Skip to content
8foldgovernance master
  • Services
    • AI Governance
    • Medical Devices
      • Regulatory Roadmap
      • ISO 13485 Design & Build your QMS
      • Quality Management as a Service
      • Technical File Creation & Registration
      • UK Responsible Person
      • Post Market Surveillance
    • International Standards
      • ISO 13485 Certification
      • ISO 42001 Certification
      • ISO 9001 Certification
      • ISO 27001 Certification
    • DTAC
      • DTAC Management
    • Information Governance
      • Data Security & Protection (DSPT)
      • DSPT Audit
      • HIPAA Compliance
    • Clinical Safety and Risk Management
      • DCB0129
      • DCB0160
      • Clinical Safety Officers (CSO)
    • CQC Services
      • CQC Compliance Assessment
      • CQC Registration Support
      • CQC-as-a-Service
      • CQC Regulatory Review & Strategy
    • Cyber Security
    • Governance, Risk & Compliance Advisory
    • 8foldTraining
  • About
    • Meet the Team
    • Partnerships
    • Join Us
  • Blog
  • Case Studies
  • Contact
  • Services
    • AI Governance
    • Medical Devices
      • Regulatory Roadmap
      • ISO 13485 Design & Build your QMS
      • Quality Management as a Service
      • Technical File Creation & Registration
      • UK Responsible Person
      • Post Market Surveillance
    • International Standards
      • ISO 13485 Certification
      • ISO 42001 Certification
      • ISO 9001 Certification
      • ISO 27001 Certification
    • DTAC
      • DTAC Management
    • Information Governance
      • Data Security & Protection (DSPT)
      • DSPT Audit
      • HIPAA Compliance
    • Clinical Safety and Risk Management
      • DCB0129
      • DCB0160
      • Clinical Safety Officers (CSO)
    • CQC Services
      • CQC Compliance Assessment
      • CQC Registration Support
      • CQC-as-a-Service
      • CQC Regulatory Review & Strategy
    • Cyber Security
    • Governance, Risk & Compliance Advisory
    • 8foldTraining
  • About
    • Meet the Team
    • Partnerships
    • Join Us
  • Blog
  • Case Studies
  • Contact
  • +44 (0)1273 569172
Book a Call

← From our blog

What is DCB0160? Clinical Safety Standards for Health & Care Providers

  • Published: September 23, 2024
  • Category: Clinical Safety

Share this post

Avatar photo
Nick Pavard

Share this post

All health and care technologies introduce a level of risk, and like any other system, process, or tool, this risk must be continually assessed and reduced to as low as reasonably acceptable. However, unlike most other systems or tools, health technology misuse or poor maintenance is not always obvious, requiring a more active continuous assessment process. The NHS has set out how to manage clinical risk effectively in the clinical risk management standard, DCB0160.  This blog, written by our CQC Lead and Clinical Safety Officer, Nick Pavard, will outline:  
  • What is DCB0160
  • Why all healthcare providers must undertake clinical safety assessments  
  • The benefits of committing to the DCB0160 process
 

What is DCB0160? 

DCB0160 is a clinical safety standard established by NHS England and is legally mandated through Section 250 of the Health and Social Care Act 2012. It forms one half of a pair of standards to manage clinical risk in the manufacture and implementation of healthcare technology or health IT systems.  DCB0160 sets out the requirements for effective clinical risk management in health organisations responsible for deploying, using, maintaining, and decommissioning Health IT Systems. The overarching aim of clinical safety standards is to ensure patient safety by managing risks associated with digital health systems. The DCB0160 application guidance makes it clear that it applies to all health and social care organisations that deploy and use Health IT Systems in the UK.  This standard reflects NHS England’s recognition that while digital systems can improve healthcare, they also have the potential to cause harm if not properly managed throughout their lifecycle. The DCB0160 provides a standardised structured methodology for assessing and mitigating risks from digital systems in healthcare settings. It requires a multidisciplinary team to undertake the following activities for each health IT system:  
  • Undertake risk management activities stipulated in a Risk Management Plan 
  • Document the hazards and patient harm that can be caused in a Hazard Log
  • Summarise the safety of the system for Top Management to approve in a Clinical Safety Case Report
  • Monitor clinical incidents or near misses and record them in an incident.
  • Ensure the Hazard Log and Clinical Safety Case Report are up to date. 
  A registered healthcare professional, the Clinical Safety Officer (CSO), who has undertaken appropriate clinical safety training is responsible for managing these activities alongside the manufacturer. They often Chair or are involved in a wider clinical safety team that is made up of multidisciplinary stakeholders involved in the deployment and management of the technology.   Notably, the DCB0160 is not a one-off assessment but a living group of documents constantly updated and refreshed as health technology evolves and only finishes when the system has been decommissioned. While healthcare organisations may not continually alter systems, technology providers constantly release bug fixes and improve and increase functionality. Deploying organisations must recognise these version updates and proactively assess any impacts to patient safety. NHS England clarifies which systems should be assessed through the applicability guide accompanying both standards.   

