MEG Healthcare Quality, Risk & Compliance Management
MEG is a cloud-based healthcare Quality Management System (QMS), prioritising risk and incident management, tailored to meet LFPSE standards and CQC compliance. Our suite of web and mobile modules includes Auditing, Action Planning, Feedback Surveys, Document Management, and Quality Improvement (PDSA), alongside insightful dashboards and real-time reporting for informed decision-making.
Features
- LFPSE-Compliant Risk Management: Supports PSIRF framework
- Real-Time Analytics: Provides instant insights through interactive dashboards
- Comprehensive Customisation: Tailor forms, workflows, and dashboards to specific needs
- Audit, Incident, Feedback Surveys, and Document Management; any device.
- API: Integrates smoothly with Power BI, EPRs, and other softwares.
- Automated Workflows: Streamline operations and enhance efficiency.
- Enforce role-based access, log changes with full audit trail
- Mobile Accessibility: Accessible functionality, even offline, via mobile.
- Action Planning: Identify and resolve issues promptly; supports PDCA/PDSA.
- Form Builder: Empower admins to customise most aspects of forms.
Benefits
- Mobile-friendly and user-centric design for ease of use
- Interoperable with existing healthcare and IT systems
- Clear organisational visibility and process support
- Reduction in manual processes and paper-based operations
- Efficient regulatory (CQC) compliance management
- Data-driven decision-making for improved outcomes
- Cost reduction and operational efficiency
- Enhanced communication through trackable notices
- Continuous quality and compliance improvement
- Local consulting support for tailored assistance.
Pricing
£800 a licence a year
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
1 4 8 2 5 5 9 5 6 5 8 6 1 0 6
Contact
MEG Support Tools
Peter Clifford
Telephone: 020 3322 5406
Email: enquiries@megit.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Private cloud
- Service constraints
-
We aim to support latest versions of popular browsers and we are backwards compatible with older versions of browser and operating systems multiple versions behind.
The app requires Internet access to log in and upload data, but can nevertheless be used offline during inspection.
If data collection using a mobile device is required, MEG is compatible with iOS and Android OS, multiple versions behind. - System requirements
-
- Recent version of a supported web browser
- Internet Access
- Software license required to use
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- We aim to respond to clients within 4 working hours for high-level support issues and within 24 hours for normal level support issues during weekdays.
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- Online, email, and phone support are included within the software licence fee. On-site support will be provided at a cost of £900 per day excluding VAT.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
Our dedicated Implementation Team effectively manages the onboarding process, providing comprehensive project management from initiation to deployment. We coordinate timelines, allocate resources, and track milestones to ensure alignment with your organisation's objectives.
MEG offers dedicated training sessions for administrators, focusing on system configuration, user management, and permissions.
For broader user groups, we offer online training sessions and provide extensive user documentation, including 'how-to' guides, instructional videos, and a self-serve help desk and knowledge base with articles and FAQs. Our goal is to equip users with the knowledge and skills they need to effectively use the MEG platform from day one. - Service documentation
- Yes
- Documentation formats
-
- HTML
- Other
- Other documentation formats
-
- Word format
- HTML: Online dedicated Knowledge Base
- Online articles
- Online Help Desk
- Web chat
- End-of-contract data extraction
- MEG ensures seamless data extraction for clients at the end of their contract. We provide clients with their data in electronic CSV or Excel format, ensuring compatibility with future systems.
- End-of-contract process
-
At the end of the contract, MEG ensures that clients have full control over their data. Clients can choose to either archive or delete their data based on their preferences.
Additionally, upon request, clients can receive their data in electronic CSV or Excel format, ensuring compatibility with future systems. It's important to note that all user access to MEG is revoked to maintain data security.
If clients require historical data in a tailored format, MEG can provide this service at an additional cost.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Application to install
- Yes
- Compatible operating systems
-
- Android
- IOS
- Windows
- Windows Phone
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Mobile-optimised page layout is used on mobile devices, but features remain the same as on the desktop version.
