NHS service standard
–
16. Make your service clinically safe
Digital information, tools and services have the potential to cause patient harm.
Make sure that you actively manage any safety risks associated with your content, service and processes.
Why it's important
Clinical risk management is key to creating safe digital services. This includes making sure that accurate and relevant information (such as risks and incidents) is reported when harm occurs. Work with your clinical safety officer to consider what could go wrong, how serious it could be, and how likely it is, so that you can minimise the risk of harm.
What you should do
Your team should be able to show that you:
- have a nominated clinical safety officer – in other words, a clinician with a current professional registration who has been trained in clinical risk management and is accountable for clinical safety
- have qualified clinicians check your clinical information and make sure that it is accurate, evidence-based and safe for all patients
- design the service so that the most vulnerable users can confidently and safely access and use digital products and services, such as people who are:
- homeless
- have recently left prison
- are at risk of domestic or carer abuse
- if appropriate, work to DCB0129 (the clinical risk safety standard for developers and manufacturers of health IT systems) or DCB0160 (the standard that helps health and care organisations manage the clinical risks of using new or changed health IT systems), or both (note: NHS England is reviewing both clinical safety standards)
- have documented processes for:
- developing, maintaining and reviewing your service for ongoing clinical safety, including scheduled evaluations of clinical content, risk controls, incident trends, and alignment with NHS safety standards
- managing live safety incidents, including flagging safeguarding needs and, where necessary, reporting concerns
- making sure that the data you collect is up to date and error free
- identifying and meeting information and communication needs
- where appropriate, comply with NICE's Evidence standards framework for digital health technologies
- if you use barcodes or similar identifiers, you comply with the GS1 barcodes standard, as set out in Scan4Safety
Use information on the AI and Digital Regulations Service website to help you:
- review and understand the evidence for a technology before using it in a service
- understand and comply with NHS clinical risk management standards
- understand how the Care Quality Commission regulates health and social care services and whether you need to register with it
- understand how developers determine if technology is a medical device using guidance from the Medicines and Healthcare products Regulatory Agency (MHRA)
- understand your role in post-market surveillance of medical devices and reporting safety issues about medical devices to the MHRA
Guidance
GOV.UK
This point is not in the Government service standard.
Read more about this
- Accessible information standard (NHS England) – this is about identifying, recording and meeting the support needs of patients, carers and parents with a disability
- AI and Digital Regulations Service website
- Safeguarding (NHS England)
Related service standard points
- 9. Create a secure service which protects people's privacy
- 10. Define what success looks like and be open about how your service is performing – which deals with health and other outcomes
- 15. Support a culture of care
Help us improve this guidance
Share insights or feedback and take part in the discussion. We use GitHub as a collaboration space. All the information on it is open to the public.
If you've gone through a service assessment or peer review, we're especially interested to hear from you.
Feed back or share insights on GitHubRead more about how to feed back or share insights.
If you have any questions, get in touch with the service manual team.
Updated: January 2026