Conduct a DTAC assessment

Care providers or commissioners should use the Digital Technology Assessment Criteria (DTAC) form when conducting an assessment as part of the assurance and due diligence checks before purchasing and deploying digital health technology (DHT) products.

If the product is being offered on a trial basis or outside normal procurement activities, a DTAC assessment should still be conducted. The product, version number and result of assessments should be recorded for reference and audit purposes.

Care commissioners and providers should also put in place processes to re-assess elements that have an expiry date or change due to upgrades.

DTAC is intended to be used as part of care commissioners and providers overarching governance approach for managing risk and regulatory compliance of its technology.

While each provider organisation will have its own approach, it is important that DTAC assessment is conducted with appropriate professional oversight from subject matter experts for each part of DTAC.

The table below sets out examples of the expected accountable officer and subject matter expert (SME) roles.

Any DHT products built by in-house teams of healthcare organisations or by third parties acting on their behalf must be built to meet the standards and requirements in DTAC.

Where internal governance processes check and assure for these during the design and build stage, there is no need to conduct an additional assessment against the DTAC framework on completion.

Where a care organisation that has developed a DHT product in-house offers it to other health and care providers (whether it is charged for or not), it is now acting as a manufacturer and should maintain and provide corresponding DTAC documentation on request.

If a lead organisation is acquiring DHT products on behalf of one or more other provider organisation, the lead organisation has a responsibility to assess the product against DTAC to ensure that it meets requirements for use.

However, the organisations receiving and deploying the DHT retain their duty to ensure the products meet relevant requirements.

This can be achieved by ensuring that the corporate risk owners in the receiving bodies have appropriate oversight, input and participation in the assurance and assessment process of the lead organisation. Alternatively, the lead organisation can provide appropriate DTAC documentation to partner organisations for them to assess.

The standards included in DTAC are underpinned by laws, regulations and policies that place a duty on care providers and commissioners to ensure compliance. There are third parties that offer assistance to both DHT manufacturers in completing documentation, and to NHS organisations in conducting DTAC assessments.

Although both manufacturers, care commissioners and providers may find these valuable, NHS England does not currently endorse any third party certification schemes for DTAC.

Care providers or commissioners considering a third party certification or outsourcing assurance should ensure that they have confidence in the third party’s assessment methods and appropriate guarantees.

NHS England is exploring a certification scheme for DHTs to further reduce the need for care commissioners and providers to conduct assurance activities. We will provide updates on this in future.