SurgiQ service improvement platform
SurgiQ is a real-time platform for tracking and planning health and social care services in the NHS. Providing visual management of processes (including surgical and non-surgical pathways and waiting list) with a unique prioritisation method. Bringing fully audited data, tracked changes and automatic planning of resources (including theatres, beds, staff).
- Demand management, forecasting and capacity planning
- Real-time waiting list management, auditing and scheduling
- Data-driven automatic planning of resources (theatres, beds, staff...)
- Comprehensive data audit trail (who did what, when, why)
- Unique prioritisation method which implements the NHS Constitution urgency classes
- Web-based access and configuration for improved flexibility
- Quick on-boarding and deployment, in-app training
- Extensive use of standards and coding (ASA, ICD, OPCS)
- Highly skilled information governance professionals, ISO 27001 certification in progress
- Open to integration, uses industry standards (HL7) and APIs
- Protection against waiting time breaches, patient stratification and easier reporting
- Reduced LOS Length of stay, postponements and cancellations
- Streamline the pre-op workup and the access to elective care
- Improved team communication, roles and responsibility separation
- Improved bed planning and theatre productivity
- Improved access to data, forecasting and prediction of capacity needs
- Improved transparency and equity, better information to patients, reduces out-of-area
- Monitors pathways in integrated care settings and across organisations
- Support implementation of ERAS GIRFT SWORD
- Helps reduce unwanted variations and implement organisational changes
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||Patient Administration System, Electronic Health Record|
|Cloud deployment model||
Typical deployment scheme is to embrace a public cloud first policy maintaining a clear separation between customers by means of adopting a Virtual Private Cloud architecture.
SurgiQ works with a range of selected partners.
Other deployments are allowed but must agreed during project scoping / assessment.
More information available on request.
|Email or online ticketing support||Email or online ticketing|
|Support response times||Standard SLA: Mon to Fri (excluding bank holidays), between 9:00am and 5:30pm. Time to first response: within 4 working hours. Time to resolution (critical): within 6 working hours. Time to resolution (non critical): within 32 working hours.|
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||WCAG 2.1 AA or EN 301 549|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||Web chat|
|Web chat support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support accessibility standard||WCAG 2.1 AA or EN 301 549|
|Web chat accessibility testing||Assistive technologies are not implemented. The chat will link the user with a SurgiQ agent.|
|Onsite support||Yes, at extra cost|
Standard support levels ("critical" and "non-critical") are described in the Terms and Conditions document.
Support provided via email, telephone and online facilities. "Support tickets" will be allocated to a team of technical support engineers, with escalation to the Support Manager.
Cost of Standard SLA Support is included in cost of software use.
|Support available to third parties||Yes|
Onboarding and offboarding
Online user guides and tutorials are provided. The product includes a Tour and a contextual help to facilitate first time use.
Up to 2 general audience Kick-off / launch meetings and up to 16 hours of class (max 10 students) training are included in the price.
Additional on-site training can be arranged at an extra cost.
|End-of-contract data extraction||Key data on processes is always downloadable via the web interface before the contract ends. Specific export can be arranged.|
Service is terminated and all user access are disabled accordingly with a shared shut-off plan.
At an additional cost, data can be kept for a grace period after service shut-down. Otherwise data is automatically destroyed on service termination.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||Tablet is the only mobile device supported.|
|Description of service interface||A complete, real-time web platform to view and manage the fully audited data of the patient pathways.|
|Accessibility standards||None or don’t know|
|Description of accessibility||Increase/decrease font sizes using browser controls. Color is not used as a visual means of conveying information, except in charting for line colors, and in the patient scheduling simulator or in the waiting list order where however it is not the sole means. Audio is not used as a means for prompting the user to take any action, or for conveying information except in optional support videos. Clear labels and controls are provided when content requires user input. Any items in error are identified and the error is clearly explained. Errors and alerts do not rely only on color.|
|Accessibility testing||None done.|
|What users can and can't do using the API||
HL7 v2.x standard messages API is enabled by default.
A FHIR interface can be enabled on request.
Custom integrations (REST API, SQL) can be enabled on request.
|API documentation formats||
|API sandbox or test environment||Yes|
|Description of customisation||The onboarding process includes customisation of the pathways to client's needs. The platform also provides an administrator interface (web-based, integrated into the application) to customise several aspects and configurations (including user roles) provided the users have enough privileges (as defined during onboarding). Example: end user can configure when a theatre is available during the week, to which surgical services and for which specialties and admission types (or even procedure) it is made available, PAC opening hours, association between wards and hospital sites, etc.|
|Independence of resources||The service has been designed to scale to meet demand.|
|Service usage metrics||Yes|
|Metrics types||Access per users (unique users, unique work sessions); browser and device type statistics; number of patients managed. Others can be configured as part of the setup phase.|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Supplier-defined controls|
|Penetration testing frequency||Less than once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||The web interface allows all processed data to be downloaded as Excel tables, the printing functions shows reports in PDF format.|
|Data export formats||
|Other data export formats||
|Data import formats||CSV|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
Detailed SLAs are agreed with the customer at point of contract negotiation.
As a standard, service availability is guaranteed at 99% over a period of one year.
|Approach to resilience||Available on request.|
|Outage reporting||Server or network outages are reported via the Service Desk Portal, as published on the SurgiQ support pages.|
Identity and authentication
|User authentication needed||Yes|
|Other user authentication||LDAP, OpenLDAP|
|Access restrictions in management interfaces and support channels||
Different modules of the platform may provide different access and authentication methods.
Role Based Access Control is employed.
The system presents information where necessary to users with granted permissions. All accesses are auditable.
|Access restriction testing frequency||At least once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||Internal security policies, procedures and training. ISO 27001 in progress.|
|Information security policies and processes||
Internal policy and procedures are followed. These are available on request.
The policy dictates Account and Password management requirements; Data handling procedures and Responsibilities; and Employee responsibility and issue escalation.
The security policies are disseminated to staff via internal training and any Information Security concerns are raised via the internal service desk software and escalated to the Chief Information Security Officer for immediate review. SurgiQ management reserves the right to conduct an internal audit on projects to ensure that best practice is being followed and policy is being adhered to.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||Software versioning tools are employed. Change management is tracked via an internal change ticketing system. There is a Change Control policy for software versioning (available on request). Recent versions of system documentation are archived.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
Non urgent software patches are released as scheduled upgrade. Any urgent software updates are applied as soon as regression testing is completed.
Potential threats are identified via the service support help desk.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||When potential risks are identified by us or notified by users, we escalate immediately to the relevant third-party supplier to respond. They would typically respond to a significant incident within 4 hour|
|Incident management type||Supplier-defined controls|
|Incident management approach||
Incidents are reported by email or via online support desk system. The status and updates on the progress of incidents (or linked groups of incidents) can be accessed online with updates provided as per the SLA.
Issue resolution is supported by internal documentation and Knowledge Base for resolution of common problems. This documentation is reviewed by the delivery department.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||Yes|
|Connected networks||Health and Social Care Network (HSCN)|
|Price||£25000 per instance per year|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||
A free trial of the system is accessible online, on a shared demo environment, which shows a set-up configured for a surgical department, with waiting list, pre-admission clinic and overall pathway management to show process modeling capabilities.
A non-disclosure agreement is required to access the free demo.
|Link to free trial||Link provided on request.|