Executive Summary
Systems don't fail at pilot because of code defects alone — they fail over time when vigilance fades.
Staff rotate. Workflows change. Patient populations shift. Algorithms drift. Security threats evolve.
Boards that treat compliance as a one-off milestone expose themselves to risk. Boards that embed living compliance — vigilance that adapts with the environment — protect patients, safeguard reputations, and maximise the value of their digital investments.
Executive Summary
- Deployment is the beginning: Ongoing vigilance is essential.
- Four pillars: Clinical Safety, Surveillance, Security, and Change Control.
- Shared accountability: Both supplier and Trust must own post-deployment safety.
- AI challenges: Model drift, bias, and explainability require explicit monitoring processes.
- Operational integration: Living compliance must map onto risk registers, incident reporting, quality committees, and procurement contracts.
- Strategic imperative: Ongoing vigilance needs resourcing, skills, metrics, and scaling frameworks — not just aspiration.
The Four Pillars of Living Compliance
Clinical Safety
Hazard logs, safety cases, and incident monitoring must remain live documents. Every update, integration, and workflow change needs safety re-review.
Surveillance
Regular review of performance data, adverse event reports, and user feedback. Trend analysis matters as much as one-off incidents.
Security
Threat landscapes evolve constantly. Annual penetration testing, Data Security and Protection Toolkit (DSPT) renewal, and proactive patch management must be budgeted and resourced.
Change Control
Every alteration — from minor patch to major upgrade — requires structured assessment of safety, security, and data protection impacts.
Who Owns Living Compliance?
This is where projects often fail. Compliance falls into a grey zone between supplier and Trust, and nobody takes responsibility.
Shared accountability is essential:
Suppliers: Maintain technical documentation, monitor emerging risks, push security updates, report adverse trends.
Trusts: Integrate logs into governance, ensure local workflows are reviewed, manage risk registers, oversee incident response.
Jointly: Define escalation triggers, revalidation criteria, and retirement decisions.
Without clarity, post-deployment safety becomes everyone's responsibility — and therefore nobody's.
Mapping to Trust Governance
Living compliance must not sit in parallel. It must integrate into existing structures:
- Risk Registers – identified hazards logged and updated.
- Incident Reporting (Datix or equivalent) – digital health events fed through the same system as clinical events.
- Quality & Safety Committees – quarterly reviews of compliance metrics.
- Change Advisory Boards – all updates channelled through CAB processes, with tailored fast-track pathways for urgent safety patches.
This ensures compliance is visible, accountable, and auditable.
The AI Challenge
AI systems amplify vigilance requirements.
Model Drift: Performance degradation can be subtle. Monitoring requires agreed statistical thresholds and validation against clinical datasets.
Bias Emergence: Demographics shift; systems must be tested continuously for fairness and representativeness.
Revalidation Triggers: Boards must decide in advance when an incremental patch is enough — and when full revalidation is mandatory.
Explainability Reviews: Clinical teams need structured sessions to interpret outputs, challenge reasoning, and confirm trust in the system. These reviews need both data scientists and clinicians present.
Without explicit processes, drift and bias can creep in silently — undermining safety long before an incident is reported.
Real-World Operational Risks
Staff Turnover – Champions leave, knowledge fades. Succession planning and documentation are critical.
Version Fragmentation – Different sites or departments may run different versions. Backward compatibility must be managed actively.
Incident Escalation – Boards must agree escalation pathways: who decides to suspend use if risk emerges, and how continuity of care is maintained.
Resourcing Living Compliance
This is not free. It requires recurring budget for:
- DSPT renewal and penetration testing.
- Safety reviews and hazard log updates.
- Incident investigations and root cause analyses.
- Ongoing supplier engagement and service management.
It requires capability investment in:
- Staff training on monitoring and incident response.
- Clinical champions trained to spot early signals of drift or failure.
- Supplier management teams able to enforce contractual obligations.
Without ring-fenced budget and skills development, vigilance remains aspirational.
Scaling the Challenge
As Trusts adopt more systems, vigilance demands multiply. Three risks emerge:
- Governance Overload – committees drown in volume.
- Supplier Fatigue – inconsistent requirements across sites.
- Fragmentation – systems drift apart, with different Trusts at different patch levels.
Mitigations:
- Standardise reporting formats across suppliers.
- Adopt dashboards to consolidate vigilance metrics.
- Create regional/national networks for shared surveillance capacity.
Success Metrics
Boards need to know if vigilance is working. Possible KPIs include:
- Number of hazards closed vs. opened each quarter.
- Time to investigate and close incidents.
- Percentage of updates reviewed through safety processes.
- Detection and correction of model drift within agreed thresholds.
Compliance without measurement is noise.
Strategic Decision Points
Living compliance also informs when to stop:
- When ongoing compliance costs outweigh benefits.
- When incident trends suggest risk is increasing faster than value.
- When safer alternatives exist.
Boards must be prepared to retire systems deliberately, not drift into unsafe obsolescence.
Closing the Series
The first post argued for strong foundations. The second showed how to build safety into practice. The third clarified evidence requirements. The fourth explained the regulatory fork between non-device and Software as a Medical Device (SaMD).
This fifth post delivers the crescendo: deployment is the beginning of accountability, not the end.
Digital health is not made safe by launch ceremonies, but by the continuous, disciplined vigilance that follows. Trusts that embrace living compliance — resourced, measured, and integrated into governance — will be the ones that scale digital safely, sustainably, and credibly.
Summary: Deployment is not the finish line. It is the start of living compliance: shared accountability, continuous vigilance, and governance integration across safety, surveillance, security, and change control. Boards that plan and resource for this reality will build systems that remain safe long after go-live.
Continue the series
Next: Cultural Transformation — six lessons for sustainable NHS transformation.
Read Part 6