Skip to content
8Fold governance Logo With Text Horizontal
  • DTAC
  • Services
    • DTAC
    • Cyber Security
    • Data Security & Protection (DSPT)
    • Interoperability, Accessibility & Usability
    • Clinical Safety & DCB0129
    • Information Governance
  • About
    • Meet the team
    • Join us
  • News
    • Blog
    • Case Studies
  • Contact
Menu
  • DTAC
  • Services
    • DTAC
    • Cyber Security
    • Data Security & Protection (DSPT)
    • Interoperability, Accessibility & Usability
    • Clinical Safety & DCB0129
    • Information Governance
  • About
    • Meet the team
    • Join us
  • News
    • Blog
    • Case Studies
  • Contact
  • +44 (0)1273 569172

← Case Studies  

Insource Case Study: Insource - The route to DTAC compliance

Streamlining the route to DTAC compliance

Insource Case Study: Insource - The route to DTAC compliance

An Insource case study

← Case Studies 

Insource Case Study: Insource - The route to DTAC compliance

Streamlining the route to DTAC compliance

An Insource case study

About Insource

Insource brings the power of unified data to healthcare organisations to help drive better patient outcomes, streamline operational efficiency, and extract essential insight by ensuring all foundational data is accessible for informed decision making – despite the legacy infrastructure. With over 20 years’ expertise, more than 60 trusts, health boards, and ICSs currently use their services for informed trust-wide management, elective recovery, and ICS insight and control.

Insource Case Study: Insource - The route to DTAC compliance

The Problem

Over recent months, the NHS has been doubling down on digital health technology companies to ensure they meet the Digital Technology Assessment Criteria (DTAC). This is the national baseline criteria that digital technology companies must comply with to work in, or enter the NHS and social care. 

Whilst Insource was already compliant with the information security standards (ISO27001) and has also been consecutively ‘exceeding standards’ for their Data Security Protection Toolkit (DSPT) for the last few years, Insource needed specialist support to navigate the DTAC. This is because some of its solutions, including Health Data Enterprise (HDE) – a suite of data management solutions that helps solve critical data accuracy, consolidation and automation issues, and Patient Pathway Plus, a data engine which supports fast and targeted elective recovery, did not naturally fit into the requirements of the DTAC. 

The key issues related to ‘Section D: key principles for success’ under the usability and accessibility criteria which presented a practical challenge as very little of the Insource application is exposed via a user interface. With the elements in this section determining the ‘compliance rating’ for the overall product(s), it was extremely important for Insource to get this right to avoid any impact on current and future procurements.

“8fold’s substantial experience in assessing DTAC compliance for the NHS made them the obvious choice for Insource,” said Rob Davenport, Chief Technology Officer from Insource.

“They assessed our technology and answered the DTAC questions in a practical way, whilst also being available to represent the company when talking to our customers, including the information governance team, to ensure our position on DTAC compliance is clear and transparent.” 

 

The Strategy

Our first step was to holistically assess the applications in all aspects of the DTAC, including:

Insource Case Study: Insource - The route to DTAC compliance

Clinical Risk Management (DCB0129)

We carried out a full DCB0129 Clinical Risk Management assessment and shared reports for both Health Data Enterprise and Patient Pathway Plus. DCB0129 is the mandatory clinical risk management standard that all manufacturers of health IT systems must comply with under the Health and Social care Act 2012. Following the assessment, clinical safety reports and hazard logs were shared with Insource which recommended some minor remedial actions to be taken.

Insource Case Study: Insource - The route to DTAC compliance

Technical Security

We conducted penetration testing on the Insource infrastructure as part of section C of the DTAC to assess the technical security criteria. This is used to help the NHS to establish if the products meet industry best practice security standards and if the data being collected and processed in the application is secure. To do this, we completed an Owasp Top 10 penetration test which identifies potential vulnerabilities that could be exploited to attack the system, allow users to bypass controls, escalate privileges, or extract sensitive data.

Insource Case Study: Insource - The route to DTAC compliance

Information Governance

We reviewed the information governance processes to ensure they continue to uphold the highest standards expected for data protection, and we also updated the Data Protection Impact Assessments (DPIA). DPIAs enable suppliers to systematically and comprehensively analyse the processing of personal information to help identify and minimise any data protection risks. They consider compliance risks but also broader risks to the rights and freedoms of individuals.

