MyDirectives

MyDirectives

MyDirectives is the world's first cloud-based emergency, critical and advance care plan. It is available to all adults for free. MyDirectives is accessible by medical professionals 24-hours a day anywhere in the world. It is also interoperable with any modern electronic health record.

Features

  • Editable emergency, critical and advance care plan
  • Video signatures and statements
  • Integration and interoperability with electronic medical records
  • Digital signatures
  • Digital audit trail of views and changes
  • 24-hours a day accessibility
  • Population-level analytics
  • Depository for key documents and upload of paper documents
  • Structure advance decision and statement forms
  • Generates printable legal documentation

Benefits

  • Mass adoption of advance decisions and statements
  • Reduction of NHS time spent creating advance decisions and statements
  • Significant evidence-base for cash releasing savings
  • Better co-ordination of emergency and end of life care
  • Increased adherence to patient wishes
  • Greater incidence of organ donation
  • Users spend 10-days less in hospital at end of life
  • Users more likely to die at home
  • Increased awareness of do not resuscitate orders

Pricing

£0.10 to £1 per person per year

Service documents

Framework

G-Cloud 11

Service ID

2 7 2 9 3 6 3 9 1 8 9 8 9 0 9

Contact

MyDirectives

Jonathon Carr-Brown

00 44 7900 271580

jcarr-brown@advaultinc.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
No
System requirements
Modern browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
24 hours
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Each client has a named account executive and access to MyDirectives' personnel 24 hours a day. This account manager will engage technical resources as needed.
Support available to third parties
No

Onboarding and offboarding

Getting started
For the consumer, our system contains a wealth of reference material including videos, help text and other articles to support educating the user on creating a plan. The interaction by a user on the system is intuitive, including delivering pertinent help material for the topic / question currently at hand. While we provide support, we have had tens of thousands of people complete the forms without the need for formal training. Part of the benefit of the MyDirectives approach is health systems no longer need to train professionals to ask individuals questions about their own goals, preferences and priorities. We do, however, provide documentation on APIs and other material pertinent to the kind of integration that might occur with a purchaser of the system.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
As the consumer owns the account, and that account is free, the individual always has access to his or her data. The health system never owns the data; therefore, health systems have no rights to extract the data unless the user has chosen to deposit his or her information with them. Contracts with health care providers allow the ability to search, find, and ask consumers to create emergency, critical and advance care directives.
End-of-contract process
At the end of a contract (with a health care provider) a consumer would still have access to his or her profile on the MyDirectives platform, but the buyer (a health care provider such as a hospital) of the MyDirectives service would no longer have the ability to search the MyDirectives system or prompt patients to create an emergency, critical and advance care plan. The consumer has the ability to share his or her plan with a health care providers of his or her choice at any time.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Our mobile application is a light version of the web experience aimed at younger people and people in a patient care setting to rapidly create a directive and share it with their caregivers and others. The mobile app links with the web experience. Anything created on the mobile device is replicated in the web experience. In particular, video(s) taken on the mobile device will appear in the web version. Currently available in iOS only, we will release an Android version shortly.
Service interface
Yes
Description of service interface
Can be used with screen readers.
Accessibility standards
None or don’t know
Description of accessibility
We are a basic text experience which can be easily crawled and read. We have some informative videos that do not as yet have subtitles.
Accessibility testing
Yes screen readers can use it.
API
Yes
What users can and can't do using the API
MyDirectives uses a suite of APIs to allow partners (but not consumers) to call the service and interrogate MyDirectives' repository and registry of statements. Specific APIs exist for our mobile application that are not accessible to partners in general.
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
We can white label the service, cut down the question range and add questions.

Customization occurs through change order requests either as part of the contract negotiation or subsequent scope of work.

Customization is done by ADVault/MyDirectives' team members.

Scaling

Independence of resources
Our cloud infrastructure scales on demand based on multiple threshold based factors.

Analytics

Service usage metrics
Yes
Metrics types
MyDirectives provides the following metrics:

(1) number of directives created;
(2) when, where and how often a directive has been edited, and what content has been edited;
(3) when, where and who has viewed the directive;
(4) basic demographic data;
(5) anonymised condition data;
(6) anonymised data on preferences, including preferred place of death; and
7) take up of marketing material.

Other reports may be delivered on request via Microsoft SSRS or Tableau.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least every 6 months
Penetration testing approach
In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
An individual user can create and export his or her emergency, critical and advance care plan in PDF or XML (CDA/BlueButton) format. A partner (e.g., a health care provider) can use one of our many integration capabilities to relay data, including HL7v2, XDS.b, Web Services, FHIR and Direct Edge protocols, to extract data.
Data export formats
Other
Other data export formats
  • XML
  • PDF
Data import formats
  • CSV
  • Other
Other data import formats
XML, API/JSON

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We guarantee 99.9% availability. Refunding would not be appropriate for this service.
Approach to resilience
This information is available on request.
Outage reporting
For planned downtime, via email.

For unplanned downtime, via email.

A public dashboard will be available shortly.

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
Management interfaces are not Internet facing. They are protected via username/complex password requirements.

Support channels are email based. They are protected via username/complex password requirements.
Access restriction testing frequency
At least every 6 months
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
(Indirect Applicable to Amazon Web Services), EY CertifyPoint
ISO/IEC 27001 accreditation date
12/11/2013
What the ISO/IEC 27001 doesn’t cover
Please see https://d0.awsstatic.com/certifications/iso_27001_global_certification.pdf
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
(Indirect via Amazon Web Services)
CSA STAR certification level
Level 5: CSA STAR Continuous Monitoring
What the CSA STAR doesn’t cover
Please see https://aws.amazon.com/compliance/csa/
PCI certification
No
Other security certifications
Yes
Any other security certifications
HiTrust via ClearDATA, our managed services provider for cloud resources

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
Other security governance standards
HiTrust
Information security policies and processes
MyDirectives follows the HiTrust framework for policies and processes.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
We follow the ITIL framework for change management and security impact.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
We follow the ITIL framework for assessing threats. Patches are deployed quarterly or as needed for zero day exploits. We get security information from several sources, including our service provider, SANS, Microsoft, and other applicable vendors for the software and services that are components of the system.
Protective monitoring type
Undisclosed
Protective monitoring approach
We follow the ITIL framework for monitoring processes. Log management/review is the typical way we would identify a compromise; however, other services are in place (e.g., IDS) to facilitate rapid identification of attempts to compromise the system. Responding to a compromise or attempts to compromise the system is a complex topic that can be shared on contract / non-disclosure agreement completion.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
We follow the ITIL framework for incident management. Users can report incidents via email, web form or phone. Incident report content and transport are provided as required by law.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£0.10 to £1 per person per year
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
We will offer a free trial for six months for the first healthcare organisation in the UK to trial MyDirectives at scale.
Link to free trial
Www.mydirectives.com

Service documents

Return to top ↑