Reading:
Standards and Guidelines Conformance

Standards and Guidelines Conformance

Dafydd Loughran
by Dafydd Loughran, Chief Executive Officer
December 2020

This page describes the standards and guidelines that are relevant for a digital consent to treatment application in the UK, and demonstrates how Concentric meets the requirements.

The following are discussed in this resource:

  1. GMC Guidance
  2. RCS England
  3. Department of Health and Social Care
  4. Care Quality Commission
  5. NHS Digital
  6. National Cyber Security Centre
  7. The Information Standard Principles
  8. NICE Evidence Standards Framework for Digital Health Technologies



GMC Guidance

GMC guidance, as per updated 2020 consent and shared decision making guidance is met by design. The relevant principles for any digital consent solution include principles 1, 2, 3 and 4.

1 and 3 - (1) Patients have the right to be involved in decisions about their treatment and care and be supported to make informed decisions if they are able. (3) All patients have the right to be listened to, and to be given the information they need to make a decision and the time and support they need to understand it.

Concentric supports patients to engage with and understand decisions about their care. Information is accessible for users, either digitally or printed, and is compatible with accessibility software and screen-readers. Concentric makes it easy for information to be shared with patients, either during or following a consent consultation, or prior to emergency surgery, and makes personalised evidence-based information available for review and sharing beyond the time of the clinical consultation.

2 - Decision making is an ongoing process focused on meaningful dialogue: the exchange of relevant information specific to the individual patient.

Concentric supports consent episodes to be undertaken over a number of different interactions where appropriate, with a consult view supporting and documenting a consent consultation. Remote consent can be enabled where appropriate to enable decisions to be made following review of the information in the patient’s own time following a clinical consultation.

4 - Doctors must try to find out what matters to patients so that they can share relevant information about the benefits and harms of proposed options and reasonable alternatives, including the option to take no action.

Concentric supports the documentation of what matters to patients, highlights the benefits and harms of proposed options and makes visible to each patient the reasonable alternatives for them. Discussion around these alternatives, risks and benefits can be documented and are visible to both clinician and patient

RCS England

RCS (Royal College of Surgeons) England guidance, as per their good practice guide ‘Consent: Supported Decision-making’ is met by design. The relevant principles for any digital consent solution include: - Treat each patient as an individual - No treatment as an option - Providing the right information - Material risks - Written and multimedia information - A decision-making record

Treat each patient as an individual - Concentric provides evidence-based templates for over 1000 procedures which can then be personalised to each individual, including their personal indication for treatment, relevant alternatives, anaesthetic options, complication profile, and additional resources. Context can be added to each element, and only the information relevant for the individual is shared with the patient.

No treatment as an option - Alternatives are presented to patients for each procedure, including of no treatment, with the context of why that may be an alternative to this treatment and for this individual.

Providing the right information - All information contained within Concentric is subject to rigorous standards in terms of clinical information and accessibility, and is customisable to the local context. A two phase validation process is undertaken prior to clinical use, with internal validation of clinical content by Concentric’s internal clinical writing team - comprising GMC-registered clinicians, followed by local validation and edits - this can include edits to procedure risk profile and the addition of local information and resources. Information is subject to readability ease measurements, as per the standards for patient-facing medical information. Combinations of procedures can be intelligently merged and presented to patients without duplication of information, and cognisant of the context of the individual procedures when done in combination.

Material risks - As highlighted by the Montgomery Judgement, the identification, discussion and documentation of material risks is critical in demonstrating best practice. Concentric makes it easy to personalise the risk profile of any procedure for the individual, including changing a risk’s likelihood, addition of new risks, and documentation of conversations held around material risks.

Written and multimedia information - Concentric links out to a wealth of information from trusted sources, such as Royal Colleges of the various specialties, for additional procedure information, information about the patient’s indication for treatment etc. Local resources can be added, including text-based and video-based resources. These resources are checked on release of data for any changed links so that these can be rectified. A record of additional resources shared is maintained. A list of trusted resources can be maintained at a local level which will automatically exclude links to excluded sources.

A decision-making record - An audit record is maintained of the entire interaction, including who has edited the episode, what elements have been selected and removed, notes added by who and when, and when consent events have occurred - such as sharing by email, remote consent, consent in person, confirmation of consent, or revocation of consent. This information is available to admin users, alongside an admin dashboard of use.

In addition the Concentric admin dashboard supports quality improvement work around consent standards, for example demonstrating the percentage of consent episodes completed on the day of surgery over time, and the percentage of patients receiving a digital version of their consent information.

Department of Health and Social Care

The requirements set out by the Department of Health (Now Department of Health and Social Care) reference guide to consent for examination or treatment Second edition is met by design, including the use of different consent form information and required fields for consent for children and young people.

