Skip to content
  • Services
    • AI Governance
    • Medical Devices
      • Regulatory Roadmap
      • ISO 13485 Design & Build your QMS
      • Quality Management as a Service
      • Technical File Creation & Registration
      • UK Responsible Person
      • Post Market Surveillance
    • International Standards
      • ISO 13485 Certification
      • ISO 42001 Certification
      • ISO 9001 Certification
      • ISO 27001 Certification
    • DTAC
      • DTAC Management
    • Information Governance
      • Data Security & Protection (DSPT)
      • DSPT Audit
      • HIPAA Compliance
    • Clinical Safety and Risk Management
      • DCB0129
      • DCB0160
      • Clinical Safety Officers (CSO)
    • CQC Services
      • CQC Compliance Assessment
      • CQC Registration Support
      • CQC-as-a-Service
      • CQC Regulatory Review & Strategy
    • Cyber Security
    • Governance, Risk & Compliance Advisory
    • 8foldTraining
  • About
    • Meet the Team
    • Partnerships
    • Join Us
  • Blog
  • Case Studies
  • Contact
  • Services
    • AI Governance
    • Medical Devices
      • Regulatory Roadmap
      • ISO 13485 Design & Build your QMS
      • Quality Management as a Service
      • Technical File Creation & Registration
      • UK Responsible Person
      • Post Market Surveillance
    • International Standards
      • ISO 13485 Certification
      • ISO 42001 Certification
      • ISO 9001 Certification
      • ISO 27001 Certification
    • DTAC
      • DTAC Management
    • Information Governance
      • Data Security & Protection (DSPT)
      • DSPT Audit
      • HIPAA Compliance
    • Clinical Safety and Risk Management
      • DCB0129
      • DCB0160
      • Clinical Safety Officers (CSO)
    • CQC Services
      • CQC Compliance Assessment
      • CQC Registration Support
      • CQC-as-a-Service
      • CQC Regulatory Review & Strategy
    • Cyber Security
    • Governance, Risk & Compliance Advisory
    • 8foldTraining
  • About
    • Meet the Team
    • Partnerships
    • Join Us
  • Blog
  • Case Studies
  • Contact
  • +44 (0)1273 569172
  • +44 (0)1273 569172
Book a Call

It often takes international health tech companies over 12 months to break into the UK healthcare market, particularly when aiming to collaborate with the NHS.

explores how Idoven navigated this challenge with the guidance of 8foldGovernance to successfully adapt its technology to the rigorous standards of the NHS.

← Case Studies  

Supporting Global Innovation

How 8foldGovernance helped Idoven enter the UK Market

It often takes international health tech companies over 12 months to break into the UK healthcare market, particularly when aiming to collaborate with the NHS. This extended period is due to a number of factors including meeting stringent regulatory and compliance requirements.

As Idoven sought to expand into the UK market and integrate with the NHS, they faced the challenge of meeting the UK’s statutory governance requirements as well as NHS-specific compliance requirements under the Digital Technology Assessment Criteria (DTAC). This case study explores how Idoven navigated this challenge with the guidance of 8foldGovernance to successfully adapt its technology to the rigorous standards of the NHS.

Idoven Case Study: iDoven Idoven
Idoven Case Study: iDoven Idoven

About Idoven

Idoven is a pioneering health technology company based in Spain that has developed an innovative AI-powered Cardiology-as-a-Service (CaaS) platform. Their solution aims to revolutionise cardiovascular care by enhancing the ability of clinicians to identify, triage, and diagnose patients at scale.

Idoven’s platform leverages artificial intelligence to analyse electrocardiograms (ECGs) or intracardiac electrograms (EGMs) with speed and accuracy comparable to or exceeding that of cardiologists.

However, while Idoven’s platform was already a success across Europe, entering the UK market posed new challenges, particularly in aligning with the NHS’s strict compliance and safety standards.

The Problem Navigating NHS Compliance With DTAC

Entering the NHS and the UK market as an international health tech company can be overwhelming and confusing. It involves understanding a vast healthcare system as well as unique compliance requirements, specific to the UK and the NHS.

The NHS DTAC provides a framework for assessing digital health technologies for the NHS, focusing on five key areas:

Clinical safety

Clinical Safety – Ensuring the product is safe for patients.

Idoven Case Study: iDoven Idoven
Data Protection – Protecting patients’ sensitive health data.
Idoven Case Study: iDoven Idoven
Technical Security – Safeguarding systems from cyber threats.
Idoven Case Study: iDoven Idoven
Interoperability – Ensuring the technology works seamlessly with NHS systems.
Idoven Case Study: iDoven Idoven
Usability and Accessibility – Making sure the platform is user-friendly for all.

