You can’t sell or pilot digital health technologies in the UK NHS and Social Care without DTAC and Clinical Safety compliance!
The Digital Technology Assessment Criteria (DTAC) is the UK national baseline criteria for new and existing digital health technologies. Each and every digital technology that is procured, trialled or piloted by the NHS or social care needs to “pass” a digital technology assessment. Therefore, this applies to all health IT being used in the NHS and social care settings and not only medical devices. Examples of digital health technologies that require a DTAC are electronic patient record systems, wellness apps, telemedicine, Software as a medical device, AI as a medical device, triage systems, GP platforms etc.
DTAC is currently under review and Psephos are part of the review process, speak to us to understand the latest.
It is important to understand that every time a new feature is added, or a change made to the digital health solution the clinical safety documentation must be reviewed, updated as needed and changes reflected throughout DTAC to ensure compliance with the requirements.
Work with Psephos to see which DTAC requirements apply to your digital health solutions and rapidly achieve compliance for procurement and throughout the lifecycle of the product. We walk you through the entire process helping you to build and maintain the required system and documentation. If you have multiple products, each one would need to be assessed against the DTAC.
Get in touch with Psephos to ensure your procurement to the NHS or Social Care runs smoothly https://www.psephos.com/contact-us
DTAC - 5 core areas

Source: NHS England
DTAC area | Outputs | Legislation and Guidance |
Clinical Safety | Requirements: - Clinical safety management system - Risk management hazard log - Clinical safety case report - Clinical safety management plan - Approval by a clinical safety officer
|
DCB 0129 – Clinical Safety for the digital health developer
DCB 0160 – Clinical Safety for the buying organisation e.g. NHS trust
|
Data Protection | - Data flow map identifying the data assets and data flows - Data protection impact assessments (DPIA) by which the flow of data is governed. - Data sharing agreements
| Data protection Act 2018 (GDPR) 8 Caldicot Principles 10 National Data Guardian (NDG) standards NHS Data Security and Protection Toolkit (IG Toolkit)
|
Technical Assurance | Assurance Plan Testing: - Validation, verification, load testing, performance. Regression, security, penetration, integration, unit and where applicable bias testing - Cybersecurity - Multi-Factor Authentication Cyber essential certification
| IEC 62304- software lifecycle requirements NHS Data Security and Protection Toolkit ISO/IEC27001
|
Interoperability | - Assessment of the interoperability of the digital health technology with NHS and social care systems whilst maintaining technical assurance | NHS Interoperability Standards |
Usability & Accessibility | - Benchmarking and accessing usability and accessibility ratings - Usability studies and file - Accessibility Statement - System Usability Scale (SUS) | MHRA – Guidance on applying human factors to medical devices. ISO/IEC 62366 – Application of usability engineering ISO 9241 – Ergonomics and human system interaction NHS internet first policy WCAG 2.1 Level AA |
