Clinical Safety Case
A summary of Formulate's clinical safety case report per NHS standard DCB0129.
About DCB0129
DCB0129 is the NHS information standard for the clinical risk management of health IT systems. It requires manufacturers to identify potential hazards, assess their severity and likelihood, implement mitigations, and maintain an ongoing safety case throughout the product lifecycle. This page summarises the key elements of Formulate's clinical safety case. The full report is available on request.
Scope
Product: Formulate is a web-based platform providing CBT worksheets, formulation templates, homework assignment, and outcome measurement tools for therapists.
Users: Qualified and trainee therapists (CBT practitioners, clinical psychologists, counselling psychologists, IAPT practitioners) working with adult clients in NHS, private practice, and training settings.
Clinical context: The platform supports therapeutic practice but does not provide clinical advice, make diagnoses, or recommend treatments. All clinical decisions remain with the therapist.
Hazard Log
Identified hazards, risk ratings, and mitigations. Severity and likelihood rated 1–5 (1 = negligible/rare, 5 = catastrophic/certain).
| ID | Hazard | Sev. | Lik. | Risk | Mitigations | Residual |
|---|---|---|---|---|---|---|
| H01 | Incorrect outcome measure scoring leads to missed clinical deterioration | 4 | 1 | 4 | Scoring algorithms validated against published manuals. Automated deterioration alerting when PHQ-9 ≥ 20 or GAD-7 ≥ 15. Reliable change detection flags worsening trends. Dashboard attention items surface high-priority clinical signals. | Low |
| H02 | AI-generated worksheet content contains clinical inaccuracies or harmful guidance | 4 | 2 | 8 | AI-generated worksheets are flagged as such and marked for therapist review. System prompts enforce CBT model fidelity and prohibit diagnostic or risk-related content. Therapists must review and approve generated content before assignment. All curated content is clinician-authored. | Low |
| H03 | Client accesses another client’s therapeutic data | 5 | 1 | 5 | Row-level security (RLS) enforced at the PostgreSQL database level. Every query is scoped to the authenticated therapist. Client homework access uses unique cryptographic tokens — each token maps to exactly one assignment. No client-to-client access path exists in the data model. | Very low |
| H04 | Homework link expiry causes loss of in-progress client responses | 3 | 2 | 6 | Responses are auto-saved on every field change, not just on submission. Expiry prevents new edits but does not delete saved data. Therapists can view all responses (including partial) regardless of assignment status. Links default to 7-day expiry with therapist-configurable due dates. | Low |
| H05 | Personally identifiable information (PII) is leaked through AI processing | 4 | 1 | 4 | PII stripping pipeline detects and replaces email addresses, phone numbers, NHS numbers, postcodes, and names with safe placeholders before any text is sent to the AI provider. Client records use pseudonymous labels, not real names. AI provider (Anthropic) contractually prohibited from training on submitted data. | Very low |
| H06 | Therapist relies solely on automated alerts without applying clinical judgement | 3 | 2 | 6 | All automated signals (deterioration alerts, attention items, outcome trends) are presented as clinical decision support, not diagnostic conclusions. Interface copy explicitly states that alerts supplement, not replace, clinical judgement. The platform does not make treatment recommendations or risk assessments. | Low |
Clinical Safety Officer
Tarun Vermani — Founder & Clinical Director
Tarun is a Trainee Clinical Psychologist on the UCL Doctorate in Clinical Psychology (DClinPsy), following the Clinical Academic pathway. He is responsible for maintaining the clinical safety case, reviewing identified hazards, and ensuring mitigations remain effective as the product evolves.
Safety concerns can be reported to hello@formulatetools.co.uk and will be triaged within one working day.
Related compliance documentation