Engage Touch allows patients to check-in for appointments upon arrival at the surgery, avoiding queues at reception. As Engage Touch is integrated with all main clinical systems, patients can update their details (including QOF data) via Engage Touch meaning that time spent on regular administrative tasks is reduced.
- Integration with EMIS, TPP and Vision
- Hosted on an assured cloud platform with N3 connectivity
- IG Toolkit level 2 with 97% pass rate
- Web based service
- Confirmation of patient demographics
- Prompts eligible patients to book into a 'flu vaccination clinic
- Multiple language support
- Automatically prompt patients to complete the Friends and Family Test
- Integrates with compatible BP monitors and weighing scales
- Assured by NHS Digital as a Lot #2 GPSoC service
- Generate QoF points, thus increasing practice income
- Reduce administrative time confirming demographics or smoking status
- Ideal for CCGs, especially with a mixed clinical system estate
- Reduce queues at reception
- Patient QoF information is automatically updated on the clinical system
- Flu jab reminders improves public health and genereates practice income
- Easily submit Friends and Family Test answers
- BP and weight readings are automatically entered into clinical record
- Automated notification if a patient presents with elevated BP reading
£249 per device per year
|Software add-on or extension||Yes|
|What software services is the service an extension to||Engage Touch further enhances the patient check in experience for the Principal Clinical Systems in use at GP surgeries.|
|Cloud deployment model||Public cloud|
Service is delivered via a web based platform and available on desktop, tablet and mobile.
Platforms defined in Systems Requirements
|System requirements||Internet connected browser|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Wiggly-Amps operates a service desk from the hours of 0800 to 1700, Monday to Friday, with out of hours assistance via an on-call rota. During office hours, we provide direct telephone support with no automated answering systems. There is also a support e-mail box that is monitored throughout the day and responded to continually. Out of hours, there is a telephone message directing users with an urgent issue to e-mail a dedicated mailbox that is monitored according to a rota.|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
|Support levels||Wiggly-Amps operates a service desk from the hours of 0800 to 1700, with out of hours assistance via an on-call rota. During normal hours, we provide direct telephone support with no automated answering systems. There is also a support e-mail box that is monitored throughout the day and responded to continually. Out of hours, there is a telephone message directing users with an urgent issue to e-mail a dedicated mailbox that is monitored according to a rota.|
|Support available to third parties||Yes|
Onboarding and offboarding
Online training, remote support and help documentation is available for the Engage Touch service.
Onsite training is available at additional cost.
|End-of-contract data extraction||
No data is stored, save for system logs.
As such at contract end, there is no data to be extracted and exported to buyers.
There is no additional cost incurred at termination of the contract.
At contract end, customer management system is updated to reflect contract end and buyer user licence is set to expire.
Using the service
|Web browser interface||Yes|
|Application to install||Yes|
|Compatible operating systems||Windows|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||None|
|Accessibility standards||None or don’t know|
|Description of accessibility||The interface for Engage Touch is through a touch screen enabled device using simple, accessible menu dialogues. There is limited scope for the use of screen readers and other technologies in the deployment scenarios.|
|Accessibility testing||We are currently engaging with the Royal National Institute of the Blind and the Patient Online Stakeholder - Accessibility Group from NHS England|
|Description of customisation||
Users can customers can customise most aspects of the Engage Touch service.
Including the following
Date of birth entry preference
Smoking status questionnaire - answers are Read coded to the patient's medical record
Carer status questionnaire - answers are Read coded to the patient's medical record
Flu jab reminder
Customisation of arrival message for patients, doctors and practice
Friends and Family Test
Confirmation of patient demographics
Notification if session is running late
Assigning staff to (multiple) waiting rooms
|Independence of resources||The Engage Touch service is an extension of the Principal Clinical Systems used at GP surgeries. Therefore, overall capacity demand and usage is ultimately dependent upon the resources of the Clinical System suppliers. However, these systems are in usage across the UK and service the requirements of over 65 million patients and over 7000 GP surgeries. The availability of these systems has been mandated and assured by NHS Digital.|
|Service usage metrics||Yes|
Service usage metrics are stored in system logs.
This includes the following
Date and time that a patient checks in
Date of birth of patient
Gender of patients
API wait time (time take for API to respond)
Whether there is a patient with matching demographics
Whether patient was successfully checked in
|Reporting types||Real-time dashboards|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a CHECK service provider|
|Protecting data at rest||Other|
|Other data at rest protection approach||No data held at rest|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||In-house destruction process|
Data importing and exporting
|Data export approach||
No data is stored, save for system logs.
