xWave Technologies Limited

xWave CDS with iRefer

xWave Technologies has developed xWave CDS with iRefer, a cloud-based system supporting referrers to access the best test for patients and clinical teams to vet and protocol referrals efficiently.

xWave CDS with iRefer can be integrated into referral systems (EHR, order comms) and deployed via Smart Referring and Smart Vetting.

Features

• Clinical Decision Support using the RCR’s iRefer guidelines
• Integration with Order Comms / EHR platforms
• Integration with RIS/PACS systems to enable bi-direction digital communication
• Cloud-based system enables easy networking across multiple sites
• xWave CDS can be deployed through xWave Smart Referring
• xWave CDS can incorporate other "ologies" including pathology
• CDS enables smart vetting and protocolling against iRefer guidelines
• Available on web, iOS or Android apps
• Data and Analytics Suite
• Guideline Editor to apply local guidelines and protocols.

Benefits

• Improves patient outcomes with BEST TEST FIRST approach
• Enables access to the most appropriate imaging for referrers
• Improves radiology team experience with semi-automated vetting and protocolling.
• Reduces healthcare spending on unnecessary imaging
• Reduces unnecessary demand on busy radiology departments
• Reduces unnecessary patient exposure to radiation
• Maintains full digital audit of referral pathways
• Access to data and analytics for enhanced decision-making
• Enables localisation of CDS rules.
• Enables expansion of CDS to cardiology and pathology

£15,657 to £64,855 a licence a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mitchell@xwave.ie. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

786260495939497

Contact

Mitchell O'Gorman
+353876933364
mitchell@xwave.ie

Service scope

• Software add-on or extension: No
• Cloud deployment model: Hybrid cloud
• Service constraints: XWave strive to provide a service without interruption, delivered in a manner that minimises unplanned interruptions for our customers.; ; We aim for business continuity for our clients; any pre-planned interruptions are kept to a minimum and effectively devised to ensure the least possible impact on service users during agreed maintenance or software updates.
• System requirements:
  • Works on all desktop, tablet and smartphone browsers
  • Available as iOS and Android Apps
  • Password protected
  • Ability to integrate with incumbent systems

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We offer support 24/7 via telephone and email, and aim to respond respond instantly via phone, and within 2 hours via email.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Onsite support
• Support levels: XWave include all cutomer support services in our rates. ; ; Customer onboarding and ongoing support is provided on-site and off-site through a dedicated client manager.; ; 24/7 support is available through email and phone.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onboarding begins with each customer setting up their organisation on xWave CDS, assigning departments and assigning users to each department. This will be done with full onsite and offsite support from their client manager. Onsite training is available to initiate all new users of xWave CDS. ; ; Onsite support is also provided for any platform changes or upgrades or to respend to a specific client request.; ; Offsite support is available 24/7 in the form of training manuals, user guides, email and video support.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Should the client wish to expedite the process of extracting all data in one transaction, we facilitate data transfer to the customer according to their requirements.; ; Xwave aims to ensure that any end of contract data extractions goes as smoothly as possible and that patient care is not impacted.
• End-of-contract process: Contract terminations can be requested in writing from our client management team and terminations are processed at no additional cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Additional push notifications with mobile apps
• Service interface: No
• User support accessibility: WCAG 2.1 AAA
• API: Yes
• What users can and can't do using the API: Users can integrate with their incumbent software systems by making a request to xWave's API; ; Users can make changes through the API; ; Only users with access permissions can set up or make changes through the API
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Customers can set up distinct departments or teams within their organisation (e.g. oncology, pathology) and assign specific users to each department; ; Information fields can be added or removed by each client

Scaling

• Independence of resources: XWave and our xWave platform are well-supported by a highly experienced clinical, technical and project management team. ; ; As a company, we have the financial capacity to scale on demand, backed by private and state investment.; ; Technically, our system is automated to grow as spikes in user demand for hosting increases. ; ; We are hosted on AWS and work with Deloitte as our managed services provider.

