If you have decided to use AI, or any new digital platform in your practice, here’s what you need to do to ensure a smooth and compliant implementation within North Central London ICB.

To support practices, we are in the process of developing a summary table of digital platforms that have already been through the vetting process by the ICB (this does not mean they have been endorsed).

Critical summary points

1. Assurance and compliance

Ensure the software vendor provides necessary NHS accreditations:

• NHS clinical risk management standard DCB0129 - if not available, do not proceed!
• AI supplier can provide evidence that it meets DTAC (Digital Technology Assessment Criteria), which includes:
  • DSPT Cyber Essentials Plus
  • CREST-approved penetration testing
  • ISO27001 accreditation
  • GDPR compliance

2. Data protection

• complete a Data Protection Impact Assessment (DPIA) with the General Practice (GP) Data Protection Officer (DPO) e: ncl.dpo@nhs.net
• data protection officer FAQs can be found in the resource section.

3. Clinical risk management

Complete DCB0160 with NCL Clinical Safety Officers (CSO) e: nclicb.clinicalsafety@nhs.net. Where a DCB0160 has already been completed by another practice this will be more streamlined with supporting clinical implementation recommendations.

(be aware the Clinical safety officer will require a copy of the DCB0129, any workflows and or demo from the supplier where available)

4. Technical implementation Group (TAG) assessment:

• log a call with NCL GPIT to confirm digital platform is safe to use within NCL and discuss any need for installation/ firewall access if required IT Service Portal. To log a call, see download 'Arrange for a technical assessment group (TAG) review'

5. Communication/ privacy policy 

Update practice communication materials as needed including privacy notice, posters in practice and policies including consent/opt-out protocols. 

Further In-depth considerations

6. Regulatory considerations – some AIs are medical devices!

Medicines and Healthcare products Regulatory Agency (MHRA) device approval is required if the AI solution impacts clinical decision making- please check if this impacts your specific use case of the digital tool. If the product does not have approval, assess its necessity under the MHRA framework or seek guidance from the ICB or NICE. Please see AI and digital technology regulation and guidance for adopters.

7. Ethical considerations

Ethical considerations should be documented when implementing AI.  See downloads for full documentation:

• examples of issues to consider, effect on workforce, inequalities/discrimination, and relationship between healthcare professionals and patients.
• NHSX’s AI Ethics and Regulatory Framework
• An ethical framework questionnaire to complete to assess ethical concerns, algorithm transparency and explainability assessments.

8. Workflow considerations

• outline workflow changes and monitoring/audit plans
• ensure safety measures for error reduction e.g. staff reminders to double check what has been copied over from an AI scribe tool.

9. Training and change management

Provide staff training on the new system. 
Conduct a short test phase in line with implementation guidelines. This does not have to be onerous and implementation guides and checklists provide support to do this.

10. Post-Implementation/ Implementation at scale

• conduct ongoing monitoring and safety measures. Monitor risk, hazards, outcomes as referred to in DPIA/ DCB0129/ DCB0160 and this is regularly checked, audited and updated appropriately. 
• if system functionality changes significantly, update clinical safety documents and review local safety documentation.
• report safety concerns to the ICB clinical safety team e: nclicb.clinicalsafety@nhs.net
• report safety concerns about medical devices to MHRA via the Yellow Card reporting site.

11. Additional guidance

• refer to NHS England’s adopter guidance: NHS Digital Regulations
• engage with the local procurement process early
• National Cyber Security Centre: AI and cyber security: what you need to know
• do not sign up for free trials without checking with the list of ICB vetted providers or contacting our GP Data protection officer.
• ensure that the AI, or new digital platform you are implementing is ready for operational use. Any new beta testing modes may be out of scope of what may have originally been vetted by NCL

This guidance is not exhaustive and will be updated regularly so please check back. Practice implementing AI do so at their own risk NCL ICB takes no liability.

By following this structured approach, you can ensure that AI integration in your practice is effective, compliant, and beneficial to both clinicians and patients.