Salvie Ltd

askmyGP

askmyGP is the workflow solution for healthcare, enabling patients to receive help from the right person whether GP, PCN or wider network. Ease of use moves an average 71% of demand online, enabling digital triage within minutes, 85% completed same day. Much more than online consultations, digital first system change.

Features

  • Patients/parents/carers seek help at any time on any problem, online
  • One click self care eases patient access to NHS information
  • Information is sent securely from patient to GP via HSCN
  • Complete workflow management and analytics for practice, PCN, CCG
  • Patient app manages requests, messages, proxies and profile
  • NHS Spine integration identifies patient and pulls in data
  • Clinician digital triage takes seconds to decide on appropriate help
  • Full two-way messaging, video, telephone, appointment as needed.
  • Video consulting fully integrated, photo & document attachments
  • Simple one click integration with clinical system

Benefits

  • Patients helped in minutes (85% seen today, 28% name GP)
  • Secure messaging eliminates wait for answer on telephone
  • Clinically useful information is gathered from the patient before consultation
  • Reception staff are better informed for care navigation
  • Data from over 4 million episodes show 80% completed remotely
  • GPs see patients only as needed, saving average 4 minutes/episode
  • The burden and stress of overwork is lifted from GPs
  • DNAs (Did Not Attends) drop by 80%
  • 30 - 40% efficiency gains evidenced in multiple diverse settings
  • Change intervention gives immediate benefits from launch day

Pricing

£0.79 to £1.90 a person a year

  • Free trial available

Service documents

Framework

G-Cloud 12

Service ID

2 5 8 5 1 4 3 7 9 9 0 2 9 5 2

Contact

Salvie Ltd Harry Longman
Telephone: 01509 816293
Email: harry@salvie.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
Patients can access on any internet connected device.
GP practice staff can access the portal only on a secure NHS compliant network (HSCN) via web browser.
System requirements
  • Providers must have access to the secure HSCN network
  • Providers may use any device connected over the secure network.
  • Providers may use on one or many sites and networks.
  • Patients may use any internet connected device.

User support

Email or online ticketing support
Email or online ticketing
Support response times
During office hours a median of 87% of queries are responded to within one hour.
Out of hours response time is 12 hours.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
We a multi-channel support desk through Zendesk, serving mainly healthcare staff users but also patients, on technical but not clinical matters. Occasionally they may need help with special needs which we manage as appropriate.
Onsite support
Onsite support
Support levels
Pathfinder: diagnostic and preparation for change.

Transform: change programme provided through a personal training partner.

Improve: software subscription with continuous improvement support from a personal training partner.
Pro version - single provider workflow
Network version - workflow between linked network providers
Support available to third parties
No

Onboarding and offboarding

Getting started
We offer a comprehensive onboarding programme, including live and on-demand training, in-app guidance and induction, a searchable help centre and support desk. With our Transform programme, a personal training partner facilitates the change intervention with provider leaders and staff.
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
In normal use, data is transferred incrementally to providers. At contract end, a full transfer service is offered for one month free of charge.
End-of-contract process
Extraction of all provider data is included in the price up to one month after termination.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Patients may use a mobile device (70% do so), tablet or PC.
Provider staff would normally use a PC. There is no restriction on using smaller devices, if they have the correct network security, but this is not usually advised for the provider portal.
Service interface
No
API
No
Customisation available
Yes
Description of customisation
The software runs on installation with factory defaults. Yet it allows a high degree of customisation to meet the needs of all kinds and sizes of provider. Service times, in and out of hours, are easily set, as is the availability of clinical staff.
Standard questions and messages can be set for all patients and configured by users to their own preference.
Users can manage their own profile in the portal, set preferences for their workflow and manage their day.
Workload and capacity parameters can be set per clinical session.

Scaling

Independence of resources
We actively manage service performance with our DevOps team consisting of our own staff, testing and hosting suppliers. We use the Zabbix automatic monitoring and alert system across all resources, and review weekly performance, adjusting resource capacity in line with demand modelling.