Analytics

• Service usage metrics: Yes
• Metrics types: Analytics are provided to customers at a user, department and organisational level. These include the total number of referrals made and a breakdown of the stage of each referral (e.g. scan booked, scan completed, report read, report sent)
• Reporting types:
  • API access
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: XWave provides customers with data and analytics on a user, department and organisational level. Data can be exported on demand by our customers, with the appropriate permissions as assigned by the customer themselves.
• Data export formats:
  • CSV
  • ODF
  • Other
• Data import formats:
  • CSV
  • ODF
  • Other

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.9% uptime, 24/7 availability.; ; Our system operates in a highly reliable environment where replacement instances can be rapidly and predictably commissioned. The service runs within the AWS network infrastructure and data centers.; ; SLA available here: https://aws.amazon.com/compute/sla/
• Approach to resilience: Failover/rollover servers offer continual secure backup processes and enable resilience of data. Round-the-clock third party and in-house monitoring allows for a preventative approach in terms of datacentre management. Further details available on request.
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: The primary user classes include the following: ; ; - Systems Administrator; - Referrer (Clinician); - Delegated Referrer (Admin); - Radiologist; ; Each has their own interface access privilege level, supported by a variety of defined security measures (password protected login, 2-factor authentication, SMS PIN codes etc). The level of security/access is defined by the client requirements.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: SGS
• ISO/IEC 27001 accreditation date: 20/09/2022
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: XWave's policies and processes follow ISO 27001 guidelines, which dictate the following:; • Information security policies; • Organisation of information security; • Human resource security; • Asset management; • Access control; • Cryptography; • Physical and environmental security; • Operations security; • Communications security; • System acquisition, development and maintenance; • Supplier relationships; • Information security incident management; • Information security aspects of business continuity management; • Compliance; with internal requirements, such as policies, and with external requirements, such as legislation.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Any changes related to the product specification or project process are captured and assessed by our development team if the system is still being implemented. ; ; Any changes in the production environment will be captured and assessed by our managed services partner, Deloitte. ; ; All change request are logged and prioritised for implementation; all affected project parameters will be assessed, analysed for impact and acted upon.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our managed services partner (Deloitte) review threats on a case by case basis (garnered from suppliers, industry sources, and industry publications).; ; Once alerted they review the threat and identify a plan of action based on industry best practices.; ; Depending on the patch we look to deploy all patches within seven days of release and critical and security patches within 48 hours.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: XWave workes with our managed services partner, Deloitte, to provide a premium quality control & risk management service. ; ; As such, we are able to identify abnormal patterns of behaviour quickly and take the appropriate action, thanks to our monitoring and logging systems.; ; Once alerted to a compromise, we review the potential compromise (CEO, development and managed services partner) and identify a plan of action based on industry best practices.; ; We respond within 24 hours to incidents of this nature.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Our approach to incident management consists of the following components: Incident detection and recording, ; ; Classification and initial support, investigation and diagnosis, resolution and recovery, incident closure, ownership, monitoring, tracking and communication.; ; Users report incidents directly to the client management team.; ; Incident reports are provided directly to the relevant client point of contact.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  xWave make conscious efforts to reduce carbon footprint. for example, our latest xWave CDS software is a cloud-based clinical decision support system, reducing customers overall journey time and energy spent, further reducing carbon emissions and environmental impacts.

  Covid-19 recovery

  The xWave CDS platform provides guidance to clinicians to order the best test first for their patients. ; ; This will help reduce unnecessary ordering, reduce waiting lists and ease the impact of over-demand for diagnostic services as health systems continue their recovery from Covid-19.

  Tackling economic inequality

  xWave helps to tackle local economic inequality by supporting young and disadvantaged people with employment, supporting local businesses and SME's and employing and supporting local people.

  Equal opportunity

  xWave pride themselves on putting people first. We offer equal opportunity and focus on health, wellbeing, quality education, diversity and inclusion.

  Wellbeing

  As a cloud-based interoperable radiology referral platform, xWave CDS is able to connect multiple sites (e.g. hospitals, clinics, GP practices) to support a more integrated delivery of services across care services.

Pricing

• Price: £15,657 to £64,855 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mitchell@xwave.ie. Tell them what format you need. It will help if you say what assistive technology you use.