As product manufacturers and developers of health IT solutions respond to the technological opportunities of this digital healthcare revolution, they may have strayed, or will stray, into one or many of the Care Quality Commission’s 14 ‘regulated activities’. These are detailed in Schedule 1 of the Health and Social Care Act 2008 (Regulated Activities) Regulations 2014.
Any manufacturers and developers of healthcare IT solutions that operate independently of a registered healthcare provider and undertake a regulated activity, will need to be registered with the Care Quality Commission (CQC). However, it’s important to distinguish that it’s the provider of a health IT system that needs to be CQC registered, not the software itself. This is similar to the way individual healthcare professionals are not directly registered with the CQC; rather, it is the organisation they work for that holds the registration.
What regulated activities should you be aware of?
In the UK, the health and social care sector is regulated by the CQC. The CQC publishes guidance on what constitutes a regulated activity and it falls into 14 categories. Our experience suggests that manufacturers and developers of health IT systems should be aware of two specific regulated activities:
1. Diagnostic and screening procedures
This regulated activity includes a wide range of procedures related to diagnostics, screening and physiological measurement. Examples of these include:
- Most forms of endoscopy
- Taking an intraoral scan
- Taking a sample or biopsy
- Examining a sample
- Physiological measurements, including:
- audio-vestibular
- vision
- neurological
- cardiovascular
- respiratory
- gastro-intestinal
- urinary.
There are a large number of exemptions under these, including blood pressure monitoring and pulse oximetry. A vast majority of health-tech is sold to a regulated provider and therefore does not need to be regulated themselves. The CQC acknowledges this:
“A healthcare provider that uses AI technology to deliver a regulated activity will be carrying on the regulated activity and will need to be registered with CQC….”
When a health tech organisation carries out a regulated activity independent of a regulated provider, the organisation will need to be registered as the CQC explains:
“..in some cases, the technology supplier may use its own technology to deliver a regulated activity, independently of any CQC-registered healthcare provider, and will need to register.”
The CQC also highlights the increasing prevalence of manufacturers and developers of healthcare IT solutions needing to become CQC registered:
“This is becoming common in diagnostics and screening services, where a healthcare provider sends X-ray, CT or MRI images to an AI supplier that then uses its own AI to analyse the images and report the results. If the healthcare provider does not review the results of the analysis independently, then the AI supplier is likely to be carrying on the regulated activity and will need to register.”
It’s the activity that is registered, not what or who carries it out. Therefore, if a manufacturer or developer of a health IT solution bypasses a clinician acting on behalf of a regulated provider, the manufacturer/ developer will, most likely, need to be registered. Again, it’s important to note that it’s the organisation, not the product that needs to be registered. Unlike for example DCB0129 assessments which are an assessment of the product, not the developer.
2. Transport services, triage and medical advice provided remotely
For transport services, triage and medical advice provided remotely, the CQC highlights:
“This regulated activity applies where medical advice is:
- provided remotely, over the telephone or by email, and
- required in cases that need immediate attention or action, or triage (as opposed to a service where a person submits questions electronically to a provider who responds at a later time, or when a person seeks general health care or lifestyle advice), and
- provided by a body established for that purpose (as opposed to remote consultation and advice by a GP practice or the occasional provision of remote advice by a body such as a hospital or university on an informal basis).
This includes NHS 111 and any other organisation established to provide telephone or internet-based medical advice where immediate action or attention is needed, or that provides triage (see what this means in our glossary of terms).”
As with screening and diagnostics, if the manufacturer or developer is acting independently of a clinician working for a regulated health care provider, and that regulated provider must be registered for the activity the technology delivers, the manufacturer/ developer will need to be registered to carry out the activity.
Failing to register can ultimately result in unlimited fines or custodial sentences. The CQC have a proven track record of prosecuting healthcare providers who fail to register with them.
What are your options?
