The DCB0129 is the clinical risk management standard which manufacturers of Health IT systems software and apps must comply to. The standard is governed by NHS Digital and is a mandatory requirement in England.

“…ensure that effective clinical risk management is carried out by organisations that are responsible for developing and modifying Health IT Systems. This purpose is achieved through the presentation of a set of requirements…”

The DCB0160 is the clinical risk management standard which NHS organisations must comply with when they procure, implement Health IT systems including software and apps. The standard is governed by NHS Digital and is a mandatory requirement in England.

“…ensure the effective application of clinical risk management by those health organisations that are responsible for the deployment, use, maintenance or decommissioning of Health IT Systems within the health and care environment…”

These standards are mandated under section 250 of the Health and Social Care Act 2012.

Manufacturers of Health IT, Software including Apps must complete a risk assessment on their product, to identify any potential hazards, mitigations must be put in place and where necessary recommendations provided to their customers.

Organisations who implement Health IT systems, software or Apps must undertake a formal risk assessment and evidence the measures which have been put in place to mitigate the risks.

To comply with the standards, companies and organisations are required not only to undertake a formal risk assessment on the product but also to produce a series of documents summarising the outcome. 

These include the Clinical Risk Management Plan, Hazard Log and Clinical Safety Case Report. The documentation must be kept up-to-date during live service.

By partnering with DigiSafe, you not only ensure compliance with DCB0160/0129 but also reinforce your commitment to clinical risk management excellence.

Our expertise, dedication, and unwavering focus on patient safety will guide you in achieving and maintaining compliance.

The Clinical Safety Officer is accountable for clinical safety and ensuring that effective Clinical Risk Management and related activities are carried out by organisations that are responsible either for manufacturing or deploying Health IT systems, Software or Apps. They must be a registered clinician or professional with a regulatory body and have completed the risk management training.

We have Senior Clinical Safety Specialists who can aid in your requirements. From producing the core document set and providing mentorship, we offer the expertise required to aid you through the realm of Clinical Safety and beyond

A Clinical Risk Management System document, often referred to as CRMS, is a document used by both health IT manufacturers and in health and care environments.  It aims to outline the strategies and processes for managing clinical risks. It typically contains information related to the identification, assessment, mitigation, and monitoring of risks within a software, clinical or healthcare setting.

It provides the framework for the organisation, it details the Governance Structure, Incident Management Process, Roles and Responsibilities of key people especially, in relation to clinical safety and related activities.

The Clinical Risk Management Plan is developed for each safety related Healthcare IT system, Software or App.

The purpose of the CRMP is to identify the Clinical Risk Management activities that are to be undertaken and the phasing of these activities in the project lifecycle. The CRMP will also identify the resources required and governance structure in place to ensure the activities can be met

The Hazard Log is a mechanism for recording and communicating the on-going identification and resolution of hazards associated with the Health IT System. It is organised so that it enables a systematic approach to the management of hazards and supports the effective collation of safety case evidence.”

Creating the Hazard Log is one of the first steps towards DCB0129/DCB0160 compliance; this gives the Clinical Safety Officer the opportunity to identify any new hazards or existing hazards. A review of each is completed, the effect, harm and possible causes are captured. Controls are recorded and an initial risk score applied with justification. Recommendations and additional controls are applied and a predicted Residual Risk score applied.

A hazard workshop should be performed with key people to inform the hazard identification process. The Hazard Log feeds into the CSCR and details the overall mitigation individually.

The Clinical Safety Case Report (CSCR) is the physical document that summarises all the key elements of the system which is to be deployed and references all supporting material in a clear, comprehensible and concise format.

The CSCR is the evidence that the system/software is safe to deploy, this bases its argument on the review of the hazards. In essence it captures the full picture of the system/product, the testing and training strategy, governance and risk activities completed.

The process of analysis and evaluation of risk, recommendations and safety position. Supporting evidence is included and the report should be treated like the evidence if an investigation were required. ( Incident to occur for example).