Clinical safety approach

Scope and positioning

Cogent Clinic is a Class I medical device under UK MDR 2002 (registered with the MHRA), manufactured and self-certified by Cogent Clinic Ltd. Its intended purpose is generating draft clinical documentation from clinician-provided content, reviewed, edited, and signed off by the clinician before being retained as a record. The device's classification rationale, including the Rule 11 analysis, is recorded in the manufacturer's technical documentation file, and the DCB0129 alignment described in the rest of this document is independent of the MDR classification and remains in force.

In addition to UK MDR 2002, software that sits in a clinical documentation workflow is within scope for clinical-safety considerations under:

• DCB0129: Clinical Risk Management — the Application of Risk Management to the Manufacture of Health IT Systems (NHS Digital), which applies to Cogent as the manufacturer.
• DCB0160: Clinical Risk Management — the Application of Risk Management to the Deployment and Use of Health IT Systems (NHS Digital), which applies to the deploying organisation (for the current target audience, this is the individual private-practice clinician rather than an NHS organisation), and which while not formally mandated for private-practice deployment carries principles that still apply.

Cogent Clinic is aligned with DCB0129 principles.

1. Intended clinical use: documented and bounded

Cogent Clinic helps clinicians draft:

• Session notes (six modality-specific templates)
• Formulation letters
• Assessment reports
• Case reflections for supervision
• Referral-letter support via the adjust-draft and reference-file features

Each generated document:

• Is marked as an AI draft (amber-bordered review panel) until the clinician explicitly accepts authorship.
• Carries a persistent "review before clinical use" warning until accepted.
• Is the clinician's responsibility as author of record.

The product does not:

• Diagnose
• Recommend specific interventions
• Predict or characterise risk beyond what the clinician has explicitly documented
• Issue clinical decision support

These boundaries are enforced in the system prompt and tested by an automated sensitive-content verification harness, with both re-run before any beta cohort and after any prompt change.

2. Risk-control measures: in place

• Client-side de-identification pipeline for names, NHS numbers, phone numbers, emails, postcodes, NI numbers, dates, URLs.
• Clinician-review gate before any data leaves the browser.
• Round-trip validator flags new high-risk detections and orphan tokens.
• Server-side high-risk pattern scan on every streamed model response; flagged runs don't count toward the usage meter.
• Two-factor authentication required on every account, server-enforced.
• Email verification required before sign-in.
• Per-user daily cost cap + rate limits prevent runaway usage.
• Append-only audit log with hash-chained rows.
• Audit-chain verifier runs nightly, with alerts on any break.
• Incident-response plan with ICO notification workflow.
• Sub-processor register with annual review cadence.
• UK-only residency for everything Cogent stores, with processing, storage, backups, and inference all running inside the United Kingdom.

3. What the deploying clinician should do (DCB0160)

For private-practice use, DCB0160 is not formally mandated but the principles still matter, and clinicians deploying Cogent Clinic in their practice should, as a minimum:

• Record Cogent Clinic in their own processing register.
• Complete a short local safety assessment (a template is available in sub-processors.md).
• Train themselves on the review UX and the de-identification promise.
• Log incidents via the in-app feedback channel or support email.

These steps are good-practice alignment that a DPO reviewing the deployment would expect, rather than formal DCB0160 certification.