Skip to main content

Be Mindful
Digital Technology Assessment Criteria

The Digital Technology Assessment Criteria for health and social care (DTAC) gives, healthcare providers, patients and citizens confidence that the digital health tools they use meet clinical safety, data protection, technical security, interoperability as well as usability and accessibility standards. The DTAC brings together UK legislation and good practice in these areas, providing new national baseline criteria for digital health technologies entering into the NHS and social care.

DTAC Compliant

A. Company Information

CODE | DTAC QUESTION

A1 | Provide the name of your company

WELLMIND HEALTH RESPONSE

Wellmind Health

CODE | DTAC QUESTION

A2 | Provide the name of your product

WELLMIND HEALTH RESPONSE

Be Mindful

CODE | DTAC QUESTION

A3 | Provide the type of product

WELLMIND HEALTH RESPONSE

Web-App

CODE | DTAC QUESTION

A4 | Provide the name and job title of the individual who will be the key contact at your organisation

WELLMIND HEALTH RESPONSE

Sarah Germaney, Account Director

CODE | DTAC QUESTION

A5 | Provide the key contact's email address

WELLMIND HEALTH RESPONSE
CODE | DTAC QUESTION

A6 | Provide the key contact's phone number

WELLMIND HEALTH RESPONSE

+44 (0)1273 325136

CODE | DTAC QUESTION

A7 | Provide the registered address of your company

WELLMIND HEALTH RESPONSE

168 Church Road, Brighton BN3 2DL UK

CODE | DTAC QUESTION

A8 | In which country is your organisation registered?

WELLMIND HEALTH RESPONSE

United Kingdom

CODE | DTAC QUESTION

A9 | If you have a Companies House registration in the UK please provide your number

WELLMIND HEALTH RESPONSE

04542911

CODE | DTAC QUESTION

A10 | If applicable, when was your last assessment from the Care Quality Commission (CQC)?

WELLMIND HEALTH RESPONSE

Not applicable

CODE | DTAC QUESTION

A11 | If applicable, provide your latest CQC report.

WELLMIND HEALTH RESPONSE

Not applicable

B. Value Proposition

CODE | DTAC QUESTION

B1 | Who is this product intended to be used for?

WELLMIND HEALTH RESPONSE

Patients

CODE | DTAC QUESTION

B2 | Provide a clear description of what the product is designed to do and of how it is expected to be used

WELLMIND HEALTH RESPONSE

Be Mindful is a web-based Mindfulness-based Cognitive Therapy (MBCT) program that guides participants through all the elements of MBCT in a minimum of 4 weeks. It is an asynchronous online program which can be followed on any internet connected device with a web-browser, including smart phones, tablets, laptops and computers.

CODE | DTAC QUESTION

B3 | Describe clearly the intended or proven benefits for users and confirm if / how the benefits have been validated

WELLMIND HEALTH RESPONSE

The intended user benefits of the Be Mindful program are improvements in mental health with reductions in anxiety (GAD-7), depression (PHQ-9) and stress (PSS). These are achieved through mindfulness practice and cognitive behavioural approaches learnt throughout the program.

The effectiveness of the Be Mindful program is proven by published research studies in scientific journals. Studies validating user benefits are available on request.

CODE | DTAC QUESTION

B4 | Please attach one or more user journeys which were used in the development of this product. Where possible please also provide your data flows

WELLMIND HEALTH RESPONSE

Documentation of user journeys and data flows available on request.

C. Technical Questions

C1. Clinical Safety

Establishing that the product is clinically safe to use.

CODE | DTAC QUESTION

C1.1 | Have you undertaken Clinical Risk Management activities for this product which comply with DCB0129?

WELLMIND HEALTH RESPONSE

Yes

CODE | DTAC QUESTION

C1.1.1 | Please detail your clinical risk management system

WELLMIND HEALTH RESPONSE

Clinical Risk Management System documentation available on request.

CODE | DTAC QUESTION

C1.1.2 | Please supply your Clinical Safety Case Report and Hazard Log

WELLMIND HEALTH RESPONSE

Clinical Safety Case Report and Hazard Log available on request.

