Safe Mobile Care- Telehealth Platform
Cloud based configurable digital healthcare platform to provide proactive and preemptive telehealth services including monitoring long term conditions. It allows clinical data entry, vital sign monitoring, real time data visibility and video conferencing with algorithm support for patients with long term conditions and for post exposure disease surveillance.
Features
- Real time data visibility
- Real time analytics
- Remote access
- Wireless vital sign transmission
- Hi definition video conferencing
- Configurable Multiple Long Term Condition Management
- 3rd party integration software
- Post Exposure Disease Surveillance
- Cross platform software
- Remote device management
Benefits
- Real time data visibility from multiple devices and locations
- Instant communication for ease of access and safety
- Instant alerting
- Proven clinical decision algorithms to detect deterioration
- Reduce emergency admissions 75%, increased nursing case management by 300%
- Pro active and pre emptive monitoring
- Reduce unnecessary visits or transfers
- Ease of use and deployments
- Audit of patient journey
- Increased service provision, governance, safety and efficiency
Pricing
£400 to £700 a device a year
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 11
Service ID
1 6 9 5 0 7 9 1 1 3 4 2 0 5 3
Contact
Blackspace Technology Ltd
Dr David Morgan
Telephone: +447836648923
Email: david.morgan@blackspacetechnology.com
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
- Telecare or existing patient management software
- Cloud deployment model
- Hybrid cloud
- Service constraints
- No
- System requirements
- No specific requirements needed
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Questions are answered within one working day.
Our standard support service is available Monday-Friday 9am to 5pm. Additional 24/7
support is available upon request for Priority One issues. - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AAA
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- Yes, at an extra cost
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- WCAG 2.1 AAA
- Web chat accessibility testing
- None as yet
- Onsite support
- Yes, at extra cost
- Support levels
-
Our CRM system enables BST to provide service level reports, ensuring that we are
delivering compliance with our SLA which details how maintenance, repair and technical
problems shall be resolved to prevent interference with patient monitoring.
A technical account manager is assigned to each of our customers. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
BST provide a comprehensive deployment process to ensure that users are well supported to start using our service. The process includes all aspects of service setup including clinical pathway definition, operational pathway definition and a structured project implementation plan to ensure buy-in from your key stakeholders.
Implementation of this plan includes support from our implementation managers providing electronic materials and onsite or online training along with customisable user documentation to meet your needs. - Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- The BST project close procedure includes details of how data shall be provided to users when a contract ends. All data is hosted in an Microsoft Azure SQL database enabling BST to be flexible to meet our customers data extraction needs.
- End-of-contract process
- The BST project close procedure details what happens at the end of a contract, including any equipment collection, Cloud service shutdown and data delivery and deletion. These elements are included within the solution cost.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 7
- Internet Explorer 8
- Internet Explorer 9
- Internet Explorer 10
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari 9+
- Opera
- Application to install
- Yes
- Compatible operating systems
-
- Android
- IOS
- MacOS
- Windows
- Windows Phone
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- The service is configured for mobile and desk top devices - no differences exist
- Service interface
- Yes
- Description of service interface
-
The service is a Web API interface which uses the http(s) protocol.
At present the API has many things in common with the RESTful paradigm. We are in the process of making the interface RESTful. - Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
- The UI and UX of the solution has been tested by users at a Hereward Disability College in Coventry with users of assistive technology. The user interfaces have been modified to be compliant with the users feedback and needs.
- API
- Yes
- What users can and can't do using the API
-
BST offers the opportunity to provide integration subject to specification at both basic and detailed levels; by way of example the following data fields have been used successfully in existing integration projects:
BST to partner systems
- Patient measurements (including questionnaire and vital sign data)
- Patient alerts (including health and non-health alerts)
Alert outcomes (actions and responses to alerts captured by the clinical/technical
teams)
- Included all messages and updates captured on BST application
- Patient status changes (including online / offline / discharged from service messaging)
Partner systems to BST
- Patient demographic information (create and update information)
- Patient configuration request (setting up a patient for monitoring)
- Service Discharge / Re-activate
Currently users can also make changes to their profile information and passwords but this will be expanded in the future to other functionality in response to client feedback and needs..
We are using Microsoft InTune or Google Play Store to provide per-device configuration. We can integrate with any Mobile Device Management system available.
There is an internal Web Based API which our Web App uses to configure and interrogate our service. We will be providing an external version of this in the near future. - API documentation
- Yes
- API documentation formats
-
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
The BST Cloud solution is designed to be configured to meet the operational needs of the service delivering telemonitoring and telemedicine.
Key aspects of the solution including patient grouping, alerts, alert outcomes, monitoring configuration, data fields, user interface and work-flow can all be configured within our system. Users can make changes to their profile - username, reset passwords etc. We can also configure security providers, languages/internationalisation
Our implementation plan includes working through the Configuration Checklist to capture and implement core solution configuration.
Further in-life configuration can be performed by an appropriately authorised MDM administrator such as user interface and data fields including algorithms.
Scaling
- Independence of resources
- Microsoft Azure uses Multi Tenancy to avoid such problems. AutoScale is a built-in feature of Cloud Services, Mobile Services, Virtual Machines and Websites that helps applications perform their best when demand changes. Of course, performance means different things for different applications. AutoScale can scale the service by any of these – or by a custom metric that you define.
Analytics
- Service usage metrics
- Yes
- Metrics types
- A wide-range of operational metrics are available for our service including: system availability, system utilisation, data usage, alerts by patient and monitoring clinician, alert outcome tracking and benefits realisation.
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2012
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- User data can be exported using the integrated facilities via the Cloud and/or by contacting our customer support team.
