CAMBRIDGE DIGITAL HEALTH LIMITED

Application for symptoms tracking and Information during IVF cycle

This app helps couples undergoing IVF track symptoms, health markers and lifestyle metrics. Reliable, tailored information offers insight, advice and encouragement, enabling good communication with HCP where appropriate. HCP can access data from their patients and can export this data to upload to EPR if required.

Features

  • iOS and Android mobile app
  • Webapp for user management as well as data input
  • Remote access, cloud based desktop platform and native app
  • User profile questionnaire
  • Symptom log
  • Tailored messages/notifications relating to symptoms experienced
  • Useful resources and information
  • Advanced user customisation and configuration capabilities
  • Real time reporting, system usage and activity trends
  • User in full control of their data

Benefits

  • Easy recording of existing conditions and risk factors
  • Easy recording of symptoms to view trends over time
  • Receive tailored messages and reminders to encourage healthy habits
  • Promotes awareness of risks and signs of complications
  • Educates and informs on good health practices
  • Analyse and review the effect of actions taken

Pricing

£2.60 to £6.00 a user a month

  • Education pricing available

Service documents

Framework

G-Cloud 12

Service ID

1 4 9 1 0 3 2 9 9 0 2 9 0 5 2

Contact

CAMBRIDGE DIGITAL HEALTH LIMITED Natalya Butterworth
Telephone: 01223 967 369
Email: info@camdm.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
The app works best on recent version of Android and iOS mobile devices. The exact compatibility constraints are regularly evolving as new versions of Android and iOS become available, so please contact us to get the latest information.
System requirements
  • No specific requirements in the standard version
  • Contact us if deploying on your own server

User support

Email or online ticketing support
Email or online ticketing
Support response times
Technical and customer support enquiries are usually dealt with within 1 working day.
See SLA for specific times agreed with buyer as this can be tailored to their individual needs.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
The support levels provided are defined in the pricing document.

A project manager is assigned to each buyer and will oversee the quality of the support and that it is meeting the agreed turn around time.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
For Healthcare professionals, contact is made by phone or email with the Hospital point of contact to get the hospital set up, they also receive a link to a demo video. The administrator can add all of their hospital users and patients need access. This is done on the admin dashboard of the web app. Users receive an email inviting them to download the app and login, which guides them in the process. Those with user rights access can then create new patient accounts. Patients can also download the app independently from the app store and choose to link their profile to that of the hospital. The hospital administrator for this project can accept or reject linking requests.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
At the end of the contract, data can be extracted as a csv file. Other formats can be created upon request as per SLA.
End-of-contract process
At the end of the contract, the organisation is under no obligation to continue to use or pay for the services. The users of that organisation will receive an email 7 days before the end of contract notifying them that the access will soon come to an end. The app for their users will stop working when the contract ends. In the event that this was an oversight from the buyer, and that renewal fees are paid within 1 month, access can be restored without losing information.

Users can continue to use the patient-facing version of the app without any customised information from the hospital after then.

Using the service

Web browser interface
Yes
Supported browsers
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The mobile app allows users to register and connect to their HCP. They can record feelings, symptoms, and receive regular automated (but tailored) messages. Users can manage the data sharing settings on their app.

The web interface is for hospital administrators who confirm that specific users is one of their patients. Administrators have access to a real-time analytics dashboard (usage only, and patient’s data).
Summary PDF can be downloaded from the admin dashboard with the option of having this in a specific format for automated upload to EPR.
Service interface
No
API
No
Customisation available
Yes
Description of customisation
The app can include hospital information (name, logo, ...) for the users linked with that hospital.
Hospital specific surveys and features can be included (or hidden) from app users.

Customisation requirements will be included in the buyer's specific SLA.

Scaling

Independence of resources
Our servers are regularly monitored for response time fluctuations, and system load. Application testing is also used to ensure independence of resources. Backend services can be both scaled up and scaled out to meet increasing customer demand. Load balancing is used to ensure that users are not affected by the demand placed by others.

Analytics

Service usage metrics
Yes
Metrics types
The real time dashboard of the web interface allows the organisational administrators to see how many active users they have on the system, as well as having useful lists.
Any specific data that the buyer would like to access can be discussed and we will do our best to make this available to them. Buyers may wish to have access to APIs, regular report or report on request, this is all specified in each individual SLA.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
No
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
The main method of data export is the creation of individual PDF records for each patients which details their entries. Hospital administrators can download user metrics in CSV format.
Data export formats
  • CSV
  • Other
Other data export formats
User led PDF of some sections of the app
Data import formats
Other
Other data import formats
Manual validation

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
SLAs are agreed on a per-customer basis, based on need.
Approach to resilience
Resilience plans available on request.
Outage reporting
Outages are currently reported via email alerts.

Identity and authentication

User authentication needed
Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels
IP based restrictions
Country restrictions
user name and passwords
token based authentication
Access restriction testing frequency
At least once a year
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Less than 1 month
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
Less than 1 month
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Security governance policies are reviewed annually and reported at Board level for governance and approval. All policies and methods are distributed to staff and appropriate training and information given to them during their induction and during annual training. Any issues are reported to a director of the company for resolution as described by the policy.

Given the nature of this project, we specifically adhere to NHS IG Toolkit policies and processes.
Information security policies and processes
Cambridge Digital Health’s processes are GDPR compliant.

Information security policies and processes are reviewed annually and reported at Board level for governance and approval. All policies and methods are distributed to staff and appropriate training and information given to them during their induction and during annual training. Any issues are reported to a director of the company for resolution as described by our policies.

Given the nature of this project, we specifically adhere to NHS IG Toolkit policies and processes.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All changes must pass through our development pipeline as per our SOPs, which includes checks and balances at all stages from initiation to field deployment.
Version control, extensive regression testing, canary releases to environments which support 'test' apps, progressive rollout (usually over a period of weeks across the server fleet) with ability for very fast rollback.
All of these activities are recorded electronically at each stage.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Information about potential threats is gathered form a variety of sources, including upstream suppliers of software tools, platforms and services, as well as in-house penetration testing. Main vulnerability testing is performed in house, including SQL injection as well as commercial vulnerability management software.

Risks are assessed using a standard "likelyhood * impact" scoring. Patches can usually be deployed in a matter of days.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Potential compromises are identified through a combination of regular log review using custom scripts, and data monitoring. We have additional protection offered by our server host, Cambridge University Hospitals.

How we respond dependant on the nature of the compromise, it could be IP blacklisting, or Fail to Ban or other relevant response depending on the nature of the compromise.

We aim to respond to any compromise on the same day.
Incident management type
Supplier-defined controls
Incident management approach
Users can report incidents to us via telephone or email. The incident is immediately reported to the relevant project manager and technical lead for the project on duty that day.
Each issue is evaluated, and a level of priority assigned to it.
The project manager is responsible for tracking progress and communicating with the users if necessary.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
Yes
Connected networks
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Pricing

Price
£2.60 to £6.00 a user a month
Discount for educational organisations
Yes
Free trial available
No

Service documents