Analytics

Service usage metrics
Yes
Metrics types
Patient demand, runcharts by month/day/week.
Hourly demand pattern
Service response and completion times
Patient demographics by age/sex
Patient usage frequency chart
Patient feedback analysis
NHS Friends and Family Test reporting
Staff activity and mode of resolution
Network activity for all the above where relevant
Resolve rates by message/phone/face to face
Ad-hoc queries on request, research papers on aggregate data.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
In normal use, data is extracted by staff for every patient request and transferred to their own separate records if they wish.
We can also offer bulk extract for analysis purposes on request.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Guaranteed 99.95% uptime, defined as normal service during working hours 08:00 - 20:00, excepted planned maintenance and local causes outside the supplier's control.

The customer is entitled to an account credit for one days service for every day on which the service is unavailable for more than one hour within working hours .
Approach to resilience
Our supplier Xicon's Cloud platform is hosted across two data centres in the UK that are configured in a highly resilient architecture meaning that the failure of any component will not adversely affect the availability of services. This architecture means that business continuity and disaster recovery requirements are addressed.

The data centres have world class security services to protect equipment from threats and hold all of the accreditations that we require as part of our ISO27001:2013 accreditation.
Outage reporting
Public reporting is provided live on our website.

Alerts can be made to users live in the app.

If the app is not available, email alerts can be sent to all staff users.

Identity and authentication

User authentication needed
Yes
User authentication
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels
Staff accessing patient identifiable data must work from within HSCN, and have a username and password.
Management interfaces and support channels offering anonymous operational data require a username and password.
Access restriction testing frequency
At least once a year
Management access authentication
  • Limited access network (for example PSN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BAB British Assessment Bureau
ISO/IEC 27001 accreditation date
August 2020
What the ISO/IEC 27001 doesn’t cover
GP Navigator operational analytics.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • NHS Data Security & Protection Toolkit DSPT ref 8JH09
  • DCB0129 Clinical Safety, assured by Safehand
  • Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
The IG officer Debbie Ford reports directly to Chief Executive and IG Lead Harry Longman and ensures that the policies listed below are complete, up to date, accessible via the private website pages to all staff, and that new staff are trained in their application.

Information Security Policy
IG and You Guideline
Mobile Computing and Teleworking Policy & Guideline
Incident Management
IG Improvement Plan
Network Security Policy
Data Flow Mapping Report
Managing change which involves personal data – Procedure
Confidentiality Monitoring and Audit Procedure
DPIA Procedure

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Our configuration and change management approach is fully documented in accordance with the requirements and standards of ISO27001/2013 . We are independently audited annually.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
In depth penetration testing is independently carried out by Pen Test Partners and all risks managed to low level through our development process, on a timescale of same day if critical, one week if severe, 8 weeks for moderate or low.

Routine automated penetration testing is carried out by our independent test supplier nFocus Ltd.

Information may be obtained from the above tests, but also from public domain alerts or private channels, all of which are evaluated.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Potential compromises are identified by the Solarwinds monitoring software and alerts are generated to the Xicon service desk by email and to Xicon engineers by text (depending on severity)
P1 alerts are responded to within 15 minutes
P2 alerts are responded to within 3.25 hours
P3 alerts are responded to within 47.25 elapsed hours
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Incident reporting is covered by our processes as described in our ISO27001 documentation.
Users and our own staff may report incidents from the app, by telephone, email or through the usergroup, all of which come into Zendesk.
The support desk duty person creates an Incident, so that all similar reports may be grouped together and responses co-ordinated.
All users may be alerted in the app or separately by email if required.
Incident reports are then generated directly from Zendesk incidents.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Yes
Connected networks
Health and Social Care Network (HSCN)

Pricing

Price
£0.79 to £1.90 a person a year
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Our demo enables GPs to simulate patient episodes with demo data. They make decisions, record answers and receive a full set of results online.
Any number of colleagues may be invited to the same demo practice.
Available for 1 months.

Service documents