← Back to Blog
January 2025 / Clinical Safety

Understanding DCB0129: Clinical Risk Management for AI in Healthcare

A practical guide to the clinical safety standard that governs health IT systems in the NHS, and what it means for AI deployments.

Dr Priya Patel

Chief Medical Officer, Medelic

If you're developing or deploying health IT systems in the NHS, you'll need to comply with DCB0129. But what exactly is it, and how does it apply to modern AI systems? This guide cuts through the jargon to explain what you need to know.

What is DCB0129?

DCB0129 is an information standard published by NHS England that mandates clinical risk management for health IT systems. Originally published in 2012 and updated in 2018, it requires manufacturers to implement a systematic approach to identifying and managing clinical risks associated with their products.

The standard applies to any IT system that could affect patient safety - which, in practice, means almost any system used in clinical settings. This includes electronic health records, clinical decision support systems, and increasingly, AI-powered tools like triage systems.

The Core Requirements

DCB0129 requires manufacturers to:

  • Appoint a Clinical Safety Officer (CSO) - a suitably qualified clinician responsible for ensuring clinical safety throughout the product lifecycle
  • Establish a Clinical Risk Management System - documented processes for identifying, evaluating, and controlling clinical risks
  • Create a Hazard Log - a living document that tracks all identified hazards, their severity, and the controls in place
  • Produce a Clinical Safety Case Report - evidence demonstrating that risks have been reduced to acceptable levels
  • Maintain safety throughout deployment - ongoing monitoring and incident management processes

Why It Matters for AI

AI systems present unique challenges for clinical risk management. Unlike traditional software where behaviour is deterministic, AI systems can produce unexpected outputs and may change over time as models are updated. This makes rigorous safety assessment even more critical.

For AI triage systems like Medelic, key considerations include:

  • Red flag detection - ensuring the system reliably identifies urgent clinical presentations that require immediate escalation
  • Appropriate uncertainty handling - what happens when the AI is unsure? The system must fail safely
  • Consistency and fairness - ensuring the system performs equally well across different patient demographics
  • Human oversight - maintaining appropriate clinical supervision of AI-generated recommendations
"DCB0129 isn't just a compliance exercise - it's a framework that forces you to think systematically about what could go wrong and how to prevent it. For AI systems, this discipline is invaluable."

Getting Started

If you're building health IT systems and haven't yet engaged with DCB0129, here's where to start:

  1. Read the standard itself - it's publicly available from NHS Digital
  2. Identify or appoint a Clinical Safety Officer
  3. Begin documenting your clinical risk management processes
  4. Start your hazard log early - it's easier to build as you go than to retrofit

At Medelic, we've built DCB0129 compliance into our development process from day one. If you'd like to learn more about how we approach clinical safety, visit our governance page or get in touch.

Back to all posts