If you have decided to use AI, or any new digital platform in your practice, here’s what you need to do to ensure a smooth and compliant implementation within North Central London ICB.

1. Regulatory considerations

Medicines and Healthcare products Regulatory Agency (MHRA) Approval: If the AI solution impacts clinical decisions, check if the supplier has approval. If not, assess its necessity under the MHRA framework or seek guidance from the ICB or NICE.

2. Assurance and compliance

Ensure the software vendor provides necessary NHS accreditations:

• DTAC (Digital Technology Assessment Criteria)
  • DSPT CyberEssentials Plus
  • CREST-approved penetration testing
  • ISO27001 accreditation
  • GDPR compliance

3. Ethical considerations

See downloads for full documentation. 

• Examples of issues to consider, effect on:
  • inequalities/discrimination
  • relationship between healthcare professionals and patients
  • workforce
• complete the first section of the ethical framework questionnaire to assess ethical concerns.
• review NHSX’s AI Ethics and Regulatory Framework
• conduct algorithm transparency and explainability assessments

4. Workflow considerations

• outline workflow changes, expected benefits, and monitoring plans
• ensure safety measures, error reduction, and audits are in place

5. Data protection

Complete a Data Protection Impact Assessment (DPIA) with the NCL Data Protection Officer (DPO) e: dpo.ncl@nhs.net

6. Clinical risk management

• Request DCB0129 from the supplier
• Complete DCB0160 with NCL Clinical Safety Officers (CSO) e: nclicb.clinicalsafety@nhs.net

7. Technical implementation

After completing previous steps, liaise with local GPIT to:

• log a third-party software installation request on the IT Service Portal if needed. To log the request please see the download named 'Arrange for a technical assessment group (TAG) review'

8. Training and change management

Provide staff training and conduct a short test phase to demonstrate safety and outcomes.

9. Communications

Update practice communication materials as needed:

• privacy notice
• posters in practice
• policies including consent/opt-out protocols

10. Implementation at scale

• conduct ongoing monitoring and safety measures. Monitor risk, hazards, outcomes as referred to in DPIA/DCB0129/DCB0160 and this is regularly checked, audited and updated appropriately. 
• if system functionality changes significantly, update clinical safety documents and review local safety documentation.
• report safety concerns to the ICB clinical safety team e: nclicb.clinicalsafety@nhs.net
• report safety concerns about medical devices to MHRA via the Yellow Card reporting site.

11. Additional guidance

• refer to NHS England’s adopter guidance: NHS Digital Regulations
• engage with the local procurement process early
• National Cyber Security Centre: AI and cyber security: what you need to know
• Do not sign up for free trials without checking with the list of ICB vetted providers or contacting our Data protection officer.
• Ensure that the AI, or new digital platform you are implementing is ready for operational use. Any new beta testing modes may be out of scope of what may have been vetted by NCL

This guidance is not exhaustive and will be updated regularly so please check back. Practice implementing AI do so at there own risk NCL ICB takes no liability

By following this structured approach, you can ensure that AI integration in your practice is effective, compliant, and beneficial to both clinicians and patients.