CODE | DTAC QUESTION

C1.2 | Please provide the name of your Clinical Safety Officer (CSO), their profession and registration details

WELLMIND HEALTH RESPONSE

John O’Dowd – Orthopaedic Spinal Surgeon GMC Registration reference number: 2601616

CODE | DTAC QUESTION

C1.3 | If your product falls within the UK Medical Devices Regulations 2002, is it registered with the Medicines and Healthcare products Regulatory Agency (MHRA)?

WELLMIND HEALTH RESPONSE

Yes

CODE | DTAC QUESTION

C1.3.1 | If yes, please provide your MHRA registration number

WELLMIND HEALTH RESPONSE

25845

CODE | DTAC QUESTION

C1.3.2 | If the UK Medical Device Regulations 2002 are applicable, please provide your Declaration of Conformity and, if applicable, certificate of conformity issued by a Notified Body / UK Approved Body

WELLMIND HEALTH RESPONSE

Declaration of Conformity available on request

CODE | DTAC QUESTION

C1.4 | Do you use or connect to any third-party products?

WELLMIND HEALTH RESPONSE

No

CODE | DTAC QUESTION

C1.4.1 | If yes, please attach relevant Clinical Risk Management documentation and conformity certificate

WELLMIND HEALTH RESPONSE

Not applicable


C2. Data Protection

Establishing that the product collects, stores and uses data (including personally identifiable data) compliantly.

CODE | DTAC QUESTION

C2.1 | If you are required to register with the Information Commissioner, please attach evidence of a current registration.

WELLMIND HEALTH RESPONSE

Evidence of registration with Information Commissioner is available on request.

CODE | DTAC QUESTION

C2.2 | Do you have a nominated Data Protection Officer (DPO)?

WELLMIND HEALTH RESPONSE

Yes

CODE | DTAC QUESTION

C2.2.1 | If you are required to have a nominated Data Protection Officer, please provide their name.

WELLMIND HEALTH RESPONSE

Willem Mulder, CTO

CODE | DTAC QUESTION

C2.3 | Does your product have access to any personally identifiable data or NHS held patient data?

WELLMIND HEALTH RESPONSE

No

CODE | DTAC QUESTION

C2.3.1 | Please confirm you are compliant (having standards met or exceeded status) with the annual Data Security and Protection Toolkit Assessment.

WELLMIND HEALTH RESPONSE

Yes, exceeded status.

CODE | DTAC QUESTION

C2.3.2 | Please attach the Data Protection Impact Assessment (DPIA) relating to the product.

WELLMIND HEALTH RESPONSE

DPIA available on request.

CODE | DTAC QUESTION

C2.4 | Please confirm your risk assessments and mitigations / access controls / system level security policies have been signed-off by your Data Protection Officer (if one is in place) or an accountable officer where exempt in question C2.2.

WELLMIND HEALTH RESPONSE

Yes

CODE | DTAC QUESTION

C2.5 | Please confirm where you store and process data (including any third-party products your product uses)

WELLMIND HEALTH RESPONSE

UK only

CODE | DTAC QUESTION

C2.5.1 | If you process store or process data outside of the UK, please name the country and set out how the arrangements are compliant with current legislation

WELLMIND HEALTH RESPONSE

Not applicable


C3. Technical Security

Establishing that the product meets industry best practice security standards and that the product is stable.

CODE | DTAC QUESTION

C3.1 | Please attach your Cyber Essentials Certificate

WELLMIND HEALTH RESPONSE

Cyber Essentials Plus certificate available on request.

CODE | DTAC QUESTION

C3.2 | Please provide the summary report of an external penetration test of the product that included Open Web Application Security Project (OWASP) Top 10 vulnerabilities from within the previous 12-month period.

WELLMIND HEALTH RESPONSE

Compliant external penetration test summary report available on request.

CODE | DTAC QUESTION

C3.3 | Please confirm whether all custom code had a security review.

WELLMIND HEALTH RESPONSE

Yes

CODE | DTAC QUESTION

C3.4 | Please confirm whether all privileged accounts have appropriate Multi-Factor Authentication (MFA)?

