Wiggly-Amps Ltd

Engage Touch

Engage Touch allows patients to check-in for appointments upon arrival at the surgery, avoiding queues at reception. As Engage Touch is integrated with all main clinical systems, patients can update their details (including QOF data) via Engage Touch meaning that time spent on regular administrative tasks is reduced.


  • Integration with EMIS, TPP and Vision
  • Hosted on an assured cloud platform with N3 connectivity
  • IG Toolkit level 2 with 97% pass rate
  • Web based service
  • Confirmation of patient demographics
  • Prompts eligible patients to book into a 'flu vaccination clinic
  • Multiple language support
  • Automatically prompt patients to complete the Friends and Family Test
  • Integrates with compatible BP monitors and weighing scales
  • Assured by NHS Digital as a Lot #2 GPSoC service


  • Generate QoF points, thus increasing practice income
  • Reduce administrative time confirming demographics or smoking status
  • Ideal for CCGs, especially with a mixed clinical system estate
  • Reduce queues at reception
  • Patient QoF information is automatically updated on the clinical system
  • Flu jab reminders improves public health and genereates practice income
  • Easily submit Friends and Family Test answers
  • BP and weight readings are automatically entered into clinical record
  • Automated notification if a patient presents with elevated BP reading


£249 per device per year

Service documents

G-Cloud 9


Wiggly-Amps Ltd

Michael Wong



Service scope

Service scope
Software add-on or extension Yes
What software services is the service an extension to Engage Touch further enhances the patient check in experience for the Principal Clinical Systems in use at GP surgeries.
Cloud deployment model Public cloud
Service constraints Service is delivered via a web based platform and available on desktop, tablet and mobile.
Platforms defined in Systems Requirements
System requirements Internet connected browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Wiggly-Amps operates a service desk from the hours of 0800 to 1700, Monday to Friday, with out of hours assistance via an on-call rota. During office hours, we provide direct telephone support with no automated answering systems. There is also a support e-mail box that is monitored throughout the day and responded to continually. Out of hours, there is a telephone message directing users with an urgent issue to e-mail a dedicated mailbox that is monitored according to a rota.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Wiggly-Amps operates a service desk from the hours of 0800 to 1700, with out of hours assistance via an on-call rota. During normal hours, we provide direct telephone support with no automated answering systems. There is also a support e-mail box that is monitored throughout the day and responded to continually. Out of hours, there is a telephone message directing users with an urgent issue to e-mail a dedicated mailbox that is monitored according to a rota.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Online training, remote support and help documentation is available for the Engage Touch service.
Onsite training is available at additional cost.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction No data is stored, save for system logs.
As such at contract end, there is no data to be extracted and exported to buyers.
End-of-contract process There is no additional cost incurred at termination of the contract.
At contract end, customer management system is updated to reflect contract end and buyer user licence is set to expire.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Opera
Application to install Yes
Compatible operating systems Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service None
Accessibility standards None or don’t know
Description of accessibility The interface for Engage Touch is through a touch screen enabled device using simple, accessible menu dialogues. There is limited scope for the use of screen readers and other technologies in the deployment scenarios.
Accessibility testing We are currently engaging with the Royal National Institute of the Blind and the Patient Online Stakeholder - Accessibility Group from NHS England
Customisation available Yes
Description of customisation Users can customers can customise most aspects of the Engage Touch service.
Including the following
Date of birth entry preference
Smoking status questionnaire - answers are Read coded to the patient's medical record
Carer status questionnaire - answers are Read coded to the patient's medical record
Flu jab reminder
Customisation of arrival message for patients, doctors and practice
Friends and Family Test
Confirmation of patient demographics
Notification if session is running late
Assigning staff to (multiple) waiting rooms


Independence of resources The Engage Touch service is an extension of the Principal Clinical Systems used at GP surgeries. Therefore, overall capacity demand and usage is ultimately dependent upon the resources of the Clinical System suppliers. However, these systems are in usage across the UK and service the requirements of over 65 million patients and over 7000 GP surgeries. The availability of these systems has been mandated and assured by NHS Digital.