Why is DCB0160 important?

Risk assessments in any form provide four key things:  
  • A process to assess and reduce risk.
  • A reference point for what has and hasn’t been risk-assessed.
  • The ability for internal organisational scrutiny of the level of risk involved. This should be monitored and approved by top management. 
  • An audit trail that activities are as safe as practicable.
  DCB0160s are mandated to prove that health IT systems have been continually and adequately assessed, which is increasingly important. The number of systems, how they interact, and the functionality they deliver are increasing. By not undertaking a clinical risk management assessment during the procurement or implementation of a new healthcare technology, this will likely lead to problems introducing a higher level of maintenance or avoidable harm to patients. In addition to providing Top Management assurance that technologies procured or in use are safe, the DCB0160 also provides an audit trail that the CQC may request. This will become more common as the number of health technology systems on the market increases.   

DCB0160 and the Care Quality Commission (CQC)

Although not explicitly mentioned in the new Single Assessment Framework,  DCB0160 is highlighted within the best practice references of literature that the CQC has published, co-produced or referenced, including:  
  • NHS England’s What Good Looks Like Success measure 3
  • CQC’s Sandboxing on Digital Triage Solutions
  • CQC’s Machine Learning in Diagnostic and Screening Services
  • The CQC’s involvement in creating the AI and Digital Regulations Service. 
  The DCB0160 assessment provides a tried-and-tested method of assessing the safety of health IT systems in their deployment and use. This is crucial for top management assurance that digital technology has evidence of regulatory compliance, especially with the increase in AI or Machine Learning tools which are self-declared Class 1 Software-as-a-Medical Devices (SaMD) under the UK Medical Device Directive.  You can learn more about the overlap between Clinical Safety standards and CQC registration in one of our other blogs available here.   

Benefits of using DCB0160

A well-carried-out DCB0160 should minimise the teething problems of health technology introduction and ensure that the use of the technology is continually assessed and improved—from all stakeholder points of view. This, in turn, will increase the chance of continued user buy-in.  DCB0160 naturally dovetails with the manufacturer’s DCB0129 to provide a comprehensive assessment of hazards. When clinical risk management activities form part of the business as usual activities of the manufacturer and deploying organisation, it enables both the continued improvement of health technologies and the ability to mitigate clinical risk.  The structured approach of the DCB0160 delivers a consistent and recognised approach to clinical risk management. This is achieved by ensuring a multidisciplinary team assesses the health IT system. This team should include but not be limited to:   
  • Top Management 
  • A Clinical Safety Officer or multiple Clinical Safety Officers, depending on the risk profile and complexity of the healthcare technology 
  • Representation from relevant stakeholders, including IT, Training and Information Governance
  Establishing a multidisciplinary risk management team allows for the thorough examination of the causes of potential hazards, the holistic assessment of clinical incidents and the realistic design of controls.   

How to implement DCB0160 for Healthcare Providers

For health organisations needing to undertake the DCB0160 assessments of health technologies, the following are key steps to establishing the process:  
  • Establish which technologies need assessing. NHS England has published applicability guidance, which should be used to analyse all technologies a healthcare organisation uses.
 
  • Prioritise technologies needing assessment. The NHS applicability guidance suggests that many technologies will need assessing, which can appear overwhelming when starting from scratch. Systems that must have an assessment should be prioritised, and it would be advisable to prioritise the systems with the greatest impact if they fail and the potential patient safety impacts if left unchecked. This can be done through a hazard identification workshop involving all members of a multidisciplinary clinical safety team.
 
