DH OpCo UK Ltd (Dedalus)

Swiftqueue

Swiftqueue is an Enterprise Scheduling "System of Engagement" for coordinated care across care settings, specialties and departments. Providing a "Digital Frontdoor" for patients to establish a baseline for digital transformation. Direct Booking, Referral and Waiting List Management to virtual clinics with integration to "Systems of Record" rapidly deployable.

Features

• Online patient Booking: Allows patients to book their own appointments
• Patient Portal:
• Digital Frontdoor: System of Engagement providing direct access to services
• Patient Flow:
• Call-In Screeen Technology
• Departmental/Specialty Clinic Solutions
• Resource Scheduling/Capacity Management:
• Referral Management:
• Data Analytics/Reporting:
• Integration to Systems of Record:

Benefits

• Patient Empowerment:
• Increases capacity and efficiency across clinics and Departments:
• Saves time through significant reduction of administrative effort:
• Improves patient access to services and information
• Improves Data Accuracy
• Reduces DNA's:
• Reduces Costs
• Improves patient satisfaction
• Improves patient communications
• Reduces use of paper

£15,000 to £40,000 a unit

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at UKIBids@dedalus.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

954502119962916

Contact

Bid Management Team
0113 3891037
UKIBids@dedalus.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Multiple clinical and other healthcare systems of record.
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements: There are no minimum requirements as delivered as SaaS.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Incident tickets are responded to in line with the agreed SLA.; The service desk operates within normal office hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: The solution is provided as fully hosted managed service.; Our SLA provides for 3 levels;; Severity 1: Critical/Emergency, 30 Minutes Response; Severity 2: Urgent/Inconvenient, 60 Minutes Response; Severity 3: Minor/Annoyance, 1 Working Day; ; Cost is included in the overall service fee; ; We provide a range of technical support and account management as required
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We support the customer throughout the implementation through our experienced implementation and onboarding team, Project Managers and Subject Matter Experts.; System training is normally provided online though can be onsite as required and is supported with a full set of documentation and appropriate collateral to ensure to rapid deployment.; We provide a range of templates to define the Appointment Types to be supported, Duration and Capacity of Clinics. In addition we provide a range of patient and GP communication examples.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Upon termination of the contract, and where data repatriation is required, We will work with the client directly to agree the format and content of the repatriation. We will provide this to the client in a timely manner and seek formal acceptance that the client is satisfied with the returned data.; ; Extract Functionality is provided to specific users.
• End-of-contract process: Upon termination of the contract, we will liaise directly with the customer to complete the engagement satisfactorily. By agreement we would disable the required functionality and extract all data required for repatriation.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: There are no differences as the solution dynamically renders to the device being used.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: There are a number of HL7 interfaces supported as well as specific service API's. Details and documentation can be provided on request.
• Accessibility standards: None or don’t know
• Description of accessibility: We provide a sandbox environment with associated documentation for available features. Methods of access and documentation will be provided on request.
• Accessibility testing: Available on request
• API: Yes
• What users can and can't do using the API: Users are able to Manage (create/change/delete) appointments; Detailed guides for API features and use will be provided on request
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The service is designed to be customised to meet the structure, process and workflow of the customers clinics and departments.; The service is customised through a wide range of simple to use configuration screens.; Customisation is normally limited to superusers and system managers.; The system supports a small subset of customisable features for all users to support adhoc changes that occur during working practice.

Scaling

• Independence of resources: The service is a cloud based scalable platform hosted on AWS

Analytics

• Service usage metrics: Yes
• Metrics types: We provide real time metrics on all transactions.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: The standard interfaces enable users to export their data; for very large volumes, a service request should be raised to facilitate efficient and secure delivery of bulk data in a format acceptable to the customer.
• Data export formats:
  • CSV
  • Other
• Other data export formats: FHIR
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • FHIR
  • HL7 v2
  • HL7 v3
  • XML
  • Database
  • OpenEHR
  • OMOP
  • EDI
  • XDS
  • IPS

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection between networks: All data in transit is encrypted.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: 99.95% target availability calculated as a percentage of available minutes.; Dedalus produce regular Service Monitoring Reports which would identify if guaranteed levels of availability are not met.
• Approach to resilience: This is available on request.
• Outage reporting: Email alerts are issued from a central mailbox to customers to advise of any major or significant outages.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Following the principles of least privilege, access by end users from remote locations is restricted to the minimum required based on their assigned role.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Lloyds LRQA
• ISO/IEC 27001 accreditation date: 23/05/2022
• What the ISO/IEC 27001 doesn’t cover: ISO 27001 is a management standard, not a security standard. It provides the framework for the management of information security within our organisation. ISO 27001 takes a risk assessment based approach. An information security risk assessment is used to identify the security requirements of the organisation, and to then identify the security controls needed to bring that risk within an acceptable level for the organisation. Management within our organisation will either accept the risk (for example, if its not a high risk) or take steps to mitigate the risk. Physical and logical controls are what helps to increase our organisation's security posture, while ISO 27001 helps to manage the framework around those controls.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: Data Security and Protection Toolkit (DSPT)

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials
• Information security policies and processes: Dedalus maintains as part of ISO 27001 an Information Security Management System (ISMS) which contains processes and policies regarding Information Security.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Dedalus operate standard ITIL-aligned Change Control processes, routed via our ITSM toolset. This ensures that any change activity in relation to the solution – upgrade/patch/customer-requested change/or proactive fix – is auditable, clearly planned, and peer reviewed. Where a change would incur downtime or impact to the live services, Dedalus would also seek customer approval to proceed.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Dedalus has a cloud patching and endpoint protection policy.; For threat mitigation, we are aligned to 1. National Cyber Security Centre (NCSC) as healthcare is part of Critical National Infrastructure (CPNI). 2. NHSD CareCERT service. 3. Dedalus Security communications service.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Dedalus security policies (ISO27001), NHSD, NHS defined contracts all govern our approach to protective monitoring. We have an incident management process and are registered with ICO (for data protection). Incidents are responded to in line with the incident management process.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents are responded to in line with the Dedalus incident management process and the terms of the SLA delivered to the customer.; ; For Severity 1 an Incident Report is provided within 24 hours of resolution; For Severity 2 an Incident Report is provided within 48 hours of resolution

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Dedalus are committed to moving towards net Zero, and has launched an ESG (Environmental & Social Guidelines) program dedicated to support the move towards carbon neutral. As part of this ESG program, Dedalus are in the process of assessing current status to align and formalise initiatives across the business which will allow targets and responsibilities to be formalised, agreed and monitored.
• Covid-19 recovery:

  Covid-19 recovery

  The Swiftqueue Solution has been instrumental in supporting a variety of initiatives to aid recovery from the Covid-19 pandemic. For example, scheduling and appointment management, our largest initiative was support for the Health Service Executive and the national campaign to manage the Covid Outbreak and the management of test centre, places of work, schools, and long-term care facilities.
• Wellbeing:

  Wellbeing

  As an organisation we have a broad range of Wellbeing intiatives to support our colleagues, this includes a monthly Rewards and Recognition programme as well as encouraging a healthy lifestyle through access to gym and cycle to work schemes as part of the Benefits. There is also access to Aviva where support for a number of legal, financial and emotional issues can be provided on request.

Pricing

• Price: £15,000 to £40,000 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at UKIBids@dedalus.com. Tell them what format you need. It will help if you say what assistive technology you use.