top of page
  • Writer's pictureIrfan Hassan

Digital Technology Assessment Criteria (DTAC)

You can’t sell or pilot digital health technologies in the UK NHS and Social Care without DTAC and Clinical Safety compliance!


The Digital Technology Assessment Criteria (DTAC) is the UK national baseline criteria for new and existing digital health technologies. Each and every digital technology that is procured, trialled or piloted by the NHS or social care needs to “pass” a digital technology assessment. Therefore, this applies to all health IT being used in the NHS and social care settings and not only medical devices. Examples of digital health technologies that require a DTAC are electronic patient record systems, wellness apps, telemedicine, Software as a medical device, AI as a medical device, triage systems, GP platforms etc.


DTAC is currently under review and Psephos are part of the review process, speak to us to understand the latest.


It is important to understand that every time a new feature is added, or a change made to the digital health solution the clinical safety documentation must be reviewed, updated as needed and changes reflected throughout DTAC to ensure compliance with the requirements.


Work with Psephos to see which DTAC requirements apply to your digital health solutions and rapidly achieve compliance for procurement and throughout the lifecycle of the product.  We walk you through the entire process helping you to build and maintain the required system and documentation.  If you have multiple products, each one would need to be assessed against the DTAC.


Get in touch with Psephos to ensure your procurement to the NHS or Social Care runs smoothly


DTAC - 5 core areas

 Source: NHS England



DTAC area


Legislation and Guidance

Clinical Safety


-       Clinical safety management system

-       Risk management hazard log

-       Clinical safety case report

-       Clinical safety management plan

-       Approval by a clinical safety officer



DCB 0129 – Clinical Safety for the digital health developer


DCB 0160 – Clinical Safety for the buying organisation e.g. NHS trust





Data Protection

-       Data flow map identifying the data assets and data flows

-       Data protection impact assessments (DPIA) by which the flow of data is governed.

-       Data sharing agreements


Data protection Act 2018 (GDPR)

8 Caldicot Principles

10 National Data Guardian (NDG) standards

NHS Data Security and Protection Toolkit (IG Toolkit)


Technical Assurance

Assurance Plan


-       Validation, verification, load testing, performance. Regression, security, penetration, integration, unit and where applicable bias testing

-       Cybersecurity

-       Multi-Factor Authentication

Cyber essential certification


IEC 62304- software lifecycle requirements

NHS Data Security and Protection Toolkit




-       Assessment of the interoperability of the digital health technology with NHS and social care systems whilst maintaining technical assurance

NHS Interoperability Standards

Usability & Accessibility

-       Benchmarking and accessing usability and accessibility ratings

-       Usability studies and file

-       Accessibility Statement

-       System Usability Scale (SUS)

MHRA – Guidance on applying human factors to medical devices.

ISO/IEC 62366 – Application of usability engineering

ISO 9241 – Ergonomics and human system interaction

NHS internet first policy

WCAG 2.1 Level AA




Recent Posts

See All
bottom of page