Skip to content
8foldgovernance master
  • Services
    • AI Governance
    • Medical Devices
      • Regulatory Roadmap
      • ISO 13485 Design & Build your QMS
      • Quality Management as a Service
      • Technical File Creation & Registration
      • UK Responsible Person
      • Post Market Surveillance
    • International Standards
      • ISO 13485 Certification
      • ISO 42001 Certification
      • ISO 9001 Certification
      • ISO 27001 Certification
    • DTAC
      • DTAC Management
    • Information Governance
      • Data Security & Protection (DSPT)
      • DSPT Audit
      • HIPAA Compliance
    • Clinical Safety and Risk Management
      • DCB0129
      • DCB0160
      • Clinical Safety Officers (CSO)
    • CQC Services
      • CQC Compliance Assessment
      • CQC Registration Support
      • CQC-as-a-Service
      • CQC Regulatory Review & Strategy
    • Cyber Security
    • Governance, Risk & Compliance Advisory
    • 8foldTraining
  • About
    • Meet the Team
    • Partnerships
    • Join Us
  • Blog
  • Case Studies
  • Contact
  • Services
    • AI Governance
    • Medical Devices
      • Regulatory Roadmap
      • ISO 13485 Design & Build your QMS
      • Quality Management as a Service
      • Technical File Creation & Registration
      • UK Responsible Person
      • Post Market Surveillance
    • International Standards
      • ISO 13485 Certification
      • ISO 42001 Certification
      • ISO 9001 Certification
      • ISO 27001 Certification
    • DTAC
      • DTAC Management
    • Information Governance
      • Data Security & Protection (DSPT)
      • DSPT Audit
      • HIPAA Compliance
    • Clinical Safety and Risk Management
      • DCB0129
      • DCB0160
      • Clinical Safety Officers (CSO)
    • CQC Services
      • CQC Compliance Assessment
      • CQC Registration Support
      • CQC-as-a-Service
      • CQC Regulatory Review & Strategy
    • Cyber Security
    • Governance, Risk & Compliance Advisory
    • 8foldTraining
  • About
    • Meet the Team
    • Partnerships
    • Join Us
  • Blog
  • Case Studies
  • Contact
  • +44 (0)1273 569172
Book a Call

← From our blog

Expert Insights: Clinical Safety in Demand by Regulators & Providers 

  • Published: June 5, 2024
  • Category: Expert Insights

Share this post

Avatar photo
Nick Pavard

Share this post

Adopting DCB0160 and DCB0129 is something both the NHS and suppliers are acutely aware of. With technology increasingly being used to support direct or indirect patient care, the need for organisations to adopt clinical safety standards is significant. This blog has been written by Nick Pavard,  Clinical Safety Officer and CQC Lead at 8foldGovernance, and is reflective of his recent experiences working with CQC regulated organisations to adopt DCB0160. It also considers how the NHS must upskill and create a strategy to ensure a robust approach to clinical safety at scale, enabling NHS organisations to implement Clinical Risk Management Systems (CRMS).   

Who needs to comply with DCB0160?

Section 250 of the Health and Social Care Act 2012 states:  
  • any public body which exercises functions in connection with the provision of health services or of adult social care in England
  • any person (other than a public body) who provides health services, or adult social care in England, pursuant to arrangements made with a public body exercising functions in connection with the provision of such services or care
  In short, DCB0160 applies to anyone who is or is acting on behalf of publicly funded organisations who are providing health or adult social care services.  The IT product needs to be publicly funded, support health and social care and influence, support or manage the real time care of patients. If all the aforementioned are true then the product will most likely need a DCB0160 in place to govern its implementation. With this definition in mind, DCB0160 brings into scope a large group of health and adult social care providers and support services which deliver direct care to patients as part of NHS contracts. By utilising technology to support delivery such as a patient management platform or digital health applications, then organisations must comply with the DCB0160 guidance.   

The challenge 

Each month the 8fold CSO team has an internal continuous professional development session to allow self reflection, share lessons learned over the last month and share learning from any external CPD events.  Through a conversation on a recent CSO Coffee and Chat event, run by Kaye Reynolds, a Clinical Safety Officer in the East of England, the topic of scalable approaches to clinical safety were explored.  With an exponential growth in the use of technology, the NHS is grappling with the challenge of developing appropriate assurance documentation due to a lack of trained and suitably experienced clinical safety officers. This means CSOs are having to determine which systems pose the greatest level of risk and target those for assessments – whilst leaving systems with less perceived risk unassessed. In addition, despite a forward investment in technology, the collective knowledge of CSO’s nationally is not being pooled to drive process improvement or continuous professional development.  

Clinical Safety Officers; a numbers game. 

