Executive Summary
The principles for digital technologies help clinicians consider whether use of a digital technology is the most appropriate, effective and least restrictive method of caring for or treating a patient in inpatient mental health settings.
They are founded upon the a human-rights approach and have been created in view of the coproduced Culture of care standards for mental health inpatient services, which describe 12 core commitments to improve the culture of care on inpatient wards.
The 8 principles guide decision-making on procurement, implementation and use of digital technologies in mental health inpatient settings. They also offer practical recommendations on areas including data protection, policy, staff training and recording in patient care and treatment plans.
Definition and scope
We have developed 8 principles to guide decision-making on procurement, implementation and use of digital technologies in mental health inpatient settings, where such technologies are to be used for the care and treatment of mental health needs.
The principles should be applied across all NHS-funded mental health inpatient service types, including those for patients with a learning disability and autistic people, children and young people and older adults; as well as specialised mental health inpatient services, such as mother and baby units and secure services.
Types of technology
Digital technologies included within the scope of this guidance and its principles are:
- those intended to deliver – or support delivery of – direct care and treatment
- those intended to support patient safety
- monitoring tools
- those used to enhance communication with patients and gain feedback
Electronic patient records, e-prescribing and other core information systems, and tools that support administrative tasks and record-keeping are excluded from the scope of this document. However, even where not necessarily in scope, digital communities should still employ these principles where they are relevant.
How do these principles fit within the culture of care standards?
In 2024, NHS England published its Culture of care standards for mental health inpatient services, describing 12 core commitments to improve the culture of care on inpatient wards.
As suggested there (commitment 2, safety), use of digital technology can support inpatient care, giving patients a greater voice and choice in their care, promoting autonomy, enhancing communication, and providing engaging things to do on the ward.
But without critical review and personalised clinical decision making, use of digital technologies can also be detrimental.
Concerns have been raised, both by people with lived experience and healthcare professionals, about the use of video recording and monitoring devices in inpatient settings; while a Restraint Reduction Network/British Institute of Human Rights statement identified that where a digital technology is used for surveillance, it is a form of restriction that may breach a person’s human rights.
Subsequently, NHS England requested a systematic review by the National Institute for Health and Care Research (NIHR) Policy Research Unit in Mental Health which found “the current evidence base does not support the use of surveillance technologies as a means of improving safety, care quality or reducing costs in inpatient mental health settings”.
Appropriate use of digital technology
These principles will help clinicians consider whether use of a digital technology is the most appropriate, effective and least restrictive method of caring for or treating a patient. They have been created in view of the co-produced culture of care standards, mapping across directly to the 12 core commitments there (this alignment is examined fully in appendix 1).
The principles have been shaped by the outcomes of 2 large engagement projects involving the Mental Health Learning Disabilities and Autism Quality Transformation team: National Digital Technologies conference; and a discovery project into inpatient vision-based monitoring systems (delivered in collaboration with the NHS England Digital Mental Health team).
Principles for using digital technologies
Decisions on whether to implement digital technologies should be aligned with the principles in this guidance and the relevant culture of care standards.
Many digital technologies have the potential for multiple uses. At the procurement stage, providers must define what the agreed intended use of a tool is and ensure it abides by all the following principles and culture of care standards. Standard procurement processes should be followed with appropriate due diligence carried out.
Principle 1: Human rights approach
Principle 1: Any use of digital technology will support a human rights approach to care
Any digital technology must be used in accordance with the Human Rights Act (1998). Providers of NHS-commissioned mental health inpatient services, and all staff working in those services have a legal duty to understand the Act and its application, and to respect and protect patients’ human rights. This includes the right to:
- life
- liberty and security
- respect for private and family life (covering privacy, dignity, and autonomy)
- be free from inhuman or degrading treatment (covering intended and unintended serious harm, including treatment which humiliates a person)
A digital technology may be used to protect a patient’s human rights, but at times, when seeking to protect one human right, a provider may potentially interfere with another human right of either that patient or another individual.
The clinical decision-making process to implement a digital technology to support the care and treatment of a patient must demonstrate a careful balancing of rights and this must be clearly documented. It may be necessary to seek expert legal advice in such situations.
Principle 2: Consent and capacity
Principle 2: Any decision to use digital technologies and to collect and store patient data from the use of such technologies must be based on consent from the patient (or a person lawfully acting on their behalf) or be taken following a best interests decision-making process
Any information including facts and statistics related to a person’s health and medical history.
This includes demographic, administrative, and medical data and could be in numerical format, written text, an image, a video recording, or audio recording.
Where a patient has the capacity to consent to the use of digital technology in connection with their care and treatment, consent should always be sought from the patient; and the use of the digital technology should be regularly reviewed with them and, if appropriate, with their families and carers.