- Service interface
- Yes
- User support accessibility
- None or don’t know
- Description of service interface
- Our web portal allows users with sufficient privileges to view reports, review submitted data, and manage the hospital's resources (users, wards, rooms etc.)
- Accessibility standards
- None or don’t know
- Description of accessibility
- No limitation for users using accessibility technologies.
- Accessibility testing
-
We've tested the system using text scaling option.
Text scaling feature is built into the mobile app. - API
- Yes
- What users can and can't do using the API
-
Our API provides a bi-directional gateway for users to seamlessly integrate and manage data within our healthcare marketplace. Users can set up the service by configuring data transfer pathways between, for example, Electronic Patient Records (EPR) and Business Intelligence tools, facilitating the real-time exchange of ward structures, audit forms, and raw audit data. This setup is initiated through a simple authentication process, followed by endpoint configuration to align with your system's architecture.
Changes to service configurations, including adjustments to data exchange frequencies, format specifications, or integration points, can be made directly through the API. Users are empowered to submit audit data and request additional features to tailor the service to their specific needs.
However, the setup and modification processes are subject to certain limitations. Users must ensure compliance with healthcare data regulations and standards when configuring data exchanges.
Additionally, while our API supports a wide range of integrations, some third-party tools may require additional configuration or may not be fully supported.
Through our API, users gain a powerful tool for enhancing data interoperability and operational efficiency within the healthcare ecosystem, albeit with a keen adherence to compliance and security standards. - API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- HTML
- Other
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
[WHAT CAN BE CUSTOMISED?]
- User-specific settings: Includes setting and updating user passwords and granting access rights
- Audit configurations: Users can fully customise audits by editing questions and answers, setting compliance calculations, adding help texts and supporting graphics, and configuring the order of questions (mandatory or optional) and categories
- Organisational structure: This covers the setup and modification of sites, directorates, wards, and auditor teams to accurately reflect the organisational structure
- Audit scheduling: Tailor audit schedules according to requirements
- Data reporting: Export of audit data into Excel can be customised by specifying the fields required
[HOW CAN USERS CUSTOMISE? ]
- Customisation is primarily done through the user dashboard, which is designed for ease of use. Access to various customisation features is permission-based
- For advanced customisations like custom graphs/reports, RAG scores, QIP layout, or audit signatures, our technical team collaborates closely with clients to implement specified changes
[WHO CAN CUSTOMISE?]
- Basic customisation, such as audit schedules and organisational settings, can be done by any authorised user with access to the client’s dashboard
- Advanced customisations requiring technical support are facilitated through collaboration between the client’s designated administrators and our technical support team
Scaling
- Independence of resources
-
We continuously monitor our servers and service levels to ensure users experience optimal performance, even during peak demand. Our strategy includes real-time monitoring and dynamic resource allocation to meet and anticipate user needs effectively.
Additionally, our services undergo rigorous load testing during development to accurately cater to expected demand. We offer hosted services as a fully elastic resource that scales according to usage guaranteeing that one customer's resource usage never impacts another.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Users can view metrics of inspection usage through the Web Portal dashboard.
- Reporting types
-
- Real-time dashboards
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- None
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Physical access control, complying with another standard
- Encryption of all physical media
- Other
- Other data at rest protection approach
- Private key authentication is required to access servers over ssh
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Users can export their data through the dashboard interface, offering options such as PDF, Excel, and CSV formats, as well as real-time access via API.
- Data export formats
-
- CSV
- Other
- Other data export formats
-
- Microsoft Excel
- JSON
- JPEG (Image file)
- .PPT (PowerPoint)
- Data import formats
-
- CSV
- Other
- Other data import formats
-
- JSON
- Microsoft Excel
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
-
99.9% uptime guarantee.
In 2023, MEG customers in the UK experienced availability of 99.99% or better, backed by our Cloud Service provider.
Our standard SLAs can be tailored to include service credits aligned with specific client requirements.
