Context
Recent weeks have seen renewed attention on digital clinical safety, following a study by Oskrochi et al. and a wave of LinkedIn commentary that followed. Much of the conversation has focused on the identification and reduction of clinical safety non-compliance within digital technologies. But while those conclusions have prompted strong reactions, they risk narrowing the discussion at precisely the moment when a broader, more constructive conversation is needed.
There is much in the study’s conclusions that we agree with. The vision of an NHS transformed by digital technology does hinge on the foundational principle of patient safety, and the study is right to highlight that the interpretation and application of digital clinical safety standards –DCB0129 and DCB0160– are inconsistent across the NHS.
Where the conversation needs reframing is in how the findings are now being interpreted. Rather than centring on the apparent scale of non-compliance, the more meaningful questions are:
And, more importantly:
With forthcoming revisions to safety standards and the introduction of the NHS Innovator Passport, this is an opportunity to ask the right questions: ones that focus on outcomes, capacity, and proportionality rather than on headline numbers alone.
This article offers a pragmatic view grounded in our day-to-day experience working between NHS expectations, national regulations, supplier obligations and the operational realities facing both.
We want to be clear: the study’s concluding observations are valuable.
The clinical safety standards are applied unevenly across the NHS, and such variation undermines the goal of consistent, safe digital transformation. Digital clinical safety must be embedded in organisational culture if the NHS is to benefit fully from increasingly complex technologies.
We are aligned with the call for stronger governance, greater accountability, and a system that prioritises patient safety at every stage of digital adoption.
Some of the commentary that followed the study has leapt from the observation of non-compliance to conclusions about systemic danger, risk of harm and the need to significantly increase the number of Clinical Safety Officers (CSOs). This risks sending the discussion down an unproductive and ultimately impractical route.
Non-compliance is a data point, not a diagnosis
Understanding the scale of non-compliance is the beginning of a question, not the end of one. Without further research to understand the actual consequences, we cannot know whether non-compliance represents a genuine safety risk or whether the current deployment standard is helping safety or simply acting as an administrative burden on stretched providers.
Many long-standing legacy systems, for example, while technically non-compliant with DCB0160, benefit from established usage patterns where risks are largely known and managed operationally, making a retrospective safety case a bureaucratic exercise rather than a safety improvement. Furthermore, given the attention to digital transformation, many non-compliant legacy systems may be decommissioned in the near future.
It is also possible that many systems are compliant with DCB0129 (the manufacturer’s obligation), but deploying organisations do not know this because the documents were never requested or were not retained to be provided.
More CSOs are not automatically the answer
There is currently no published evidence that increasing the number of CSOs directly improves patient outcomes. What we do know is that clinical capacity across the NHS is under extreme pressure. Pulling more clinicians out of patient-facing care to complete assessments – often duplicating work undertaken elsewhere – risks worsening the very situation the standards aim to protect.
The conversation should focus on where safety work delivers the greatest value, not on scaling an already stretched resource.
The core challenges lie not in the presence of unsafe technology but in how the standards are interpreted and applied across the system.
Over-interpretation and blanket application
We regularly see organisations applying DCB standards to all digital health technologies, regardless of risk. This is not mandated and creates unnecessary cost, delay, and administrative burden. The applicability guidance leaves room for interpretation, and this inconsistency is a major driver of variation.
For instance, “real-time or near-real-time direct care” looks very different in an Ambulance Trust compared with services managing long-term conditions. Without clearer definitions, organisations make different assessments about identical systems. We’re hopeful that in the upcoming revision of the standards, this definition will be refined to help suppliers and the NHS make more proportionate decisions on their applicability.
Procurement inconsistency
Central frameworks and individual organisations sometimes impose requirements that extend beyond what the standards prescribe. When every organisation demands a different format, depth or set of documents, manufacturers must repeatedly rework material. These are costs ultimately borne by the NHS.
Duplication of assessments
Manufacturers complete a DCB0129 for their products. Every deploying organisation then completes its own DCB0160. Across the country, CSOs re-document the same local controls (training needs, integration requirements, infrastructure considerations) that have already been identified. This duplication is one of the most significant drains on capacity in the current system.
These issues, not headline numbers, represent the true bottlenecks in the governance of digital health, and put pressure on NHS resources to effectively ensure compliance.
We are not advocating for the removal of the clinical safety standards. We are advocating for their proportionate application, ensuring that safety activity focuses where it is most needed and that the system uses its scarce clinical capacity wisely.
A more effective approach rests on five principles:
1. Focus on risk, not routine
They will be required to submit a heavily CAF-aligned version of the DSPT. This version is structured around the CAF objectives, each with specific compliance thresholds.
2. Protect clinical capacity
Every hour clinicians spend on duplicative assessment is an hour not spent in patient-facing care. Proportionate safety is part of patient safety.
3. Reduce variability with clearer national guidance
The next iteration of DCB0129 and DCB0160 should minimise ambiguity and ensure a clear definition is given concerning what is in and out of scope, with routes to market clearly defined and agreed to minimise duplication or friction in the adoption of technologies requiring compliance.
4. Enable mutual recognition and shared assurance
The Innovator Passport and emerging CSO networks offer opportunities to reduce duplication and support shared approaches, provided they avoid generating additional requirements.
5. Understand where digital clinical safety sits among wider safety risks
Digital risks must be contextualised alongside other causes of patient harm. Proportional investment requires understanding where safety activity will have the greatest impact.
Proportionality is not a dilution of safety; it is a way to ensure safety work strengthens, rather than strains, the system.
Any attempt to address the current situation should focus on:
- Standardising clinical safety expectations across all parties by clarifying the ambiguities in the standards.
- Reducing unnecessary local variation that slows deployment, increases cost and creates further clinical risk by limiting access to innovation.
- Understanding the real indicators of harm associated with digital systems and how regulation can reduce – rather than inadvertently escalate – risk.
- Placing digital clinical safety within the broader landscape of patient safety priorities and investing proportionately with a grounded understanding of the risk of inaction or maintaining the status quo.
The NHS cannot deliver its digital ambitions without strong governance and a culture that prioritises patient safety. But the pathway to safer, scalable digital health will not be achieved through expanding bureaucracy or diverting more clinicians away from patient care. It requires clarity, proportionality and pragmatic decision-making that recognises both risk and resource.
This is the work we do every single day, helping organisations navigate complexity, interpret standards in context and make well-justified, proportionate decisions that keep patients safe while enabling the NHS to adopt the technology it needs.
Safe technology is possible without unnecessary burden. Pragmatism is not the enemy of safety; done well, it is its strongest ally.
If you’d like to dive deeper into what we hope to see from the upcoming Version 2 of DCB0129 and DCB0160, we’ve shared those thoughts in more detail on our blog.
You can read the full piece
If you’d like to dive deeper into what we hope to see from the upcoming Version 2 of DCB0129 and DCB0160, we’ve shared those thoughts in more detail on our blog.
You can read the full piece
We’re the experts that have your back.
Let us help you find a route from from where you are, to where you need to go. We’re here to help.