This approach should also be taken for children and young people under 16 where the Mental Capacity Act does not apply, but competency should be carefully considered.
Due to the need for personalised decision making, including seeking patient consent, digital technology must never be used as a ‘blanket approach’ to care applied to all patients on a particular ward or in a particular department.
Information about the function and purpose of the digital technology should be shared in a format that is personalised and tailored to the person’s communication needs. Details of how the patient’s data will be collected, stored, and used must also be explained in an accessible way to ensure consent is fully informed.
If the patient is deemed unable to consent as part of a mental capacity assessment, yet the digital technology is considered the most appropriate, effective and proportionate method to provide care and treatment to that patient or maintain a patient’s safety, informed consent should be sought from one of the following:
- someone with parental responsibility
- the holder of a valid and applicable Lasting Power of Attorney in respect of that patient
- a court appointed health and welfare deputy
If there is no individual lawfully able to provide consent on the patient’s behalf, a best interests decision-making process, compliant with the Mental Capacity Act should be followed to take a decision with the patient’s family, carers or advocate as appropriate. The decision-making process and outcome should be clearly recorded in the clinical records.
Where a patient has fluctuating mental capacity, their capacity ‘at the material time’ of the decision should be assessed. Capacity must be reassessed if a patient’s condition changes.
If a patient’s condition changes, such that at a later date they are deemed to have capacity to consent to the use of the digital technology (when previously they did not have capacity), their consent must be sought at that time to continue using the digital technology.
Where a digital technology is being used as part of a patient’s care and treatment plan, this should be clearly recorded and outline the following:
- the specific name of the digital technology
- the reason for the digital technology being used
- an explanation of when and how the digital technology will be used
- a summary of the information that was provided to the patient and/or their family and carers
- the decision-making process that led to the decision to use the digital technology
- an explanation of how the patient’s data, produced by the digital technology, will be used
- a plan for when the use of the digital technology will next be reviewed and what this review will entail
- an explanation of how the patient can withdraw their consent (where the consent of the patient or a person lawfully acting on their behalf has been obtained).
Patients (or those acting on their behalf) must be given a copy of this, as would be standard practice for all care plans.
Principle 3: Equity of access
Principle 3: Patients’ opportunities to access available digital technologies to enhance their care and treatment must be equitable
In settings where digital technologies are available, providers must ensure patients are supported to benefit from digital technologies if there is evidence that it may enhance their care and treatment and support their personalised safety plans.
Providers must safeguard against the discrimination of patients in relation to their protected characteristics when considering the use of or deciding to use any digital technology.
An equality and health inequalities impact assessment (EHIA) should be undertaken before procurement of the digital technology before it is used and regularly reviewed to uphold this principle.
A tool to assess the impact of an emerging policy, practice, or programme of work on the population it will serve.
It helps to identify issues of inequality in systems, practices, and processes, which should be considered during development.
Principle 4: Co-production
Principle 4: Co-production must occur at procurement, testing, implementation and evaluation of all digital technologies
An ongoing partnership and collaboration between people who design, deliver and commission services and people who need and use the services.
For this guidance, this would be patients who have experience of inpatient mental health services.
Providers are responsible for ensuring co-production has occurred with people who have lived experience of being a patient in an inpatient mental health setting.
Wherever possible, the people involved should represent the people who use the service. For example, if the service is for children and young people then children and young people should be given the opportunity to be involved in all areas of co-production.
Additionally, this must include people with varying views, backgrounds, and characteristics. Further information about co-production can be found in the culture of care standards.
Co-production during the design and development stages of a digital technology may be outside of the control of a provider. However, wherever possible providers should gain assurances from the supplier that co-production has occurred and should only use suppliers which can evidence this.
Principle 5: Therapeutic and personalised care
Principle 5: Digital technologies for care, treatment and safety must enable inpatient settings to provide therapeutic and personalised care as set out in the culture of care standards
Providers should support staff to protect and prioritise therapeutic relationships and meaningful engagement with patients to aid their recovery and improve outcomes.
Digital technologies that are implemented specifically to reduce the time staff spend with patients, and those that may negatively impact the therapeutic relationship, should not be used.
When making decisions on introducing digital technologies to a patient’s individual care and treatment plan, consider how the digital technologies will enhance the ability to build therapeutic relationships.
Digital technologies for care, treatment and safety should never be used as a ‘solution’ to low staffing numbers in terms of reducing the need for staff to spend time with patients and should always be of clear benefit to the patient being cared for.
Digital technologies that support staff to spend more time with patients through ‘releasing time to care’ can be useful; careful attention should be paid in testing whether time is freed up by the implementation of a digital technology; and, crucially, whether that time is then used to enable staff to spend more meaningful time with patients.
A concept that addresses the need for healthcare staff to spend more time on direct patient care.
