Mara Health

NHS DTAC Compliance for Healthtech Startups

The global healthcare sector is currently experiencing a substantial digital overhaul, with the swift adoption of cutting-edge Healthtech products and services. From electronic health records (EHRs) to virtual clinician platforms, wearable devices, lifestyle and wellness applications, and AI-powered software, Healthtech innovators are introducing tools to elevate patient care and streamline the overall patient experience.

In this article, we’ll explore the importance of DTAC and how to get your healthtech startup compliant with it.

What is NHS DTAC?

To ensure the safety and effectiveness of these digital health tools, the National Health Service (NHS) introduced the Digital Technologies Assessment Criteria (DTAC) in 2021. It serves as the national benchmark for evaluating digital health technologies used within the NHS ecosystem.

The DTAC serves as a comprehensive evaluation system, ensuring that Healthtech solutions meet stringent standards in terms of clinical safety, data integrity, security, seamless integration with other technologies, and user-friendliness.

If you think compliance is expensive - try non-compliance.

Key Components of DTAC

The Digital Technologies Assessment Criteria (DTAC) amalgamates legislative requirements and best practices across five crucial areas: clinical safety, data protection, technical security, interoperability, and usability/accessibility.

DTAC Compliance for healthtech startups

Here’s a brief overview of the components tested under DTAC:

Clinical Safety

Clinical safety isn’t a mere formality – it’s the bedrock of Healthtech innovation.

For medical professionals and founders steering healthtech startups, it means more than ticking boxes. It’s about weaving a commitment to patient safety into the very DNA of your development process, starting from the earliest brainstorming sessions. As you begin this journey, adopt a proactive stance, integrating robust clinical risk management procedures aligned with NHS Digital clinical safety standards (DCB0129 and DCB0160).

This commitment isn’t just about compliance; it’s a pledge to prioritize patient well-being throughout the development lifecycle. By embracing and understanding these clinical safety standards, you lay the groundwork for technologies that don’t just advance healthcare practices but do so with an unwavering commitment to patient safety.

Data Protection

In the digital age of healthcare, patient data is gold. As medical professionals and founders of healthtech startups, ensuring its utmost protection is not just a compliance requirement – it’s a commitment to patient trust and ethical practice.

DTAC compliance in data protection goes beyond meeting standards; it involves adhering to NHS data protection protocols, conducting comprehensive Data Protection Impact Assessments (DPIA), and aligning with the UK General Data Protection Regulation (UK-GDPR).

Patient data is the lifeblood of healthtech solutions. By implementing robust data protection measures, you not only meet compliance requirements but also contribute to building a digital healthcare landscape founded on trust and ethical data handling practices.

Technical Security

In the digital evolution of healthcare, fortifying technical security is a necessity, not just a checkbox on the to-do list. As healthtech founders, achieving DTAC compliance demands more – it necessitates mandatory certification with the UK government’s Cyber Essentials scheme and the implementation of advanced security measures, including multifactor authentication.

By adopting robust security measures, you not only comply with DTAC but actively contribute to the resilience and trustworthiness of digital health technologies against an ever-changing cyber landscape.


For medical professionals and healthtech startup founders, interoperability isn’t just a technical jargon – it’s the key to delivering comprehensive patient care.

DTAC compliance in this arena requires your healthtech solutions to seamlessly collaborate, allowing for the smooth exchange of information across diverse platforms and systems.

By prioritizing interoperability, you pave the way for more integrated and efficient healthcare practices, ultimately benefiting both healthcare providers and the individuals receiving care.

Usability & Accessibility

Ease of use and accessibility aren’t just nice-to-haves; they’re the marks of healthtech excellence. For healthtech startup founders, usability & accessibility – the final pillar of DTAC compliance – means ensuring that your digital health solutions aren’t just technologically advanced but also user-friendly and accessible to diverse user groups.

By prioritizing intuitive interfaces and incorporating accessibility features, you enhance the overall patient experience. This, in turn, contributes to a healthcare landscape that caters to the needs of all individuals, regardless of their abilities or technical proficiency. In doing so, you not only meet compliance standards but actively champion inclusivity, making your healthtech solution a tool that empowers and benefits everyone in the healthcare ecosystem.

The NHS DTAC Process

In contrast to frameworks like the NHS Data Security and Protection Toolkit, there is currently no formalized assessment or certification process for the Digital Technology Assessment Criteria (DTAC).

Here is a brief overview of the steps you need to go through to get the DTAC Compliance:

Step-By-Step Guide
  • Complete the DTAC Questionnaire: Developers fill out a questionnaire and gather evidence to show how their digital health solution meets the criteria.
  • Submit Evidence to Buyer: Developers send all the necessary information directly to the buyer, who will evaluate the submission.
  • Identify Reviewer: Since there’s no central authority, developers need to decide who will review their submission. This could be a specific buyer, like a trust or an integrated care system.
  • Update Documentation: Whenever new features are added, developers must update their documentation to ensure compliance. This includes conducting a clinical risk assessment.
  • Buyer Assessment: The buyer assesses the submission to determine if it meets the DTAC standard. This process can take one to three months.
  • Regular Updates: Developers need to stay up-to-date with changes in legislation, cybersecurity, data protection, and clinical safety to ensure ongoing compliance with DTAC standards.


In conclusion, compliance with NHS DTAC is indispensable for developers seeking to supply digital health solutions to the NHS. DTAC compliance is a commitment to shaping a healthcare future that is safe, secure, interconnected, and accessible to all.

By adhering to stringent standards across clinical safety, data protection, technical security, interoperability, and usability/accessibility, developers contribute to the delivery of safe, secure, and effective healthcare services.

As Healthtech continues to evolve, embracing these pillars becomes not only a responsibility but a catalyst for transformative and responsible innovation. 

Get Help from Experts

With the support of platforms like Mara Health, navigating the complexities of DTAC compliance becomes more manageable, empowering developers to drive innovation and make meaningful contributions to the healthcare landscape.

Mara Health doesn’t simply instruct you on achieving DTAC compliance; it actively assists in its attainment. Our platform automates 80% of the evidence necessary under the Mara Health framework, eliminating the uncertainty surrounding compliance requirements.

Following this automation, our team of NHS compliance experts and Clinical Safety Officers will support you through the remaining steps, guaranteeing that you can demonstrate your solution’s adherence to the demanding standards required for collaboration with the NHS and other health and social care entities.

Get Help from Healthtech Consultant for DTAC Compliance

Get in touch and let us help you

Post Tags :

Share :