Digital Technology Assessment Criteria (DTAC)

Introducing DTAC

In February 2021 NHSX launched the new Digital Technology Assessment Criteria (DTAC) to ensure new technologies meet NHS Standards. There are a number of data protection specific criteria required to achieve a pass for DTAC.

One element is a Data Protection Impact Assessment (DPIA). A DPIA is a risk assessment of your product which identifies any potential risk to the rights and freedoms of individuals from a data protection. In some circumstances, it is also a mandatory requirement under data protection law.

Kaleidoscope have worked with many organisations to complete such DPIAs including with partners who are currently involved with the Accelerated Access Collaborative (AAC) in partnership with NHSX and the National Institute of Health Research (NIHR). Whilst most DPIAs will only cover data protection law, Kaleidoscope work with clients to ensure they can also provide assurances for how they meet requirements under the Common Law Duty of Confidentiality and sector specific health law, which has extra requirements on organisations involved in the processing of NHS data.

One of the areas of concern is the use of NHS data for AI purposes. Ensuring the right protections are in place are crucial for the successful implementation. After supporting clients through the requirements of DTAC and any follow up queries NHSX may have, Kaleidoscope is uniquely placed to support the introduction of new technologies and facilitating discussions with Information Governance professionals within the NHS to ensure Information Governance concerns are not a barrier to implementation.