It represents an aspiration to free healthcare professionals from time-consuming administrative tasks and inefficiencies that hinder direct patient care.
Principle 6: Safety planning
Principle 6: Safety planning for patients must always be personalised and co-produced; digital technologies must only be used to help manage safety risks if deemed to be proportionate to the need
A structured and proactive way to help people plan a range of activities and sources of support they can use at the right time to help them prevent or manage a developing crisis.
This should be part of a patient’s overall care, crisis, and contingency planning.
Personal safety planning and management must focus on the patient’s needs and how to support their immediate and long-term psychological and physical safety.
The culture of care standards promote a relational approach to safety; getting to know the patient, building rapport and a therapeutic relationship are key to helping people be and feel safe.
If digital technologies are assessed to be a proportionate and appropriate method to help manage personal safety risks for patients, then they must be used alongside relational care approaches and an approach which fosters therapeutic relationships.
Care that prioritises interpersonal relationships grounded in values such as respect, trust, humility, compassion, and shared humanity.
It involves personalised and holistic care, addressing power imbalances, and promoting effective collaboration between staff, patients, and their social networks.
Relational care can be practised at individual, group, organisational or systemic levels.
Principle 7: Evidence base
Principle 7: Providers must adopt a process for assessing the evidence base of any digital technology prior to procurement and implementation, and must be able to demonstrate how the evidence base was taken into account in any decision made to procure and implement the technology
Providers should adopt a robust process for critically considering and assessing the evidence base specific to the type of service or ward, prior to purchase and implementation of any digital technology (see the procurement section below).
If the provider finds there is only minimal evidence in support of a digital technology that is high quality, large scale and unbiased, but on assessing this evidence, the provider still wishes to proceed with procurement, it is recommended they do this with caution.
In such circumstances, providers should trial and independently evaluate the digital technology before full-scale rollout
Where a decision is made to procure and implement digital technologies, providers should keep a clear record of the evidence base and how this was considered in making the decision to procure and implement.
Principle 8: Treatment outcomes
Principle 8: Providers must have a process of regularly measuring the impact and benefit of the use of any digital technology on patients’ care and treatment outcomes
Providers must have quantifiable methods for measuring the impact and benefit of the use of any digital technology on the care and treatment outcomes and patient experience of using a digital technology.
Outcomes should be reviewed in relation to a patient’s protected characteristics, with consideration given to the outcomes for patients who have experienced previous trauma and those experiencing paranoia, as the impact of using a digital technology may be more significant.
This information must be made available to the multidisciplinary teams reviewing the suitability of the digital technology for the patient and it must support clinical decision making regarding further use of the digital technology.
Patient experience and views, and those of families and carers as appropriate, should be actively sought as part of this process, and co-production in reviewing the outputs is critical.
Further guidance for the use of digital technologies
Surveillance
Guidance on the use of digital technologies for surveillance can be found on the websites of the Information Commissioner’s Office and the Care Quality Commission (CQC).
Procurement
Providers must have a clear process for procuring any digital technology. Before procurement, providers must ensure:
- all procurement activity is in line with relevant legal procurement legislation
- they refer to their local procurement policies and standard financial instructions
- the digital product is compliant with the Digital technology Assessment Criteria
- this should be completed by the supplier and reviewed by the provider
- that an internal critical review of the evidence base for the digital technology has been performed, in accordance with principle 7
- it is recommended that the NICE Evidence standards framework for digital health technologies is used as part of this process
- that an equality and health impact assessment has been completed, and any risks carefully considered with clear mitigations in place
- that they define and describe the proposed inpatient setting (ward type/service) in which the digital technology is to be used
- if the provider wishes to change where the digital technology is used or expand the area after procurement, they must repeat the assessment and review processes above for the new setting
A set of criteria for organisations to use when introducing new digital health technology.
They ensure any digital technology used meets national minimum standards on clinical safety, data protection, technical security, interoperability, usability, and accessibility.
A balanced assessment and evaluation of the strengths and weaknesses of an item or text to determine its value and suitability.
It includes the review of documents, including research papers and reports.
Data protection
Providers must take into account and comply with the provisions of the Data Protection Act 2018 and UK GDPR in implementing a digital technology and in the use and storage of any personal identifiable data produced by a digital technology.
Any organisation considering using a new digital technology must include their information governance team as part of the procurement and implementation process.
Providers must complete all appropriate and necessary activities as part of the procurement and implementation processes to ensure compliance with the Data Protection Act 2018 and UK GDPR.
Where necessary, this includes
- a data protection impact assessment
- data sharing agreement(s)
- the development of, or revisions, to privacy notices and patient information documents on the use of a digital technology and the use and storage of data produced by a digital technology
A process designed to help systematically analyse, identify, and minimise the data protection risks of a project or plan.