  • Establish a Clinical Risk Management System. This overarching process should apply to all health IT systems within the organisation and align with its broader risk management activities. It should also confirm the organisation’s commitment to the DCB0160 process in the NHS’s implementation guidance.
 
  • Establish who is the system owner for each technology. This should not be the CSO’s responsibility, as the CSO is likely to be involved in a myriad of technologies.
 
  • Appoint a Clinical Safety Officer. This must be a registered healthcare professional with appropriate clinical safety training and experience in risk management in a healthcare setting.
 
  • Establish a Risk Management plan. This should demonstrate how the risk management system will be applied to each technology. Each technology needs its own plan.
 
  • Establish a Risk Management team. The team must include a representative from Top Management and a . For the team to achieve its intended purpose of holistically assessing and controlling the system’s risk, it is important that it includes risk owners from other areas of the organisation, such as information governance, IT infrastructure and systems, quality assurance, and end-user representation.
 
  • Request manufacturer’s DCB0129 assessments. The DCB0129 will detail what hazards have been assessed and how they are controlled by the manufacturer. Most importantly, this should include what hazards the deploying organisation is responsible for mitigating against in their own risk assessment.
 
  • Commence the risk management plan. This should include conducting hazard identification workshops to document hazards on a hazard log, monitoring incidents, and recording incidents on an incident log. The CSO should maintain these as part of their role in the clinical safety team.
 
  • Compile a Clinical Safety Case Report. The CSO must compile a Clinical Safety Case Report. The report should comprehensively summarise how the system will be deployed, including reliant integrations, and the controls put in place for any hazards that may occur. It should act as the primary reference document with the hazard log available for further evidence and justification of controls.
  Once all these steps have been completed, the initial DCB0160 is complete. It is important to remember that the DCB0160 is a continual assessment, though. Any clinical incidents relating to the use of the technology and any system changes need to be assessed throughout the deployment, use and decommissioning of each health technology.  

Summary 

Like any other tool or system, health technologies have an inherited risk level that the manufacturer must capture within a comprehensive DCB0129. It is essential to analyse clinical risk to mitigate its impact on patients and implement controls. The DCB0160 information standard published by NHS England is the legally mandated process that health organisations must undertake. It acknowledges the hazards transferred to the deploying organisation and details how these have been controlled. It also identifies local hazards from the deployment and use of the technology which the manufacturer may not have considered and documents the controls.  An effective DB0160 assessment improves the deployment and use of the technology and provides a robust audit trail justifying its use in a clinical setting. The Clinical Safety Officer is key to the integrity of the DCB0160 process and helping clinical informatics to implement digital transformation initiatives safely. 

Find out more – book your free, no-obligation discovery call with us.

Let’s see how we can help you navigate DCB0160 or any other aspect of clinical safety or clinical risk management.

Book a Call with our Expert Team

Other Articles​

Loading...
DCB0129 compliance, DCB0160 compliance, digital clinical safety standards, NHS digital clinical safety, clinical safety case report, Clinical Safety Officer CSO, DCB0129 and DCB0160 guidance, DCB0129 DCB0160 interpretation,

Cutting Through the Noise on DCB0129/0160 Compliance

Read More →

January 21, 2026
Clinical Safety Fundamentals: The Safety Incident Log

Clinical Safety Fundamentals: The Safety Incident Log

Read More →

November 25, 2025

Version 2 of DCB0129 and DCB0160: What We Hope to See

Read More →

October 23, 2025
8foldgovernance master

+44 (0) 1273 569172

info@8foldgovernance.com

SERVICES

  • AI Governance
  • Medical Device Registration
  • ISO Compliance
  • Full DTAC Support
  • Information Governance
  • Clinical Safety
  • Data Security & Protection
  • CQC Services
  • Cyber Security
  • 8foldTraining

LINKS

  • Contact
  • About
  • Meet The Team
  • Blog
  • Join Us
  • Case Studies
  • Charity Work
  • Partnerships
  • FAQs
DSPT Data Security And protection Toolkit 8Fold
Information Governance Badge 8 Fold
NPSORE
ABHI Member

 © 2026 8fold | Privacy Policy | Cookie Policy | Terms & Conditions

X We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies. However you may visit Cookie Settings to provide a controlled consent.
Read More ACCEPT Cookie settings
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
Save & Accept