Menu

Back to blog

Friday 13 June 2025

Anima - Full Compliance with NHS England AVT Requirements

Anima - Full Compliance with NHS England AVT Requirements

Executive Summary:

Anima confirms full compliance with all NHS England regulatory requirements for Ambient Voice Technology (AVT) as outlined in the 9th June 2025 NHS England Priority Notification. We are pleased to report that we not only meet but exceed expectations across all areas, including safety, security, and proven clinical value; ensuring Anima’s AVT is safe, effective, and ready for use across NHS primary care.

This letter outlines our compliance across each mandated requirement.

1. Core Platform Assurance Requirements

NHS Requirement: "Digital Technology Assessment Criteria (DTAC), Data Security and Protection Toolkit (DSPT), Cyber Essentials Plus, CREST-approved pen testing"

Anima Compliance:

Anima is fully DTAC approved. We have achieved “Standards Met” status in the DSPT (ODS: R3U6M). We are Cyber Essentials Certified, with Cyber Essentials Plus certification in progress. Note: According to the Cyber Essentials website, this is the same level of certification as both other AVT providers such as Tortus and Heidi. Recent CREST-accredited penetration testing returned zero vulnerabilities, and we use end-to-end encryption by default.

NHS Requirement: "Data Protection Requirements as set by ICO - Local ICB / Trust governance approval including DPIA completion"

Anima Compliance:

Anima ensure we comply with ICB approvals across deployments, and maintains an up-to-date DPIA aligned with NHS DSPT, DCB0129, and ICO guidance. Our DPIA outlines data flows, access controls, and audit mechanisms, reviewed with NHS partners prior to go-live.

NHS Requirement: "Clinical Safety Officer(s) named and accountable"

Anima Compliance:

Our in-house Clinical Safety Team, including our Clinical Safety Officer, oversees all aspects of safety governance. We conduct regular reviews, incident reporting, and risk assessments aligned with DCB0129 (and DCB0160) standards.

NHS Requirement: "End-to-end encryption and GDPR compliance"

Anima Compliance:

All data is protected with AES-256 encryption at rest and TLS 1.2+ in transit and our data centres are hosted in the UK. We are fully GDPR compliant and committed to sovereign data handling. Internally, we enforce multi-factor authentication (MFA) and single sign-on (SSO) with role-based access control (RBAC).

NHS Requirement: "No unsafe functionality e.g. prompt injection access"

Anima Compliance:

Our system enforces structured, clinically validated workflows with no raw prompt entry, no direct chat interface, and no generative model misuse risk. Multiple guardrails prevent prompt injection or adversarial manipulation, aligning with DCB0129 safety standards.

NHS Requirement: "Appropriate NHS clinical system integration (API or FHIR/HL7 compliance and write-back capability)"

Anima Compliance:

Anima provides full native integration with EMIS and SystmOne/TPP at the deepest level, with write-back functionality in line with NHS API and FHIR standards. Our integrations are validated in live practice environments in partnership with NHS IT teams.

NHS Requirement: "The responsibility for translation accuracy remains with the AVT supplier"

Anima Compliance: 

Anima does not offer translation services for its ambient scribe specifically and operates exclusively in English. We therefore retain full responsibility for transcription accuracy, mitigating translation-related clinical risks.

2. Enhanced Requirements

NHS Requirement: "Medical Device Classification – All AVT solutions that undertake summarisation require, at least, MHRA Class 1 medical device status..."

Anima Compliance:

Anima AVT is registered as an MHRA Class 1 medical device, and we are currently pursuing Class 2a registration..

NHS Requirement: "Data Protection – Safeguarding Patient Information is paramount..."

Anima Compliance:

We retain no audio, per practice preference, and adhere to strict data minimisation principles.All patient session data is handled in compliance with UK GDPR and DPA 2018. Encryption, redaction, and access controls are embedded across our architecture.

NHS Requirement: "System integration – Ensure appropriate integration with your IT infrastructure..."

Anima Compliance:

We support full integration into NHS digital infrastructure via secure API and write-back mechanisms, developed in partnership with NHS IT teams and validated in live practice settings.

3. Clinical and Operational Benefits Thresholds

NHS Requirement: "Evidence of real-world clinical validation of benefits in the NHS care setting..."

Anima Compliance:

Our AVT is in use across live NHS practices such as Cliff House Medical Practice and has consistently shown 1+ hour of clinical time saved per day. We’ve seen increased face-to-face care time, faster documentation, and clinician-reported improvements in wellbeing and job satisfaction.

NHS Requirement: "Clear economic justification and workforce impact"

Anima Compliance:

Early pilot data at Cliff House Medical Practice as well as multiple other sites has consistently shown 1+ hour of clinical time saved per day. We also have an upcoming pilot with OneCare.

Practices report reduced admin burden, fewer out-of-hours documentation tasks, and improved clinical capacity.

Commitment to Ongoing Compliance

We are aligned with NHS England’s strategic vision for AVT and continue to engage with ICBs, clinicians, and IT teams to maintain our high standards. Our governance framework ensures we stay ahead of evolving NHS policy and regulatory requirements.

Should you require additional documentation or wish to discuss how Anima AVT can support your team, please contact us directly, and we’ll be happy to help.

Yours sincerely,
Dr Shun Pang
CEO and Co-founder
Anima