POST OP LTD

Post Op - Real time clinical communication, using computer vision technology for visual records

Post Op is a digital care platform promoting clinical communication and patient engagement developed by NHS clinicians. Computer vision technology to record visual record of wounds, care plan visibility, with real time communication promote patient satisfaction and wait times reduction in outpatient clinics.

Features

• Secure patient led submission of image care records
• Patient recorded outcomes (PROMS) including surgical site infection scores.
• Physiotherapy resources for patients
• Communication tool for secure patient-clinician messaging.
• API integration
• Real time reporting of clinical outcomes for clinical teams
• SNOMED CT coding for end user
• Computer vision technology for wound care
• AI powered wound image and PROMS analytics
• Digital platform for patient post-operative recovery visualisation

Benefits

• Wound visual records to improve care and reporting.
• Reduce outpatient clinic and unplanned admissions.
• Better communication between patients and clinicians to improve patient satisfaction.
• Post-operative education resources available to patients to improve outcomes.
• PROMS compliance for regulatory requirements and good standards of care.
• Secure clinical data management digital platform
• Visual records for Infection control teams.
• Cost savings through better patient flow management into hospital.
• Environmental savings from reducing unnecessary travel to hospitals.
• Better access for patients

£7,500 a licence a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at chindu@postop.ai. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

534176623162931

Contact

Chindu Kabir
07870260115
chindu@postop.ai

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: App is available to use as a standalone or integrated to EPR. Latest browser updates for Chrome, Safari, Firefox, Mozilla , Edge and other browsers required. Administrators will have only access to the demographic meta data of patients and will not be able to visualize the wound images or outcome data. The message data is visible only to clinicians and patients. Log in data and password secured user profiles. Two-Factor Authentication available for patients on their mobile apps. Strong database security rules and authentication processes ensure only authenticated users can create, update, or delete content.
• System requirements:
  • Mobile phone with either recent iOS or Android operating systems
  • Recent web browser for desktop computer clients

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: User support through in app support links. A response time of within 8 hours during weekdays Mon- Fri and within 12 hours during weekends for technical issues resulting in disruption of services. End user support available on Mondays 9:00-17:00 for issues related to log in, error messages and usability issues.
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Licence subscription includes: Single point-of-contact client support; managing delivery and resolution of service queries and onsite support can be provided for high severity application related incidents.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Users are onboarded initially via face to face introduction to the platform. In addition to this there are introductory onboarding screens and comprehensive help section available in the mobile application. We provide online help desk ticket service and remote support.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
  • Other
• Other documentation formats: In app: Users can browse documentation in the mobile app
• End-of-contract data extraction: Following contract termination system remains live in read-only state.; Data extraction via JSON:API or FHIR API directly from the system is also available.
• End-of-contract process: At the end of contract staff user accounts will be disabled in 2 weeks. Data can be retrieved and is also available in read-only format. This service can be resumed at any time. If data destruction is required this can be completed by Post Op and a confirmation certificate issued.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • MacOS
  • Windows
  • Windows Phone
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile app users are the end users who can receive invites from the web application service. Web application is the managerial part of the platform. Mobile device is the end user side of the platform. Patients use mobile device to input information related to clinical outcomes and image data. Patient access to educational resources through mobile app.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Users receive an invitation code to start their onboarding process. Users sign up to the system. Users are expected to fulfil daily tasks uploading photos, videos and answering questions about their health status. Users receive reminder push notifications.
• Accessibility standards: None or don’t know
• Description of accessibility: End user application is available only for mobile phones strictly following the Apple Appstore and Google Playstore submission standards.
• Accessibility testing: User interface tests are conducted regularly with all users and iterative development is followed. Manual testing done by design team including interface designers, and quality assurance lead using assistive technologies to check functionality and usability
• API: Yes
• What users can and can't do using the API: Post Op is a service that can be fully operated via APIs. JSON:API and FHIR APIs are available for integrations. Any authorised user of the service can make any changes allowed by their access role with no limitations.
• API documentation: Yes
• API documentation formats:
  • HTML
  • ODF
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Post Op interfaces can be modified to clinical team specifications for PROMS collection and other features.; The iteration process is managed by Post Op design and engineering team, in association with clinical teams.

Scaling

• Independence of resources: Using scalable cloud services. Web app structure which uses the services from an API. System's load balancing process automatically provisions additional VMs and containers. Upscaling system resources in response to request loads.; ; Furthermore Post Op employs a number of processor reduction techniques, including multiple cache-like layers for querying and outputs with forced tag and context cache expiration.

Analytics

• Service usage metrics: Yes
• Metrics types: Number of users, recovery status of the users, compliance rate metrics and audit data to visualise the trends among patients, clinical teams/hospital.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Users can not export their data. Users can partially view their data via the mobile application.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Post Op standard service level agreement guarantees 99.9% server uptime. Any outages will be dealt with to come to a quick resolution. Any outage issues that are reported and extend beyond 2 hours will be refunded at its full subscription price for the outage duration.
• Approach to resilience: Available on Request
• Outage reporting: Outages will be alerted to the customer via email and any remedial action will be coordinated by the Post Op account manager to ensure quick resolution of issues.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Other user authentication: Password and SMS verification. (2FA)
• Access restrictions in management interfaces and support channels: There are different user roles with different access rights. Client determines access requirements to match their specific organisational needs.; Role-based and team-based access system manages system's restrictive access controls, constraining user functionality assignment.; Team-based permissions are dependent on role-based access.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • DSPT
  • DTAC
  • DCB 1029
  • DCB 1060

