the fact that they are receiving care. That last fact alone makes it special-category data under Article 9 of the UK GDPR. The lawful basis on the module is Art. 9(2)(h) — provision of health or social care by a health professional. The retention period is mapped to the practice's clinical records retention schedule, not the marketing one.

NHS DCB0129 conformance posture

The Bookings module is positioned as a scheduling system that handles patient demographic data, not as a clinical IT system in the strict NHS sense — but where it integrates with clinical workflow (a GP surgery booking an urgent telephone slot, a dental practice mapping UDA-bearing services), the practice's clinical safety officer needs a hazard log. NHS DCB0129 is the standard for clinical risk management of health IT systems, and the Embedded engagement includes producing the Hazard Log + Clinical Safety Case Report inputs that the practice's CSO can sign off. We don't sign DCB0129 declarations on the practice's behalf; we produce the technical evidence the practice's named clinical safety officer needs to do so.

UK-only data residency + ICO-registrable processing

Every byte of patient data on this module is processed and stored in the United Kingdom. No US sub-processor sits on the request path. /compliance names every sub-processor by jurisdiction; the healthcare instance is a strict subset of that list — UK Stripe, UK Resend (or EU-resident Postmark, by choice), UK SMS gateway, UK Vercel region (lhr1), UK Postgres (Neon eu-west-2 only on this instance). The practice's ICO data-protection-fee registration covers this processing under "provision of health services". We are the named data processor under the Article 28 DPA at /dpa.

Honesty about scope matters more in healthcare than in any other vertical. The Bookings module is a scheduling system. It is not, and is not pretending to be:

• Video consultation. Bookings does not host the consultation itself. Practices using AccuRx, Doctorlink, eConsult, or similar continue to use those; the booking link from us can hand off to the consultation tool's join URL, but the AV stream is not ours.
• Electronic prescriptions. Bookings does not write to EPS. NHS prescribing remains in EMIS / SystmOne / Vision. Private prescribing remains on the practice's own private-prescribing pad or PSUK / Cleo / equivalent.
• Payment processing as a clinical-system component. Bookings collects deposits + private-fee payments via Stripe (UK-resident processing). It does not file insurer claims, does not generate UDA submissions to the BSA, and does not function as a chargeable-events store for HMRC purposes — those remain in the practice's PMS or accounting stack.
• Clinical notes. Bookings carries booking-level notes ("patient prefers afternoon slots", "wheelchair access required") that the receptionist would otherwise scribble in the margin. It carries no clinical observations, no SNOMED codes, no diagnoses. Those belong in the clinical system.
• SMS for clinical purposes. Reminders are operational, not clinical. We do not send results, do not send medication reminders, do not send clinical advice over SMS. The SMS template is locked at the practice level to prevent receptionist drift.

These constraints are not limitations to be solved later — they are deliberate scope boundaries. Each one is a separate regulatory regime (MHRA Software as a Medical Device for video consult; EPS standards for prescriptions; HMRC making-tax-digital for payment compliance; UK Caldicott principles for clinical notes). We don't build into them in v1.

The Bookings module is not sold separately to healthcare practices in v1. It sits inside one of two UK Web Marketing tiers:

• Growth — £1,495/mo. Single-site practice (one GP surgery, one dental practice, one physio clinic). Up to 8 practitioner calendars, single location, 5,000 SMS reminders/month included, integration with Capsule CRM for patient marketing communications, fortnightly CTO-operated cadence. Setup fee £1,495, waived on annual prepay.
• Embedded — from £6,000/mo. Multi-site practice (group of GP surgeries, dental group, physio chain). Unlimited practitioner calendars, multi-location, unlimited SMS reminders, DCB0129 Hazard Log + Clinical Safety Case Report inputs produced quarterly, dedicated incident-response SLA, annual penetration test on the booking surface, named CTO seat on the practice's management organogram. Bespoke setup; annual prepay carries waived onboarding.

The Lite (£295/mo) and Maintained (£495/mo) tiers do not include the Bookings module — those tiers are website custodianship and content cadence respectively, not the operational substrate a healthcare practice needs. We've considered offering Bookings as an à-la-carte add-on to Lite; declined, because the Art. 9 + DCB0129 work is not a SKU you add — it's a relationship.

UK-sovereign mailboxes (Proton Business) are a separate £15/inbox/month bolt-on. Recommended for practice manager + named clinical mailboxes that handle patient communication outside the booking flow.

Anyone selling regulated-data software to UK healthcare can produce a glossy compliance brochure. Few can produce the actual evidence on demand. We can.

• Sub-processor disclosure. Named, by jurisdiction, on /compliance. The healthcare-instance subset is strictly UK + EU. Updated within 14 days of any change, with email notice to every subscribing practice.
• Article 28 Data Processing Agreement. Auto-effective with the subscription; signed PDF available on request. The healthcare-instance DPA carries Schedule 2 (special-category processing under Art. 9(2)(h)) baked in — not bolted on. See /dpa.
• NHS DCB0129 inputs. Hazard Log template + Clinical Safety Case Report inputs produced for Embedded practices on quarterly cadence, scoped to the booking surface. Your practice's named clinical safety officer signs the actual declaration; we produce the technical evidence underneath.
• UK ICO data-protection-fee registration. UK Web Marketing Ltd registered controller + processor; the practice remains the controller for patient data with us as the named processor. ICO public register entry available on request.
• Annual compliance evidence pack. Embedded practices receive a quarterly compliance evidence pack tailored to one regulator (CQC for clinics where applicable; GDC for dental practices; HCPC for physiotherapy; CQC + ICO + NHS England for GP).

For the rest of the compliance posture — annual penetration test, secure SDLC, incident-response window, backup architecture — see /compliance. Everything on that page applies to this module; the additions above are healthcare-specific.

If you run a UK healthcare practice and the front-desk problem above sounds familiar — book a 30-minute discovery call. The call is with me (Jordan Gilbert, named CTO on the contract), not a sales person. We'll cover:

• The shape of your practice — partners, practitioners, locations, current booking system.
• Your existing patient communication stack — EMIS / SystmOne / Software of Excellence / Cliniko / paper diary.
• The regulatory posture you need to hold — CQC registration status, NHS contract type, insurer mix.
• Where Bookings would sit alongside the clinical system + what would change at the front desk.
• Whether Growth or Embedded is the right tier — and whether the timing is right for either.

If you'd rather start on WhatsApp first, that's fine too — most discovery conversations begin there.