If your technology solution will collect and store any patient data, you'll need to meet data protection and data security standards. A number of quality assurance standards help to meet the requirements:

​

ISO/IEC 27001 information security, cybersecurity and privacy protection.

ISO/IEC 27002 builds upon 27001 to provide further guidelines for selecting and implementing security controls.

​

Cyber Essentials Scheme is a government backed self-assessment certification that helps to protect your organisation against cyber-attack. Certain types of public contracts require organisations to hold Cyber Essentials or Cyber Essentials Plus certification.

​

The NHS Data Security and Protection Toolkit is an online self-assessment tool that enables companies to measure and publish their performance against the National Data Guardian’s ten data security standards.

​

Undertaking a Data Protection Impact Assessment (DPIA) involves systematically identifying and mitigating against potential data protection risks to an acceptable level before using or sharing (processing) data that identifies individuals (personal data).  Under the General Data Protection Regulations (GDPR), there is an obligation that a DPIA must be completed before carrying out data processing that is likely to result in high risk to personal data. Usually, health and social care organisations will have their own DPIA template that once completed is reviewed and signed off by assigned approver within the organisation.

​

 The NHS Health Research Authority has provided guidance from a research perspective in the development of data-driven technologies and outlines the legal requirements for using health and care data.