LifeBox Health

LifeBox Health

LifeBox electronic pre-surgical assessment software allows the remote triaging of patients ahead of any proposed surgery.
The pre-assessment (ePOA) platform allows patients to share files and information with hospitals and for hospitals to share files and information with patients and other clinicians. (can be fully integrated into existing systems)

Features

  • AWS cloud hosted platform built for scalability
  • Security built in by design
  • Secure patient registration and login protected using industry grade mechanisms
  • Comprehensive pre-assessment questionnaires developed from national guidance
  • Intelligent clinical notes and task driven actions for patient optimisation
  • Clinical assessments including VTE, Frailty, Dementia, Falls, METS, DASI scores
  • Unique Integrated procedure specific educational videos and outcome scores
  • User-friendly responsive design supporting multiple devices and browsers
  • System integration to EPR, pathology, radiology, supports HL7 and FHIR
  • CE, NHS Data Security and Protection Toolkit and ISO9001/27001

Benefits

  • Digital one- stop patient assessment, procedure education and outcome scoring
  • Empowers patients by allowing access to assessment information securely anywhere
  • 92% of patient episodes completed remotely on computer, tablet, smartphone
  • Clinically proven enhanced patient knowledge retention of procedure and consent
  • Significant reduction in clinical complications resulting from better patient preparation
  • Early risk stratification reduces face to face assessments by 60%
  • Unique nurse validation of patient responses based on national guidance
  • 24/7 access for anaesthetists, nurses and clinicians for patient review
  • Assessment driven ICD-10 and OPCS-4 coding improving income generation
  • Financially proven to reduce costs and time of assessment service

Pricing

£4 to £5 a unit

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at fraser@definitionhealth.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

2 4 7 1 8 1 9 4 8 6 6 9 9 7 5

Contact

LifeBox Health Fraser Coombes
Telephone: 07951406142
Email: fraser@definitionhealth.co.uk

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Patient management systems and Electronic Patient Record systems
Cloud deployment model
Public cloud
Service constraints
None
System requirements
Web connected device (laptop, PC, tablet, phone)

User support

Email or online ticketing support
Email or online ticketing
Support response times
Support is provided from Monday to Friday 9 a.m. to 5 p.m. (GMT) excluding Bank Holidays.

Priority 1 - Operation of the Service is critically affected (not responding to requests or serving content) for a large number of users; no workaround available.
Response time: 2 Hours

Priority 2 - Service is responding and functional but performance is degraded, and/or Incident has potentially severe impact on operation of the Service for multiple users.
Response time: 1 Day

Priority 3 - Non-critical issue; no significant impact on performance of the Service but user experience may be affected.
Response time: 3 Days
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
N/A
Onsite support
Onsite support
Support levels
Support is currently provided from Monday to Friday 9 a.m. to 5 p.m. (GMT) excluding Bank Holidays, through Phone, email, SMS & WebChat. Account & support managers will manage all interactions.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
On-site training is provided as well as 1:1 coaching where required. Training / instructional materials are available to all users.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
All relevant data is provided in a printable format as part of the POA process. This represents a full data delivery and negates the requirement for end of contract for additional data extracts.
End-of-contract process
The product is a cloud hosted Software-as-a-Service and is charged based on usage. At the end of the contract, access to the service will be removed and the customer’s users (including the authentication) will be erased using approved techniques.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
LifeBox Health app is a responsive web app so there is no difference
Service interface
No
API
No
Customisation available
No

Scaling

Independence of resources
LifeBox Health is designed and built upon a server-less architecture so has the ability to infinitely scale to the capacity of the cloud providers global scale.

Analytics

Service usage metrics
Yes
Metrics types
Monthly usage, other data is available on request.
Reporting types
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Encryption of all physical media
Data sanitisation process
No
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Data is exported as a PDF and then managed via the clients own processes. We can provide custom CSV extracts to support performance metrics.
Data export formats
  • CSV
  • Other
Other data export formats
  • Integration via HL7 & FHIR
  • Integration via JSON
Data import formats
Other
Other data import formats
  • Integration via HL7 & FHIR
  • Integration via JSON

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Target Availability. LifeBox will use commercially reasonable efforts to make each Service available with an uptime of 99.8% of each calendar month. If there is a verified failure of a Service to meet Target Availability in two consecutive months, then Client may at its discretion provide service credits by sending written notice within thirty days after the end of the second such month. This right is Client's sole and exclusive remedy, and LifeBox's sole and exclusive liability, for LifeBox's failure to meet the Target Availability.
Approach to resilience
LifeBox Health resilience is achieve through a distributed infrastructure and services running in three different UK geographic locations.
Outage reporting
Via email alerts

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Only individual, named, users can perform management actions within the LifeBox app. Actions available to users are controlled via role-based access.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password
  • Other
Description of management access authentication
Cloud account access is managed via AWS Identity and Access Management (IAM). Multiple AWS Organisation Units where accounts have restricted privileges based on an individuals role and responsibilities

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
QMS
ISO/IEC 27001 accreditation date
17/05/2019
What the ISO/IEC 27001 doesn’t cover
Our Statement of Applicability is available upon request
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
CyberEssentials & NHS Data Security and Protection Toolkit
Information security policies and processes
The CEO is accountable for ensuring that appropriate security and compliance controls are identified, implemented and maintained. The CEO ensures that: Risks are managed and mitigated; All applicable legal and regulatory requirements have been understood and complied with; Appropriate resources are provided to implement and maintain the information security management system (ISMS); All staff sign the information security agreement prior to joining and receive awareness training of all relevant policies during induction. Annual ISMS training is given to all staff.

Our information security policies and procedures are aligned with ISO27001:2013/Cyber Essentials and the NHS Data Security and Protection Toolkit.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
LifeBox Health's change management process is certified against ISO/IEC 27001:2013 and is regularly audited and managed. All software changes are subject to industry standard controls and processes to ensure there is an audit trail of changes and robust recovery processes.

Every change is reviewed by multiple members of the team to include assessment of any potential security impacts. Automated testing is built in to ensure regular and repeatable coverage. Regular penetration testing is undertaken by external security impacts to highlight any potential vulnerabilities.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Infrastructure management, security and patching are undertaken by the Cloud provider, Amazon Web Services. LifeBox Health libraries are automatically monitored and patched for vulnerabilities as part of the continuous integration pipeline.

Information regarding potential threats and security alerts come from a range of sources including NIST's National Vulnerability Database, The National Cyber Security Centre, www.gov.uk/government/policies/cyber-security and ico.org.uk which are actively monitored by LifeBox Health team members
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
LifeBox Health have a defined Information Security policy. Incidents are escalated to CEO as a priority and are investigated in line with information governance policies.
Once an incident has been raised, a thorough investigation is immediately begun to understand its scope and severity. If there is reason to suspect the incident affects Personally Identifiable Information, then appropriate steps are taken in line with best practice and established policies.
LifeBox Health information governance policies are regularly reviewed and tested to ensure fit and appropriateness.
Incident management type
Supplier-defined controls
Incident management approach
LifeBox health have defined and educated staff in the security incident policy which details how incidents should be reported, tracked and where appropriate escalated.
All incidents are recorded in an incident log and monitored to ensure the appropriate response is given and any remedial actions are implemented. All affected parties will be informed about the incident and any resolution and/or impacts.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£4 to £5 a unit
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at fraser@definitionhealth.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.