As such, there is no data to be extracted and exported to buyers.
|Data export formats||Other|
|Other data export formats||No data is stored, save for system logs.|
|Data import formats||Other|
|Other data import formats||There is no requirement to upload data|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
|Guaranteed availability||There is no specific Service Level Agreements offered within the current service agreement due to the high dependence on 3rd party network configurations. Notwithstanding this, most issues of a local nature are resolved within the duration of the call.|
|Approach to resilience||Our service is deployed on a High Availability platform, designed to eliminate single points of failure (such as power, storage, network and hardware). All patient account data is backed up to a storage tier that's replicated off-site to a different facility.|
|Outage reporting||All outages will reported on the Wiggly-Amps website and via social media channels. Outages are identified as Planned maintenance, Emergency maintenance, and platform issues.|
Identity and authentication
|User authentication needed||No|
|Access restrictions in management interfaces and support channels||
This service is designed to be self-managed by buyers via their in-surgery management console.
Whilst support requests may come through a telephone call, web portal or email, password reset requests must come via email generated from within the N3 network from a specified contact.
|Access restriction testing frequency||At least once a year|
|Management access authentication||Limited access network (for example PSN)|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||Less than 1 month|
|Access to supplier activity audit information||No audit information available|
|How long system logs are stored for||Between 1 month and 6 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||The British Assessment Bureau|
|ISO/IEC 27001 accreditation date||02/06/16|
|What the ISO/IEC 27001 doesn’t cover||Certification covers all pertinent aspects of the business. SoA available on request.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security accreditations||Yes|
|Any other security accreditations||NHS IGTK: 97%|
|Named board-level person responsible for service security||Yes|
|Security governance accreditation||Yes|
|Security governance standards||
|Other security governance standards||NHS IGTK: 97% Our organisation code is 8J672 and our organisation type is Commercial Third Party to the NHS.|
|Information security policies and processes||We hold ISO27001 certification and full details are documented in our internal policies (available on request). These policies applies to all Wiggly-Amps staff; permanent, temporary or contract, and anyone authorised to use Wiggly-Amps IT equipment. An integral part of the responsibility stems from accountability. Every individual is personally liable under the Data Protection Act 1998 for the protection of personal information. All users must understand and adopt the use of this policy and are responsible for ensuring the safety and security of Wiggly-Amps systems and information. All users have a role to play and a contribution to make to the safe and secure use of technology and the information that it holds. All security incidents and weaknesses are to be reported to the Company Executive and Service Manager. All security incidents shall be treated internally as high severity incidents. They shall be handled as per the Incident Management process (SD101). All security incidents shall be investigated to establish the root cause, operational impact,and business outcome/impact of the incident. Appropriate mitigating actions shall be taken to resolve and to prevent any repeat occurrence of an incident.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
The software build on each of the VM servers is identical and configuration changes within the vApp container are transparent to the end user. Provisioning of vApps and VMs is an automated process using scripts that have passed through QA and Testing. Deployments are managed using Puppet to create instances that are automatically built from source using the Jenkins continuous integration server.
When a new release of a product is ready, it is deployed to our Edge QA environment using a release process that is a product deliverable. Following successful completion of testing, it will be deemed ready for production.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
Wiggly-Amps has a documented management policy and process, which has been implemented, maintained and assessed in accordance with the current ISO20000 and ISO27001 standards and guidance from ITIL v.3. Where technically possible, real-time updates and status reports are identified and sourced from credible vendor sources.
Assigned personnel have responsibility for regularly reviewing technical forums, newsfeeds, mailing lists to promptly identify potential threats and evaluate any emerging patches or updates. Product workshops are also held where security aspects are discussed and deliberated upon.
Servers are automatically patched with the latest vulnerability patches on at least a daily basis.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||Capacity management and faults in the platform are handled by a combination of Zabbix agents within the vApps and off-network monitoring services. Intrusion detection is by Open Source HIDS SECurity (OSSEC) and reports through the same channels with real time alerts to operations team and real time response|
|Incident management type||Supplier-defined controls|
|Incident management approach||
Incident Management Approach is outlined in SD101 and is available upon request.
The pre-defined process for common events is described in section 5.1 and incident escalation process is described in section 6.1
Users are able to report incidents via telephone call, via web portal or email which is then logged and time stamped.
Most reports are generated automatically with metric reports produced monthly with quarterly summaries.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||Yes|
|Connected networks||New NHS Network (N3)|
|Price||£249 per device per year|
|Discount for educational organisations||No|
|Free trial available||No|
|Pricing document||View uploaded document|
|Skills Framework for the Information Age rate card||View uploaded document|
|Terms and conditions document||View uploaded document|