Is DCB0160 mandatory for NHS organisations?

Yes, organisations who are deploying healthcare technology will need to cover off all aspects of DCB0160 compliance.

Do suppliers need to comply with DCB0160?

In general, no. DCB0160 is the responsibility of the deploying organisation. However, if the entity is both the manufacturer and deployer of the technology, they may need to complete documentation which covers both standards.

What documentation is shared between DCB0129 and DCB0160?

Generally speaking this will be the Clinical Safety Case Report and Hazard Log, but providers can also ask for safety incident logs and other evidence (testing etc.) in more detail. We provide a comprehensive DCB0160 handover as standard for our DCB0129 clients which alleviates a number of internal hurdles.

Who signs off DCB0160?

This should be the deploying organisation’s CSO. If you are asked to sign off the DCB0160 documentation as well, we would strongly advise against doing so to avoid conflict of interest or any liability issues arising down the line.

How often is DCB0160 reviewed?

DCB0160 should ideally be reviewed whenever the core DCB0129 documentation changes (updates or incidents from the supplier) or when the deployment type of methodology changes (different departments, new functionality etc.).

Screenshot 2024-08-14 at 10.09.02-02.png

DCB0160 - Clinical Risk Management in the Deployment of Health IT

Understanding DCB0160 and how it relates to DCB0129 for NHS health IT suppliers

DCB0160 is an NHS clinical risk management standard that applies to the deployment and use of health IT systems within healthcare organisations. It sits alongside DCB0129, which applies to system manufacturers and suppliers. While suppliers are generally not responsible for complying with DCB0160, understanding the standard is essential for supporting NHS customers, avoiding confusion, and ensuring smooth deployment.

BOOK A DISCOVERY CALL

How DCB0160 differs from DCB0129

DCB0160 and DCB0129 are closely related but apply to different parties and responsibilities.

DCB0129 (Supplier responsibility)

Applies to manufacturers and suppliers of health IT systems
Focuses on risks inherent in system design and functionality
Requires a named Clinical Safety Officer (CSO)
Produces supplier-level clinical safety artefacts

Learn more about DCB0129 compliance.

DCB0160 (Deployment responsibility)

Applies to healthcare organisations deploying systems
Focuses more on risks arising from local configuration and use
Requires local clinical safety governance processes
Also requires a named Clinical Safety Officer
Produces deployment-level safety documentation

Both standards are required to ensure end-to-end clinical safety, from system design through to real-world use.

Who does DCB0160 apply to?

DCB0160 applies to:

NHS trusts and foundation trusts
General Practices
Integrated Care Boards (ICBs) (if they are managing clinical safety for their area)
Any other healthcare organisations deploying clinical systems

These organisations are responsible for ensuring that clinical risks arising from local configuration, workflows, and use are properly managed. Suppliers are not responsible for DCB0160 compliance, but they play an important supporting role.

How DCB0129 and DCB0160 work together in practice

In practice:

DCB0129 addresses risks inherent in the system itself
DCB0160 addresses risks introduced by how the system is deployed and used

Information typically flows from supplier to healthcare organisation, including:

Clinical Safety Case Reports
Hazard logs and known risks
Assumptions, limitations, and intended use

Clear understanding of this handover is critical to avoid gaps or duplication. There is frequently a ‘handshake’ at some point where the DCB0129 material is provided to the deploying organisation for review and adding their specific configurations. The CSOs on both sides may play a part in expediting this.

BOOK A DISCOVERY CALL

Common misconceptions about DCB0160

“Suppliers need to be DCB0160 compliant”

Incorrect. Suppliers can support DCB0160 but are not responsible for compliance. The only caveat to that statement are suppliers who are also the deploying organisation (e.g. a healthcare service provider who has developed/deployed their own IT system). In that case a hybrid approach can be done to encompass all DCB0129 and DCB0160 requirements.

“DCB0160 replaces DCB0129”

No. The standards are complementary and both are required in their respective contexts for end-to-end deployment of a solution.

“DCB0160 is optional”

DCB0160 is a mandated NHS standard for organisations deploying clinical systems. Clarifying these points early helps prevent procurement delays and unnecessary time and resource expenditure.

How suppliers can typically support DCB0160

While suppliers are not responsible for DCB0160, they commonly support NHS organisations by:

Providing the initial DCB0129 clinical safety documentation
Explaining system assumptions, limitations, and risks
Supporting local clinical safety assessments
Responding to assurance and governance queries

Suppliers with well-structured DCB0129 artefacts make DCB0160 compliance significantly easier for their customers. We also provide DCB0160 guidance documentation for your end-customers, ensuring as few hurdles as possible exist to deploying your technology.

Interested in Other Services?

As leading Clinical Safety compliance experts we can support your organisation to navigate a range of technology and cybersecurity requirements.

DCB0129 Overview

An introduction to DCB0129 clinical risk management for health IT suppliers, explaining when the standard applies, what compliance involves, and how suppliers meet NHS clinical safety requirements.

Find out more

DCB0129 Support & Assurance

Practical support to help health IT suppliers achieve and maintain DCB0129 compliance, from documentation through to NHS assurance.

Find out more

Clinical Safety Officer (CSO)

Independent Clinical Safety Officer services providing clinical oversight, governance, and sign-off required under DCB0129 for NHS-deployed digital health systems.

Find out more

Where can DCB0160 cause challenges for suppliers?

Suppliers often encounter issues where:

Responsibility boundaries are unclear
NHS organisations request supplier-led DCB0160 activities
Clinical safety expectations differ between organisations
Documentation requirements are poorly defined

Understanding DCB0160 helps suppliers respond confidently and appropriately. We have deployed our DCB0129-compliant technologies in hundreds of different NHS scenarios so understand the market inside out.

How AbedGraham supports clarity around DCB0160

While our primary focus is DCB0129 and supplier clinical safety, we support clients by:

Clarifying DCB0129 vs DCB0160 responsibilities
Ensuring DCB0129 artefacts support NHS deployment needs
Supporting discussions with NHS organisations where required

Our approach reduces friction and helps deployments progress smoothly. Our aim is for clinical safety to the done to the highest standard but also to not be the rate-limiting step in any procurement process.

Explore our DCB0129 compliance services.

Book a Discovery Call

If your organisation needs incident response support, or wants to test its readiness, contact our consultants today.

BOOK A DISCOVERY CALL

What is DCB0160?

DCB0160 defines how clinical risk should be managed by healthcare organisations when deploying and using health IT systems.

The standard focuses on:

Safe configuration and implementation of systems
Integration into local clinical workflows
Ongoing clinical risk management during use
Local governance, oversight, and assurance

DCB0160 ensures that risks introduced by the local use of a system are identified and managed, even where the system itself is supplied by a third party.