Blackspace Technology Ltd

Safe Mobile Care- Telehealth Platform

Cloud based configurable digital healthcare platform to provide proactive and preemptive telehealth services including monitoring long term conditions. It allows clinical data entry, vital sign monitoring, real time data visibility and video conferencing with algorithm support for patients with long term conditions and for post exposure disease surveillance.

Features

  • Real time data visibility
  • Real time analytics
  • Remote access
  • Wireless vital sign transmission
  • Hi definition video conferencing
  • Configurable Multiple Long Term Condition Management
  • 3rd party integration software
  • Post Exposure Disease Surveillance
  • Cross platform software
  • Remote device management

Benefits

  • Real time data visibility from multiple devices and locations
  • Instant communication for ease of access and safety
  • Instant alerting
  • Proven clinical decision algorithms to detect deterioration
  • Reduce emergency admissions 75%, increased nursing case management by 300%
  • Pro active and pre emptive monitoring
  • Reduce unnecessary visits or transfers
  • Ease of use and deployments
  • Audit of patient journey
  • Increased service provision, governance, safety and efficiency

Pricing

£400 to £700 per device per year

  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

1 6 9 5 0 7 9 1 1 3 4 2 0 5 3

Contact

Blackspace Technology Ltd

Dr David Morgan

+447836648923

david.morgan@blackspacetechnology.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Telecare or existing patient management software
Cloud deployment model
Hybrid cloud
Service constraints
No
System requirements
No specific requirements needed

User support

Email or online ticketing support
Email or online ticketing
Support response times
Questions are answered within one working day.
Our standard support service is available Monday-Friday 9am to 5pm. Additional 24/7
support is available upon request for Priority One issues.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AAA
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Yes, at an extra cost
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AAA
Web chat accessibility testing
None as yet
Onsite support
Yes, at extra cost
Support levels
Our CRM system enables BST to provide service level reports, ensuring that we are
delivering compliance with our SLA which details how maintenance, repair and technical
problems shall be resolved to prevent interference with patient monitoring.
A technical account manager is assigned to each of our customers.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
BST provide a comprehensive deployment process to ensure that users are well supported to start using our service. The process includes all aspects of service setup including clinical pathway definition, operational pathway definition and a structured project implementation plan to ensure buy-in from your key stakeholders.
Implementation of this plan includes support from our implementation managers providing electronic materials and onsite or online training along with customisable user documentation to meet your needs.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
The BST project close procedure includes details of how data shall be provided to users when a contract ends. All data is hosted in an Microsoft Azure SQL database enabling BST to be flexible to meet our customers data extraction needs.
End-of-contract process
The BST project close procedure details what happens at the end of a contract, including any equipment collection, Cloud service shutdown and data delivery and deletion. These elements are included within the solution cost.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
  • Windows Phone
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The service is configured for mobile and desk top devices - no differences exist
Service interface
Yes
Description of service interface
The service is a Web API interface which uses the http(s) protocol.
At present the API has many things in common with the RESTful paradigm. We are in the process of making the interface RESTful.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
The UI and UX of the solution has been tested by users at a Hereward Disability College in Coventry with users of assistive technology. The user interfaces have been modified to be compliant with the users feedback and needs.
API
Yes
What users can and can't do using the API
BST offers the opportunity to provide integration subject to specification at both basic and detailed levels; by way of example the following data fields have been used successfully in existing integration projects:
BST to partner systems
- Patient measurements (including questionnaire and vital sign data)
- Patient alerts (including health and non-health alerts)
Alert outcomes (actions and responses to alerts captured by the clinical/technical
teams)
- Included all messages and updates captured on BST application
- Patient status changes (including online / offline / discharged from service messaging)
Partner systems to BST
- Patient demographic information (create and update information)
- Patient configuration request (setting up a patient for monitoring)
- Service Discharge / Re-activate
Currently users can also make changes to their profile information and passwords but this will be expanded in the future to other functionality in response to client feedback and needs..
We are using Microsoft InTune or Google Play Store to provide per-device configuration. We can integrate with any Mobile Device Management system available.
There is an internal Web Based API which our Web App uses to configure and interrogate our service. We will be providing an external version of this in the near future.
API documentation
Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
The BST Cloud solution is designed to be configured to meet the operational needs of the service delivering telemonitoring and telemedicine.
Key aspects of the solution including patient grouping, alerts, alert outcomes, monitoring configuration, data fields, user interface and work-flow can all be configured within our system. Users can make changes to their profile - username, reset passwords etc. We can also configure security providers, languages/internationalisation
Our implementation plan includes working through the Configuration Checklist to capture and implement core solution configuration.
Further in-life configuration can be performed by an appropriately authorised MDM administrator such as user interface and data fields including algorithms.

Scaling

Independence of resources
Microsoft Azure uses Multi Tenancy to avoid such problems. AutoScale is a built-in feature of Cloud Services, Mobile Services, Virtual Machines and Websites that helps applications perform their best when demand changes. Of course, performance means different things for different applications. AutoScale can scale the service by any of these – or by a custom metric that you define.

