Some useful Reference documents for consideration when designing software systems for health data ensuring they meet information governance requirements and security requirements as required by the Data Security Toolkit.
This is an old document from NHS Digital but it has useful advice on what is required in a system to meet IG requirements.
OWASP Top ten is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.
Data Security Toolkit Support Documents
These two sections apply most directly to software development and the network systems and software. They are written to support the toolkit questions and not specifically about how software should be built.