A new website has been launched to support development and use of AI and data-driven technologies in health and social care. The site is a collaboration between:

• the Care Quality Commission (CQC) is the independent regulator of health and social care in England;
• the Health Research Authority (HRA) protects and promotes the interests of patients and the public in health and social care research;
• the Medicines and Healthcare products Regulatory Agency (MHRA) regulates medical devices in the UK; and
• the National Institute for Health and Care Excellence (NICE) provides guidance and advice to improve health and social care.

The content has been designed to support both developers and adopters: to understand what regulations you need to meet and when, and to help you feel confident about using digital technologies in your health or care service. 

The adopters' guidance includes a data compliance checklist, highlighting some of legal requirements you must take into consideration when using health and care data. The guidance also includes a reminder that, if you use AI-driven technologies as part of delivering a service, you need to check if the adoption and use of the technology constitutes a separate, regulated activity. 

It is the use of this technology that may be a regulated activity, rather than the supply of the technology. If you are supplying AI, which another care provider uses to provide a regulated activity, you do not need to register, but they may need to. For example:

• Need to register: your company makes a diagnosis using AI and sends the results back to the referrer who does not double-check your diagnosis.
• You do not need to register: your company supplies AI to an NHS or other healthcare provider. That provider, and its clinical teams, use AI-driven technologies to make a diagnosis.

With an increasing number of health and social care providers using data and technology to enhance their services and drive efficiencies, we recommend you update your Data Privacy Impact Assessment to check whether your proposed use might trigger a need to register a new regulated activity with the CQC.

Once you have chosen to implement data and technology into your service, you will need to keep this under review and record your ongoing compliance, as CQC inspection teams might want to:

• check technologies are safely and effectively deployed in the care pathway;
• see evidence that relevant staff have been appropriately trained in using any new technologies; and
• see that processes are in place for appropriate reporting of any issues or incidents relating to new technologies.

If you would like any assistance understanding the legal requirements you must take into consideration when using health and care data as an adopter of digital health technologies, or navigating the guidance published above, please contact us to discuss further.