Idoven saw some parallels with International Standards they had already implemented but was looking for expert support to align their documentation with the expectations of the NHS after being asked to comply with DTAC by a prospective client.

During their search, they found 8foldGovernance “whose approach and expertise seemed perfectly suited to help us achieve this important goal.”- Matthieu Decraene, Regulatory Affairs Manager at Idoven.

The Strategy

At 8foldGovernance, we specialise in breaking down complex compliance tasks into manageable steps. Our goal was to ensure Idoven’s smooth and timely entry into the UK market by guiding them through the DTAC process and aligning their platform with NHS standards.

iso 9001

Clinical Safety

Idoven’s top priority was ensuring their platform was safe for patients. The Clinical Safety section of DTAC required Idoven to meet the UK’s DCB0129 standard, which focuses on minimising risks to patients.

Our Clinical Safety Officer, Haniyah Khanum, led this project leveraging her expertise in Clinical Safety and Regulatory Compliance for AI and Machine Learning products. Haniyah began by reviewing Idoven’s existing risk management practices and their alignment with DCB0129 requirements. Recognising the necessity of a robust foundation, she organised a series of DCB0129 training sessions and hazard workshops to bridge knowledge gaps and enhance team capabilities.

The Hazard Workshops were particularly instrumental in fostering critical thinking about the technology’s impact on patient safety and clinical risk. These workshops highlighted the differences between UK-specific requirements and other international standards, such as ISO 14971, facilitating a deeper understanding among the team. It also helped the team to understand a full translation of the system from Spanish to English to facilitate reduced risk in the UK.

Throughout this process, Haniyah emphasised the importance of creating dynamic, living documents that evolve with the product, ensuring long-term compliance and safety. Our approach underscored the necessity of continuous improvement and adaptation in regulatory processes.

Thanks to Haniyah’s expert guidance and the collaborative efforts of both teams, Idoven not only achieved compliance with DCB0129 but also enhanced their focus on Clinical Safety as a core value.

Learn more about our Clinical Safety services

Data Protection

Handling sensitive health data in the UK requires compliance with the UK General Data Protection Regulation (GDPR) and other local privacy laws. While Idoven already adhered to European standards, the UK’s post-Brexit regulations meant they needed to make adjustments, particularly in how they managed data transfers. To comply with these requirements, Idoven appointed us as their UK representative for UK GDPR and we assisted them in registering with the Information Commissioner’s Office (ICO) which is a requirement of both the DTAC and Data Security and Protection Toolkit (DSPT). 

Our Information Governance Specialist, Georgina Daugherty supported Idoven through these intricacies. She facilitated regular meetings with relevant stakeholders at Idoven to complete two crucial pieces of documentation: the DSPT and a Data Protection Impact Assessment (DPIA).

While DPIAs under the NHS framework share common principles with those under the EU GDPR there are notable differences. The UK and the EU frameworks diverge in terms of legal requirements, regulatory guidance, sector-specific needs, and the evolving landscape post-Brexit. Specifically, the NHS must consider UK-specific legal obligations and the sensitive nature of health data, whereas EU DPIAs operate under a unified legal framework across various sectors and countries.

To address these differences, we developed a UK-specific DPIA template tailored to meet the requirements of the NHS. This collaboration also extended to working closely with Idoven’s Data Protection Officer (DPO) based in Spain. This partnership resulted in several positive outcomes, including updating Idoven’s privacy notice to ensure compliance with both UK and EU data protection standards.

Through these efforts, we successfully supported Idoven in presenting a clear response to the Data Protection requirements whilst preventing compliance silos exclusively for the UK market.

Learn more about our Data Protection services

Interoperability

One of the biggest challenges for international companies entering the UK market is ensuring their technology works smoothly with existing NHS systems. For Idoven, this required some customisations to meet the NHS’s interoperability standards.

We guided Idoven through this process by analysing NHS requirements and helping them adjust their platform’s capabilities. Their AI-powered CaaS system, designed to work with various devices and data formats, needed only minimal changes to integrate with NHS systems via an API. This allowed Idoven to maintain its platform’s core functionality while ensuring compliance with UK standards.

Learn more about our Interoperability services

Usability and Accessibility

The NHS places a strong emphasis on usability and accessibility, ensuring that technology is easy to use for all healthcare workers, including those with disabilities. Compliance with standards such as the Web Content Accessibility Guidelines (WCAG) is essential, requiring businesses to conduct comprehensive usability testing and make significant adjustments to their products to align with the needs of their user base.

Through our collaboration, Idoven successfully aligned its technology with the UK’s rigorous usability and accessibility standards which enabled them to evidence compliance with the DTAC criteria achieving a score of 57.5%.