Care Quality Commission

The requirements set out by the Care Quality Commission (CQC) relating to consent are met by design. These are set out in Regulation 11 of the Health and Social Care Act 2008 (Regulated Activities) (Regulations 2014). This requires that a system must be able to demonstrate that consent has been given by the relevant person prior to treatment, that the consent consultation is held in a way that meets people’s communication needs, is treated as a process, and provides space and time for consideration.

NHS Digital

Concentric has been developed to meet the framework for the key standards of clinical safety, the use of data, interoperability and design interaction set out by the NHS Digital Data and Technology Standards Framework:

Patient records for all health and care settings must use the NHS Number wherever possible - Search by NHS number is supported, often alongside a local identifier where this is also commonly used.

Logging in to NHS systems should be through an approved authentication system - single-sign on authentication is available, and work is in progress to enable authentication via NHS Identity.

Patient information held in electronic health records should comply with NHS clinical information standards - Information standards are met, including with regard to hosting, data security at rest, data security in transit, and data archival, retention, and disposal. Full details are available within our Information Governance summary.

NHS Digital Reference Data Registers are the reference data source of choice in NHS systems - These are used for both patient identifier naming structure and the coding of specialties for consent episodes.

All health software and health IT systems must be designed, developed and operated safely to conform with clinical safety standards - Concentric meets the DCB0129 standards for clinical safety, and has a publically available clinical safety case report.

All NHS digital, data and technology services should achieve the Data Security Standards required through the Data Security and Protection Toolkit (DSPT) - A DSPT is maintained for the system, with standards exceeded. The assessment is available to view.

All NHS digital, data and technology services should support FHIR-based APIs to enable the delivery of seamless care across organisational boundaries - A flexible approach is taken to integration, as described in our integration overview, depending on local configuration. A FHIR-approach is available.

All NHS digital, data and technology services should be designed to meet user needs in line with the principles of the Digital Service Standard and Technology Code of Practice - The code of practice is met by design. Our privacy notice details how patient data is used, managed, and for what purposes.

National Cyber Security Centre

Cyber Essentials Plus certification is maintained, which includes a hands on technical verification.

Additional independent penetration testing is undertaken by a CHECK and CREST approved penetration testing provider.

The Information Standard Principles

Quality Statements:

a) There is a defined process for producing information (including identifying the need for a product, checking stages, final sign-off, review, version control and archiving)

Content is subject to internal peer review, and is validated by an appropriate individual within the healthcare organisation prior to use. All content is subject to version control via Github.

b) All individuals involved in the information process have the relevant up to date training/experience and follow the defined process for all information products

Content is created by GMC-registered medical writers who follow a defined process for content creation, reviewing, and editing.

c) Information is created using high quality evidence (where the evidence exists) and is presented in a balanced manner. Where there is no evidence to back up claims made in an information product this is made clear to the end user. Evidence is reviewed for currency each time the resource is updated.

The best available evidence is provided during the consent process, curated by a combination of published literature, lay resources, and expert opinion. Where there is uncertainty, e.g. for risk profile, this is highlighted.

d) Information is reviewed by relevant professionals/peers before it is approved for use

External validation of content is provided by the deploying healthcare organisation. This included review of content and tone, and additional local resources can be added.

e) Information is created taking into consideration the health literacy and/or accessibility needs of the population it is aimed at

Content is written for a ‘Plain English’ readability or easier - measured by a Flesch reading ease of 60+. Concentric utilises industry standard accessibility tools across all modern devices.

f) Jargon is not used and medical terms (when used) are explained

Medical jargon is avoided, and where it is deemed useful is described in lay language then followed by the medical term in brackets.

g) End users are involved at the outset and throughout in the production and their input is actively used.

Clinician and patient end users have been involved in each stage of the development and deployment of Concentric. Some of this work is detailed in this case study written by the Life Sciences Hub Wales.

h) An authorised approver(s) checks that your process has been followed sufficiently before a product is approved for publication

The appropriate process for creation, reviewing, editing and local adaptation of content is reviewed by the deploying organisation’s Clinical Safety Officer prior to deployment, and is described within Concentric’s Clinical Safety Case Report.

i) The date and review date of each information product are clearly stated

Content is subject to a regular review process.

j) Information is in plain language, free from spelling and grammatical errors – and medical terms are explained where necessary

Content is written for a ‘Plain English’ readability or easier - measured by a Flesch reading ease of 60+. Concentric utilises industry standard accessibility tools across all modern devices. Grammar and spell checking is done prior to release and updates. Medical jargon is avoided, and where it is deemed useful is described in lay language then followed by the medical term in brackets.

k) References to the evidence used in the information are retained and made available if requested

References are maintained within the Concentric Ontology repository and are available on request.

l) The information signposts the end user to further sources of information

Recommended resources are included within the application. These are from approved sources such as Royal Colleges. Sources can be removed by the deploying organisation.

m) The information product gives the end user details on how they can give their feedback

Feedback can be given within the application, and timed patient feedback is also sent out following the completion of the consent episode. Feedback questions are directed by the deploying organisation.

n) People are encouraged to give any ongoing feedback after the product has been published and this is acted upon as appropriate

Patient feedback functionality is persistent. Clinicians can also give feedback within the application, or via feedback mechanisms put in place by the deploying organisation.

o) There is defined process for reviewing published/approved information

Content is subject to a regular review process.

p) All staff involved in the information process follow the defined review process for all information products.

