Question to the Department of Health and Social Care:

To ask the Secretary of State for Health and Social Care, what assessment he has made of the potential risks to patient safety and data protection of using IT providers that do not meet the requirements of (a) DTAC and (b) DBC0129.

A range of online consultation and video consultation solutions are available to procure through a Digital First, Online Consultation and Video Consultation (DFOCVC) procurement framework. The DFOCVC framework is underpinned by requirements as part of the Digital Care Services framework Capabilities & Standards Model. These requirements do not currently include compliance with the Digital Technology Assessment Criteria (DTAC).

Of the suppliers on the framework, currently one supplier, Push Doctor Limited is known to have met the DTAC criteria through an assessment undertaken by NHSX in February 2021. Information on whether another National Health Service organisation has undertaken a DTAC assessment of another supplier on DFOCVC is not held centrally.

The DTAC, incorporating DBC0129, was introduced in February 2021 to ensure that digital health technologies and clinical health IT systems purchased by the NHS meet a baseline standard, including on patient safety and data protection. The DTAC is currently non-mandatory and relies on its use by procuring organisations. The Health and Care Bill proposes legislative changes to provide a mechanism for DTAC to be mandatory and enforceable. In the interim, NHS organisations are required to pay due attention as an Information Standards Notice. The use of DTAC is already advised in NHS guidance, including the What Good Looks Like framework.