When answering these questions, developers may need to show evidence that their product passes our tests in
areas, and how anyone using them could see benefits to their health and wellbeing. Any major updates made to
will require it to be reassessed to make sure it still meets the necessary standards following the changes.
Our technical assessment examines how a product performs in seven key areas:
Evidence of Outcomes
These questions make sure all products are doing what they are supposed to do, and we will ask developers to
show us how their product improves health and wellbeing. For example, if an app is designed to help patients
their mental health, developers must give examples of how it could help – or already has helped – people.
We also ask if there is any evidence of the clinical, economic or behavioural benefits of using a product,
such as how it has helped improve symptom control, clinical outcomes or patient reported outcomes.
Our clinical safety questions make sure that developers have taken all appropriate action to keep safe any
their product. For example, with an app that reminds patients to take their medication, developers must give
evidence that shows that any risk of these reminders being incorrect has been completely removed or made as
low as possible.
Developers of any product that could put a user at risk must meet the safety
standards required by the Health
and Social Care Act 2012. This would mean producing Hazard Logs and Safety Case Reports, which would
be reviewed by experts at NHS Digital.
Our data protection questions are designed to make sure that any personal information collected or shared by
an app or digital tool is handled in a safe, fair and lawful way. This would include health information
recorded by the
user, such as diabetes readings or health information available via the product if it uses the internet to
connect to an
individual’s health record.
The UK Data Protection Act
2018 gives people rights and control over their information and places greater responsibilities on
organisations to use people’s information appropriately and securely.
The developer must give details of where
the data collected is stored and tell users what rights they have to control how their information
This section is used to assess the security assurance of an app or digital tool. The questions make
a user’s data has been correctly categorised taking account of data protection regulations and clinical
They also ask for confirmation that a security assessment against applicable Open Web
Project standards has been carried out.
Usability & Accessibility
Our usability and accessibility questions are designed to make sure a person can understand and use
an app or digital tool effectively. Text must be clear and easy to read and action buttons big enough,
easy to press and marked with commands that make sense to users. Functions the product carries out
must do what the user expects and not perform any extra actions that are not made clear.
All products are assessed against Web Content
Guidelines 2.1, the agreed international standards for digital accessibility that all web
content must satisfy. This is to ensure they provide access to as many people as possible, including
older users, younger users and those with disabilities. This might involve being able to increase text
size where needed and work with voice software to help visually impaired people.
The usability of an app or digital tool must satisfy the International Organization for
requirements and recommendations for human-centred design principles and activities throughout its
Our interoperability questions test how well a product exchanges data with other systems. For example,
connects with a patient’s medical record or collects readings from another device such as a smart watch
pressure monitor. This process helps developers use data within their products to build new functions,
To do this, developers use Application Programming Interfaces (APIs) – a service that allows third
view a product’s data in a more digestible format. Not all apps exchange data, but those that do must
England’s Open API policy. These rules make the sharing process simple while also keeping it
safe and secure.
The technical stability questions are used to understand how an app or digital tool has been tested
and how testing will continue over time. Developers must show how patients can report any problems with
how the developer will work to correct them.
These questions also cover what happens to any patient information a product has collected if the
stops using it or it is shut down by the developer.