Content is created by GMC-registered medical writers who follow a defined process for content creation, reviewing, and editing.

NICE Evidence Standards Framework for Digital Health Technologies

Concentric is considered a Tier 2 Digital Health Technology as per the Evidence Standards Framework for Digital Health Technologies. Evidence of effectiveness meets the requirements for a Tier 2 technology:

Credibility with UK health and social care professionals. In live clinical use across a number of NHS Trusts and Health Boards, as the default consent mechanism, and across the specialties, including surgical, radiology, oncology, and medical specialties. Meets the required standards for Information Governance, Cyber Security. Approved supplier to the UK Public sector via G Cloud 12 framework. A case study has been published by the Government of Jersey regarding the deployment of Concentric.

Relevance to current care pathways in the UK health and social care system. Meets the relevant requirements, as part of the consent process, as defined by GMC guidance, Royal College of Surgeons, Care Quality Commission, and the Department for Health and Social Care.

Acceptability with users. Evaluation undertaken at each NHS deploying organisation of patient and clinician acceptability. Largest completed evaluation as yet, at a London NHS Trust demonstrated that Concentric is very highly rated by patients (4.65 average star rating) and clinicians (4.75 average star rating, with all clinician users stating a preference for Concentric compared to the paper process).

Equalities considerations. Industry-standard accessibility features are enabled across all modern browsers and operating systems across both clinician and patient facing Concentric applications. WCAG 2.1 AA compliant. Our age histogram of users demonstrates use across the age groups, with a skew to the right as expected for the cohort of surgical patients, with a 96 year old being the oldest user to date.

Accurate and reliable measurements. Admin dashboard provides granular system information regarding consent episodes, active users, common procedures, timing of consent, use of remote consent, frequency information shared with patients and audit log of consent episodes.

Accurate and reliable transmission of data. Append only data-structures are used for data storage which allows full audit tracking of changes. Protection against data tampering is provided by computing a cryptographic hash which encodes the current and past state of a consent episode at each mutation as a hash chain. This hash is included on screen after consent is given, and in the exported consent form PDF.

Data security at rest: Personal and episode data is stored in a relational database (PostgreSQL), which stores its data at rest on an encrypted (using AES-256) distributed block storage device. The database operates in master-slave configuration for redundancy, and additionally backup snapshots (also AES-256 encrypted) are taken periodically for disaster recovery. All database block data is logically protected by access control lists (ACLs) which limit access to the appropriate database servers. Legal consent PDFs are stored in a distributed block storage device which encrypts data using AES-256 before it is written to disk.

Data security in transit: Web and API servers only allow requests made using TLS version 1.2 or above, which provides protection against snooping and man in the middle attacks on data. Non-HTTPS requests are denied by API servers

Reliable information content. Content is created by GMC-registered medical writers who follow a defined process for content creation, reviewing, and editing. Content is subject to internal peer review, and is validated by an appropriate individual within the healthcare organisation prior to use. The best available evidence is provided during the consent process, curated by a combination of published literature, lay resources, and expert opinion. Content is written for a ‘Plain English’ readability or easier - measured by a Flesch reading ease of 60+. Recommended resources are included within the application. These are from approved sources such as Royal Colleges.

Ongoing data collection to show usage of the DHT. Admin dashboard demonstrates how, and how often, and by who Concentric is used, including supporting consent process quality improvement work.

Ongoing data collection to show value of the DHT. Patient and clinician feedback can be provided within the application. Emails are sent to patients and clinicians to collect feedback. Feedback fields can be defined by the deploying organisation. 400+ patient feedback surveys have been received over the past 6 months, with a 4.65 average star rating. Clinicians are asked for feedback following a few weeks of use, and then periodically. Clinicians at the largest completed evaluation as yet gave a 4.75 average star rating, with all clinician users stating a preference for Concentric compared to the paper process.

Quality and safeguarding. Clinical safety processes are overseen by a trained Clinical Safety Officer, including review of any software updates. Clinical Safety Case Report is publicly available and meets the requirements set out by NHS Digital (DCB0129). Onboarding processes are in place to ensure clinicians are appropriately trained, and are aware of the functionality and any limitations of Concentric.