Salvie Ltd


Much more than online consultations (e-consultations or econsults), askmyGP is the complete workflow solution for GP practices. Ease of use for patients moves typically 60 - 80% of demand online, enabling GP digital triage within minutes, assignment to an appropriate clinician and same day completion. System change enabled by technology.


  • Patients/parents/carers seek help at any time on any problem, online
  • One click self care eases patient access to NHS information
  • Information is sent securely from patient to GP via HSCN
  • Complete workflow management and analytics for practice, PCN, CCG
  • Patient app manages requests, messages, proxies and profile
  • NHS Spine integration identifies patient and pulls in data
  • GP digital triage takes seconds to decide on appropriate help
  • Full two-way secure messaging, telephone, appointment as needed.
  • Video consulting fully integrated, photo & document attachments
  • Simple one click integration with clinical system


  • Patients helped in minutes (80% seen today, 28% named GP)
  • Secure messaging eliminates wait for answer on telephone
  • Clinically useful information is gathered from the patient before consultation
  • Reception staff are better informed for care navigation
  • Data from over 2 million episodes show 69% completed remotely
  • GPs see patients only as needed, saving average 4 minutes/episode
  • The burden and stress of overwork is lifted from GPs
  • DNAs (Did Not Attends) drop by 80%
  • 30 - 40% efficiency gains evidenced in multiple diverse settings
  • Change intervention gives immediate benefits from launch day


£0.79 to £1.90 per person per year

Service documents


G-Cloud 11

Service ID

1 5 6 6 0 5 8 5 6 1 8 6 7 0 4


Salvie Ltd

Harry Longman

01509 816293

Service scope

Software add-on or extension
Cloud deployment model
Hybrid cloud
Service constraints
Patients can access on any internet connected device.
GP practice staff can access the portal only on a secure NHS compliant network (N3/HSCN) via web browser.
System requirements
  • Providers must have access to the secure N3/HSCN network
  • Providers may use any device connected over the secure network.
  • Patients may use any internet connected device.
  • Practices may use alone, multi-site or over their PCN

User support

Email or online ticketing support
Email or online ticketing
Support response times
Median response time within one hour in working hours, 95% within 2 hours.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 A
Web chat accessibility testing
This is for GP practice staff, not patient facing support.
Onsite support
Yes, at extra cost
Support levels
Pathfinder: diagnostic and preparation for change.

Transform: training provided as above, and change programme gives choice of remote or on-site support, see pricing document
Personal training partner works with all Transform customers.

Improve: askmyGP subscripton plus support for continuous improvement, with all operational performance analytics through GP Navigator and support from a personal training partner.

Costings are in a separate attachment.
Support available to third parties

Onboarding and offboarding

Getting started
Our Transform change intervention is a complete change intervention for the practice with both on-site and remote options.

It includes training for users through on demand video, online help and personal support by phone, video conference and email.

We configure links for patients to access help from their own GP practice and set these up on the practice website, or support self installation if preferred. We provide materials for patients and guidance for practices, achieving regularly over 50% demand shift online from launch day.
Service documentation
Documentation formats
End-of-contract data extraction
There is no need to extract data at the end of contract, as all data is transferred from the system to the customer in the normal course of business, day by day. If any remains, it is transferred by the normal route (portal in the GP practice) after the patient facing service is removed, within a 30 day period (or less if completed).
If preferred, a secure bulk transfer can be arranged.
End-of-contract process
No extra charges apply: the practice is informed in writing that the contract ends with 28 days notice. On the end date, the askmyGP link in the practice website becomes inactive and a notice informs patients that the service is inactive. The GP practice then removes the link from the website and no longer needs to access the portal. 30 days after contract end the portal becomes inactive.

Using the service

Web browser interface
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Patients may use a mobile device (70% do so), tablet or PC.
GP practice staff would normally use a PC. There is no restriction on using smaller devices, if they have the correct network security, but this is not usually advised for the provider portal.
Service interface
Customisation available
Description of customisation
AskmyGP is set up to run straight away with useful defaults. Yet it allows a high degree of customisation to meet the needs of all kinds and sizes of practice. Service times, in and out of hours, are easily set, as is the availability of clinical staff. Standard questions and messages can be set for all patients and configured by users to their own preference.
Users can manage their own profile in the portal, set preferences for their workflow and manage their day.


Independence of resources
Our hosting providers offer scalable options so we purchase capacity in line with user volumes. Scaling is around peak hour usage (8-9am, Mondays), not average usage. Continuous service monitoring through Zabbix ensures that we can anticipate and plan for peak volumes as we grow.


