GP Access Ltd
askmyGP
Much more than online consultations (econsultations or econsults), askmyGP is the complete workflow solution for GP practices. Ease of use for patients moves typically 60 - 80% of demand online, enabling GP digital triage within minutes, assignment to an appropriate clinician and same day completion. System change enabled by technology.
Features
- Patients/parents/carers seek help at any time on any problem, online
- Searching on any medical problem, patients get NHS self help
- Information is sent securely from patient to GP via N3/HSCN
- Complete workflow management and performance analytics
- GP practice staff operate their own secure portal within N3/HSCN
- Reception staff identify the patient and assign to a clinician
- GP digital triage takes seconds to decide on appropriate help
- Full two way secure messaging, telephone, appointment as needed.
- Photo attachment facility for patients sending request.
- Integration with clinical system one click copy/paste
Benefits
- Patients get help faster (80% same day), can name GP
- Secure messaging eliminates wait for answer on telephone
- Clinically useful information is gathered from the patient before consultation
- Reception staff are better informed for care navigation
- Data from 250,000 episodes show 60-70% are completed remotely
- GPs see patients only as needed, typically saving 3 minutes
- Free text information reduces time to take history
- DNAs (Did Not Attends) drop by 80%
- Efficiency gains evidenced eg 5,000 patients with single hander GP
- The burden and stress of overwork is lifted from GPs
Pricing
£0.25 to £1.90 per person per year
- Free trial available
Service documents
Framework
G-Cloud 10
Service ID
311989060241372
Contact
Service scope
Software add-on or extension | No |
Cloud deployment model | Hybrid cloud |
Service constraints |
Patients can access on any internet connected device. GP practice staff can access the portal only on a secure NHS compliant network (N3/HSCN) via web browser. |
System requirements |
|
User support
Email or online ticketing support | Email or online ticketing |
Support response times | Typical email response is within 60 minutes in working hours. |
User can manage status and priority of support tickets | No |
Phone support | Yes |
Phone support availability | 9 to 5 (UK time), Monday to Friday |
Web chat support | No |
Onsite support | Yes, at extra cost |
Support levels |
Basic: full remote support and online training is provided to enable all users to operate the provider portal, and system administrators to configure the software to local needs. Transform: training provided as above, and change programme gives choice of remote or on-site support, see pricing document Personal training partner works with all Transform customers. Improve: askmyGP subscripton pluse support for continuous improvement, with all operational performance analytics through GP Navigator and support from a personal training partner. |
Support available to third parties | No |
Onboarding and offboarding
Getting started |
We provide comprehensive training for users through on demand video, a comprehensive online manual and personal support by phone, video conference and email. We configure links for patients to access help from their own GP practice and set these up on the practice website, or support self installation if preferred. |
Service documentation | Yes |
Documentation formats |
|
End-of-contract data extraction |
There is no need to extract data at the end of contract, as all data is transferred from the system to the customer in the normal course of business, day by day. If any remains, it is transferred by the normal route (portal in the GP practice) after the patient facing service is removed, within a 30 day period (or less if completed). If preferred, a secure bulk transfer can be arranged. |
End-of-contract process | No extra charges apply: the practice is informed in writing that the contract ends with 28 days notice. On the end date, the askmyGP link in the practice website becomes inactive and a notice informs patients that the service is inactive. The GP practice then removes the link from the website and no longer needs to access the portal. 30 days after contract end the portal becomes inactive. |
Using the service
Web browser interface | Yes |
Supported browsers |
|
Application to install | No |
Designed for use on mobile devices | Yes |
Differences between the mobile and desktop service |
Patients may use a mobile device (60% do so), tablet or PC. GP practice staff would normally use a PC. There is no restriction on using smaller devices, if they have the correct network security, but this is not usually advised for the provider portal. |
Accessibility standards | WCAG 2.0 AA or EN 301 549 |
Accessibility testing | Formal testing has been with standard devices. |
API | No |
Customisation available | Yes |
Description of customisation |
AskmyGP is set up to run straight away with useful defaults. Yet it allows a high degree of customisation to meet the needs of all kinds and sizes of practice. Service times, in and out of hours, are easily set, as is the availability of clinical staff. Standard questions and messages can be set for all patients and configured by users to their own preference. Users can manage their own profile in the portal, set preferences for their workflow and manage their day. |
Scaling
Independence of resources | Our hosting providers offer scalable options so we purchase capacity in line with user volumes. Note that scaling is around peak hour usage (8-9am, Mondays), not average usage. |
Analytics
Service usage metrics | Yes |
Metrics types |
Patient demand, runcharts by month/day/week. Hourly demand pattern Service response and completion times Patient demographics by age/sex Patient usage frequency chart Patient feedback analysis Episodes completed by staff Resolve rates by message/phone/face to face |
Reporting types |
|
Resellers
Supplier type | Not a reseller |
Staff security
Staff security clearance | Staff screening not performed |
Government security clearance | None |
Asset protection
Knowledge of data storage and processing locations | Yes |
