As HealthTech entrepreneurs, you will know the pressure of getting your product to market fast. But when the NHS is your customer, innovation alone is not enough. You need to prove your product is safe for patients, secure, and fit for purpose. That’s where the Digital Technology Assessment Criteria (DTAC) comes in.
Why are we talking about DTAC?
Whilst digital health innovation is booming, it’s not hard to find examples of failures that shake public trust and undermine how the NHS is trying to embrace technology. From privacy breaches to system crashes, the consequences are real. A BBC freedom of information request to NHS trusts revealed 126 instances of serious harm linked to IT system failures (1).
This blog accompanies our upcoming Insights to Impact Masterclass. In it, we explore how DTAC protects patients, de-risks your product, and accelerates your route to NHS adoption.
When Health Tech Fails, Patients Pay the Price
The WannaCry attack of 2017 paralysed more than 80 NHS trusts and cancelled over 19,000 appointments (2). Babylon Health accidentally gave users access to other patients’ video consultations and more recently the first patient death linked to the cyber attack last year on NHS pathology system provider Synnovis has been confirmed (3).
These were not a few extreme cases, they were systemic lapses in cybersecurity, privacy, and design.
Every incident is a reminder that digital products handling patient data need to meet baseline standards before they ever reach clinicians or patients.
Enter DTAC: the NHS’s digital gatekeeper
DTAC was designed to raise the bar. It’s a baseline standard for any digital health solution used in NHS and social care settings. It assesses technologies across five critical areas:
- Clinical Safety – Evidence that your tech doesn’t cause harm
- Data Protection – Compliance with GDPR, ICO, and DSPT
- Technical Security – Cyber Essentials, penetration testing, Multi-factor Authenticator
- Interoperability – Can you plug into other NHS systems (Spine, FHIR)?
- Usability & Accessibility – Is it actually usable… by everyone?
Think of DTAC like a flight-safety checklist. You wouldn’t get on a plane that hadn’t been inspected. Why should clinicians or patients trust an app that hasn’t?
Analogy: what DTAC and flight safety have in common
When we fly, we trust the plane will stay in the air, not because we personally inspected it, but because a rigorous assurance framework exists behind the scenes.
The same principle applies to NHS procurement. Commissioners don’t have time to audit your code or review every technical aspect of your technology, although when it comes to clinical safety they do have to prepare mandatory documentation that they are only able do from the information you provide to them. DTAC is your product’s ‘trustmark’. It shows you’ve done the work to give them that assurance.
“But isn’t it just bureaucracy?”
We hear this a lot. And we get it. For a founder juggling product development, funding, and growth, DTAC can feel like an extra hoop to jump through.
But here’s the reality: DTAC isn’t a barrier, it’s your ‘badge’ of assurance.
It gives NHS buyers confidence. It shortens procurement cycles. And it helps you spot and fix risks before they grow into reputation-damaging headlines.
Where to start
If you’re early in your journey, now is the time to design with DTAC in mind. If your product is already in development, a gap analysis can show you what’s missing and how to fix it.
Typical starting points include:
- Creating a clinical safety case
- Mapping your data flows for the DPIA
- Penetration testing your infrastructure
- Aligning with NHS interoperability standards
You don’t have to do it alone
At The Digital Health Assurance Company, we work with the Health Innovation Network to support innovators through DTAC, whether they’re in MVP mode or ready to scale.
We can help with:
- Independent Clinical Safety Officers
- Evidence pack creation
- Technical reviews and documentation
- Support for DSPT, DPIAs, Cyber Essentials, and more
If you think you have everything covered but you’re not quite sure, for your own reassurance we also offer an audit service to validate what you have already completed.
Final Thoughts: from red tape to readiness
DTAC isn’t about bureaucracy, it’s about building trust. The NHS needs products it can rely on. Patients deserve healthcare technology that is safe and protects their data. And founders like you need frameworks that unlock, not block market access.
So, the question isn’t whether you can afford to do DTAC. If the NHS will not procure your product without it, you cannot afford not to.
Want to know more about DTAC?
Join our Insights to Impact Masterclass for a breakdown of the DTAC framework into easy-to-understand steps to ensure you can navigate regulatory requirements with confidence.
Date: 14 July 2025
Time: 12:00pm – 1:20pm
Speakers:
Lucy Buckley, PhD, Founder, The Digital Health Assurance Company
Nitin Makadia, Director, The Digital Health Assurance Company
Sign up for free here
Can’t make the Masterclass?
Get in touch by emailing lucy@digitalhealthassurance.co.uk or nitin@digitalhealthassurance.co.uk or by visiting www.digitalhealthassurance.co.uk
Or book a DTAC consultation
Lucy Buckley Calendly booking: https://calendly.com/lucy-dte_/discovery-call
Nitin Makadia Calendly booking: https://calendly.com/nitin-discovery_call/30min
About the authors
Founder of The Digital Health Assurance Company
Dr Lucy Buckley has a passion for improving quality of care and patient safety. She is a registered Pharmacist, holds a PhD from the University of Manchester and has over 20 years’ experience across diverse sectors of healthcare. Her unique career spans the healthcare system from academic drug discovery and development to all aspects of the product life cycle in the pharmaceutical industry and latterly as a digital health entrepreneur. She has also held clinical roles in both the NHS and private sector.
She founded The Digital Health Assurance Company in 2023 to improve quality of care in digital health whilst supporting businesses to grow, thrive and scale.
Through her leadership at The Digital Health Assurance Company, Lucy also holds several roles dedicated to advancing patient safety and improving care quality.
Director at The Digital Health Assurance Company
Nitin is a highly experienced pharmacist with 35 years in the profession. He has a thorough grounding in Healthcare Operations, having held senior roles at one of the UK’s largest pharmacy chains, before progressing onto Service Development and Clinical Operations.
The last 15 years has been focussed on digital health, including business process mapping & testing of a national Patient Medication Record software solution, service development and pharmacy integration of England’s first CQC registered Online Doctor Service, integration of digital pathways into new and existing service models, and supporting Digital Health startups. He is a Clinical Safety Officer and is experienced in Digital Technology Assessment Criteria (DTAC) regulations, ensuring digital health solutions meet the highest standards of clinical safety and compliance.
Share your idea
Do you have a great idea that could deliver meaningful change in the real world?
Get involved