The Digital Technology Assessment Criteria for health and social care (DTAC) gives staff, patients and citizens confidence that the digital health tools they use meet our clinical safety, data protection, technical security, interoperability and usability and accessibility standards.
The DTAC brings together legislation and good practice in these areas. It is the national baseline criteria for digital health technologies entering and already used in the NHS and social care.
The DTAC is designed to be used by healthcare organisations to assess suppliers at the point of procurement or as part of a due diligence process, to make sure digital technologies meet our minimum baseline standards. For developers, it sets out what is expected for entry into the NHS and social care.
Download and use the DTAC form
The DTAC is available as a document (ODT, 132KB) that you can download and print.
Please download it at the point of use, to make sure you’re using the most up to date version.
Is your new digital health technology DTAC ready?
The digital technology assessment criteria for health and social care, or the DTAC for short, is a set of criteria for organisations to use when introducing new digital health technology.
Using it will give staff, patients and citizens confidence that the digital technology they use meets our national minimum standards on clinical safety, data protection, technical security, interoperability, usability and accessibility.
The DTAC brings together legislation and best practice from across the health and social care ecosystem into one place, so assessing products is simple, quick and consistent.
So, who does what? NHS and social care organisations should assess any new digital health technology products against the DTAC as part of each new procurement process or contract renewal, including staff or patient facing apps, systems and web portals.
Tech developers can use the DTAC to make sure their products meet our standards and prepare for assessment.
These assessments will be carried out by local health and social care organisations.
Make sure your digital health technology is DTAC ready.
Find out more at transform.england.nhs.uk/dtac
Get email updates about changes to the DTAC
DTAC will naturally iterate as legislation and standards change. We will update on changes through our Transformation bulletin. To keep up to date, subscribe to our Transformation bulletin.
Guidance for using the DTAC
Information for tech developers
The DTAC provides a consistent question set and enables you to present the same consistent and proportionate set of evidence to organisations buying and using your digital health technologies. It sets out the standards expected for entry into and continued use in the NHS and social care.
You should make sure your product meets the assessment criteria, gathering the required evidence - you may choose to use a third party to do this for you. You may be asked to provide this evidence during the procurement process.
Further guidance and support on building good technology by design can be found in A guide to good practice for digital and data-driven health technologies published by the NHS AI Lab.
Information for people working in the NHS or social care
As part of each new procurement process or contract renewal, buyers of digital health technology should ask the developer to complete the DTAC by responding to the question set and providing the evidence required. They should also put in place processes to re-assess those elements that have an expiry date or are subject to change with product iteration.
It is important, as with any procurement, that those with relevant subject matter expertise are involved in the assessment of digital health technologies, for example the clinical safety section should be assessed by a qualified Clinical Safety Officer.
Whilst the DTAC is intended to be a common baseline criteria in terms of safety and security, it is intended to be one part of procurement - it is not intended to be the complete question set for procurements and should be supplemented with additional specifications including any policy and regulatory requirements.
You should also ensure that you consider efficacy and the impact and evidence of such technologies. NHS England is working with NICE to build on the Evidence Standards Framework for digital health technologies. This is a framework that describes the level of evidence needed to demonstrate effectiveness and value for digital technologies that have different functions and risks.
The DTAC will ensure products meet our standards in: clinical safety, data protection, cyber security, interoperability and accessibility. The DTAC brings together legislation and recognised good practice into one place, helping the system to assess products quickly and consistently. Any products built by in-house NHS teams or for this NHS should be built to the DTAC standards.
Products that should be assessed using the DTAC
All new digital technology should be assessed using the DTAC, even if you are piloting or trialling it. If a developer has multiple products, each one would need to be assessed against the DTAC. Examples of products include: staff facing and patient facing digital health tech, health apps, medtech and devices with an associated app, systems, web based portals and more.
We have linked the DTAC criteria to the definition of a Health IT System as defined in DCB0129 and DCB0160, being a product used to provide electronic information for health or social care purposes where the product may include hardware, software or a combination of both.
Our initial focus is on embedding the DTAC in the NHS and social care. We continue to explore opportunities for assessment passportablity.
Background and additional information
Why we have introduced the DTAC
The DTAC was developed in response to developers and those making buying and commissioning decisions looking for clear direction on how to build and buy good digital health technologies. We listened to innovators who are seeking to understand what the NHS is looking for when it buys technologies to enable them to build it into their product development ‘by design’. Those buying technologies told us they wanted a proportionate and tangible criteria that was simple to apply and assess against, encompassing all digital health technologies, to ensure that the products they select are safe and built well.
By setting a national baseline, the intention is now to smooth the path between development and procurement so that the NHS and social care may realise the benefits that digital technologies can bring.
We first introduced the DTAC in beta in October 2020, and incorporated feedback before launching the first official version in February 2021.
The different parts of the DTAC
The assessment criteria is focused on 5 core areas. Sections 1 to 4 form the assessed criteria, with a separate conformity rating provided around usability and accessibility:
1. Clinical safety
Products are assessed to ensure that clinical safety measures are in place and that organisations undertake clinical risk management activities to manage this risk.
2. Data protection
Products are assessed to ensure that data protection and privacy is ‘by design’ and the rights of individuals are protected.
3. Technical assurance
Products are assessed to ensure that products are secure and stable.
Products are assessed to ensure that data is communicated accurately and quickly whilst staying safe and secure.
5. Usability and accessibility
Products are allocated a conformity rating having been benchmarked against good practice and the NHS service standard.
The DTAC includes company information and value proposition sections for context. Each of the scored and assessed sections contain:
- a reference code for each question
- the question for the developer to respond to
- whether evidence is required and is so the evidence
- response options or free text
- supporting information and guidance
- scoring criteria
The NHS Digital Health Technology Standards Audit
In October 2022, the first NHS Digital Health Technology Standards Audit templates were issued to NHS organisations. The audits are designed to assess organisations compliance with assurance of technologies. Further information for NHS organisations can be found on the audit template document.
Evidence standards framework for digital health technologies
We continue to work alongside other key stakeholders including the Accelerated Access Collaborative (AAC) to support innovators, the Medicines and Healthcare products Regulatory Agency (MHRA) and NICE to build on the Evidence Standards Framework for digital health technologies. This is a framework that describes the level of evidence needed to demonstrate effectiveness and value for digital technologies that have different functions and risks.