Answers for governance, IG, and IT leads.

Does CliniSearch store patient-identifiable data?

No. The clinician interface and API do not require or store patient-identifiable information. Queries can be used without PHI.

How is guideline content validated and updated?

We ingest structured content from NICE and 19+ UK sources. Each item stores source, version, and publication date. Updates are logged; changes are reflected in provenance and exports.

How does integration work?

Level 1: web access for pilots. Level 2: SSO and intranet embeds with local policy mapping. Level 3: full analytics and reporting. API and widget options are available for CDS vendors and internal tools.

How does audit logging work?

Activity (query, timestamp, citation set) can be logged with retention controls. Exports are available for governance and inspection evidence.

Can we add local guidelines?

Yes. Local policies and SOPs can be mapped to national guideline sections so clinicians see both views together.

Is this a medical device?

No. CliniSearch is a clinical decision support and search tool. It provides cited guideline content and does not automate decisions. Clinicians retain full responsibility.

How do you handle cyber security?

Hosted in the UK with encryption in transit and at rest. SSO available; role-based access and logging are supported. Security documentation is available on request.

What is the procurement pathway?

Typical flow: 4–8 week pilot (Level 1), followed by SSO + intranet embedding (Level 2), then analytics/reporting (Level 3). Licencing and deployment schedule provided with the proposal.