This year, the NHS will train approximately 120 Clinical Support Officers if all their courses are full – which it looks as though they will be. If we assume this is the same training that has been delivered over the last 5 years there should be well over 600 trained Clinical Safety Officers in the NHS. Based on a short search on LinkedIn also, it would be fair to assume there are around 2,000 CSO’s practising in the UK working across the private and public sector. With 215 NHS Trusts in England that should easily be enough to go round. Right? Wrong.  We have to factor who else may have to do Clinical Safety Officer training especially given the sign-off required from Senior Management.   There are 215 NHS Trusts and approximately 6,000 GPs practices, along with opticians, dentists, mental health services, weight loss support services, all of which offer NHS funded services. And then there is the adult social care sector. Whilst there may be consistency in the systems utilised across those organisations, there remains a lack of suitably trained staff that can adequately and effectively manage a Clinical Risk Management system in line with DCB0160. That being said, the NHS have recognised this backlog and have recently introduced “Train the Trainer” courses to increase the rate at which CSOs are trained.  To some extent this data explains the scale of the challenge faced by NHS services and why there may be some delay in Clinical Safety teams asking for supplier documentation. Capacity is at its limit.   

Our Experiences 

8foldGovernance has supported hundreds of healthcare technology vendors to meet and maintain compliance with DCB0129. In recent months, we’ve seen a rise in the number of clients requiring DCB0160 to safely implement and deliver digitally enabled services. What’s more interesting is that these requests are coming from GP practices, opticians, patient transport services and laboratories to mention a few, who do not have the resources or expertise to undertake the assessments signalling a clear gap in the provision and support to providers to implement innovative technology.  

The Force for Change in Clinical Safety 

Alongside a renewed mandate from NHSE and greater awareness of digital health assessment schemes such as the DTAC, it’s clear that providers are being challenged to showcase a robust approach to clinical safety not only by commissioners but also the regulators.  One client recently approached 8fold on the back of an unscheduled CQC inspection where it was expected that a DCB0160 be in place for triage system in use at the front door of the practice group In my experience, CQC inspection reports can drive sector wide change when they have highlighted areas of regulatory breach. So are the CQC increasingly requesting DCB0160 assessments as part of their inspection methodology? This would make sense. In 2020 two CQC sandboxing reports were released discussing digital technological developments. One for machine learning and the other for digital triage. Both reports produced a “what good looks like” guide and both highlighted NHS Digital’s Clinical Safety Standards as evidence.  Now the CQC’s new inspection methodology specifically references: Data Security Protection Toolkit (DSPT) as supporting “governance, management and sustainability” under the ‘Well-Led” key question;  Medical Device Regulations and Digital Systems/Technology Assurance (DCB0129/DCB0160) as supporting “Safe Environments” under the “Safe” key questions.   

The NHS and Clinical Safety 

With stretched NHS resources a driving force for the implementation of health technology, the same stretch in resources may require a collaborative approach to implementing Clinical Risk Management Systems and DCB0160’s for commonly used health IT products.  Integrated Care Boards (ICBs), Primary Care Networks (s), member organisations such as A.A.C.E all offer opportunities to collaborate on assessments. Collaborative working to assess health tech also offers the opportunity to share learning and pool resourcing. For independent providers, this could be the difference between complying with the standard or not, potentially exposing them to regulatory scrutiny and patients to increased risk.  This needs to be done with caution however – scalable approaches have challenges – the overarching purpose of the DCB0160 is to ensure safe deployment. When centralised, there must be robust processes in place to ensure that risks and mitigation requirements are recognised, implemented and reviewed for effectiveness where they need to be.   

How 8fold can help

If you’re an organisation concerned about establishing a Clinical Risk Management System to comply with DCB0160 or a digital technology developer needing support to comply with DCB0129 – get in touch with our expert team. 

Other Articles​

Loading...
ROPA

FAQ: What is a Records of Processing Activity (RoPA)?

Read More →

November 24, 2025
Digital Mental Health

Expert Insights: Crisis Signposting in Digital Mental Health

Read More →

July 15, 2025

Navigating the UK’s Health Tech Landscape: Building Foundations for Global Success

Read More →

July 2, 2025
8foldgovernance master

+44 (0) 1273 569172

info@8foldgovernance.com

SERVICES

  • AI Governance
  • Medical Device Registration
  • ISO Compliance
  • Full DTAC Support
  • Information Governance
  • Clinical Safety
  • Data Security & Protection
  • CQC Services
  • Cyber Security
  • 8foldTraining

LINKS

  • Contact
  • About
  • Meet The Team
  • Blog
  • Join Us
  • Case Studies
  • Charity Work
  • Partnerships
  • FAQs
DSPT Data Security And protection Toolkit 8Fold
Information Governance Badge 8 Fold
NPSORE
ABHI Member

 © 2026 8fold | Privacy Policy | Cookie Policy | Terms & Conditions

X We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies. However you may visit Cookie Settings to provide a controlled consent.
Read More ACCEPT Cookie settings
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
Save & Accept