Clinical Safety in the midst of the ever-growing need for digital mobility

In recent weeks we have seen a number of articles related to the concern regarding mobile applications and the need for them to be regulated for safety, both clinical and technical. The most recent article quoting Lord O’Shaughnessy announcing the ‘introduction of a new regulatory regime for health digital technology’. He also explained that the code ‘would include broad guidelines on how the NHS should work with digital tech companies’.

Am I missing the point here or am I correct in thinking we already have detailed (not broad!) guidelines to manage clinical safety/risk for health IT systems in DCB0129/0160. These standards have been in place for many years, but still the powers that be feel the need to try to change or introduce new systems when those that are already in place are perfectly effective in the management of clinical safety.

Somebody please correct me if I am wrong in my observations as I have been working with these standards since there conception, first introduced as DSCN14/2009 & DSCN18/2009 by the then Connecting for Health now managed under their successor NHS Digital who have spent years improving these standards with great success and have greatly supported my efforts over the years to the benefit of many health IT projects.

Surely there is a need to promote and regulate using the existing standards which are proven in use. The mention of concern for software classified as a medical device accounts for a small proportion of the available applications in the sector therefore the focus should be on all health IT systems not just the medical devices.

I understand that this code of conduct is more aligned with data protection, but if there is still an issue with enforcing the existing safety standards how is the introduction of a new policy going to help. All this will do is confuse matters further in a sector that already finds it difficult to get to grips with the Medical Devices Directive, DCB0129 and Data Protection/GDPR.

I have added the links to a few of the articles below so that you can come to your own conclusions and please contribute to this post as I am struggling to see a way forward if we continue down this path, we are in danger of confusing matters further rather than solving the issue!


Have any Question or Comment?

2 comments on “Clinical Safety in the midst of the ever-growing need for digital mobility

I’ve just re-read DCB0129 & 0160. While we can agree clinical risk management is important (see also ISO14971) these standards do not do anything actionable to improve the safety of digital systems. If you are an implementor (eg a software engineer), there is nothing in these standards to help. For example: should an implementor use formal methods (yes) and if so which ones…. which programming languages are acceptable for healthcare? Should you use third party code (like which led to BA’s recent cybersecurity fiasco) (no)? How do you establish requirements (PCD/UCD etc)? Iterative design (as in ISO9241). etc etc etc. And what about medical apps? What about CE marking and device regulation and its replacements?

The current NHS and MHRA standards and regulations, so far as I know them, are almost completely silent on everything to do with digital and patient safety, and they do nothing to help developers/vendors/manufacturers deliver safer systems. They need updating and/or extending.

PS I was at the RCP meeting you link to…..

Sandeep Bansal

Completely agree with Harold here. Dean, you may want to send out the White Paper you have been working on to Harold, I am sure it will be of massive interest.


Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: