WorryTree's Commitment to Data Protection and Technical Security

At WorryTree, we are working hard to make sure that we are taking good care of your data. We want to create tools that are as helpful and supportive as possible.

One element of this has been working to comply with the UK’s Digital Technology Assessment Criteria (DTAC). This post is for people who want to know more about what we are doing in the areas of clinical, technical and data safety.

What is DTAC?

The DTAC is a set of guidelines used in the UK healthcare system (the NHS) to assess digital tools used in patient care. These criteria help make sure that technology used is safe and effective for patients. This means that patients can have more confidence in the digital tools recommended by their healthcare providers. They know that they meet certain quality standards and won't compromise their health or privacy.

Health specialists benefit from these criteria as they can make informed decisions about which digital solutions to use. This improves the quality of care they provide to patients while maintaining data security and compliance with regulations.

How we are meeting the DTAC's usability and accessibility requirements

We’ve spent the last few months working carefully through the DTAC’s assessment criteria. We’ve looked at where we are meeting the requirements and where we need to do more work. Below, we’ll take each section of the DTAC and share what we’ve done and where we have more to do.

Clinical Safety

This section is all about making sure that WorryTree is safe to use.

All of our development work has been supported by a Clinical Advisory Panel. These healthcare specialists have reviewed our plans to make sure that new tools are safe for our community.

We are building a Clinical Risk Management System which will set out what we're doing to make WorryTree safe to use. We are looking for a qualified Clinical Safety Director. They will make sure that every tool we create in the future is evidence-based.

Data Protection

This section is all about making sure that we collect, store and use your data securely.

We are registered in the UK with the Information Commissioner. We have a Data Protection Impact Assessment in place which outlines how we collect, store and use data. Our data is stored within the EU using a third party provider, MongoDB. MongoDB complies with all UK and EU data protection laws.

Technical Security

This section is all about making sure that WorryTree meets best practice security standards and is stable.

When we share a new WorryTree release we perform internal checks that all the code is secure. We make sure that all of our systems are protected with unique passwords and multi-factor authentication.

We meet the UK Cyber Essentials criteria. We are working towards having full external penetration and load testing in place.

Interoperability

This section is about how WorryTree exchanges data with other systems.

WorryTree does not exchange data with other APIs. WorryTree does not need to access any NHS data systems or any patient data. Most of the DTAC interoperability criteria therefore will not apply.

Usability and Accessibility

This section is about making sure that WorryTree is easy to use by anyone.

It’s really important to us that we continuously involve our community of users in our planning and development. This means we can make sure that we’re creating tools that are helpful and easy to use. We ask for feedback using links in WorryTree, push notifications, email newsletters and social media. Any feedback we receive is then included in all of our development and product planning. Whenever we release a new version of WorryTree, it has been tested by real life users first.

Our Accessibility Statement outlines how we are working towards being accessible to all. Our team is always looking to improve the performance of our app. We issue regular releases to make sure WorryTree remains stable and secure. Our average service availability is over 99.9% and we deal with any problems within 12 hours.

WorryTree meets the NHS Cloud First Strategy and Internet First Policy.

We are partially compliant with International Web Content Accessibility Guidelines (WCAG) 2.1 level AA. We are working towards being fully compliant across our website and mobile app.

WorryTree is dedicated to the highest standards of safety, security, and ease of use.

We are committed to continuous improvement and compliance.

If you have any questions or feedback about DTAC and how we’re working to meet the criteria in the UK, please email us at hello@worry-tree.com.