Costing £1.5 million a year on average to run, operating theatres are an expensive asset that hospitals must use efficiently. The pressures of growing waiting lists for elective procedures, limited budgets, and stretched staff add further importance to this critical resource. 

Yet, as a theatre nurse, Natalie Cooke experienced gaps in the day, followed by overtime to catch up.

So, when Cooke was selected to join Antler, a start-up accelerator that helps entrepreneurs build problem-solving companies, she set out to discover if this scheduling issue was a national problem she could solve. Her research confirmed the average utilisation of NHS operating theatres stands between 70 to 80% compared to the optimal 85%. A 10% utilisation improvement would save one theatre an estimated £300,000 to £650,000 every year.

It was at Antler that Cooke also met software engineer Radovan Vitek. Together, they founded SurgeryAI, a software aimed at increasing operating room utilisation. The software uses smart predictions on future surgery durations to build surgery schedules, maximising resource utilisation and minimising downtime.

In just a year, they built the system, and tests using open-source data confirmed that the software delivers 5 to 10% increased capacity utilisation and 14% in hernia operations. Next, Antler and Cooke started discussions with NHS Trusts to pilot the software to validate these results.

As SurgeryAI processes shift management system and electronic patient record (EPR) data, Cooke and Vitek knew from desk research they would need to meet compliance with the Data Security Protection Toolkit and Digital Technology Assessment Criteria. 

They initially planned to focus resources on getting a pilot before looking at standards. But compliance became a big source of resistance, and the absence of standards was consistently mentioned by Trusts as the reason for not initiating a pilot

Vitek explains: “People wanted the reassurance that we would definitely meet standards. It’s understandable, as no one is willing to risk their career on running a pilot with a technology that later doesn’t meet standards. It became clear we needed to get our compliance sorted.”

As the CTO, Vitek studied the requirements for the standards and realised they needed specialist help, as neither he nor Cooke had the skills to complete the work.  He spoke with consultancies but felt their approach wasn’t right for SurgeryAI, as they are too focused on one-off pieces of work, which isn’t suitable for software. 

In a previous role, Vitek’s company in the US used more generic compliance platforms to meet compliance with HIPAA, ISO 27001, and SOC 2. But as these platforms don’t feature NHS frameworks, he looked for a similar compliance platform, but with standards for the NHS. This is how he found Naq, a compliance platform that automates compliance with UK, European and US healthcare market standards. Vitek also found other digital health assessment solutions, but in his opinion, they didn’t seem as professional or as well put together. 

Vitek describes his first impressions: “During an intro call with Naq, they took time to understand what we needed to do and confirmed that we needed DSPT and DTAC. Then, when I saw the platform, I knew I wanted it.

“The Naq platform breaks down the giant task of meeting a standard into small manageable chunks, which is invaluable for us. I love how clear the list of tasks and instructions are.” 

So SurgeryAI decided to use Naq as its central place to manage the company’s compliance work, with Vitek leading the programme. Commenting on his experience, Vitek enthuses: “The platform is great. I love using it. I particularly like the compliance support offered via the chatbot in the app. 

“I also value my monthly catch-ups with my account manager. If I’m unsure about anything, they always have a very clear understanding of what best to do. That expertise helped us to meet criteria so much faster.”

Vitek and Cooke worked on the DSPT together, carving out time alongside other work, and met the toolkit in one and a half months. They estimate that had they dedicated all their time, the task would have taken one and a half weeks. 

This speed is possible as Naq automates 80% of compliance tasks. For example, after Vitek entered all the software and services SurgeryAI uses, the Naq platform produced a pre-populated risk register that he simply needed to complete and then assign risks to people. 

SurgeryAI now also meets the criteria for DTAC, apart from the elements that are dependent on the implementation data flow configuration. The team are waiting for a pilot to be confirmed before finalising, but enough of the standard is met to allow confidence amongst prospects.   

Not only has the Naq platform helped SurgeryAI meet compliance, but using the platform has helped Vitek and Cook understand the frameworks required to work with the NHS. So, when customers have questions, they can answer them quickly and confidently.  

Equally, they don’t need to spend a disproportionate amount of time and money on compliance. Vitek gives an example “The DSPT is currently being updated. We are very happy we don’t have to review the new DSPT guidelines and work out what they need to do or pay a consultant to do this. Instead, this is automatically done by Naq, and any new task will appear on the dashboard.  

“If we went to a consultancy unless we were able to pay an insane amount of money, we wouldn’t get the continuous automatic compliance support we get from Naq.”

Since meeting standards, the team has seen a difference among prospects, who are now more confident in the software. They are just finalising the details of one pilot in a prestigious University Hospital and another within an Integrated Care Board. 

Looking forward, SurgeryAI plans to meet the ISO 27001 information security certification, as this will be needed if they are to sell to private hospitals. Using the Naq platform doesn’t mean starting from scratch, as many of its criteria are also within DSPT and DTAC. Naq will allow SurgeryAI to map its existing compliance evidence against the ISO 27001 requirements. 

Vitek concludes: “Compliance is mandatory and a drawback if you don’t have it, but it’s not a selling point, and yet everyone needs it. You want to get past it and spend as little time on it as possible, as it’s not a competitive advantage. Naq helps us meet compliance quickly and efficiently and not have to think about compliance.”