We strive to exceed the baseline availability to ensure optimal connectivity, consistently maintaining performance levels above our stated target, with service credits available for any unexpected downtime outside of scheduled maintenance. - Approach to resilience
- Our service infrastructure is designed for high resilience and performance, featuring fault-tolerant setups to ensure continuous operation. By aligning with top-tier cloud service providers, we ensure that our hardware configurations include 100% failover resilience. Additionally, our systems comply with ISO27001 standards for information security management, reflecting our commitment to secure and reliable service delivery.
- Outage reporting
- Private dashboard and e-mail alerts. Clients will be notified about relevant outages on request (opt-in).
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Limited access network (for example PSN)
- Username or password
- Access restrictions in management interfaces and support channels
-
Developers who have access to the server management interface via ssh must use pivate key authentication. Other, unused, access channels are blocked (telnet, ftp etc) on firewall level.
Support staff can only access the admin UI via our secure employee VPN. - Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Dedicated link (for example VPN)
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Citation.co.uk
- ISO/IEC 27001 accreditation date
- 18/02/2022
- What the ISO/IEC 27001 doesn’t cover
- The scope of MEG's certification is for "The provision, ongoing support, development and maintenance of MEG’s Quality Management Software (QMS) platform for the Healthcare Industry."
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
- NHS Data Security Protection Toolkit standards exceeded
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- ISO/IEC 27001
- Other
- Other security governance standards
- Our governance standards align with ISO27001, ensuring robust security management and our protocols include rigorous internal and external security measures. Our data protection officer holds IPA and IAPP certifications, reinforcing our commitment to robust data protection practices. Our hosting partners are also ISO27001 accredited, ensuring secure services.
- Information security policies and processes
- Our internal security policies are directly overseen by the CEO and our Information Security Committee. Every team member, including those in Technical, Marketing, Sales, Implementation and Support roles, is required to adhere strictly to these policies. Non-compliance must be reported immediately to the CEO. We enforce these policies through Internal Standard Operating Procedures (SOPs), supplemented by regular audits to ensure compliance. Additionally, all new staff receive training on these policies during their induction to guarantee a thorough understanding. We also conduct external assessments annually, aligned with Cyber Essentials, to maintain and enhance our security standards.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Our configuration and change management approach ensures that all code changes undergo thorough testing and review to assess security implications. A detailed change control request process is in place, where the need and purpose of each change are fully explained. Changes impacting customers are communicated in advance, with agreed timeframes. Our rolling deployment model allows for changes to easily be rolled back.
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- MEG undergoes CREST-accredited 3rd-party Vulnerability Scans and Penetration Tests on biannual basis. Any and all identified issues are resolved with immediate priority. Our vulnerability management approach also involves daily scans of third-party dependencies to detect vulnerabilities. We use industry-leading threat detection and prevention systems, including automated testing techniques as part of our development process.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
Our protective monitoring processes are designed to identify potential compromises through regular code reviews and detailed access audits. Upon detecting a potential issue, our response is immediate, with all compromises addressed within 48 working hours. We maintain compliance with ISO 2700 standards to ensure a rigorous security framework.
Our automated CI pipelines do SAST scanning and dependency vulnerability scanning. - Incident management type
- Supplier-defined controls
- Incident management approach
- MEG's incident management processes is aligned with ISO27001 standards, ensuring a structured approach to handling incidents. Users can report incidents via email or through a form available in our system. We provide incident reports through email once an incident is confirmed. MEG is governed by an industry-standard Incident Management & Disaster Recovery policy as a part of its ISO27001-compliant Information Security Management System (ISMS) run by its Security Committee who keep a close eye on and monitor incidents and potential incidents.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
MEG is dedicated to fighting climate change by implementing a comprehensive strategy aimed at achieving net zero greenhouse gas emissions. As a remote-first organisation, we reduce our transportation footprint by promoting work-from-home practices, thereby diminishing the need for daily commutes and fostering sustainable waste management such as recycling at home.
To minimise energy use, our operations prioritise online meetings over business travel, reducing both office electricity consumption and travel-related emissions. Our office is located in a co-working space, which further cuts down on individual resource consumption.
