INHEALTH INTELLIGENCE LIMITED

Risk Stratification, Case Finding & Interventions Management Tool

Our Risk Stratification & Case Finding tool will help you deliver a cost-effective service by identifying very high risk patients who will benefit the most from an immediate and early intervention. These very high risk patients are people who are likely to be high service hospital users in the future.

Features

• Fully managed service using secure N3/HSCN based web browser
• Supports all the different primary care clinical systems
• Supports multiple risk algorithms
• Risk profiling in support of the “frail elderly”
• Case-finds and refers patients to appropriate early interventions

Benefits

• Fully managed service, with access to friendly customer support
• Pro-active disease management
• Population level solutions to transform the care of patients
• Supports GPs in payment processes e.g. Unplanned Admissions DES

£1,500 a unit a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at alexandra.richardson@health-intelligence.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

253409151390116

Contact

Alex Richardson
01270 765124
alexandra.richardson@health-intelligence.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: No
• System requirements:
  • Only works via NHS N3 network
  • Supported on Internet Explorer 8, 9, 10+, Chrome, Firefox, Safari
  • Works on PC, laptop, tablet or mobile
  • One licence per GP Practice

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Standard service hours are 8:30am to 5:30pm Monday - Friday during which time we aim to deliver 100% availability with an availability standard (SLA) set to 99%.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: InHealth Intelligence takes a proactive approach to the support it provides. Our Business Development Managers are at hand to meet with their customers (typically CCGs, Local Authorities, Local Area Teams, etc.). ; ; We operate our Support Desk Service – between 8:30 am and 5:30 pm Monday to Friday (excluding Bank Holidays). The Support Desk will formally log all calls, assign a unique reference number and log all associated times including initial response and resolution times. ; ; Our Service Reports report on all agreed SLA’s which as a minimum always include:; • Service Availability within Standard Service Hours; • Service Availability outside Standard Service Hours; • Support Desk Incident – Initial Response; • Support Desk Incident – Resolution
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We have online training and user documentation
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: We will decommission the service ensuring the service is no longer accessible and that the patient data is securely removed. We provide a formal notification that all patient data has been securely deleted. There are no costs associated with any of the exist arrangements.
• End-of-contract process: We will decommission the service ensuring the service is no longer accessible and that the patient data is securely removed. We provide a formal notification that all patient data has been securely deleted. There are no costs associated with any of the exit arrangements.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: Yes
• Description of service interface: Each product uses our IHI Hub common web interface. This is a modern HTML5 based web interface designed to be adaptable to multiple screen sizes and resolutions.
• Accessibility standards: None or don’t know
• Description of accessibility: This web interface is typically accessed via HSCN but can also be accessed via secure VPN where necessary.
• Accessibility testing: None
• API: No
• Customisation available: Yes
• Description of customisation: We can customise the Hub to report on any local incentive schemes

Scaling

• Independence of resources: It is a web-based system

Analytics

• Service usage metrics: Yes
• Metrics types: Our Service Reports report on all agreed SLA’s which as a minimum always include:; • Service Availability within Standard Service Hours; • Service Availability outside Standard Service Hours; • Support Desk Incident – Initial Response; • Support Desk Incident – Resolution
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2012
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Our Support Services team ring the GP Practice once a month to run a data extract on their clinical system which will pull agreed codes
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: Standard Service Hours are 8:00am to 6:00 pm during which time we aim to deliver 100% availability with an availability standard (SLA) set to 99%.
• Approach to resilience: We agree contractual remedies for any reduction in service, typically measured over a quarter below 99%. Outside of Standard Service Hours, all heavy data processing is undertaken, the system is backed up, software releases occur and any preventative maintenance is undertaken.
• Outage reporting: We issue email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: We use user restrictions when the account is set up which dictates their level of access. These are predefined in the data sharing agreement.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus ISOQAR
• ISO/IEC 27001 accreditation date: 19/09/16
• What the ISO/IEC 27001 doesn’t cover: Nothing
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We have a Security Policy (QMS2301) which encompasses all security aspects. All staff have to read the policy annually and sign to confirm they have read it, along with internal training.; All staff complete their appropriate IG Toolkit modules annually to ensure continued understanding and commital to security. Our Head of Operations and Security organises internal training and audits to ensure compliance.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes are audited and assessed by our Head of Operations and Security to ensure they are in line and appropriate for ISO27001
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We use advanced security tools which monitor all our network including a vulnerability scanner which alerts our IT team to threats immediately. Due to having an in-house IT team, we can deploy patches immediately.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We use advanced security tools which monitor all our network for potential compromises. Due to having an in-house IT team, we can respond to compromises immediately.
• Incident management type: Supplier-defined controls
• Incident management approach: We have a Security Incident Process (QMS2302) to follow and a form to complete to document the incident (QMS2303).

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Health and Social Care Network (HSCN)

Pricing

• Price: £1,500 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at alexandra.richardson@health-intelligence.com. Tell them what format you need. It will help if you say what assistive technology you use.