Question to the Department of Health and Social Care:

To ask the Secretary of State for Health and Social Care, whether all NHS clinical health IT systems providers are required under the Health and Social Care Act 2012 to meet the (a) Digital Technology Assessment Criteria (DTAC) and (b) DCB0129 clinical risk management standard.

The Digital Technology Assessment Criteria for Health and Social Care (DTAC) was introduced in February 2021 to ensure that digital health technologies and clinical health IT systems purchased by the National Health Service meet a baseline standard. This includes areas such as clinical safety, data protection and cyber security, bringing together legislation and good practice into a single framework. It encompasses the DCB0129 clinical risk management standard.

The DTAC is currently non-mandatory and relies on the procuring organisation making use of it. The Health and Care Bill will provide a mechanism for DTAC to be mandatory and enforceable. In the interim, it will be published as an Information Standards Notice which requires NHS organisations to pay due attention. The use of DTAC is already advised in NHS guidance, including the ‘What Good Looks Like framework’.