Helping health IT suppliers achieve and maintain DCB0129 clinical risk compliance for NHS deployment

There is no difference - both refer to the same NHS clinical risk management standard. The spacing variation is common in searches and documentation.

Yes. NHS suppliers of all sizes may be required to demonstrate DCB0129 compliance, though the approach should be proportionate.

DCB0129 is a mandated NHS information standard and is commonly required as part of NHS procurement and assurance processes.

Yes. DCB0129 requires a named CSO with appropriate competence and authority. We can provide that as part of any DCB0129 package.

NHS England provides a flowchart here that takes you through whether your product applies or not. We can provide expert advice on navigating this however as sometimes it is still unclear. 

We pride ourselves in working with SMEs and startups through to some of the largest companies in the world for this standard. We can support any company size with any product at any stage of development.

Yes, in fact this is probably the most common way of working for most IT suppliers.

If you are still potentially impacting on patient care, then the answer is yes. Frequently, deploying organisations will ask for evidence of DCB0129 before even starting a pilot or proof-of-concept study now. 

Broadly speaking, yes. If you are connecting to central NHS systems (IM1, PDS, EPS), then not only will you need to complete DCB0129 for your product, but you may also need a complete a specific hazard log provided by the NHS for that integration or return it in a specific format. Very few people understand this requirement but it can delay connectivity significantly.

We always aim to include DCB0129 as early in the software development life cycle process as possible. This ensures maximal stakeholder engagement and sets up the process of ongoing compliance in the organisation.

Deploying organisations or regulators will generally look at whether the documentation provided has fulfilled all of the requirements of the standards. Having done this for over 100 products and taken clients through every local or national onboarding scheme, we know how best to structure and present documents for easier procurements.

This depends on the complexity and number of products but generally for a simple one-product company, the initial paperwork can be created within a 3-month period. However, if there is a pressing procurement requirement, we may be able to expedite that timeline.

Broadly speaking, yes. We always say that at the least all major and minor releases and associated testing reports should be reviewed by the CSO prior to go-live. Any incident that may impact on patient care should also be escalated for review too. 

Yes, and this is frequently the most common way for health IT companies to fulfil the standard. 

This is a good question and the honest answer is very variably. We have seen hugely disparate ways of assessing DCB0129 documentation provided and it really operates on a case-by-case basis. That said, having managed over 100 products to date in this area, we have seen almost every type of organisation response and are well equipped to respond accordingly.