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: NHS DSP Toolkit - 19/20 Standards Met (Org Code: I3N5L); CyberEssentials, DTAC, DCB 1029, DCB 1060, 2 Clinical Safety Officers (CSO)
• Information security policies and processes: Our Data Protection Officer (DPO) holds a regular information security review of the business every 2 weeks to optimise information governance processes and mitigate any risks.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our change management approach ensures that all the changes are thoroughly assessed, approved, iterated and reviewed in a controlled manner. All changes are recorded in the service management tool following an explicit process: Recording of all changes, Classification, Risk assessment for their risk, Impact and business benefit, Approval and authorisation, Coordination for implementation of changes, Post implementation review, Post implementation feedback.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We asses potential threats via independent 3rd party penetration and security tests. Our development team handles the issues at top priority and resolves issues immediately. Potential threats are monitored by our expert team. Our vulnerability management process follows a mandatory workflow of vulnerability identification, remedial action, implementation of mitigation and review of Vulnerability threat.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Compromise scanning: Three-way data surveillance, including database and binary data tracks identification alteration. ; Compromise response: Suspected authentication/access or integrity immediately escalated to engineering and infrastructure team for assessment and action.; Confirmed compromises: Reported as per the Information Risk Policy to SIRO, senior management, ICO, NHS Digital and the client organisation Information Security and IG teams.
• Incident management type: Supplier-defined controls
• Incident management approach: Recorded incident reporting and pre-existing incident response processes are in-place.; All incidents and adverse events are reported and recorded according to Information Risk Register Policy and cross-referenced to the Disaster Recovery and Business Continuity Plans.; IG SIRIs will be managed in accordance with the Incident Management Procedure.; All incidents are reported to SIRO, senior management, ICO, NHS Digital and the client organisation immediately.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Health and Social Care Network (HSCN)

Social Value

• Fighting climate change:

  Fighting climate change

  Patients travel to outpatient clinics and hospitals for follow up appointments, often travelling by car. Multiple visits to hospital are often required for each patient, which can be reduced with a remote monitoring tool. Post Op enables remote monitoring for clinicians and reduces vehicle transportation with reduced carbon footprint for each patient journey. As a business we are working towards net zero in line with the NHS guidance by working collaboratively with our suppliers to deliver environmental benefits and training and education of staff. We encourage staff to take personal responsibility in environmental initiatives and have quarterly updates on our environmental impact.
• Covid-19 recovery:

  Covid-19 recovery

  As our platform allows patients reduce hospital visits, this will eventually reduce the spread of Covid-19 as well as will help the actual Covid-19 infected patients not to visit hospital, yet they can get online feedback from clinical teams. This platform can reduce the workload in outpatient clinics and Emergency Departments to free up resources for outpatient clinic activities. In our business we encourage activities around employment, re-training and return to work following COVID-19. We are creating opportunities for under-represented groups and those who face barriers to employment and offering opportunities for work experience. We encourage internships from the emergency services to provide insight into technology and its use in the COVID-19 recovery in general.; We implement the 5 foundational principles of the Good Work Plan and the 6 standards in the Mental Health at Work commitment.; We are supporting community integration, such as volunteering or community-led initiatives related to COVID-19 and developing methods for engaging with the local community to inform decisions, the strategy and projects to be delivered.
• Tackling economic inequality:

  Tackling economic inequality

  We are engaging with SMEs to develop your and grow supplier diversity within our supply chain. We implement the 5 foundational principles of the Good Work Plan and support our contract workforce with their career development and to obtain relevant training specially to develop skills facing shortages. We have a fair and responsible relationships with our suppliers. We develop measures to ensure the development of innovative technologies and methods to modernise delivery and increase productivity. We have an active approach to organisational learning and continuous improvement. We mitigate and manage cyber security risks throughout our ecosystem, engaging with the suppliers to identify and build resilience against cyber security risks, raising cyber security awareness and committing to adopting the technical standards and best practice detailed by the NSCS, Cyber Essentials and the Technology .
• Equal opportunity:

  Equal opportunity

  We encourage activities and work opportunities for disabled people & measures to reduce barriers to disabled people securing jobs. ; We actively recruit women returning to work from maternity leave and encourage work life balance. We also measures in place to tackle inequality in employment skills through actively engaging with recruitment and internship opportunities from underrepresented groups. ; We are active in identifying and managing the risks of modern slavery.
• Wellbeing:

  Wellbeing

  Post Op empowers patients through their healthcare journey. It allows them to interact with clinical teams, look up educational resources and report outcomes in real time. The interaction leads to positive patient engagement and satisfaction. Post Op promotes wellbeing through its library function which includes physiotherapy videos, dietary advice and wellbeing resources. As a business we have accessible recruitment and development practices for people with long term health conditions and we investing in the physical and mental health and wellbeing of the contract workforce. We implement the 6 standards in the Mental Health at Work commitment and have processes for acting on issues identified. We encourage individual activities to reduce work stress and have an active programme for mutual workshops to achieve well being at work.

Pricing

• Price: £7,500 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Three-month trial period.; Full access to system. This trial does not include bespoke configurations or changes to the platform; and does not include non standard integration or data transfer approaches.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at chindu@postop.ai. Tell them what format you need. It will help if you say what assistive technology you use.