- Data export formats
-
- CSV
- ODF
- Other
- Other data export formats
-
- HTML5
- XML
- FHIR
- Data import formats
-
- CSV
- Other
- Other data import formats
-
- HTML5
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
-
Using Microsoft Azure Cloud Hosting allows 99.9% financially backed SLA:
http://microsoftvolumelicensing.com/DocumentSearch.aspx?Mode=3&DocumentTypeId=37 - Approach to resilience
- Microsoft Azure Data Centre resilience is fully compliant with Gov.UK and is available on request.
- Outage reporting
- We can make available a public dashboard as well as our current email alerts.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Access restrictions in management interfaces and support channels
- Users need to have 2 factor authentication before they are allowed access to management interfaces and support channels to report faults or request changes to the service.These may be conducted through an encrypted service management web portal, or through support channels such as email.Any management changes that have a security impact are performed over secure and authenticated channels and are subject to an audit trail.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- MTCS Certification Body - Microsoft Azure Accredited
- ISO/IEC 27001 accreditation date
- 8/4/2018 Microsoft Azure
- What the ISO/IEC 27001 doesn’t cover
-
Please see :
https://abox.com/PDFM/Microsoft%20Azure%20Compliance%20Offerings.pdf - ISO 28000:2007 certification
- Yes
- Who accredited the ISO 28000:2007
- MTCS Certification Body - Microsoft Azure Accredited
- ISO 28000:2007 accreditation date
- 18/5/18 Microsoft Azure
- What the ISO 28000:2007 doesn’t cover
-
Please see:
https://abox.com/PDFM/Microsoft%20Azure%20Compliance%20Offerings.pdf - CSA STAR certification
- Yes
- CSA STAR accreditation date
- 24/10/2016 - Microsoft Azure
- CSA STAR certification level
- Level 5: CSA STAR Continuous Monitoring
- What the CSA STAR doesn’t cover
-
See Microsoft Azure Certification
https://abox.com/PDFM/Microsoft%20Azure%20Compliance%20Offerings.pdf - PCI certification
- Yes
- Who accredited the PCI DSS certification
- MTCS Accreditation Body - Microsoft Azure Accredited
- PCI DSS accreditation date
- 24/10/2018
- What the PCI DSS doesn’t cover
- Please see: https://abox.com/PDFM/Microsoft%20Azure%20Compliance%20Offerings.pdf
- Other security certifications
- Yes
- Any other security certifications
-
- Cyber Essentials - Microsoft Azure (BST inprocess)
- ISO 20071:2013 - Microsoft Azure (BST in process)
- ISO 27017:2015 - Microsoft Azure Cloud Hosting
- ISO 27018; 2014 - Microsoft Azure Cloud Hosting
- NHS IG Tool Kit - Microsoft Azure
- CSA Star Accreditation and Attestation - Microsoft Azure
- UK National Cyber Security Centre (NCSC) 14 - Microsoft Azure
- UK PASF - Microsoft Azure
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- CSA CCM version 3.0
- Information security policies and processes
-
BST's Microsoft Azure Cloud infrastructure has fully accredited Security Standards: https://www.microsoft.com/enus/trustcenter/compliance/complianceofferings
BST are working towards gaining ISO/IEC 27001 accreditation. Within our Information Security Management System we include the following policies:
Information Security Management Policy; Mobile Devices Computing and Access Policy;
Internet Usage Policy; Email Usage Policy; Remote Access Teleworking Policy; Secure
development policy; Secure Records Disposal Policy; Clean Desk Policy; Data Protection
Policy; BAU Firewall Rules Policy; Information Security Policy; Information Security Incident
Management Policy.
Reporting is completed by our IT Director to the board of directors and policy compliance is
ensured through our ongoing monthly audit programme, defined in line with our ISO-27001 accreditation (in process).
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
-
All service components are managed in line with the best-practice put forwards by ITIL. All changes are recorded and approved by the Change Control Board prior to implementation and service component registers are regularly updated and distributed.
Changes are assessed for potential security impact in line with our Secure Software Design Lifecycle and verified by our System Test team as well as being assessed by our regular application security and penetration testing at least every 6 months. - Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
Potential threats to our services are assessed in line with the Risk Management policy defined within our Information Security Management System.
Patch management is managed by our Microsoft Azure Cloud Partner in line with their procedures and policies.
Threats warnings are obtained from our partner organisations such as Microsoft, Google and NHS Digital - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
-
Protective monitoring is included as part of the fully managed service we procure from our Microsoft Azure partner and is managed in line with their policies and procedures as a Tier III facility provider.
The Microsoft Azure has standard response times for potential compromise and response to incidents.
https://azure.microsoft.com/en-gb/support/plans/response/ - Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
BST in partnership with Microsoft Azure provides pre-defined processes for common events through our knowledge base solution and has an electronic tracking system to enable users to report incidents.
Security incidents may include, but are not limited to: e-mail viruses, malware, worms, denial of service attacks, unauthorized access, other type of unauthorized, or unlawful activity involving computer networks or data processing equipment.
Our process consists of the following: Identification, containment, eradication, recovery, lessons learned, and communication.
Incident reporting is managed in line with our standard processes and reviewed at the regular management team review as defined in our policy.
https://blogs.technet.microsoft.com/yuridiogenes/2018/04/12/incident-management-implementation-guidance-for-azure-and-office365/
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
-
- Public Services Network (PSN)
- NHS Network (N3)
- Health and Social Care Network (HSCN)
Pricing
- Price
- £400 to £700 a device a year
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
-
Access to device(s) and Cloud services for a limited time depending on scope of project
Not included - T&E, specific configuration, data charges and access to Cloud reporting