The Digital Technology Assessment Criteria for health and social care (DTAC) gives staff, patients and citizens confidence that the digital health tools they use meet our clinical safety, data protection, technical security, interoperability and usability and accessibility standards.
The DTAC brings together legislation and good practice in these areas. It is the new national baseline criteria for digital health technologies entering into the NHS and social care.
The DTAC is designed to be used by healthcare organisations to assess suppliers at the point of procurement or as part of a due diligence process, to make sure new digital technologies meet our minimum baseline standards. For developers, it sets out what is expected for entry into the NHS and social care.
Download and use the DTAC form
The DTAC is available as a document (ODT, 132KB) that you can download and print.
Please download it at the point of use, to make sure you’re using the most up to date version.
Is your new digital health technology DTAC ready?
The digital technology assessment criteria for health and social care, or the DTAC for short, is a set of criteria for organisations to use when introducing new digital health technology.
Using it will give staff, patients and citizens confidence that the digital technology they use meets our national minimum standards on clinical safety, data protection, technical security, interoperability, usability and accessibility.
The DTAC brings together legislation and best practice from across the health and social care ecosystem into one place, so assessing products is simple, quick and consistent.
So, who does what? NHS and social care organisations should assess any new digital health technology products against the DTAC as part of each new procurement process or contract renewal, including staff or patient facing apps, systems and web portals.
Tech developers can use the DTAC to make sure their products meet our standards and prepare for assessment.
These assessments will be carried out by local health and social care organisations.
Make sure your digital health technology is DTAC ready.
Find out more at www.nhsx.nhs.uk/dtac
Get email updates about changes to the DTAC
DTAC will naturally iterate as legislation and standards change. We will update on changes through our Digital Transformation bulletin. To keep up to date, subscribe to our digital transformation bulletin.
Guidance for using the DTAC
Information for tech developers
The DTAC provides a consistent question set and enables you to present the same consistent and proportionate set of evidence to organisations buying your digital health technologies. It sets out the standards expected for entry into the NHS and social care.
You should make sure your product meets the assessment criteria, gathering the required evidence - you may choose to use a third party to do this for you. You may be asked to provide this evidence during the procurement process.
Further guidance and support on building good technology by design can be found in A guide to good practice for digital and data-driven health technologies published by the NHS AI Lab.
Information for people working in the NHS or social care
As part of each new procurement process or contract renewal, buyers of digital health technology should ask the developer to complete the DTAC by responding to the question set and providing the evidence required.
It is important, as with any procurement, that those with relevant subject matter expertise are involved in the assessment of digital health technologies, for example the clinical safety section should be assessed by a qualified Clinical Safety Officer.
Whilst the DTAC is intended to be a common baseline criteria in terms of safety and security, it is intended to be one part of procurement - it is not intended to be the complete question set for procurements and should be supplemented with additional specifications including any policy and regulatory requirements.
You should also ensure that you consider efficacy and the impact and evidence of such technologies. NHSX is working with NICE to build on the Evidence Standards Framework for digital health technologies. This is a framework that describes the level of evidence needed to demonstrate effectiveness and value for digital technologies that have different functions and risks.
The DTAC will ensure products meet our standards in: clinical safety, data protection, cyber security, interoperability and accessibility. Whilst it is not currently mandatory, the DTAC brings together legislation and recognised good practice into one place, helping the system to assess products quickly and consistently and you should consider the legislative requirements in any build.
Information for people working for a national NHS organisation or arms length body
NHSX will work with you to assess products that are being procured at a national level, for example, for new national procurement frameworks or dynamic purchasing systems. Please email firstname.lastname@example.org to find out more. This does not replace any Government Digital Standards requirements.
The DTAC will ensure products meet our standards in: clinical safety, data protection, cyber security, interoperability and accessibility. The DTAC brings together legislation and recognised good practice into one place, helping the system to assess products quickly and consistently.
Products that should be assessed using the DTAC
All new digital technology should be assessed using the DTAC, even if you are piloting or trialling it. If a developer has multiple products, each one would need to be assessed against the DTAC. Examples of products include: staff facing and patient facing digital tech, apps, systems, web based portals, stock control systems, and more.
We have linked the DTAC criteria to the definition of a Health IT System as defined in DCB0129 and DCB0160, being a product used to provide electronic information for health or social care purposes where the product may include hardware, software or a combination of both.
Our initial focus is on embedding the DTAC in the NHS and social care. We will be exploring opportunities for assessment passportablity in the future.
Digital tech already in use does not need to be retrospectively assessed but may need to be assessed at the point of a contract renewal or if commissioned by a different organisation.
Background and additional information
Why we have introduced the DTAC
The DTAC was developed in response to developers and those making buying and commissioning decisions looking to NHSX for clear direction on how to build and buy good digital health technologies. We listened to innovators who are seeking to understand what the NHS is looking for when it buys technologies to enable them to build it into their product development ‘by design’. Those buying technologies told us they wanted a proportionate and tangible criteria that was simple to apply and assess against, encompassing all digital health technologies, to ensure that the products they select are safe and built well.
By setting a national baseline, the intention is now to smooth the path between development and procurement so that the NHS and social care may realise the benefits that digital technologies can bring.
We first introduced the DTAC in beta in October 2020, and incorporated feedback before launching the first official version in February 2021.
The different parts of the DTAC
The assessment criteria is focused on 5 core areas. Sections 1 to 4 form the assessed criteria, with a separate conformity rating provided around usability and accessibility:
1. Clinical safety
Products are assessed to ensure that baseline clinical safety measures are in place and that organisations undertake clinical risk management activities to manage this risk.
2. Data protection
Products are assessed to ensure that data protection and privacy is ‘by design’ and the rights of individuals are protected.
3. Technical assurance
Products are assessed to ensure that products are secure and stable.
Products are assessed to ensure that data is communicated accurately and quickly whilst staying safe and secure.
5. Usability and accessibility
Products are allocated a conformity rating having been benchmarked against good practice and the NHS service standard.
The DTAC includes company information and value proposition sections for context. Each of the scored and assessed sections contain:
- a reference code for each question
- the question for the developer to respond to
- whether evidence is required and is so the evidence
- response options or free text
- supporting information and guidance
- scoring criteria
Surfacing apps on NHS.UK
We are moving away from the branded NHS Apps Library and instead we will highlight apps on condition specific pages of nhs.uk that are available to all. This is so that we have the right apps and products visible in the right places for citizens.
Whilst the DTAC will play an important part in assuring the clinical and technical security of apps that are surfaced, NHSX will be supporting teams in NHS England and Improvement to develop policy and clinically led criteria for digital product selection. This will mean that the apps that are surfaced on our national product suite are the ones that are supported by the experts in the respective policy areas.
Our mobile health roadmap for this year includes surfacing commissioned products and apps, improving the mechanisms and infrastructure for prescribing apps to support pathway transformation and supporting clinically requested data into patient records.
Evidence standards framework for digital health technologies
We continue to work alongside other key stakeholders including the Accelerated Access Collaborative (AAC) to support innovators, the Medicines and Healthcare products Regulatory Agency (MHRA) and NICE to build on the Evidence Standards Framework for digital health technologies. This is a framework that describes the level of evidence needed to demonstrate effectiveness and value for digital technologies that have different functions and risks.