Clinical Safety & Regulatory Information

Time2OwnIt

Last updated: December 2025

Next review: December 2026

Time2OwnIt is developed and operated by Own Health Innovations Ltd.

We are committed to delivering digital health innovation that is safe, transparent, lawful, and aligned with NHS expectations.

This page summarises our clinical safety, regulatory governance, information governance, and cybersecurity approach for the public website and future digital services.

1. Commitment to Safe and Responsible Digital Health

Time2OwnIt is designed in line with:

  • UK GDPR and the Data Protection Act 2018
  • NHS Data Security & Protection Toolkit (DSPT) expectations
  • NHS Digital clinical-safety standards, including DCB0129
  • Recognised UK information-governance and cybersecurity good practice

We maintain a full suite of public-facing governance documentation, including:

  • Privacy Policy and Transparency information
  • Cookie Policy
  • Security Overview
  • Data-retention information
  • Clinical-safety documentation and governance controls

These measures support safe, ethical, and accountable digital health development.

2. Clinical Safety Management System (DCB0129)

Own Health Innovations Ltd has implemented a Clinical Safety Management System aligned with NHS DCB0129.

This includes:

  • Clinical Safety Management Plan
  • Clinical Safety Case
  • Hazard Log and risk-management processes
  • Defined safety governance and review procedures
  • Oversight by an appointed Clinical Safety Officer (CSO)

Clinical risks are identified, assessed, mitigated, and monitored throughout development and release.

3. Information Governance and Accountability

Our governance framework includes clearly defined roles and responsibilities:

  • Senior Information Risk Owner (SIRO)
  • Data Protection Officer (external)
  • Information Governance leadership and support
  • Structured risk-management and accountability processes

We apply the core information-governance principles of:

  • Confidentiality
  • Integrity
  • Availability
  • Transparency
  • Accountability

4. Data Protection and ICO Registration

Own Health Innovations Ltd is registered with the Information Commissioner's Office (ICO) as a data controller and complies with:

  • UK GDPR
  • Data Protection Act 2018
  • ICO regulatory requirements
  • NHS DSPT data-security expectations

Our ICO registration covers website data, consent records, security logs, and future digital-service processing where applicable.

5. Cybersecurity and Technical Safeguards

We apply proportionate technical and organisational security controls, including:

Technical Safeguards

  • Encryption in transit and at rest
  • Secure hosting infrastructure
  • Role-based access control
  • Multi-factor authentication
  • Backup and business-continuity protection

Organisational Safeguards

  • Cybersecurity policy framework
  • Annual staff information-governance training
  • Incident-response procedures
  • Third-party assurance and risk checks

Security governance is overseen by IG and risk-management leadership.

6. Data Security and Protection Toolkit (DSPT)

Own Health Innovations Ltd complies with the NHS Data Security & Protection Toolkit, ensuring:

  • Lawful and secure handling of personal data
  • Proportionate technical and organisational safeguards
  • Annual staff training in information governance and cybersecurity
  • Ongoing risk assessment and improvement
  • Publication of DSPT assessments

7. Current Scope of Public Website

At present:

  • The Time2OwnIt mobile application and personalised risk-assessment services are not yet live
  • The public website does not process health or medical data
  • Any future health-data processing will require:
    • Explicit user consent
    • Dedicated privacy notices and legal terms
    • Completion of appropriate regulatory and clinical-safety readiness

This ensures safe, staged development aligned with NHS expectations.

8. User Safety and Medical Disclaimer

Time2OwnIt:

  • Provides health awareness and educational information only
  • Does not provide medical diagnosis, treatment, or clinical decision-making
  • Does not replace consultation with a qualified healthcare professional

Users should always seek professional medical advice regarding any health concern.

These safeguards form part of our broader clinical-risk-management approach.

9. Transparency and Ongoing Governance

We are committed to:

  • Transparent communication about data use and safety
  • Continuous improvement of governance and cybersecurity
  • Alignment with evolving NHS and regulatory expectations
  • Updating public documentation as services develop

All governance documentation is reviewed at least annually or sooner if required.

10. Contact and Governance Queries

For questions regarding clinical safety, data protection, or governance:

Email: [email protected]

Organisation: Own Health Innovations Ltd (Time2OwnIt)

For more information about our practices, please see our Privacy Policy, Terms of Use, and Cookie Policy.