Service usage metrics Yes
Metrics types Service usage metrics are stored in system logs.
This includes the following
Date and time that a patient checks in
Date of birth of patient
Gender of patients
API wait time (time take for API to respond)
Whether there is a patient with matching demographics
Whether patient was successfully checked in
Reporting types Real-time dashboards


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest Other
Other data at rest protection approach No data held at rest
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach No data is stored, save for system logs.
As such, there is no data to be extracted and exported to buyers.
Data export formats Other
Other data export formats No data is stored, save for system logs.
Data import formats Other
Other data import formats There is no requirement to upload data

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability There is no specific Service Level Agreements offered within the current service agreement due to the high dependence on 3rd party network configurations. Notwithstanding this, most issues of a local nature are resolved within the duration of the call.
Approach to resilience Our service is deployed on a High Availability platform, designed to eliminate single points of failure (such as power, storage, network and hardware). All patient account data is backed up to a storage tier that's replicated off-site to a different facility.
Outage reporting All outages will reported on the Wiggly-Amps website and via social media channels. Outages are identified as Planned maintenance, Emergency maintenance, and platform issues.

Identity and authentication

Identity and authentication
User authentication needed No
Access restrictions in management interfaces and support channels This service is designed to be self-managed by buyers via their in-surgery management console.

Whilst support requests may come through a telephone call, web portal or email, password reset requests must come via email generated from within the N3 network from a specified contact.
Access restriction testing frequency At least once a year
Management access authentication Limited access network (for example PSN)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for Less than 1 month
Access to supplier activity audit information No audit information available
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 The British Assessment Bureau
ISO/IEC 27001 accreditation date 02/06/16
What the ISO/IEC 27001 doesn’t cover Certification covers all pertinent aspects of the business. SoA available on request.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations NHS IGTK: 97%

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards NHS IGTK: 97% Our organisation code is 8J672 and our organisation type is Commercial Third Party to the NHS.
Information security policies and processes We hold ISO27001 certification and full details are documented in our internal policies (available on request). These policies applies to all Wiggly-Amps staff; permanent, temporary or contract, and anyone authorised to use Wiggly-Amps IT equipment. An integral part of the responsibility stems from accountability. Every individual is personally liable under the Data Protection Act 1998 for the protection of personal information. All users must understand and adopt the use of this policy and are responsible for ensuring the safety and security of Wiggly-Amps systems and information. All users have a role to play and a contribution to make to the safe and secure use of technology and the information that it holds. All security incidents and weaknesses are to be reported to the Company Executive and Service Manager. All security incidents shall be treated internally as high severity incidents. They shall be handled as per the Incident Management process (SD101). All security incidents shall be investigated to establish the root cause, operational impact,and business outcome/impact of the incident. Appropriate mitigating actions shall be taken to resolve and to prevent any repeat occurrence of an incident.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach The software build on each of the VM servers is identical and configuration changes within the vApp container are transparent to the end user. Provisioning of vApps and VMs is an automated process using scripts that have passed through QA and Testing. Deployments are managed using Puppet to create instances that are automatically built from source using the Jenkins continuous integration server.

When a new release of a product is ready, it is deployed to our Edge QA environment using a release process that is a product deliverable. Following successful completion of testing, it will be deemed ready for production.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Wiggly-Amps has a documented management policy and process, which has been implemented, maintained and assessed in accordance with the current ISO20000 and ISO27001 standards and guidance from ITIL v.3. Where technically possible, real-time updates and status reports are identified and sourced from credible vendor sources.
Assigned personnel have responsibility for regularly reviewing technical forums, newsfeeds, mailing lists to promptly identify potential threats and evaluate any emerging patches or updates. Product workshops are also held where security aspects are discussed and deliberated upon.
Servers are automatically patched with the latest vulnerability patches on at least a daily basis.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Capacity management and faults in the platform are handled by a combination of Zabbix agents within the vApps and off-network monitoring services. Intrusion detection is by Open Source HIDS SECurity (OSSEC) and reports through the same channels with real time alerts to operations team and real time response
Incident management type Supplier-defined controls
Incident management approach Incident Management Approach is outlined in SD101 and is available upon request.
The pre-defined process for common events is described in section 5.1 and incident escalation process is described in section 6.1
Users are able to report incidents via telephone call, via web portal or email which is then logged and time stamped.

Most reports are generated automatically with metric reports produced monthly with quarterly summaries.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks New NHS Network (N3)


Price £249 per device per year
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Terms and conditions document View uploaded document
Return to top ↑