As a registered clinician, Haniyah Khanum is the Clinical Safety Officer for Insource. Haniyah strives to improve the safety and quality of services for everyone; whether that’s for patients, staff or citizens. She is also a registered midwife who has worked in the NHS for many years and is therefore uniquely placed to assess digital technologies from different standpoints. She said: “It’s a pleasure to support innovations like Patient Pathway Plus and Health Data Enterprise that are making a real difference to people’s everyday lives, by ensuring they are supported to uphold the highest standards in safety and security that we all expect from our health and care services. I’m pleased that 8fold has been able to play a key role in making that happen.” 

The Results

The purpose of DTAC is to support the NHS to assess products quickly and consistently. DTAC is a live process incorporating many moving parts, making it challenging for digital technology companies to easily share their compliance status with NHS clients, causing delays in the implementation of new technologies. This communication is most often done through file sharing and email exchange which makes it hard to effectively manage documents, track changes and monitor compliance. However, since launching the UK’s first DTAC Portal, 8fold has revolutionised the way suppliers share their compliance status with the NHS.

The DTAC Portal allows those responsible for monitoring DTAC compliance to securely access real-time information in one place. Through 8fold, Insource has shared two live DTAC Portals; for Health Data Enterprise and Patient Pathway Plus. These portals are populated with all the information that governance and procurement teams in the NHS hospitals need. Live access to the portal has allowed NHS clients to systematically assess the DTAC documentation in a quick and convenient manner, helping to streamline any procurement, implementation and renewal processes.

Since completion, we have been instructed by Insource to act as their Data Protection Officer (DPO), Information Governance Officer (IGO) and Clinical Safety Officer (CSO). Transferring responsibility for these elements means that Insource benefits from specialist support which ensures that all requirements under DTAC including, clinical safety and technical security of the applications, remains up to date. This includes compliance with the DSPT, along with annual penetration testing. 

Rob added: “Working with 8fold gives us enormous peace of mind that Insource is meeting the strictest of data conformance standards. Our customers can be confident that Insource is one of the first UK companies to meet this highest criteria for clinical risk, data security and information governance.”

Insource Case Study: Insource - The route to DTAC compliance
Insource Case Study: Insource - The route to DTAC compliance

Book your free, no-obligation discovery call with our experts.

Let’s see how we can help you navigate DTAC or any other aspect of information governance, data protection or clinical safety.

Book your call now
Insource Case Study: Insource - The route to DTAC compliance

Book your free, no-obligation discovery call with our experts.

Let’s see how we can help you navigate DTAC or any other aspect of information governance, data protection or clinical safety.

Book your call now
Insource Case Study: Insource - The route to DTAC compliance
8fold Zen Logo

+44 (0) 1273 569172

info@8foldgovernance.com

DTAC SERVICES

  • Full DTAC Support
  • Information Governance
  • Clinical Safety
  • Data Security & Protection
  • Interoperability, Accessibility & Usability
  • Cyber Security

LINKS

  • About
  • News
  • Join Us
  • Case Studies
  • Contact
  • Charity Work
DSPT Data Security And protection Toolkit 8Fold
Information Governance Badge 8 Fold
8 fold governance net promoter score
The Green Web Foundation Score 8fold governance
Cyber Essentials Trademark
B1G1 Logo

 Privacy Policy | Cookie Policy | Terms & Conditions

© 2023 8Fold
8Fold governance Teal Zen logo

+44 (0) 1273 569172

info@8foldgovernance.com

DTAC SERVICES

  • Full DTAC Support
  • Information Governance
  • Interoperability, Accessibility & Usability
  • Clinical Safety Data
  • Security & Protection
  • Cyber Security

LINKS

  • About
  • News
  • Case Studies
  • Contact
Cyber Essentials Trademark
Green Wen Foundation 8Fold
8Fold Net Promoter Score

Customer

Satisfaction

Rating

B1G1 Logo

 Privacy Policy | Cookie Policy | Terms & Conditions

© 2023 8Fold
X We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies. However you may visit Cookie Settings to provide a controlled consent.
Read More ACCEPT Cookie settings
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
Save & Accept