Project Overview
A UK digital health charity wanted to build a consumer-facing diabetes self-management app, seeking NHS App Li...
Technology Stack
Compliance & Standards
The Challenge
A UK digital health charity wanted to build a consumer-facing diabetes self-management app, seeking NHS App Library listing and referral from NHS GPs. The app would provide: blood glucose logging, HbA1c trend tracking, medication reminders, and personalised dietary guidance. DTAC all 5 domains, NHS Login integration, UK GDPR Article 9 (health data), ICO Age Appropriate Design Code (some users could be under 18 with Type 1 diabetes), and MHRA medical device classification review were required. Budget: £75,000.
Our Approach
MHRA Classification
- Diabetes management apps sit at the boundary of medical device classification.
- ClickMasters's
MHRA analysis
the app provides personalised dietary guidance based on user-entered health data — potential Class I medical device.
Route
- Intended Purpose Statement drafted to qualify as "general wellness" (not medical device) by excluding diagnostic claims and ensuring all guidance is general health information, not clinical recommendations.
- Documented MHRA classification reasoning filed before development.
NHS Login P5 Integration
- NHS Login P5 (basic identity, email verification) for adult users.
- Under-18 flow: parent/guardian NHS Login account authorises child profile creation.
ICO AADC
- under-18 profiles default to restricted data sharing — no progress data shared with third parties without explicit parental consent.
- NHS Number not stored — NHS Login sub (anonymised identifier) used.
UK GDPR Article 9 Health Data Architecture
- Blood glucose readings, HbA1c trends, and medication data are Article 9 special category health data.
- Explicit consent for each data category (not bundled consent).
Data minimisation
app only stores data the user actively enters — no inferred health data.
Right to portability
complete health data export in JSON and CSV.
Data at rest
AES-256 field-level encryption for all health data fields.
DCB0129
intended purpose explicitly excludes clinical decisions (glucose interpretation is informational, not diagnostic).
Clinical Risk Management Plan
highest hazard identified as incorrect medication reminder (mitigated by double-entry confirmation for medication doses).
Clinical Safety Officer
- a Type 1 diabetes-experienced nurse as CSO.
- Hazard Log signed off before any patient-facing deployment.
The Results
NHS App Library listed at 14 weeks, £68,000 — under budget.
DTAC approved all 5 domains (first submission). 6,200 registered users in first 4 months via NHS GP referral pathway.
ICO AADC audit: zero findings.
UK GDPR Article 9: DPO reviewed architecture and confirmed compliant.
App Store rating: 4.6/5.
NHS England digital team cited app as example of DTAC-compliant consumer health app.
“NHS App Library listed on first submission — something our previous technology partner said would take three attempts. The MHRA classification reasoning saved us from the trap of accidentally building a medical device. 6,200 users via GP referral in four months exceeded our 18-month target." — CEO, UK Digital Health Charity (name withheld)”
Project Details
Related Case Studies
View AllNHS-Connected Mental Health App — DTAC Approved
NHS-Connected Mental Health App — DTAC Approved. A UK mental health technology company needed to build a patient-facing digital therapy support app connected to NHS syst...
Workforce Management SaaS — UK Healthcare Staffing Agency
A UK healthcare staffing agency placing 2,800 NHS-registered nurses, doctors, and allied health professionals ...
NHS Outpatient Referral System — FHIR R4 Integrated
An NHS Foundation Trust needed to replace a 2007 paper-based outpatient referral system. GPs referred patients...
Ready to Transform Your Business?
Let's discuss how our technical expertise can help you achieve remarkable results.