My AXrEM
My Groups
Home/News/Public/AXREM DTAC and DCB0129 Problem Statement

AXREM DTAC and DCB0129 Problem Statement

04 July 2023

AXREM is the UK trade association representing the interests of suppliers of diagnostic medical imaging, radiotherapy, healthcare IT and care equipment including patient monitoring in the UK. Our group is comprised of most of the industry supply companies, meaning AXREM members supply most diagnostic medical imaging and radiotherapy equipment installed in UK hospitals.

Problem Overview

AXREM members are increasingly concerned about the use of DTAC (Digital Technology Assessment Criteria) and DCB0129 (Clinical Risk Management: its Application in the Manufacture of Health IT Systems) due to multiple issues, which are leading to confusion and excessive workload both for AXREM members and the NHS.

Many of the issues have resulted from changes made to the DTAC document that expanded the questions to include products which were well outside the original intended scope of user facing applications. This along with a lack of any formal scope, missing clear definitions, absence of differentiation between new and established products, inappropriate questions, and poor granularity depending on the type of product (e.g., a certified medical device should need almost no questions once it has been identified), results in confusion, duplication, wasted time, and costs for both suppliers and the NHS. In many cases the DTAC provides no useful or actionable information and simply becomes a tick box exercise for the purchaser.

Questions in the DTAC that are scored, such as requiring WCAG 2.1 level AA compliance, are clearly not applicable to many products currently covered by the DTAC, such as medical devices and associated supporting software, as they are only intended for professional use and are not websites or Apps, which the requirement is intended to cover. Marking a product down over such questions is clearly inappropriate, but there is no option to say the question is not applicable.

These DTAC issues were exacerbated by the change to the DCB0129 standard in 2018, which expanded the requirement to include medical devices. However, as can be seen from the subsequently published guidance flowchart, this expansion to include medical devices was only intended to encompass a small range of products that implemented medical devices within the Health IT System, which never really occurs as the implementation essentially requires all affected ‘implemented’ parts to be certified as a medical device.

DCB0129, and the associated DCB0160 used by the NHS, also has a poorly defined scope and definitions that often leads to a request for a DCB0129 for a medical device that should not require one. However, it also suffers from a lack of alignment with published British (BS) and international (ISO/IEC/EN) standards. One of the biggest deviations is the requirements for a Clinical Safety Officer (CSO), as the defined requirements do not align with those of BS EN ISO 14971 (Medical devices – Application of risk management to medical devices) given in clause 4.3 (competence of personnel), which leads to duplication of work and additional costs. BS EN ISO 14971 is fully accepted UK designated standard for use with medical devices, so why would a more strictly defined role be needed for products that may not even be considered a medical device? Another factor is the requirement for a Hazard Log and Clinical Safety Case Report, as these are not aligned with ISO 14971 and the Risk Management File (clause 4.5). Every misalignment with published standards results in additional costs without any obvious benefit. Also, the documentation contained in the files required by ISO 14971 may be confidential to protect intellectual property (IP), so cannot be shared. However, providing these documents should not be required as any residual risks are called out in the instructions for use (IFU), which should be used when following IEC 80001-1:2021, or when creating a DCB0160.

DCB0129 also fails to acknowledge that non-medical software intended for use with medical devices (on a Health IT System network) will have already undergone appropriate risk assessment and testing (for compatibility) since they were designed to be operated in this environment. Therefore, appropriate parts of ISO 14971 would have been observed and an appropriate quality management system will have been used (ISO 9001). This may have also used parts of ISO 13485 for reporting of defects and incidents since they are intended to work with medical devices. Such products are often found in both in-vitro laboratory diagnostics (IVD) and diagnostic imaging (in-vivo) applications. For such applications there should be no need to supply a DCB0129. A document like a modified DTAC could be used to indicate the product was assessed using appropriate standards for their intended use.

Often, rather than complete a DCB0160, the NHS could simply follow IEC 80001-1:2021 (Application of risk management for IT-networks incorporating medical devices – Part 1: Safety, effectiveness and security in the implementation and use of connected medical devices or connected health software) to meet their obligations.

Further Issues

In some cases, a retrospective DTAC is being requested for equipment that has already been supplied and installed, sometimes after many years of use. Clearly it may be impossible to obtain the required information retrospectively, and certainly the costs of the work that may be required to produce one is unacceptable. It should be made clear that a DTAC is not intended to be used retrospectively.

AXREM members have also been presented with non-standard DTAC forms. For example, copying the DTAC content onto an Excel spreadsheet and adding their own questions. This creates a lot of extra work, as pre-prepared DTAC forms cannot be provided.

There is also a serious concern that third parties are attempting to monetise DTAC by offering compliance checking on behalf of the purchaser (NHS), which may lead to mandated certification. This will add significant costs and delays to procurement and deployment.

Next Steps and Proposals

AXREM and other stakeholders have tried to engage with NHS England to support changes to the current DTAC and DCB standards without any success. At a time where new technology is urgently required within the NHS, the delays and costs associated with the current documents need to be urgently addressed.

As a first step AXREM would suggest the following actions:

  • Withdraw DTAC with immediate effect.
  • Update the DCB0129 guidance with a revised flowchart providing enhanced direction on when a DCB0129 is applicable and what BS/ISO/IEC/EN standards can be used to show conformance in place of a DCB0129.
  • Rework the scope of DCB0129 and align it with ISO 14971. Permit other paths to conformance using BS/ISO/IEC/EN standards. Ensure definitions are clear and unambiguous.
  • Rework the scope of DTAC and ensure definitions are clear and unambiguous. Ideally, remove certified medical devices from the scope and associated hardware/software intended to function with these devices. Use the updated scope of DCB0129 and alternate paths to conformance via BS/ISO/IEC/EN standards. Mention it is not to be used retrospectively for existing supplied products.
  • For both standards make a clear differentiation between products that are new to the market (i.e., unproven/un-certified) and those that are either established or certified medical devices.
  • Prevent mandated DTAC or DCB0129 chargeable assessments.

A proposed DCB applicability flowchart that can be used until a revised DCB0129 can be produced is shown in Annex 1.

 Annex 1 – DCB Applicability Flowchart.

To find out more about AXREM www.axrem.org.uk

Contact AXREM CEO, Sally Edgington T 07717 058649 or sally.edgington@axrem.org.uk