If your health technology is operating as a standalone product, independent of any interaction with a clinician from a registered healthcare provider, you have a few options:
1.Register with the CQC
This will enable you to keep operating directly with patients. The number of premises held and number of patients managed will determine the cost of registration. You’ll need to consider the ongoing requirements of being a registered healthcare provider, including the need to continually evidence compliance with a wide range of regulations that are assessed by the CQC’s inspection methodology.
2. Operate your health technology through a current provider
This requires you to only sell your product to CQC registered healthcare providers, enabling them to use it under their registration. If you’re selling to the NHS, you will need to meet NHS Digital Technology Assessment Criteria or DTAC. NHS organisations are increasingly building DTAC into their procurement process, recognising their responsibility to undertake due diligence prior to implementation and satisfy the legally mandated requirements of DCB0160.
3. Re-align your product to fall outside the need for CQC registration
Whilst viable, this will most likely affect the commercial validity of your product. After all, you developed the solution to solve a problem, right? And, the problem will still be there! If you are selling to the NHS, the chances are you will still need to complete the DTAC.
Whichever option you choose, we’re on hand to guide you through the entire process, ensuring you deliver a high-quality product while remaining compliant with all your regulatory requirements. If you choose to register with the CQC, here’s what to expect:
How to become CQC registered
The process of registering with the CQC involves an initial application and the provision of supporting documentation to demonstrate that your organisation is capable of safely conducting the regulated activities. This includes details about your organisation’s structure, activities, and location of operations.
[Highlight as CTA] We support organisations to compile and present this information, simplifying the entire process and giving you the best chance of succeeding. Get in touch to find out more.
Once registered, the CQC evaluates providers across five domains: Caring, Safe, Well-led, Effective, and Responsive. They assess whether the organisation provides a safe environment for patients and staff, assigning ratings from ‘Outstanding’ to ‘Inadequate’. This involves a review of the organisational culture, governance, policies, staffing, and training. Demonstrating compliance in a remote care setting may be challenging but is achievable with the right approach. Speak to us and learn how we can support you.
What next?
If the information above has left you perplexed and maybe unsure about how compliant your IT product is with its CQC regulatory obligations, get in touch for a no-obligation discovery call and I’ll walk through the options with you. Alternatively, check out the FAQs below.
FAQs
What are the ‘regulated activities’?
The Health and Social Care Act Regulations 2014 set out the regulated activities. They are summarised on the CQC website and in the quick reference guide.
Why do I need to be registered?
If you are undertaking a regulated activity and are not registered with the CQC, the organisation’s owners or senior managers can face up to 12-months imprisonment and/or an unlimited fine. Cases include a £44k fine to an unregistered provider and an online healthcare provider being fined £13.6K.
How do I become registered?
The registration process can be time-consuming and admin heavy. There are a number of steps you need to follow. The first is to know what you are getting into. Understanding the CQC’s regulations is a must. Next, you’ll need to, as a minimum:
- Gain a DBS check (must be less than 12 months old)
- Compile sector-specific supporting documents, including a wide range of policies and procedures
- Write a ‘Statement of Purpose’
- Reference and evidence of financial viability.
Once you have the information above, you’re ready to start the application process.
Once my registration is approved, what next?
You’ll be required to consistently upload evidence of the quality of the service you are providing through the CQC’s portal. This, and any evidence collated from patients and other care providers will determine the frequency and scope of any on site inspections.
If you would like to discuss any of the above, please book a call with our team. We can make this simple for you and ensure you succeed.
How do I maintain compliance?
The CQC looks for evidence to support regulatory compliance under 5 domains; Safe, Well-Led, Effective, Responsive and Caring. 34 Quality Statements breakdown what compliance looks like under each of these domains. The regulated activity dictates the type of evidence you’ll need to provide.
Your organisation will need to provide evidence that a range of effective policies and procedures are in place. That service users are listened to, consulted, and that stakeholders are engaged in the process.
As specialists in health tech compliance, we’ll support and guide you through any of the above. We work with you to ensure your product is safe, effective and compliant, leaving you to be the innovator.
For any further help and guidance, simply get in touch.