Deviceology: Simplifying DTAC Compliance

The Essence of DTAC in Digital Healthcare

The NHS Digital Technology Assessment Criteria (DTAC) serves as a critical framework for ensuring safety, quality, and efficacy in health & social care technologies. At Deviceology, we understand that DTAC is pivotal for instilling confidence in NHS stakeholders, practitioners, staff, and patients that digital tools meet the highest standards of quality and safety. Completing the DTAC assessment is an esentital step in brning your digital health technology to market in the UK if you wish to make it availble to the National Health Service (NHS).

Simplifying Your DTAC Journey

Navigating the DTAC assessment can be challenging for businesses. Without a formal certification process, the onus is on the purchasing organisation to determine compliance against a complete set of wide-ranging requirements. The guidance documentation is good but doesn’t make the best job of explaining the requirements in plain English either for the purchasing organisation of the health tech product provider. Deviceology simplifies this process, helping you understand and demonstrate your compliance, thus facilitating smoother NHS market access.

Comprehensive DTAC Support Tailored just for You

1. Clinical Safety (C1):

Risk Management and Compliance: We assist clients in understanding and implementing the DCB0129 standard for health IT system development and maintenance. This includes developing a comprehensive clinical risk management system tailored to your specific health IT product. Our expert Clinical Safety Officers understand exactly how to DCB0129 to innovative and often complex health IT systems having many years if experience in the field allowing them to quickly apply the standard and produce the documentation you need to support your DTAC assessment. 

Staff Training and Competency: Ensure that personnel involved in the development and maintenance of health IT systems are adequately trained and competent in clinical risk management tasks as required by the DCB0160 standard. If you need a CSO resource a couple of days a month to maintain your compliance then we can help there too, and it won’t cost the earth! 

Documentation and Evidence Submission: We help in preparing and compiling the necessary documentation and evidence to demonstrate compliance with clinical safety standards. This includes preparing Clinical Safety Cases, Hazard Logs and other critical DCB0129 documentation. If you want us to do it all, no problem, we are here to help.

2. Data Protection (C2):

GDPR and Data Compliance Advisory: We offer comprehensive expertise on GDPR compliance, specifically tailored to the challenges of handling sensitive health data. This service includes in-depth guidance on critical aspects such as data minimisation, ensuring that only necessary patient data is collected and processed. 

Additionally, we provide expert advice on consent management, helping clients develop clear and compliant methods for obtaining and managing patient consent for data processing. We also assist in understanding and implementing data subject rights, ensuring clients are fully prepared to respond appropriately to requests from individuals regarding their personal data.

Data Protection Officer Support: We provide a range of services to either act as a Data Protection Officer (DPO) for our clients or support existing DPOs in their role. This includes conducting regular data protection audits to ensure ongoing compliance with GDPR and other relevant data protection laws and standards. We assist in the development and revision of data protection policies and procedures, ensuring they are up-to-date and effective. 

Deviceology also offer training sessions for staff at all levels, educating them on data protection best practices, understanding the implications of GDPR, and their roles in maintaining compliance.

Data Protection Impact Assessments (DPIAs): We conduct thorough DPIAs to systematically identify and mitigate risks associated with personal data processing activities. This service is particularly vital for digital health technologies dealing with large volumes of sensitive patient data. We work with our clients to analyse how personal data is collected, used, stored, and shared, assessing the risks at each stage and recommending measures to reduce these risks. 

Deviceology guide clients through the entire DPIA process, from initial scoping to implementation of risk mitigation strategies, and help in documenting the findings and actions taken to demonstrate compliance with GDPR and DTAC requirements.

3. Technical Security (C3):

Cyber Essentials Certification: We guide clients through obtaining Cyber Essentials certification, a key UK government-backed scheme demonstrating a strong commitment to cybersecurity. Deviceology’s role involves helping clients understand the certification requirements, conducting initial assessments of their cybersecurity practices, and providing recommendations to meet the standards. 