WELLMIND HEALTH RESPONSE

Yes

CODE | DTAC QUESTION

C3.5 | Please confirm whether logging and reporting requirements have been clearly defined.

WELLMIND HEALTH RESPONSE

Yes

CODE | DTAC QUESTION

C3.6 | Please confirm whether the product has been load tested

WELLMIND HEALTH RESPONSE

Yes


C4. Interoperability Criteria

Establishing how well the product exchanges data with other systems.

CODE | DTAC QUESTION

C4.1 | Does your product expose any Application Programme Interfaces (API) or integration channels for other consumers?

WELLMIND HEALTH RESPONSE

Yes

CODE | DTAC QUESTION

C4.1.1 | If yes, please provide detail and evidence:

  • The API’s (e.g., what they connect to) set out the healthcare standards of data interoperability e.g., Health Level Seven International (HL7) / Fast Healthcare Interoperability Resources (FHIR)
  • Confirm that they follow Government Digital Services Open API Best Practice
  • Confirm they are documented and freely available
  • Third parties have reasonable access to connect
WELLMIND HEALTH RESPONSE

We expose a very basic public API - full access to and usage of this is only possible using one of three levels of secure access where applicable. It follows Government Digital Services Open API Best Practice and is fully-documented and freely available.

CODE | DTAC QUESTION

C4.2 | Do you use NHS number to identify patient record data?

WELLMIND HEALTH RESPONSE

No

CODE | DTAC QUESTION

C4.2.1 | If yes, please confirm whether it uses NHS Login to establish a user’s verified NHS number.

WELLMIND HEALTH RESPONSE

Not applicable

CODE | DTAC QUESTION

C4.3 | Does your product have the capability for read/write operations with electronic health records (EHRs) using industry standards for secure interoperability (e.g. OAuth 2.0, TLS 1.2)

WELLMIND HEALTH RESPONSE

Yes

CODE | DTAC QUESTION

C4.3.1 | If yes, please detail the standard

WELLMIND HEALTH RESPONSE
  • SSL/TLS server certificates are Amazon issued, Public key: RSA 2048-bit, Signature algorithm: SHA256WITHRSA.
  • Our AWS ELBs (Elastic Load Balancers) listen only for HTTPS connection requests.
  • Elastic Load Balancing uses a security policy to negotiate SSL connections between a client and the load balancer. A security policy is a combination of protocols and ciphers that ensures that all data passed between the client and the load balancer is private. The ELBSecurityPolicy-2016-08 security policy is always used for backend connections. For front-end connections we selected AWS Load Balancer ELBSecurityPolicy-FS-1-2-Res-2019-08. This is the most re-strictive policy available. FS stands for Forward-Secrecy. This policy supports TLS 1.2 only and includes only ECDHE (PFS) and SHA256 or stronger (384) ciphers.
  • ELBs do not support SSL renegotiation for client or target connections.
  • We do NOT use oAuth.
CODE | DTAC QUESTION

C4.3.2 | If no, please state the reasons and mitigations, methodology and security measures.

WELLMIND HEALTH RESPONSE

Not applicable

CODE | DTAC QUESTION

C4.4 | Is your product a wearable or device, or does it integrate with them?

WELLMIND HEALTH RESPONSE

No

CODE | DTAC QUESTION

C4.4.1 | If yes, provide evidence of how it complies with ISO/IEEE 11073 Personal Health Data (PHD) Standards.

WELLMIND HEALTH RESPONSE

Not applicable

D. Key Principles for Success

D1. Usability and Accessibility

Establishing that the product has followed best practice.

CODE | DTAC QUESTION

D1.1 | Understand users and their needs in context of health and social care

Do you engage users in the development of the product?

WELLMIND HEALTH RESPONSE

Yes

CODE | DTAC QUESTION

D1.1.1 | If yes or working towards it, how frequently do you consider user needs in your product development and what methods do you use to engage users and understand their needs?

