On January 6, 2021 the UK’s Department of Health and Social Care (“DHSC”)  published “A Guide to Good Practice for Digital and Data-Driven Health Technologies” (the “Guidance”).  The Guidance updates the DHSC’s “Code of Conduct for Data-Driven Health and Care Technologies” (the “Code”) (for further information on the Code see our earlier blog, here).

As with the Code, the Guidance is a valuable resource to help parties understand what the National Health Service (“NHS”) looks for when acquiring digital and data-driven technologies for use in health and care.

The Guidance outlines twelve key principles of good practice (“Principles”), encouraging innovators to build them into the strategy and development of a relevant product “by design”.

The Guidance contains a number of updates to the Code. These include (among others):

  • dedicated principles on (i) ethical operation, (ii) technical assurance, (iii) clinical safety, (iv) usability and accessibility, and (v) regulation;
  • expanded commentary on the promotion of interoperability alongside open standards; and
  • commentary on the impact of the UK leaving the EU in relation to relevant regulatory considerations.

The Principles, and associated key aspects, are as follows:

Operate Ethically

  • Parties are to review the UK Government’s Data Ethics Framework and abide by the stated principles in developing safe, ethical and effective digital health technologies.

Have a Clear Value Proposition

  • Parties should ensure that the product is designed to achieve a clear outcome for users or the system, including through thorough research of user needs across the entire life-cycle of the product.

Usability and Accessibility

  • Parties should ensure that the product is easy to use and accessible to all users, including consideration of the digital literacy of the UK and “particular patient cohorts”, to ensure inclusivity.

Technical Assurance

  • Parties should ensure that the product is appropriately tested and is fit for purpose.  The Guidance recommends the use of an “assurance plan” that describes the approach to testing and explains how the data-driven technology will continue to be developed and managed.

Clinical Safety

Data Protection

  • Parties should demonstrate that the product collects, stores and processes users’ information in a safe, fair and lawful way.  This would not only include consideration for data protection legislation, but also the specific rules that apply to handling confidential patient information.

Data Transparency

  • Parties should be fair, transparent and accountable about what data is being used, including through making use of tools such as data flow maps.
  • Parties should be transparent about the limitations of the data used, with assessment of data quality being checked continuously and with consideration to guidance on data quality from NHS England and the UK Statistics Authority.
  • Parties should have consideration as to the effect of linking data to mitigate reduction in data quality.
  • Parties should be transparent as to whether an algorithm has been built on a training data set and not yet deployed in a real-world clinical implementation.



  • Parties should ensure that the product meets all relevant regulatory requirements, with particular regard to additional requirements where the product would be considered a “medical device” or “in vitro diagnostic tool”.
  • Consideration should be had to the applicability of such requirements in light of the UK’s departure from the EU, alongside relevant guidance provided by the UK Government.
  • The Guidance reiterates that it is the responsibility of the manufacturer of the product to determine the legislation that applies to them.

Interoperability and Open Standards

  • Parties should ensure the product makes the best possible use of open standards to ensure data quality and interoperability, to provide a “seamless care journey”.

Generate Evidence that the Product Achieves Clinical, Social, Economic or Behavioural Benefits

  • Parties aiming to create products for national recommendation or procurement, can have the product reviewed by The National Institute for Health and Care Excellence (“NICE”), who can also help parties understand the kind of evidence favourable to the relevant commissioners.
  • A recommendation in NICE guidance is looked upon very favourably and described as the “gold standard”.

Define the Commercial Strategy

  • Parties should take into account the allocation of benefits from any commercial arrangement that involves NHS data.
  • The DHSC has outlined five “guiding principles” to ensure that NHS stakeholders see a benefit from commercial arrangements involving NHS data.
  • The Guidance notes that NHSX has set up the Centre for Improving Data Collaboration to facilitate partnerships between the NHS and industry and will provide commercial and legal support to NHS organisations entering into commercial agreements.