This support extends to the implementation of necessary security controls, ensuring compliance with all aspects of the framework, such as secure configuration and access control and then applying for and gaining the Cyber Essentials certification for our clients. Sit back and let us do the work to deliver compliance and certification for your organisation. 

Penetration Testing with OWASP Top 10 for Web and Mobile Apps: We offer comprehensive penetration testing services that address both web and mobile applications, incorporating the OWASP Top 10 for web vulnerabilities and the Mobile Top 10 for mobile app security. This testing involves simulated cyber-attacks in a controlled environment to evaluate the security robustness of client systems against the most common and critical vulnerabilities identified by OWASP. By extending the testing scope to include both web and mobile platforms, we ensure your full technology stack is covered. If you host in the cloud, we can test that too. 

Deviceology ensures a thorough security analysis that is crucial for maintaining the integrity and trustworthiness of digital health products across all user interfaces. This holistic approach provides clients with valuable insights and recommendations for strengthening their systems in line with the latest best practices in both web and mobile application security.

Data Security and Protection Toolkit (DSPT): We assist clients in complying with the NHS’s Data Security and Protection Toolkit, an essential standard for organizations accessing NHS patient data. Deviceology can support clients in completing the self-assessment toolkit, ensuring they meet the required standards in data security, data quality, and information governance. 

This assistance includes helping clients understand the DSPT requirements, advising on best practices for data security, and supporting the implementation of policies and procedures to ensure ongoing compliance. The DSPT compliance not only demonstrates a commitment to protecting patient data but is also a prerequisite for accessing NHS Digital services, making it a critical component of technical security for health IT systems.

4. Interoperability Criteria (C4):

Documentation Support for Interoperability Compliance: We provide specialised assistance to clients in documenting how their products meet the interoperability criteria. This involves understanding the diverse range of interoperability standards and requirements, including those related to hardware, software, and data compatibility within the health and social care system.

Guidance on API Integration and Compliance: While Deviceology does not engage in development, it can offer valuable guidance on how clients can document their adherence to Government Digital Services Open API Best Practices. This includes advising on the documentation of API specifications, interface descriptions, and how third-party integrations are managed and maintained.

Assessment and Reporting on Interoperability Standards: We assist clients in conducting thorough assessments of their products to determine how well they exchange data with other systems. This service extends to helping clients prepare comprehensive reports that demonstrate their products’ capabilities in terms of interoperability, ensuring they align with the relevant NHS and government digital standards.

Facilitating Interoperability Testing and Validation: We support clients in setting up and documenting the results of interoperability testing. This includes advising on the methodologies and standards for testing how seamlessly their products integrate with existing clinical record systems and other health technologies, ensuring a cohesive and efficient healthcare journey for end-users. 

5. Usability and Accessibility (D1):

User-Centered Design and Accessibility Compliance: We offer specialized expertise in helping clients demonstrate that they have designed interfaces that prioritise user-centred principles. This includes documenting how clients have created intuitive, user-friendly interfaces that cater to a diverse range of users, including those with accessibility challenges to offer an inclusive experience for all.

WCAG Compliance Testing: We arrange comprehensive testing to assess the level of compliance with WCAG 2.1 guidelines for web accessibility. This involves a thorough evaluation of the product’s interface to identify any accessibility barriers and ensure alignment with the required accessibility standards. 

Usability Testing and Feedback Incorporation: We help clients document how they have tested their digital health products with users, followed the NHS Service standards and WCAG principles, are continually enhancing their product’s user interface and overall user experience, ensuring their digital health technology not only meets but exceeds accessibility and usability expectations set by both the NHS and WCAG guidelines. 

A Partner in Your Compliance Process

At Deviceology, we are committed to your success. We offer full support all DTAC components including interoperability, clinical safety, data security, cyber security, and information governance. Our goal is to walk with you every step of the way, ensuring a successful journey in the UK health technology market.

Choose Deviceology for a hassle-free DTAC compliance experience. We’re not just consultants; we’re partners committed to your success in the evolving landscape of digital health.


🌐 Website:

Deviceology: Your Trusted Partner in DTAC Compliance and Beyond.