Search for:

In brief

NHSX, the technology and digital unit of the UK’s National Health Service (NHS), recently published its draft Digital Health Technology Standard.

The Standard aims to accelerate how digital health technologies (DHTs) are reviewed, commissioned and scaled for use across the wider health and care system, and provides guidance to support digital health technology developers. The Standard is in draft form at the moment, and NHSX are seeking feedback via a short survey until 22 April (although it’s possible the survey will remain open for longer in light of COVID-19).


The Standard builds on existing guidance already gaining traction in the UK, and there’s some overlap with the UK’s Code of Conduct for Data-Driven Health and Care Technologies. However, it’s still a useful resource for developers trying to navigate the NHS as a potential customer. It signposts the array of guidance and legislation applying to healthcare technology in the UK.

NHSX’s Standard contains 10 core components, which we’ve summarised into three main categories:

    1. Standards covering Data Driven Technology (DDT)

      • DDTs should take into account issues such as transparency, fairness and bias on the data which is being used.
      • DDT should comply with the Code of Conduct for Data-Driven Health and Care Technologies.
      • If research is conducted with medical data, approval needs to be sought from the UK’s Health Research Authority.
    1. Standards covering the Development and Design of DHTs

    1. Designed to achieve a clear outcome/benefit for users or the system
      • Developers must set out a hypothesis for how the DHT will contribute to the provision of better care and/or improved health outcomes.
      • Developers must set out clear and defined user needs (i.e. clinical, practical or emotional).
    1. Accessible and clinically safe
      • DHTs should be easy to understand, and meet relevant requirements like the ergonomics of human-system interaction ISO 9241-210:2019.
      • Authorship of source data should be medically valid and up to date, and there should be a plan to ensure that it remains up to date.
      • There should be risk mitigation measures where the app could pose a risk to people’s health if used incorrectly.
      • DHTs should make the best possible use of open standards and comply with all relevant technical standards.
    1. Generate evidence that the product is fit for purpose, and achieves clinical, social, economic or behavioural benefits
      • NICE has developed an Evidence Standards Framework which DHTs must comply with, based on evidence for effectiveness standards, evidence for economic impact standards and supporting resources including case studies.
      • Post market surveillance must be undertaken and feedback should be risk assessed and acted upon.
    1. Standards covering Data Protection, Security and the Regulatory Framework

    1. Personal data
      • Developers must ensure that their DHTs comply with the UK’s Data Protection Act, which treats health data as special category data.
      • DHTs must use data in a way that is proportionate, and must guarantee that data linkage does not provide access to patient data to those without legal right.
      • With respect to confidential patient data, the user must be able to give ‘informed consent’ to the use of their personal identifiable data.
      • The DHT terms and conditions must set out clearly and simply exactly what will happen to user data, who it will be shared, and in what form it will be stored.
      • The DHT must comply with NHS’s Information Governance requirements.
    1. Security
      1. Regulatory compliance

Jaspreet advises market-leading tech and healthcare companies on issues at the cutting-edge of digital health. She focuses on the development and regulation of healthcare technology. This includes assessing how digital health solutions can comply with the legal framework for data privacy, medical research and medical devices / pharmaceuticals.