OBH® Segmentation Engine
The OBH® Segmentation Engine and Model provide an essential, core backbone for population health management data analytics work across different local NHS and local authority organisations, and their health and care partners. OBH’s methodology is based on the Bridges to Health segmentation model.
Features
- Identify baseline segmentation profiles using historical data
- Make statistical adjustments to allow for meaningful comparison
- Monitor trends in population segments with minimal time lag
- In depth cohort and whole population level segmentation analytics
- Application of data-driven and clinically robust population segmentation model
- Data-driven, accurate measurement of Healthy Lifespan® or HealthSpan®
- System-level view of segments, consistent with population health management requirements
Benefits
- Segmentation analytics allows for real insight into populations
- Confidence that Information Governance rules are followed
- Timeliness of reporting allows for in-year contracting
- Key quality improvement insights for successful population health management
Pricing
£75,000 a licence a year
Service documents
Request an accessible format
Framework
G-Cloud 12
Service ID
2 9 1 7 1 6 7 5 5 6 0 7 4 4 7
Contact
Outcomes Based Healthcare
Rupert Dunbar-Rees
Telephone: 02074361899
Email: obh@outcomesbasedhealthcare.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
-
1. Client must have legal access to data for segmentation
2. Updates are dependant on timely access to data
3. Accuracy depends on access to multiple linked data sources - System requirements
-
- Modern browser which is internet accessible
- SQL Database
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Within 24h on weekdays.
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- Level 0 is in the form of a) documentation describing the segmentation, b)templates for data sharing agreements related to data flows to OBH, c) specifications for data extractions. These are included in the contract. Level 1 is included as contracted hours of support for queries / questions related to the Segmentation Engine. Level 2 is any support required above and beyond the contracted hours and will be based on the rate card.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Basic training is included in the initial purchase of the cloud software. Additional support can be purchased via services provided in lot 3 (cloud support).
- Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- Data extraction is provided only as part of the contracted services. There is no additional data extraction at the end of the contract.
- End-of-contract process
- Access to the Segementation Engine and outputs is removed. Data is removed and destroyed depending on the contract in accordance with IG regulations.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 8
- Internet Explorer 9
- Internet Explorer 10
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari 9+
- Opera
- Application to install
- No
- Designed for use on mobile devices
- No
- Service interface
- No
- API
- No
- Customisation available
- No
Scaling
- Independence of resources
- A 99.99% uptime SLA is in place with the hosting server provider. Servers can be resized when usage increases beyond required levels. Independent servers can be provided for users at the prevailing rate when requested.
Analytics
- Service usage metrics
- No
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- None
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- EU-US Privacy Shield agreement locations
- User control over data storage and processing locations
- No
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- Less than once a year
- Penetration testing approach
- In-house
- Protecting data at rest
- Physical access control, complying with CSA CCM v3.0
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- In-house destruction process
Data importing and exporting
- Data export approach
- With selection of the Data Model output, the model and data is supplied as a set of SQL files defining the model and csv files containing the model data. There is no functionality to export data with selection of the dashboard.
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- Other
- Other protection within supplier network
- A firewall is installed on the server. TLS connections are in place between data servers and users. File data is stored on encrypted blocks on the storage servers. Access to data is also password protected.
Availability and resilience
- Guaranteed availability
- 99.99% uptime SLA with server provider and contractual commitment.
- Approach to resilience
- Multiple servers are load balanced when required. In addition, there is a contractual commitment from the server provider for any required uptime.
- Outage reporting
- Email to registered client and/or a notification on the company / service website.
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Username or password
- Access restrictions in management interfaces and support channels
- Management interface access is through role-based access for defined usernames and passwords. Support channels are restricted by direct contact with individuals including email and telephone.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- Between 1 month and 6 months
- Access to supplier activity audit information
- You control when users can access audit information
- How long supplier audit data is stored for
- Between 1 month and 6 months
- How long system logs are stored for
- Between 6 months and 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
- OBH ensures that all members of our staff are aware of, and comply with, relevant legislation, including the Data Protection Act and more recently, General Data Protection Regulation. In addition, OBH maintains policies which describe the principles of information security management and how these shall be implemented within OBH. OBH will assist staff to identify and implement information security as an integral part of their day-to-day role within the company. OBH will also safeguard information relating to staff and clients under the control of the company.
- Information security policies and processes
- OBH holds its own Information Security and Information Governance policies. In addition, OBH is compliant with the NHS Digital Data Security and Protection Toolkit as a Commercial Third Party, having secured 100%.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Configuration is managed as part of the installation process for a buyer and any changes are made after communicating to buyers about expected impact, if any. Any requirements changes are analysed for impact assessment and for budgetary considerations.
- Vulnerability management type
- Undisclosed
- Vulnerability management approach
- Potential threats are assessed and managed through a variety of means. These include security software running on servers as well as third party hosting providers assessing threats and scanning hardware. Patches can be deployed as quickly as same day, depending on the required solution. Monitoring on the hosting servers will also report potential threats directly to OBH staff.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- Monitoring on servers report potential issues and compromises on a regular basis. This monitoring allows OBH staff to action any relevant response within minutes of any potential issue, if required.
- Incident management type
- Supplier-defined controls
- Incident management approach
- The OBH Information Security Policy defines the incident management process. Incidents are reported to the SIRO or IG lead (depending on the nature of the incident) and these are recorded, analysed and investigated.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Pricing
- Price
- £75,000 a licence a year
- Discount for educational organisations
- No
- Free trial available
- No