cadence HEALTH
| Cadence Health

MHRA Registration for Digital Health Tools: What Prescribers Should Know

A guide to MHRA classification, UKCA marking, and what to look for when choosing digital health tools for your GLP-1 service.

Regulatory Digital Health

If you prescribe GLP-1 medications and use any digital tools to support patient management — whether for remote monitoring, patient communication, or outcome tracking — you should understand the regulatory framework that governs those tools. Not because you need to become a regulatory expert, but because the tools you choose reflect on your clinical governance, and regulators are paying increasing attention to this area.

Software as a medical device

In the UK, the Medicines and Healthcare products Regulatory Agency (MHRA) regulates medical devices, including software. The concept of Software as a Medical Device (SaMD) applies to software that is intended to be used for one or more medical purposes without being part of a physical medical device.

Not all health-related software qualifies as a medical device. A simple appointment booking system or a generic messaging platform would not typically meet the threshold. However, software that processes patient data to inform clinical decisions — such as flagging patients at risk of adverse events, recommending dose adjustments, or generating clinical outcome reports — is likely to be classified as a medical device.

The distinction matters. If a software tool meets the definition of a medical device, it must be registered with the MHRA, carry a UKCA (UK Conformity Assessed) mark, and comply with the relevant regulations. If it should be registered but is not, both the manufacturer and the prescriber using it may face regulatory consequences.

Classification: Class I and Class IIa

Medical devices are classified according to risk. For software, the two most relevant classes are:

  • Class I covers lower-risk devices. Software that provides information to support clinical decisions but does not directly drive diagnosis or treatment may fall into this category. Class I devices can be self-certified by the manufacturer, though they must still meet essential requirements and be registered with the MHRA.
  • Class IIa covers moderate-risk devices. Software that is intended to influence clinical decisions more directly — for example, by providing diagnostic suggestions or treatment recommendations — is typically classified at this level. Class IIa devices require assessment by an approved body (a notified body or UK approved body) before they can be placed on the market.

The classification of a specific software tool depends on its intended purpose, the seriousness of the condition it addresses, and the degree to which clinical decisions rely on its outputs. Manufacturers are responsible for determining the correct classification, but prescribers should be aware of it when evaluating tools for their service.

UKCA marking

Since the UK’s departure from the EU regulatory framework, medical devices placed on the Great Britain market require UKCA marking rather than CE marking. The UKCA mark indicates that a device meets the applicable UK regulatory requirements and has been assessed accordingly.

For prescribers, the presence of a UKCA mark on a digital health tool is a straightforward indicator that the manufacturer has engaged with the regulatory process. Its absence should prompt questions.

DCB0129 and DCB0160: clinical safety standards

Beyond device registration, the UK has specific clinical safety standards for health IT systems. The two most relevant are:

  • DCB0129 — Clinical Risk Management: its Application in the Manufacture of Health IT Systems. This standard requires manufacturers to identify and manage clinical risks associated with their software throughout its lifecycle.
  • DCB0160 — Clinical Risk Management: its Application in the Deployment and Use of Health IT Systems. This standard applies to organisations deploying health IT systems and requires them to assess clinical risks in their specific context of use.

These standards are mandated for NHS systems but represent best practice for any health IT deployment, including private sector services. A manufacturer that has conducted a DCB0129 clinical risk assessment has systematically identified what could go wrong with their software and documented how those risks are managed. This should give prescribers considerably more confidence than a tool that has undergone no such assessment.

Why this matters for prescribers

You might reasonably ask why, as a prescriber, you should concern yourself with your software vendors’ regulatory status. There are several practical reasons:

Liability. If a patient suffers harm and the digital tool you used to manage their care is found to be an unregistered medical device, your clinical governance arrangements will be scrutinised. Demonstrating that you selected appropriately regulated tools is part of your duty of care.

CQC and regulatory inspections. If your service is CQC-registered or subject to other regulatory oversight, inspectors may ask about the digital tools you use and whether they meet appropriate standards. Being able to confirm that your patient management platform is MHRA-registered and clinically safety-assessed is a straightforward way to demonstrate good governance.

Data integrity. Regulated software is subject to requirements around data accuracy, audit trails, and incident reporting. Unregulated tools may not provide the same assurances, which could affect the reliability of your clinical records.

Professional reputation. As the GLP-1 market matures and standards tighten, services that can demonstrate robust clinical governance — including the use of appropriately regulated technology — will be better positioned than those that cannot.

Questions to ask your vendors

When evaluating digital health tools for your GLP-1 service, consider asking:

  1. Is your software registered with the MHRA as a medical device? If so, what class?
  2. Does the product carry a UKCA mark?
  3. Have you completed a DCB0129 clinical risk management assessment?
  4. How do you manage clinical safety incidents?
  5. Where is patient data stored, and how is it protected?
  6. Can you provide documentation of your regulatory status for our governance records?

These are reasonable questions, and any reputable vendor should be able to answer them clearly.

How Cadence approaches regulatory compliance

Cadence Health is registered with the MHRA as a medical device and carries the UKCA mark. The platform has been developed in accordance with DCB0129 clinical risk management standards, with a qualified clinical safety officer overseeing the risk management process.

This regulatory standing is not incidental — it reflects a deliberate decision to build Cadence as a clinical tool that meets the standards prescribers and regulators expect. You can read more about the platform’s approach on the how it works page.

If you are reviewing the digital tools in your GLP-1 service and want to understand how a regulated platform compares to what you are currently using, book a demo and we will be happy to walk you through it.