It helps identify and mitigate potential data protection risks to an acceptable level before using or sharing (processing) data that identifies individuals (personal data).
Providers must also ensure that their implementation of digital technologies is reflected in their use of the NHS Data Security and Protection Toolkit.
Personal data gathered from use of a digital technology should not be used for any purpose other than the care and treatment of the patient identified – unless the patient, or an individual lawfully acting on their behalf, has given informed consent for an alternative use or there is another lawful basis to enable the data to be used for other purposes. For example, for the purposes of law enforcement or by order of a court.
Patients and those acting lawfully on their behalf should be provided with appropriate information on the use and storage of such personal data and on the patient’s rights with regards to the data.
It is the provider’s responsibility to ensure compliance with the above requirements in the procurement and implementation of digital technologies. It is recommended that providers obtain suitable written assurances from the suppliers, as appropriate, to ensure that the requirements are met.
Policy
Before implementing a digital technology, providers must ensure they have a policy and standard operating procedures in place specific to that product (whether an individual policy or forming part of a more general policy on digital technologies used by the provider).
The policy should be developed in line with current best practice, which includes co-production and, as a minimum, must include information on:
- scope of the digital technology and the evidence base of the product for the care and treatment of mental health needs
- guidance and principles of use
- patient consent and mental capacity
- data protection
- safeguarding
- staff training and competency
- frequency of policy review
- contingency plan should the use of the digital technology need to be withdrawn
All staff must be familiar with the policy and its application.
Staff training
All staff should be appropriately trained in the use of any implemented digital technology, and in the human rights and ethical considerations of its implementation.
Staff should receive training when they start using the digital technology and they should participate in regular refresher training.
As a minimum, training should cover the matters set out in the policy referred to above. This includes bank and agency staff.
Ensuring use of digital technologies is lawful
The most likely way in which use of digital technologies in inpatient mental health settings can be found to be unlawful is because of a breach of data protection laws, or a breach of human rights.
Using digital technologies in inpatient mental health settings could also lead to breaches of other legislation, such as the Mental Health Act 1983 or the Mental Capacity Act 2005, or breaches of the standards regulated by the CQC, but only in the same way that the provision of any mental health care services could breach such legislation or standards.
In implementing digital technologies, providers must ensure that they comply with the provisions of the Data Protection Act 2018 and UK GDPR, and with the Human Rights Act 1998.
This includes ensuring that the use of the digital technology does not breach a patient’s rights to life, liberty and security, respect for private and family life, and to be free from inhuman or degrading treatment; unless the act is a lawful interference with a person’s human rights when balancing the protection of rights – for example, when seeking to protect one human right, a provider may potentially interfere with another human right.
It also includes the provider ensuring that they have a lawful basis to implement the technology, such as the consent of the patient or an individual lawfully acting on their behalf or, where the patient lacks capacity to consent, that the use of the digital technology is in the patient’s best interests to protect them or to ensure appropriate care and treatment is provided.
Providers must also ensure that they comply with the provisions of the Data Protection Act 2018 and UK GDPR when collating data from and about the patient through use of the technology and when using and storing that data for the purposes of the care and treatment of that patient or for other purposes.
A failure to ensure that these requirements are being met may make the use of digital technologies in inpatient mental health settings unlawful and their use may be challenged by the patient or others.
The implementation and use of digital technologies therefore requires case-by-case assessment and consideration as to whether a particular digital technology is appropriate and lawful for a particular patient.
This means that using a digital technology as a ‘blanket approach’ to care, applied to all patients on a particular ward or in a particular department, has the potential to be unlawful.
Appendix 1: Application of culture of care standards to the principles for digital technologies
The table below lists the 8 principles described in this guidance and shows which commitments from the culture of care standards each principle aligns with.
Digital technology principle | Culture of care core commitments |
|---|---|
|
Principle 1: Human rights approach |
2. Safety 5. Equality 6. Avoiding harm 8. Choice |
|
Principle 2: Consent and capacity |
8. Choice |
|
Principle 3: Equity of access |
5. Equality 9. Environment |
|
Principle 4: Co-production |
1. Lived experience |
|
Principle 5: Therapeutic and personalised care |
3. Relationships |
|
Principle 6: Safety planning |
2. Safety 3. Relationships 6. Avoiding harm |
|
Principle 7: Evidence base |
n/a |
|
Principle 8: Treatment outcomes |
n/a |
Appendix 2: Note on language
Throughout this guidance, digital technologies designed for the care and treatment of mental health needs in inpatient mental health settings have been referred to as ‘digital technologies’.
People being cared for in inpatient mental health services are referred to as ‘patients’, to differentiate from staff and visitors.
Trust boards, management teams and other relevant decision-makers in inpatient mental health services are referred to as ‘providers’.
Publication reference: PRN01510