Environmental considerations are integrated into every organisational decision, emphasising virtual interactions and supporting employees who choose office work with Cycle-to-Work and public transport commuter schemes. These initiatives not only mitigate traffic and emissions but also provide financial and health benefits.
Supporting our clients in transitioning away from paper-based systems, we leverage our digital solutions to significantly reduce their environmental impact. This shift not only streamlines processes but also minimises waste and reduces the carbon footprint associated with traditional paper use.
Our IT infrastructure also reflects our commitment to sustainability, using green hosting providers that rely on renewable energy and offer a smaller carbon footprint.
Through these efforts, MEG actively contributes to reducing the healthcare sector’s carbon footprint and advances the transition towards a more sustainable future. Our initiatives are designed to foster efficient collaborations that benefit both our customers and the planet, supporting our overarching goals of environmental preservation and climate change mitigation.Tackling economic inequality
We focus on in-work progression to help individual staff members, especially those from disadvantaged or minority groups, move into higher-paid roles by developing new skills relevant to our services. This strategy helps bridge economic inequalities by offering ongoing professional development, ensuring all employees have the opportunity to advance their careers and improve their economic standing within our organisation.Equal opportunity
Equal opportunity
MEG is committed to a diverse and varied workplace in our hiring processes, training and evaluation of our employees.
We are committed to inclusivity and equality as part of our workplace and community, through our business partners, suppliers and customer service. We believe in:
• Providing equal opportunities and recognising the importance in gender pay gap equality;
• Integrating messages of a safe and accepting multicultural work environment in our internal and external publications;
• Creating a flexible and accessible environment through adapting different equipment and tools to the unique needs of people with special needs etc.
We are committed to being an equal opportunity employer and we do not discriminate anyone for any reason, whether race, colour, age, gender, sexual orientation, gender identity and expression, ethnicity, religion, family status, social origin, disability, union membership or political affiliation.
Presently, MEG predominantly carries out its recruitment processes in-house. Where additional recruitment expertise is required, MEG uses only specified, reputable employment agencies to source labour and always verifies the practices of any new agency it is using before accepting workers from that agency.
We are committed to treating our employees equally in compensation and benefits, by supporting employees with their needs.
We are committed to creating a conscious culture and promote open communication as part of our inclusivity and diversity.
More details on relevant MEG policies can be found within the following statement on the website: https://www.megit.com/modern-slavery-and-human-trafficking-statementWellbeing
MEG is committed to promoting the health and well-being of our workforce through a diverse and inclusive work environment.
Conscious Culture: We foster open communication and inclusivity, allowing employees to express their health concerns freely and facilitating timely support and intervention when needed.
Adaptability: We cater to the unique needs of individuals, particularly those with special needs, ensuring all employees can perform their tasks comfortably and healthily.
Mental Health Support: We provide a safe, multicultural work environment and equal opportunities. We actively combat discrimination and harassment, fostering mental well-being.
Employee Assistance Program: Our employees have access to Spectrum.Life, an Employee Assistance Program offering resources and professional guidance for mental health support.
Wellness Initiatives: Also through Spectrum.Life, we offer access to exercise, healthy eating and wellness initiatives throughout the year. These initiatives are actively promoted in-house and aim to foster a culture of holistic health and well-being within our workforce.
Training and Development: Our ongoing training programs increase job satisfaction and overall well-being.
Ethical Partnerships: We work with reputable employment agencies, ensuring our workforce is treated fairly, which contributes to their overall well-being.
Comprehensive Policies: Our Modern Slavery and Human Trafficking Statement outlines our dedication to ethical labour practices.
Through these strategies, MEG will ensure effective measures for health and well-being during the contract's delivery. We believe our commitment to equal opportunities, diversity, and inclusivity will enhance the physical and mental health of our workforce.
Pricing
- Price
- £800 a licence a year
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
-
Included in our pilot offering:
Access to core features of our QMS software, including basic forms, action planning and reporting tools. Limited user accounts.
Not included:
Advanced customisation, full integration capabilities, and some premium support services.
The pilot lasts up to 60 days, sufficient time to evaluate our service. - Link to free trial
- https://www.megit.com/contact