Learn more about our Usability and Accessibility services

Technical Security

To meet DTAC’s technical security requirements, Idoven needed to ensure their system was secure from potential cyber threats. We facilitated a CREST-accredited penetration test, which simulated real-world attacks to identify vulnerabilities. With this test, Idoven strengthened their security measures and successfully passed this critical component of DTAC compliance.

Learn more about our Technical Security services
“Our expansion into the UK is a crucial step for Idoven as we aim to bring our cutting-edge cardiac care solutions to a broader market. Securing the DTAC certification was an essential milestone in this process, and with the support of 8fold, we ensured our CaaS product meets the necessary regulatory standards in the UK”.

Manuel Marina

Cardiologist, co-founder & CEO of Idoven

Summary

Navigating the unique requirements of the DTAC posed governance and compliance challenges, as each component of the DTAC has distinct standards that can differ from international norms. To meet these UK-specific requirements, Idoven needed to adapt its product and processes, including making adjustments to documentation, technical standards, and compliance practices.

This process highlighted the importance of a strategic and well-informed approach to governance and compliance, ensuring efficient documentation management and avoiding the creation of silos within management systems. Entering a new territory such as the UK should not mean starting from scratch, merely ensuring that your documentation is adapted to align with the additional requirements.

Idoven Case Study: iDoven Idoven

I have been very happy with the exchanges and work I had with 8fold. They have been consistent and reliable in our task to get the DTAC certification for our CaaS product.

Matthieu Decraene,

Regulatory Affairs Manager at Idoven.

Idoven Case Study: iDoven Idoven

The Results

Through our comprehensive support, Idoven has successfully become DTAC compliant, enabling them to enter the UK market and NHS. Our collaboration has allowed them to expand their reach and continue enhancing patient care worldwide. 

Idoven’s platform has extended its high-quality diagnostic cardiovascular care to patients in over 30 countries, spanning all seven continents. This expansion has brought critical healthcare services to underprivileged areas, fulfilling the company’s mission of providing equitable access to healthcare regardless of geographic location.

At the heart of Idoven’s mission is the conviction that access to quality healthcare should not be restricted by geographical barriers.

Idoven Case Study: iDoven Idoven

We truly believe that where you live should not determine your healthcare access. By digitising the diagnostic process through our platform, we can detect and diagnose cardiac problems anywhere, anytime

Manuel Marina Breysse,

Cardiologist, Co-founder, and CEO of Idoven

Idoven Case Study: iDoven Idoven

Aligned with this mission, we at 8foldovernance facilitated Idoven’s entry into the NHS and UK market by ensuring full compliance with DTAC standards. We recognise that compliance is not merely a checkbox exercise but a continuous process of integration and quality assurance. Through our services, Idoven was equipped with the tools and knowledge to meet and surpass NHS compliance standards, seamlessly aligning with existing regulations. This strategic alignment has positioned Idoven as a trusted provider in the UK market, capable of delivering exceptional care while adhering to the highest compliance standards.

What's next for Idoven?

With its successful entry into the UK market, Idoven is poised for further expansion across Europe and the US, continuing to drive innovation in cardiovascular care by leveraging cutting-edge AI technology to enhance clinical outcomes.

At 8foldGovernance, we are dedicated to supporting Idoven on this journey, ensuring that their compliance processes evolve in tandem with their global ambitions and adapt to new regulatory landscapes.

8fold circle logo
logo-website_0003_patientmpower

Need help with DTAC? Get in touch

Leverage the skills and experience of our expert team, just like Smart Respiratory, to support commercial success in the NHS.

Book your call now
Idoven Case Study: iDoven Idoven

Need help with DTAC? Get in touch

Leverage the skills and experience of our expert team, just like Smart Respiratory, to support commercial success in the NHS.

Book your call now
Idoven Case Study: iDoven Idoven
8foldgovernance master

+44 (0) 1273 569172

info@8foldgovernance.com

SERVICES

  • AI Governance
  • Medical Device Registration
  • ISO Compliance
  • Full DTAC Support
  • Information Governance
  • Clinical Safety
  • Data Security & Protection
  • CQC Services
  • Cyber Security
  • 8foldTraining

LINKS

  • Contact
  • About
  • Meet The Team
  • Blog
  • Join Us
  • Case Studies
  • Charity Work
  • Partnerships
  • FAQs
DSPT Data Security And protection Toolkit 8Fold
Information Governance Badge 8 Fold
NPSORE
ABHI Member

 © 2026 8fold | Privacy Policy | Cookie Policy | Terms & Conditions

X We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies. However you may visit Cookie Settings to provide a controlled consent.
Read More ACCEPT Cookie settings
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
Save & Accept