Back to list
eConsult Blog

DCB0129 & DCB0160

Riccardo Garavani  | 31st March 2021

What are they and why do they matter?


The present coronavirus pandemic has brought about unprecedented global challenges, not least within the healthcare sector. Within our business alone, we’ve seen a tenfold increase in utilisation in the last 12 months and have crossed the 10 Million eConsults milestone. Digital health systems undoubtedly play an important and growing role within the NHS and social care. 

Demands on the commissioning, deployment and use of digital health systems have increased as a result, often delivered at lightning speed. This poses the question as to whether the speed of necessity has put safety standards at risk. According to a healthcare application review last month by Orcha, the answer is a clear yes. Their findings reported that ‘up to 80% of organisations are not meeting the mandatory NHS standards’, citing ‘insufficient awareness of regulatory requirements’ as one of the key findings. 

Whilst the facts may be alarming, the implications are more so.

Government standards relating to healthcare systems – for both manufacturer of online consultation system (suppliers) and those procuring – are clear, yet ‘most healthcare apps are failing NHS standards’. We’re doing our bit to help increase awareness of what these regulations mean,  how you can ensure you are not exposed and that patient safety remains paramount.

Welcome to DCB0129 and DCB0160 

DCB (Data Coordination Board) have 162 standards on the NHS website. Standards DCB0129 and DCB0160 go hand in hand. They set out the clinical risk management framework for health organisations and suppliers alike, to ensure the highest standards of quality in the NHS with respect to digital health system assessment and deployment.

The supplier and health organisation form part of a handshake over the responsibility for safer digital health implementations and use.

Want to find out more? Sign up to our Standards DCB0129 & DCB0160 Webinars.

We’ve joined forces with Dr Stuart Harrison, the author of the standard, to host two webinars in April that go over this requirement and what it means for you. He’ll be running this with Dr Aravinth Balachandran, our in-house CSO.

DCB0160 – obligations for health organisations

The DCB 0160 Standard is the clinical risk management standard that NHS organisations need to comply with when they implement digital health systems. The standard is governed by NHS Digital and is a mandatory requirement under the Health and Social Care Act 2012, in England.

This standard provides a set of requirements to promote and ensure the effective application of clinical risk management by those health organisations that are responsible for the deployment, use, maintenance or decommissioning of digital health systems within the health and care environment. This includes CCGs and PCNs

If you implement a digital health system you must

  • undertake a formal clinical risk assessment and 
  • evidence the measures which have been put in place to mitigate risk relating to the implementation and use of the digital health system.

You must also undertake a formal risk assessment on the digital health product being commissioned and produce three documents summarising the outcome:  

  1. The Clinical Risk Management Plan
  2. Clinical Safety Case Report
  3. Hazard Log

This ‘risk assessment’ needs to be carried out before a System goes live (see diagram for steps below). It must also be:

  • Approved by an accredited Clinical Safety Officer. 
  • Regularly reviewed during live service (operation or use).

DCB0160 doesn’t stop there…

In short, if you’re a health organisation and a manufacturer providing health care services within your patch is not meeting quality standards, you are responsible. Even if the decision to procure is taken at a practice level. You have a responsibility to:

  • educate GPs around their responsibilities and reporting of digital health-related safety incidents
  • and ensure GPs making their own procurement decisions understand their obligations

Who is watching? 

These standards are governed by NHS Digital and mandatory under the Health and Social Care Act. They ensure that IT systems are built and deployed safely with both clinical system supplier, and provider, working collaboratively to ensure clinical safety is upheld during the operating lifetime of the product. That is why we put a heavy focus on clinical risk management and governance in addition to our compliance with our side of the handshake.

It will also be a key theme in the NHS Patient Safety Strategy. There is a commitment to implement safer solutions throughout the NHS and digital health will have greater focus following the difficult times the NHS has faced this past year. Regulators are certainly enhancing their signal detection relating to effectiveness measures and quality of digital health commissioning and use.

The Care Quality Commission (CQC) regulates healthcare providers with the aim of protecting patients from potential harm. Healthcare providers using online consultation systems need to demonstrate and evidence that their online consultation implementation is safe and effective. This includes;

  • evidencing any mandatory training has been completed, 
  • understanding the potential risks and hazards and 
  • producing clearly defined standard operating procedures. 

It is important for CCGs to support their member practices in this process too and similarly our organisation provides transformational support and guidance for practices.

However, the powers of the regulatory arms, whilst cause for concern for the unprepared, are not what is at risk here. Lives are.

When things go wrong in our industry, there is always a risk with the highest of consequences.  

That’s why we put a heavy focus on clinical risk management and governance in addition to our compliance with our side of the handshake. 

DCB0129 – Our obligation and duty

In accordance to DCB 0129 we fully comply with the standard and operate a clinical risk management system that enables us to demonstrate the safety of our digital health products through:

  • a clinical safety case report, 
  • a hazard log and 
  • a clinical risk management plan. 
  • Incident reporting is included to enable proactive and reactive patient safety measures to be in place.

DCB0129 compliance is just one part of our governance story. eConsult has been developed by NHS clinicians and places clinical safety as a core principle in our solution. Our clinical development team makes up 20% of our staff. We have a mixture of GPs and senior nurses who author new content based on the latest guidelines including National Institute of Clinical Excellence (NICE), Clinical Knowledge Summaries (CKS), NHS.UK and other referenced sources. Our clinical governance group has representation from a pool of 26 external clinicians from various specialities including A&E, ITU, Pharmacy and Paramedics to provide critical feedback on the clinical safety elements of our templates. 

We support CCGs, Trusts and other organisations in undertaking their mandatory DCB0160 compliance when deploying and mobilising our solution to end-users. 

Want to find out more? Sign up to our Standards DCB0129 & DCB0160 Webinars.

We’ve joined forces with Dr Stuart Harrison, the author of the standard, to host two webinars in April that go over this requirement and what it means for you. He’ll be running this with Dr Aravinth Balachandran, our in-house CSO.

A ticking time bomb?

Greater usage of online consultation and lowering standards is a recipe for disaster.

We are now processing over one million eConsults per month and it’s not just the volumes that have risen significantly. We operate an open safety culture and effective signal detection of patient safety incidents as one would expect for an organisation that champions clinical safety. We are also proactive in our methods knowing that we not only focus on incident detection and corrective actions; we focus on what methods and practices are safe. By doing this we move towards a higher quality clinical risk management approach.

Even with improvements to our ‘red flagging’ approach, the number of complex cases has risen by 300%. 

We urge you to check that your health IT system suppliers comply with DCB0129 and the quality of their compliance.

Need more help?

Thankfully, there are lots of resources available to support you with your regulatory needs.

Foundation level learning can be found from the following link: e-learning for Healthcare: Clinical Risk Management Training Programme

This e-learning has been developed by the Clinical Safety Team at NHS Digital in partnership with Health Education England e-Learning for Healthcare.

Additional learning can be found here: Clinical Safety & Risk Management (

This is a comprehensive series of byte-sized e-Learning modules that cover all aspects of clinical safety, including NHS digital health standards, medical devices and more.

Additional to this, there are practical courses available for how to become an accredited Clinical Safety Officer or clinical safety practitioner (non-clinical); to support the clinical safety work we do. Clinical Safety Officer Training

Get in touch to speak to our team about DCB0160.