DTAC in relation to other regulatory and assurance processes

DTAC is not intended to replace or be an alternative to medical device regulations (MDR). DTAC should be used alongside it, as there are elements of DTAC that are not covered in MDR (for example, NHS specific standards such as the use of the Data Security and Protection Toolkit for assessing cyber security).

We have identified and removed elements in DTAC where there is overlap with MDR (for example, in clinical safety sections), and as part of future work are looking to extend this further for medical devices class IIa or higher.

In addition, NHS England provides the Pre-Acquisition Questionnaire (PAQ) for manufacturers of medical devices to complete ahead of procurement to facilitate clinical safety review in NHS organisations. Not all Digital health technology (DHT) products fall under MDR, however, where a product is both a DHT and a medical device, both forms may need to be completed.

For products that have access to NHS systems or patient data, suppliers must also complete and return the Data Security and Protection Toolkit. Care providers and suppliers to the NHS are responsible for understanding when DSPT is necessary. However, DTAC includes questions to help identify when this is required and removed questions that are covered in DSPT.

For products that meet the definition of a health IT system:

Manufacturers must comply with DCB0129.

Providers of services must comply with DCB0160.

Find guidance on DCB0129 and DCB0160.

Unlike DHT products, health IT systems may be hardware products, or combinations of hardware and software. This means that DCB0129 may apply to some DHT products.

The DTAC form supports correct DCB0129 compliance for DHTs. If a DHT is being provided along with hardware as part of a health IT system, DCB0129 must cover both the hardware and the software.

There are some health IT systems that do not meet the definition of a DHT product. Health and care commissioners and providers are responsible for ensuring that their governance and assurance processes comply with DCB0129 and DCB0160 for these products.

NHS England is conducting a strategic review of DCB0129 and DCB0160, and any changes to these standards will be reflected in future updates to DTAC.

DTAC covers the standards that generally apply to all or most DHT products. Public sector bodies must also follow any other standards that may also apply to the product and its use, such as the Government Service Standard and NHS Service Standard.

These often include duties, principles and criteria that public sector bodies must consider or meet when deciding what products to buy, and how they should be deployed to deliver public services.

DTAC is intended to complement, not replace these. Products that meet DTAC may be safe and appropriate to use within the health and care system generally, but care providers and commissioners must still apply appropriate standards when considering whether the purchase is good value for money or the right fit for the specific context.

DTAC provides a set of criteria for assessing DHTs for use across both health and social care. However, because of the variation across the social care sector and lack of digital infrastructure, some organisations are not equipped to provide the specialist assurance DTAC requires. Where local authorities or integrated care boards are purchasing technology for use in social care, DTAC should be still be applied.

The Department for Health and Social Care are currently exploring how assurance can be delivered for care technologies that are purchased by care providers or the general public, and we are working to ensure this is compatible and interoperable with DTAC in the future.