We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
Information standards underpin national healthcare initiatives from the Department of Health, NHS England, the Care Quality Commission and other national health organisations. They provide the mechanism for introducing requirements to which the NHS, those with whom it commissions services and its IT system suppliers, must conform.
The following two standards, relating to clinical safety, are accepted for publication under section 250 of the Health and Social Care Act 2012 by the Data Coordination Board (DCB). In line with current DCB practice, each standard comprises:
- a specification, which defines the requirements and conformance criteria to be met by the user of the standard - how these requirements are met is the responsibility of the user
- implementation guidance, which provides an interpretation of the requirements and, where appropriate, defines possible approaches to achieving them
Compliance with DCB0129 and DCB0160 is mandatory under the Health and Social care Act 2012.
NHS Digital clinical safety standards are now aligned with the new medical devices regulation for standalone software. This provides clarity and removes uncertainty among users and developers with regard to the registration of software as a medical device and compliance with this standard.
The evidence for this statement comes from academic and industry advisors, and recent experiences with devices, currently in use, that are decision making or supporting and integrated into unregulated software.
The new medical devices regulation was published by the European Commission in May 2017. In summary it means:
- software is specifically identified as a type of medical device - this will broaden the number of software solutions that are a medical device
- classification now includes risk as a component, in line with the NHS Digital Clinical Safety standards
- the regulation includes additional essential requirements in the fields of IT environment, interoperability, cybersecurity , mobile platforms, IT network and IT security
This is a change in scope of the clinical risk management of health IT within the NHS Digital Clinical Safety standards. It provides a means of complying with MHRA regulations for the design, build, deployment and maintenance of software. It also conforms to European standards and is in line with the medical devices regulations.