Outcomes Based Healthcare

OBH® Segmentation Engine

The OBH® Segmentation Engine and Model provide an essential, core backbone for population health management data analytics work across different local NHS and local authority organisations, and their health and care partners. OBH’s methodology is based on the Bridges to Health segmentation model.


  • Identify baseline segmentation profiles using historical data
  • Make statistical adjustments to allow for meaningful comparison
  • Monitor trends in population segments with minimal time lag
  • In depth cohort and whole population level segmentation analytics
  • Application of data-driven and clinically robust population segmentation model
  • Data-driven, accurate measurement of Healthy Lifespan® or HealthSpan®
  • System-level view of segments, consistent with population health management requirements


  • Segmentation analytics allows for real insight into populations
  • Confidence that Information Governance rules are followed
  • Timeliness of reporting allows for in-year contracting
  • Key quality improvement insights for successful population health management


£75,000 a licence a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at obh@outcomesbasedhealthcare.com. Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

2 9 1 7 1 6 7 5 5 6 0 7 4 4 7


Outcomes Based Healthcare Rupert Dunbar-Rees
Telephone: 02074361899
Email: obh@outcomesbasedhealthcare.com

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
1. Client must have legal access to data for segmentation
2. Updates are dependant on timely access to data
3. Accuracy depends on access to multiple linked data sources
System requirements
  • Modern browser which is internet accessible
  • SQL Database

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within 24h on weekdays.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Level 0 is in the form of a) documentation describing the segmentation, b)templates for data sharing agreements related to data flows to OBH, c) specifications for data extractions. These are included in the contract. Level 1 is included as contracted hours of support for queries / questions related to the Segmentation Engine. Level 2 is any support required above and beyond the contracted hours and will be based on the rate card.
Support available to third parties

Onboarding and offboarding

Getting started
Basic training is included in the initial purchase of the cloud software. Additional support can be purchased via services provided in lot 3 (cloud support).
Service documentation
Documentation formats
End-of-contract data extraction
Data extraction is provided only as part of the contracted services. There is no additional data extraction at the end of the contract.
End-of-contract process
Access to the Segementation Engine and outputs is removed. Data is removed and destroyed depending on the contract in accordance with IG regulations.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Service interface
Customisation available


Independence of resources
A 99.99% uptime SLA is in place with the hosting server provider. Servers can be resized when usage increases beyond required levels. Independent servers can be provided for users at the prevailing rate when requested.


Service usage metrics


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
Less than once a year
Penetration testing approach
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
With selection of the Data Model output, the model and data is supplied as a set of SQL files defining the model and csv files containing the model data. There is no functionality to export data with selection of the dashboard.
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
A firewall is installed on the server. TLS connections are in place between data servers and users. File data is stored on encrypted blocks on the storage servers. Access to data is also password protected.

Availability and resilience

Guaranteed availability
99.99% uptime SLA with server provider and contractual commitment.
Approach to resilience
Multiple servers are load balanced when required. In addition, there is a contractual commitment from the server provider for any required uptime.
Outage reporting
Email to registered client and/or a notification on the company / service website.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
Management interface access is through role-based access for defined usernames and passwords. Support channels are restricted by direct contact with individuals including email and telephone.
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
OBH ensures that all members of our staff are aware of, and comply with, relevant legislation, including the Data Protection Act and more recently, General Data Protection Regulation. In addition, OBH maintains policies which describe the principles of information security management and how these shall be implemented within OBH. OBH will assist staff to identify and implement information security as an integral part of their day-to-day role within the company. OBH will also safeguard information relating to staff and clients under the control of the company.
Information security policies and processes
OBH holds its own Information Security and Information Governance policies. In addition, OBH is compliant with the NHS Digital Data Security and Protection Toolkit as a Commercial Third Party, having secured 100%.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Configuration is managed as part of the installation process for a buyer and any changes are made after communicating to buyers about expected impact, if any. Any requirements changes are analysed for impact assessment and for budgetary considerations.
Vulnerability management type
Vulnerability management approach
Potential threats are assessed and managed through a variety of means. These include security software running on servers as well as third party hosting providers assessing threats and scanning hardware. Patches can be deployed as quickly as same day, depending on the required solution. Monitoring on the hosting servers will also report potential threats directly to OBH staff.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Monitoring on servers report potential issues and compromises on a regular basis. This monitoring allows OBH staff to action any relevant response within minutes of any potential issue, if required.
Incident management type
Supplier-defined controls
Incident management approach
The OBH Information Security Policy defines the incident management process. Incidents are reported to the SIRO or IG lead (depending on the nature of the incident) and these are recorded, analysed and investigated.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£75,000 a licence a year
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at obh@outcomesbasedhealthcare.com. Tell them what format you need. It will help if you say what assistive technology you use.