ORCHA Digital Health Accreditation, Dissemination and Professional Activation Platforms and Services
ORCHA’s Platforms and Services provide a full solution to the challenges of embedding Digital-Health solutions into day-to-day Healthcare delivery systems. Powered by the worlds most advanced Digital-Health Review/Accreditation solution, the suite includes tailored Digital-Health Libraries with advance search/filter options and solutions that support Professionals to embrace this exciting new frontier
- Existing library of over 3,500 Apps (May 2018)
- Thousands of new apps added each year across 300+ categories
- New versions of reviewed Apps are automatically re-reviewed
- Unique review approach based on key standards & best practice
- Tailorable libraries enabling a focus on your key needs/populations
- Open APIs allow direct integration into existing platforms & assets
- Unique App Matching capabilities driving 'right App first time' results
- Simple and intuitive professional recommendation/prescribing solution
- App licence management and distribution capabilities
- Full implementation support and campaign management provided
- Drives the uptake of digital health Apps in your populations
- Empowers professionals to embrace and drive digital activation
- Maximises 'right App, first time' results and longterm stickiness
- Allows the tracking of patient, population and professional mHealth activation
- Provides an accreditation and regulatory compliance framework
- Delivers a constant market monitoring and horizon scanning solution
- Helps to raise digital literacy for patients and clinicians
- Assists in patient outreach and population health management
- Part of a wider digital campaign - to change mindsets
- Patients and the public gain a trusted digital adviser
£10000.00 per licence per year
- Education pricing available
1 2 3 9 2 5 9 1 4 5 9 1 1 8 2
ORCHA Health Ltd
|Software add-on or extension||No|
|Cloud deployment model||
ORCHA's App Library is available 24/7/365, while allowing for necessary planned maintenance. The system is updated on a regular basis, and is fully tested before being released to the production server.
Browser access must be based on the approved list.
Mobile device access must be based on supported mobile operating systems (iOS or Android).
Mobile device management is not included.
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Client queries within 24 hours.
Technical issues - Please see Terms and Conditions
|User can manage status and priority of support tickets||No|
|Web chat support||No|
ORCHA provides Tier 2 support to client IT teams, and the cost for this is included in the main contract price.
An account manager is allocated to the client once the initial contract has been agreed.
|Support available to third parties||No|
Onboarding and offboarding
Initial scoping and set up of an ORCHA microsite involves branding it with the client logo, with the opportunity to then tailor site visuals and language to support user engagement. ORCHA offers templates and documentation (e.g. communications strategies and collateral) to guide this process and ensure that the website is engaging for the particular target demographic.
For general users of the website, there are on-screen cues, there is an FAQs section, and there is a video which explains how to navigate the site to search, filter, and find the best apps for their needs. In addition to this, there is a function to ‘Contact Us’ for help. Outside of the site, ORCHA provides each client with bespoke physical and digital collateral/assets designed to engage the target demographic.
For ‘ORCHA Pro Account’ users using the site to support their care delivery, this existing support is extended to facilitate engagement with ORCHA’s additional ‘Pro’ functionality, not least the facility to ‘recommend’ specific apps to specific individuals. To support this, ORCHA offers a mixture of stakeholder presentations, face-to-face onsite training, online training webinars, and ‘train the trainer’ sessions to build internal capacity; as well as an additional ‘walk through’ style video.
|End-of-contract data extraction||ORCHA can do this upon request.|
|End-of-contract process||After termination or expiration of the contracted services under the terms of the agreement or at your written request, ORCHA will delete or otherwise render inaccessible the production Services, including your content stored on our (cloud) servers, in a manner designed to ensure that it cannot reasonably be accessed or read, unless there is a legal obligation imposed on ORCHA preventing it from deleting all or part of the client's hosted environment.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||There are small differences in resolution for the mobile version (lower) and the navigational structure is necessarily different. All functional features are the same.|
|What users can and can't do using the API||
The API allows clients to pull unformatted and formatted App data that delivers most of the functionality of a standard ORCHA App Library.
The API can be used on an unformatted and on a formatted basis to integrate the ORCHA App Library and App Finder functionality directly into existing websites, Apps or platforms.
|API documentation formats|
|API sandbox or test environment||No|
|Description of customisation||
The ORCHA App Library and App Finder can be configured and customised in a variety of ways. This includes:
- Choice of site look and feel, branding and URL/s
- Choice of featured or targeted App categories or areas of focus
- Choice of what types of Apps are displayed by reference to their score, who they were designed for and their compliance with specific key standards
- Choice of activation approaches for patients, populations and professionals
These customisable features are delivered as part of the standard site set-up process and can be delivered within a matter of days.
Users cannot directly customise other elements of the software, but can request that ORCHA do so (at additional cost).
|Independence of resources||Servers are load balanced and have significant unused capacity. ORCHA normally operates around 2% of the CPU utilisation, hence allowing for throughput to safely increase by a factor of 35 without any service interruption. This allows ORCHA to safely cope with all current spikes in usage, and seamlessly on-board new clients.|
|Service usage metrics||Yes|
ORCHA provide a full array of site usage reports and data dashboards derived from an array of internal and external analytic tools
This is provided to the client organisation as part of the contracted agreement.
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||
End users cannot export their data.
ORCHA can provide usage and search data to client organisations upon request.
|Data export formats||CSV|
|Data import formats||Other|
|Other data import formats||There is no import facility|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
ORCHA uses AWS (based in the UK), and their stated uptime is 99.99%.
This does not include scheduled/ planned maintenance carried out by ORCHA.
|Approach to resilience||Hourly backups are taken of the main database. The code is backed up on every new build, and is source controlled. Snapshots are taken of the servers monthly, to capture latest configuration changes. All single points of failure are identified and remediation is in place.|
|Outage reporting||Email alerts are sent to clients as soon as any outage is notified by AWS.|
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||Privileged access to ORCHA's production environment is highly restricted and only designated senior technical staff have direct access to it. Access to the AWS management console requires a 2 factor authentication.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||No audit information available|
|Access to supplier activity audit information||No audit information available|
|How long system logs are stored for||Between 6 months and 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||ORCHA takes a holistic approach to information security,with a multilayered defense security strategy applied across all of its systems. We look to protect data at all stages of its journey from capture (via the website) through transmission and storage, to eventual destruction (as applicable). We are ICO registered, and use AWS as our hosting provider, which is accredited to a series of international standards.|
|Information security policies and processes||
Any issues with non-compliance would be raised via the CIO to the COO and then to the Board, and dealt with in line with the existing policies.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||All changes to our database, application, architecture and environment are authorised, reviewed and fully logged. We use a combination of JIRA and an internal wiki (Confluence) to document bug fixes, change requests and releases, upgrades, maintenance and other elements that might impact our production environment.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||Server security patching is conducted monthly or as required when a patch is released by a manufacturer. Information about threats is gathered from various sources including: developer bulletins, security mailing lists and other internet sources.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||Our AWS infrastructure continuously monitors for errors and proactively corrects them before they become an issue. This ensures that the support team can work to investigate problems before they are reported by the end user. In addition, there is a supporting second data centre in the unlikely case of a service failure.|
|Incident management type||Supplier-defined controls|
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£10000.00 per licence per year|
|Discount for educational organisations||Yes|
|Free trial available||No|