Skip to main content

BETA This is a new service - your feedback (opens in a new tab) will help us to improve it.

Using an AI Chatbot to ease staff shortages and improve patient care

Faced with growing demand and limited resources, the mental health team of an NHS trust identified a critical issue within their talking-therapy service.

Published at 13 March 2024 by AI and Digital Regulations Service for health and social care

Adopters Chatbots


Faced with growing demand and limited resources, the mental health team of an NHS trust identified a critical issue within their talking therapy service. Staff shortages and an overwhelming number of referrals were hindering the team's ability to provide timely and effective initial assessments. To address this challenge, the team explored the adoption of an AI chatbot to support their service.

This case study describes how the team decided an AI chatbot was the right solution to their problem. It details the ‘digital-assurance process’ the trust came up with to demonstrate regulatory compliance and make sure the technology would work with their IT infrastructure. The Project Manager responsible for implementing the AI chatbot in the mental health department explains how the trust ensures ‘digital compliance’ before adopting new technologies.

Please note that other NHS trusts may follow their own processes and steps. This case study explains the process in this particular trust only.

The problem

The team did not have enough staff to meet the demand for talking therapy services, compounded by a high volume of referrals:


“We've got a particular issue in our talking therapies team where we don't have sufficient staff to fulfil the need. And what we were finding was that a lot of the initial appointments, the initial discussions that our clinicians were having with patients, was just fact-finding to begin with.”

The team decided a solution was needed that would optimise the fact-finding phase, so more time and focus could be spent on clinical assessment and eventually providing care.

The solution

The team were looking for a solution that would gather preliminary information from patients before their first appointments. This would free up time for the team to assess and provide care for patients. They spoke with neighbouring NHS trusts who had successfully implemented chatbots for similar purposes, showcasing the potential for improving workflow and patient outcomes. The chatbot gathers information about a patient before they start talking therapy. This helps the clinician decide which talking therapy would suit the patient best. The chatbot helps speed up the administration process but it does not make any clinical decisions.


“Our staff asked around for a solution, and they came across other trusts that had implemented chatbots that asked a lot of the questions, where those questions were structured depending on the answers that were given, that teased out a lot of what our staff would be asking at the first appointment. So, the thought was if we implemented something like that, we would be further along the journey when our clinicians actually started speaking to the patients.”

The team continued consulting with other trusts that had already implemented similar technologies, to gather insights about a chatbot’s impact on their workloads. After identifying a chatbot that the team thought could work, the Project Manager engaged with the developer to ask for evidence of the chatbot’s efficacy. The Project Manager independently reviewed this. This initial evidence was crucial for starting the internal assurance process and making sure the chatbot complied with relevant regulations.

Assessing digital assurance

The trust initiated a ‘digital-assurance process’ to make sure any new technology being considered for adoption met high standards of security, appropriateness and compliance with standards and regulations. The Project Manager works in the Digital Service Team and leads this process. Below are the key steps his department follows to assess a digital technology they are looking to adopt:

Initial assessment. Firstly, a request form is submitted by the clinician or department that is looking to adopt the new digital technology. This request is sent to the Digital Service Team who lead an initial assessment of whether the requested technology is secure, appropriate and compliant with the necessary approvals.

Part of this process is to check whether the technology being requested is something the trust already has, or some functionality that’s already in use in some other solution:


“What we've found is that with the requests for technology in the NHS, we found that there's an awful lot of it already going on in our trust that we did not know about. So when we ask for things, when we start digging, asking questions, we find people have already got it and have had it for years”

Questionnaires. The Project Manager sends a questionnaire to those requesting the technology. This asks what the adopter’s needs are, why they want the technology, how they will use it, and asks for a justification as to why this technology would be a solution to the problem they’re trying to solve. The Digital Service Team assess the adopter’s answers and, if they are deemed to be sufficient, they move on to the next step.

A questionnaire is then sent to the developer of the technology being requested. This asks for further details about the background of the technology, its usage, technology details around cyber security, and whether the technology complies with various standards. This gives the Project Manager a good understanding of the digital maturity of the technology.

Requesting further details from the developers. If the developer has not provided the information or documents required for the Project Manager to assess the technology, then they will request this further information at this stage. Examples might include a completed DTAC form, medical device certification (if applicable), or the manufacturer’s clinical risk management standard.

Reviewing the Digital Technology Assessment Checklist (DTAC). The Project Manager told us that the DTAC is a document they heavily rely on to assess the technology. Developers are asked about the completion of the DTAC form in the initial review stage to demonstrate whether the technology meets the required standards.

See our guidance on understanding the evidence for a technology for more information about the DTAC.

Being clear about medical device status. The Project Manager explained the importance of understanding whether the technology is a medical device. It’s not always straightforward during initial assessment, and the developers will have their own perspective. The Project Manager told us it’s important his trust seeks clarity, independently, when there is any ambiguity about the medical device status. He does not to shy away from asking developers tough questions. The adopting organisation will always require proof of compliance or seek clarity on whether a technology is a medical device and registered with the MHRA before it is adopted within the NHS:


“There’s huge amount of crossover in all of the things we ask developers for, but when we ask those questions, we get a very quick idea about how digitally mature the developer’s organisation is, and whether they’re invested in engaging with the NHS. If they have no idea what these things are, or if we've forwarded the supplier the blank template for the DTAC form and they don’t want to fill it in, then we won’t be interested in adopting that product at all.”

See our guidance on thinking about whether a medical device will meet your needs for more on what to ask developers when considering adopting a medical device.

Data Protection arrangements. This includes checking whether the developer would be considered a data controller and, if so, checking they are registered with the ICO as a data controller.

Reviewing the developer’s Cyber Essentials certification. If the developer provides a certificate from a company that say’s its registered with the National Cyber Security Centre, the Project Manager checks this to make sure the certification corresponds to the technology, whether this is an app or device or another type of digital technology.

Asking the developer for its roadmap of minor and major updates. Updates may change the status of a medical device. So, adopters should be aware of these changes and know in advance what steps should be taken to allow the developer to maintain compliance with UK medical device regulations:


“A good developer will have (if it's appropriate for that product), a manufacturer's clinical safety case, a hazard log, all of those sorts of things. Within their DTAC form, they will have evidence of robust penetration testing. And if it's a medical device, they will be very clear as to what category of medical device it is. And with all the certifications and the approvals for that being a medical device.”

The final approval process. The Project Manager asks the adopting team in the trust to do a Data Protection Impact Assessment (DPIA). He explains that the DPIA should be appropriately scoped and signed off by the relevant person in that department.

When the Digital Service Team are satisfied they have received all the necessary information and documentation, they assess whether it demonstrates digital assurance for the proposed technology. The Digital Senior Management Team and the Digital Group meet to review the Digital Service Team’s assessment.

The Digital Senior Management Team and the Digital Group have the final say about whether the technology has been appropriately reviewed and whether the trust can adopt it.


This case study highlights the importance of a thorough digital-assurance process when adopting new technologies within an NHS trust. The Project Manager at this trust hopes that sharing their experiences will help other adopters with their digital compliance.

Is this article useful?

How can we improve this piece?

Error:Select how we can improve this piece

Thank you for your feedback!

To share additional insights about this page, please use the following link (opens in a new tab) to submit your observations.

Print case study (opens a PDF in a new tab)

Regulations are regularly updated. For the latest information, check the website as printed documents may be outdated.

Subscribe to new content

Receive notifications about updates to guidance, case studies and blogs.