DTAC Compliance Framework
Digital Technology Assessment Criteria for NHS Health and Care Technologies
Ready for NHS Digital Assessment1. Clinical Safety (DCB0129 & DCB0160)
Compliant✓ Clinical Safety Case (DCB0129) completed with hazard identification
✓ Clinical Risk Management System (DCB0160) established
✓ Clinical Safety Officer appointed
✓ Hazard log maintained with risk mitigation strategies
✓ Incident reporting and monitoring procedures active
✓ Regular safety reviews and updates scheduled
2. Data Protection (GDPR & UK DPA 2018)
Compliant✓ Data Protection Impact Assessment (DPIA) completed
✓ Data Protection Officer (DPO) appointed
✓ Privacy by Design principles embedded
✓ UK/EEA data residency with Supabase (EU hosted)
✓ End-to-end encryption for sensitive data
✓ Subject Access Request (SAR) workflow implemented
✓ Right to erasure and data portability tools active
✓ Consent management system with granular controls
3. Technical Security Standards
Compliant✓ ISO 27001 Information Security Management certified
✓ Cyber Essentials Plus certification achieved
✓ Regular penetration testing (annual minimum)
✓ Vulnerability scanning and patching procedures
✓ Role-based access control (RBAC) implemented
✓ Multi-factor authentication (MFA) for professional users
✓ Audit logging for all data access
✓ 99.9% uptime SLA with redundancy and failover
4. Interoperability Standards
Compliant✓ FHIR R4 API compliance for NHS integration
✓ Booking and Referral Standard (BaRS) integration
✓ Personal Demographics Service (PDS) connection
✓ MESH API for social care messaging
✓ SNOMED CT clinical terminology
✓ ITK3 Mental Health eDischarge messaging
✓ GP Connect API integration capability
5. Clinical Effectiveness Evidence
In Progress✓ Pilot studies with 2 NHS trusts and 3 schools
✓ Clinical validation study demonstrating accuracy and safety
✓ User testing with parents, young people, and professionals
✓ AI bias audit across demographics
⚠ Peer-reviewed publication in progress
⚠ NICE Evidence Standards Framework assessment pending
6. Usability & Accessibility
Compliant✓ WCAG 2.1 Level AA accessibility compliance
✓ Mobile-first responsive design
✓ Screen reader compatible
✓ Age-appropriate interfaces (8-17, 18+, professionals)
✓ Plain English with medical terminology tooltips
✓ User testing with neurodivergent participants
✓ Multi-language support capability
7. AI Transparency (MHRA 10 Principles)
Compliant✓ AI model documentation with training data and validation metrics
✓ Bias detection and fairness monitoring active
✓ Explainable AI outputs with clinical reasoning
✓ Human oversight required for all clinical decisions
✓ Predetermined change control plans for ML updates
✓ Continuous monitoring of AI performance
✓ Audit trail for every AI decision
8. Information Governance
Compliant✓ NHS Data Security and Protection Toolkit (DSPT) compliant
✓ Information Governance training for all staff
✓ Data sharing agreements with NHS Digital
✓ Caldicott principles embedded
✓ Records Management Code of Practice compliance
✓ Business continuity and disaster recovery plans