WELLMIND HEALTH RESPONSE

User needs and preferences in regard to accessibility and ease-of-use were a key focus for the design and launch of the Mindfulness-based Cognitive Therapy (MBCT) digital program in 2011.  Since then, we have actively promoted several different means to ensure users give feedback about their experience including web-based forms at the end of learning modules. This feedback over the years has led to improvements to the user interface and the engagement related content of the program.

CODE | DTAC QUESTION

D1.2 | Work towards solving a whole problem for users

Are all key user journeys mapped to ensure that the whole user problem is solved, or it is clear to users how it fits into their pathway or journey?

WELLMIND HEALTH RESPONSE

Yes

CODE | DTAC QUESTION

D1.2.1 | If yes or working towards it, please attach the user journeys and/or how the product fits into a user pathway or journey

WELLMIND HEALTH RESPONSE

User journeys and data flow documentation available on request.

CODE | DTAC QUESTION

D1.3 | Make the service simple to use

Do you undertake user acceptance testing to validate usability of the system?

WELLMIND HEALTH RESPONSE

Yes

CODE | DTAC QUESTION

D1.3.1 | If yes or working towards it, please attach information that demonstrates that user acceptance testing is in place to validate usability.

WELLMIND HEALTH RESPONSE

Documentation demonstrating user testing and usability validation is available on request.

CODE | DTAC QUESTION

D1.4 | Make sure everyone can use the service

Are you international Web Content Accessibility Guidelines (WCAG) 2.1 level AA compliant?

WELLMIND HEALTH RESPONSE

Yes

CODE | DTAC QUESTION

D1.4.1 | Provide a link to your published accessibility statement.

CODE | DTAC QUESTION

D1.5 | Create a team that includes multi-disciplinary skills and perspectives

Does your team contain multidisciplinary skills?

WELLMIND HEALTH RESPONSE

Yes

CODE | DTAC QUESTION

D1.6 | Use agile ways of working

Do you use agile ways of working to deliver your product?

WELLMIND HEALTH RESPONSE

Yes

CODE | DTAC QUESTION

D1.7 | Iterate and improve frequently

Do you continuously develop your product?

WELLMIND HEALTH RESPONSE

Yes – there is continuous development to improve user experience and engagement with the core therapeutic content.

CODE | DTAC QUESTION

D1.8 | Define what success looks like and be open about how your service is performing

Do you have a benefits case that includes your objectives and the benefits you will be measuring and have metrics that you are tracking?

WELLMIND HEALTH RESPONSE

Yes. The Be Mindful program has been shown to effectively deliver all elements of MBCT and has achieved exceptional mental health outcomes for users, which are demonstrated in published research studies by leading academic institutions.

CODE | DTAC QUESTION

D1.9 | Choose the right tools and technology

Does this product meet with NHS Cloud First Strategy?

WELLMIND HEALTH RESPONSE

Yes - using AWS cloud

CODE | DTAC QUESTION

D1.9.1 | Does this product meet the NHS Internet First Policy?

WELLMIND HEALTH RESPONSE

Yes

CODE | DTAC QUESTION

D1.10 | Use and contribute to open standards, common components and patterns

Are common components and patterns in use?

WELLMIND HEALTH RESPONSE

No

CODE | DTAC QUESTION

D1.10.1 | If yes, which common components and patterns have been used?

WELLMIND HEALTH RESPONSE

Not applicable

CODE | DTAC QUESTION

D1.11 | Operate a reliable service

Do you provide a Service Level Agreement to all customers purchasing the product?

WELLMIND HEALTH RESPONSE

Yes

CODE | DTAC QUESTION

D1.12 | Do you report to customers on your performance with respect to support, system performance (response times) and availability (uptime) at a frequency required by your customers?

WELLMIND HEALTH RESPONSE

Yes

CODE | DTAC QUESTION

D1.12.1 | Please attach a copy of the information provided to customers

WELLMIND HEALTH RESPONSE

Performance report information available on request.

CODE | DTAC QUESTION

D1.12.2 | Please provide your average service availability for the past 12 months, as a percentage to two decimal places

WELLMIND HEALTH RESPONSE

See Uptime Robot for service availability
stats.uptimerobot.com/kgnRrckqgN