Analytics

Service usage metrics
Yes
Metrics types
A wide-range of operational metrics are available for our service including: system availability, system utilisation, data usage, alerts by patient and monitoring clinician, alert outcome tracking and benefits realisation.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
User data can be exported using the integrated facilities via the Cloud and/or by contacting our customer support team.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • HTML5
  • XML
  • PDF
  • FHIR
Data import formats
  • CSV
  • Other
Other data import formats
  • HTML5
  • PDF

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Using Microsoft Azure Cloud Hosting allows 99.9% financially backed SLA:
http://microsoftvolumelicensing.com/DocumentSearch.aspx?Mode=3&DocumentTypeId=37
Approach to resilience
Microsoft Azure Data Centre resilience is fully compliant with Gov.UK and is available on request.
Outage reporting
We can make available a public dashboard as well as our current email alerts.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
Access restrictions in management interfaces and support channels
Users need to have 2 factor authentication before they are allowed access to management interfaces and support channels to report faults or request changes to the service.These may be conducted through an encrypted service management web portal, or through support channels such as email.Any management changes that have a security impact are performed over secure and authenticated channels and are subject to an audit trail.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
MTCS Certification Body - Microsoft Azure Accredited
ISO/IEC 27001 accreditation date
8/4/2018 Microsoft Azure
What the ISO/IEC 27001 doesn’t cover
Please see :
https://abox.com/PDFM/Microsoft%20Azure%20Compliance%20Offerings.pdf
ISO 28000:2007 certification
Yes
Who accredited the ISO 28000:2007
MTCS Certification Body - Microsoft Azure Accredited
ISO 28000:2007 accreditation date
18/5/18 Microsoft Azure
What the ISO 28000:2007 doesn’t cover
Please see:
https://abox.com/PDFM/Microsoft%20Azure%20Compliance%20Offerings.pdf
CSA STAR certification
Yes
CSA STAR accreditation date
24/10/2016 - Microsoft Azure
CSA STAR certification level
Level 5: CSA STAR Continuous Monitoring
What the CSA STAR doesn’t cover
See Microsoft Azure Certification
https://abox.com/PDFM/Microsoft%20Azure%20Compliance%20Offerings.pdf
PCI certification
Yes
Who accredited the PCI DSS certification
MTCS Accreditation Body - Microsoft Azure Accredited
PCI DSS accreditation date
24/10/2018
What the PCI DSS doesn’t cover
Please see: https://abox.com/PDFM/Microsoft%20Azure%20Compliance%20Offerings.pdf
Other security certifications
Yes
Any other security certifications
  • Cyber Essentials - Microsoft Azure (BST inprocess)
  • ISO 20071:2013 - Microsoft Azure (BST in process)
  • ISO 27017:2015 - Microsoft Azure Cloud Hosting
  • ISO 27018; 2014 - Microsoft Azure Cloud Hosting
  • NHS IG Tool Kit - Microsoft Azure
  • CSA Star Accreditation and Attestation - Microsoft Azure
  • UK National Cyber Security Centre (NCSC) 14 - Microsoft Azure
  • UK PASF - Microsoft Azure

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
CSA CCM version 3.0
Information security policies and processes
BST's Microsoft Azure Cloud infrastructure has fully accredited Security Standards: https://www.microsoft.com/enus/trustcenter/compliance/complianceofferings
BST are working towards gaining ISO/IEC 27001 accreditation. Within our Information Security Management System we include the following policies:
Information Security Management Policy; Mobile Devices Computing and Access Policy;
Internet Usage Policy; Email Usage Policy; Remote Access Teleworking Policy; Secure
development policy; Secure Records Disposal Policy; Clean Desk Policy; Data Protection
Policy; BAU Firewall Rules Policy; Information Security Policy; Information Security Incident
Management Policy.
Reporting is completed by our IT Director to the board of directors and policy compliance is
ensured through our ongoing monthly audit programme, defined in line with our ISO-27001 accreditation (in process).

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
All service components are managed in line with the best-practice put forwards by ITIL. All changes are recorded and approved by the Change Control Board prior to implementation and service component registers are regularly updated and distributed.
Changes are assessed for potential security impact in line with our Secure Software Design Lifecycle and verified by our System Test team as well as being assessed by our regular application security and penetration testing at least every 6 months.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Potential threats to our services are assessed in line with the Risk Management policy defined within our Information Security Management System.
Patch management is managed by our Microsoft Azure Cloud Partner in line with their procedures and policies.
Threats warnings are obtained from our partner organisations such as Microsoft, Google and NHS Digital
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Protective monitoring is included as part of the fully managed service we procure from our Microsoft Azure partner and is managed in line with their policies and procedures as a Tier III facility provider.
The Microsoft Azure has standard response times for potential compromise and response to incidents.
https://azure.microsoft.com/en-gb/support/plans/response/
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
BST in partnership with Microsoft Azure provides pre-defined processes for common events through our knowledge base solution and has an electronic tracking system to enable users to report incidents.
Security incidents may include, but are not limited to: e-mail viruses, malware, worms, denial of service attacks, unauthorized access, other type of unauthorized, or unlawful activity involving computer networks or data processing equipment.
Our process consists of the following: Identification, containment, eradication, recovery, lessons learned, and communication.

Incident reporting is managed in line with our standard processes and reviewed at the regular management team review as defined in our policy.
https://blogs.technet.microsoft.com/yuridiogenes/2018/04/12/incident-management-implementation-guidance-for-azure-and-office365/

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Yes
Connected networks
  • Public Services Network (PSN)
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Pricing

Price
£400 to £700 per device per year
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Access to device(s) and Cloud services for a limited time depending on scope of project
Not included - T&E, specific configuration, data charges and access to Cloud reporting

Service documents

Return to top ↑