DCB0129 Clinical Risk Management – the topic everyone is avoiding

DCB0129 has been around well over ten years, and yet is rarely talked about openly. DCB0129 is a standard for manufacturers of health IT software, and helps to prove the clinical safety of products. Originally introduced in 2009 (when it was known as ISB0129) and most recently updated in 2018, the standard provides a set of requirements suitably structured to promote and ensure the effective application of clinical risk management by those organisations that are responsible for the development and maintenance of health IT systems for use within the health and care environment.

DCB0129, and the corresponding standard for health organisations deploying IT, DCB0160, is in fact a legal requirement, so how come the industry is so reluctant to talk about it?

Why is DCB0129 so important

As the NHS meets a level of pressure not seen in a generation, it looks to digital transformation and the adoption of technology wherever possible to provide effective treatment for patients and ease the burden on frontline staff. The DCB0129 standard is now coming to the fore.

In a healthcare setting, clinicians think about risk every day. They think in terms of risk identification and risk management. Providing treatment is inherently risky, and so too is using technology. By acknowledging risk, facing at it head on, risk can be mitigated either through training or by design of processes, by ensuring the correct usage of technology or highlighting where incorrect usage could cause harm. This is what DCB0129 looks to achieve.

DCB0129 aims to align with other regulations on the management and use of medical devices including NHS Digital Clinical Safety standards and with the EU Regulation on Medical Devices 2017/745.

What is required?

DCB0129 is a self-certifying standard, where software vendors must document possible ‘clinical risk’ of using the software or device. Clinical risks are defined as those that relate to patient safety as distinct from other types of risk.

Manufacturers must define and document a clinical risk management process. Within this there are four main functions including follow up activity. The main activities include:

  • Risk Analysis – which includes scoping of risks, clinical hazard identification and clinical risk estimation.
  • Risk Evaluation – a detailed documented evaluation of each risk.
  • Risk Control – identification of control options, mitigations, clinical risk benefit analysis, control measure implementation and a completeness evaluation.
  • Post deployment monitoring – continuous assessment and improvement

As part of the process each vendor organisation must appoint a suitably qualified Clinical Safety Officer to manage and oversee the process.

Benefits to Patients and Healthcare organisations

By implementing a formal process to identify clinical risk that may result in the use of Imprivata software products, we will necessarily shine a spotlight on every aspect of the product. The result being that as well as avoiding potential harm to patients, we believe it will lead to increased product innovation and encourage more meaningful conversations with our customers.

Increased Transparency, Visibility, Accountability

During recent years we have seen the dawning of a new approach within the NHS – one of transparency and visibility. Moving away from a culture where there is a reluctance to acknowledge risk, where people avoid calling out patient safety issues for fear of being blamed, to one where considering risk to be part of everyday thinking and safety is of paramount importance. Indeed, in the CQC’s Strategy for 2021 and Beyondi, patient safety was significantly upgraded and is now seen as a top priority. One of the key points in the CQC document is that stronger safety cultures should result in a vision where there is zero avoidable harm.

By embracing the positive approach to addressing risk and safety taken by other high reliability industries (aerospace, nuclear etc), healthcare can succeed in reducing patient harm. DCB0129 and DCB0160 are part of the journey.


i https://www.cqc.org.uk/about-us/our-strategy-plans/new-strategy-changing-world-health-social-care-cqcs-strategy-2021