Service usage metrics
Metrics types
Patient demand, runcharts by month/day/week.
Hourly demand pattern
Service response and completion times
Patient demographics by age/sex
Patient usage frequency chart
Patient feedback analysis
NHS Friends and Family Test reporting
Staff activity and mode of resolution
Network activity for all the above where relevant
Resolve rates by message/phone/face to face
Ad-hoc queries on request, research papers on aggregate data.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Each time a patient uses the askmyGP service, an episode is created. The data concerning the episode is copied into the practice clinical system when each is completed, so that data export in bulk is not required.
We can also offer bulk extract for analysis purposes on request.
Data export formats
Data import formats
Other data import formats
  • Text, all that is needed as input by the patient.
  • Jpg, png, gif, tiff, pdf attachments

Data-in-transit protection

Data protection between buyer and supplier networks
Private network or public sector network
Data protection within supplier network
Other protection within supplier network
All communications and data storage are within N3/HSCN.
Data is encrypted in transit and at rest to AES256.

Availability and resilience

Guaranteed availability
The service level guarantee is 99.99%. Users are refunded pro rata for any full day when service is unavailable through the supplier's fault. This has never been necessary.
Approach to resilience
Our hosting is with an industry leading N3/HSCN supplier (Xicon Ltd), distributed over two independent UK sites with automatic failover.
More details are available on request.
Outage reporting
Email alerts report any outage of more than 2 hours. User emails are stored separately from the service so that updates can be sent independently in the case of a total loss of service.

Identity and authentication

User authentication needed
User authentication
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels
Users must create a login and password (strength tested by zxcvbn).
Access is controlled to be within N3/HSCN.
Access restriction testing frequency
At least once a year
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
  • NHS IG Toolkit
  • DCB 0129 Clinical Systems Development
  • DCB 0160 Guidance for implementation provided to users
  • Cyber Essentials

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
Other security governance standards
NHS IG Toolkit, organisation code 8JH09, v 14.1 completed and satisfactory.
Information security policies and processes
The IG officer Debbie Ford reports directly to Chief Executive and IG Lead Harry Longman and ensures that the policies listed below are complete, up to date, accessible via the private website pages to all staff, and that new staff are trained in their application.

GP Access Information Security Policy
GP Access IG and You Guideline
GP Access – Mobile Computing and Teleworking Policy & Guideline
GP Access Incident Management
GP Access – IG Improvement Plan
GP Access Network Security Policy
GP Access data flow mapping plan
GP Access Data Flow Mapping Report
GP Access Managing change which involves personal data – Procedure
GP Access Confidentiality Monitoring and Audit Procedure
GP access PIA Procedure

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Our software is designed and managed in accordance with DCB 0129 for the safety of clinical systems. The process is managed by Julia Cawthorne of Safehand Consulting Ltd, our Clinical Safety Officer. She wrote the Hazard Register and Safety Case and involves the management and development teams, along with feedback from users, in actively maintaining these documents and processes. Issues and releases are managed through the JIRA development system.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Our lead developers RedpixelYellowpixel run our in house vulnerability tests including seige testing of the askmyGP software.

Any change in threat level we address immediately, normally same day, and as the software is hosted it can be simply updated in one instance after regression testing the new version.

Penetration testing is independently carried out by Digital Assurance and all risks managed to low level through our development process.

We solicit feedback directly from users with an integrated webform, submissions from which are emailed to the lead developer, CSO and Chief Executive.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Every authorised user has an admin webpage with a feedback form. This can be sent at any time, highlighting a problem (or suggestion) and is normally responded to within 60 minutes during working hours. A telephone number is also provided, operating office hours with an alert process to the operations manager and chief executive.
Escalation can be carried out within 60 minutes to the hosting provider if necessary. Zabbix performance monitoring alerts the service desk directly on unusual conditions.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Users can report from their admin page via online form or phone. Zabbix may also report incidents. Within 60 minutes a test is run to verify the problem, and appropriate action is then taken to alert that part of the system which has failed.
Where the loss is practice access to the system, as soon as possible and within 60 minutes at most tests are run to establish the cause, and then if necessary an email alert is sent to all users if it cannot be fixed within 2 hours. Reports are recorded and documented within 48 hours.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Connected networks
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)


£0.79 to £1.90 per person per year
Discount for educational organisations
Free trial available
Description of free trial
Our "Digital Triage Demo" enables GPs to simulate using askmyGP with real but anonymised and randomised patient data. They make decisions, record answers and receive a full set of results online.
Any number of colleagues may be invited to the same demo practice.
Available for 3 months.
Link to free trial

Service documents

Return to top ↑