Clinical Safety DCB0129 and DCB0160
Use this page for clinical-safety source-layer references to DCB0129 and DCB0160 in NHS-facing digital-health evidence.
Source-Layer Position
The NHS Standards Directory exposes two related clinical risk-management standards: DCB0129 for the manufacture of health IT systems and DCB0160 for deployment and use of health IT systems. For this wiki, they are clinical-safety assurance boundaries, not proof that any InterSystems product or customer deployment is safe or compliant.
Role Split
| Standard | Source-layer use | Evidence boundary |
|---|---|---|
| DCB0129 | Supplier, manufacturer, or system-developer clinical risk management for the health IT product, module, interface, or software change. | Needs a named supplier/product/component/version, clinical safety case, hazard log, clinical safety officer ownership, residual-risk position, and release/change-control evidence. |
| DCB0160 | Care-organisation deployment and use risk management for a configured service in a local clinical workflow. | Needs local deployment scope, use case, workflow, hazard log, deployment safety case, residual-risk acceptance, clinical safety officer ownership, training, monitoring, and incident/change processes. |
What It Supports
| Area | Supported evidence question |
|---|---|
| Product or component safety | Has the supplier or manufacturer produced a clinical safety case for the named software, version, adapter, interface, or module? |
| Local deployment safety | Has the care organisation assessed the configured deployment, workflow, users, source systems, data flows, failure modes, and residual risk? |
| Interface and record-flow safety | Who owns hazards across Health Connect mediation, HealthShare record aggregation/viewing, GP Connect, MESH, ITK3, PDS/ODS/SDS, and local fallback workflows? |
| Change control | How are releases, interface changes, message/payload changes, source-system changes, and configuration changes re-assessed? |
What It Does Not Prove
DCB0129/DCB0160 evidence does not prove DSIC catalogue status, GP Connect onboarding, PRSB conformance, DSA/DPIA approval, Caldicott approval, data-protection compliance, customer live status, or four-nation connectivity.
Deployment Evidence Needed
For Health Connect, HealthShare, DMICP/CORTISONE, DSIC, GP Connect, or shared-care-record workflows, prove the standard by named deployment: supplier safety case, deployment safety case, hazard log, clinical safety officer roles, residual-risk acceptance, interface failure handling, rollback/fallback process, release/change control, training, incident reporting, and links to the local information-governance pack.