Some useful Reference documents for consideration when designing software systems for health data ensuring they meet information governance requirements and security requirements as required by the Data Security Toolkit.
This is an old document from NHS Digital but it has useful advice on what is required in a system to meet IG requirements.
OWASP Top ten is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.