Data storage and processing locations | United Kingdom |
User control over data storage and processing locations | No |
Datacentre security standards | Complies with a recognised standard (for example CSA CCM version 3.0) |
Penetration testing frequency | At least once a year |
Penetration testing approach | ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider |
Protecting data at rest | Physical access control, complying with SSAE-16 / ISAE 3402 |
Data sanitisation process | Yes |
Data sanitisation type | Deleted data can’t be directly accessed |
Equipment disposal approach | In-house destruction process |
Data importing and exporting
Data export approach | Each time a patient uses the askmyGP service, an episode is created. The data concerning the episode is copied into the practice clinical system every time, so that data export in bulk is not required. |
Data export formats | CSV |
Data import formats | Other |
Other data import formats | Text, all that is needed as input by the patient. |
Data-in-transit protection
Data protection between buyer and supplier networks | Private network or public sector network |
Data protection within supplier network | Other |
Other protection within supplier network | All communications and data storage are within N3. |
Availability and resilience
Guaranteed availability | The service level guarantee is 99.99%. Users are refunded pro rata for any full day when service is unavailable through the supplier's fault. This has never been necessary. |
Approach to resilience |
Our hosting is with an industry leading N3/HSCN supplier (Xicon Ltd). More details are available on request. |
Outage reporting | Email alerts report any outage of more than 2 hours. |
Identity and authentication
User authentication needed | Yes |
User authentication |
|
Access restrictions in management interfaces and support channels |
Users must create a login and password (validated 8 char minimum, lowercase, uppercase and numeric). Access is controlled to be within N3/HSCN. |
Access restriction testing frequency | At least once a year |
Management access authentication |
|
Audit information for users
Access to user activity audit information | Users have access to real-time audit information |
How long user audit data is stored for | User-defined |
Access to supplier activity audit information | Users have access to real-time audit information |
How long supplier audit data is stored for | User-defined |
How long system logs are stored for | At least 12 months |
Standards and certifications
ISO/IEC 27001 certification | No |
ISO 28000:2007 certification | No |
CSA STAR certification | No |
PCI certification | No |
Other security certifications | Yes |
Any other security certifications |
|
Security governance
Named board-level person responsible for service security | Yes |
Security governance certified | Yes |
Security governance standards | Other |
Other security governance standards | NHS IG Toolkit, organisation code 8JH09, v 14.1 completed and satisfactory. |
Information security policies and processes |
The IG officer Debbie Ford reports directly to Chief Executive and IG Lead Harry Longman and ensures that the policies listed below are complete, up to date, accessible via the private website pages to all staff, and that new staff are trained in their application. GP Access Information Security Policy GP Access IG and You Guideline GP Access – Mobile Computing and Teleworking Policy & Guideline GP Access Incident Management GP Access – IG Improvement Plan GP Access Network Security Policy GP Access data flow mapping plan GP Access Data Flow Mapping Report GP Access Managing change which involves personal data – Procedure GP Access Confidentiality Monitoring and Audit Procedure GP access PIA Procedure |
Operational security
Configuration and change management standard | Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402 |
Configuration and change management approach | Our software is designed and managed in accordance with SCCI 0129 for the safety of clinical systems. The process is managed by Dr Adrian Stavert Dobson our Clinical Safety Officer. He wrote the Hazard Register and Safety Case and involves the management and development teams, along with feedback from users, in actively maintaining these documents and processes. Issues and releases are managed through the JIRA process. |
Vulnerability management type | Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402 |
Vulnerability management approach |
Our lead developers RedpixelYellowpixel run our in house vulnerability tests including seige testing of the askmyGP software. Any change in threat level we address immediately, normally same day, and as the software is hosted it can be simply updated in one instance after regression testing the new version. Penetration testing is independently carried out by Digital Assurance and all risks managed to low level through our development process. We solicit feedback directly from users with an integrated webform, submissions from which are emailed to the lead developer, CSO and Chief Executive. |
Protective monitoring type | Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402 |
Protective monitoring approach |
Every authorised user has an admin webpage with a feedback form. This can be sent at any time, highlighting a problem (or suggestion) and is normally responded to within 60 minutes during working hours. A telephone number is also provided, operating office hours with an alert process to the operations manager and chief executive. Escalation can be carried out within 60 minutes to the hosting provider if necessary. In addition, daily reporting highlights unusual conditions. |
Incident management type | Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402 |
Incident management approach |
Users can report from their admin page via online form or phone. Within 60 minutes a test is run to verify the problem, and appropriate action is then taken to alert that part of the system which has failed. Where the loss is practice access to the system, as soon as possible and within 60 minutes at most tests are run to establish the cause, and then if necessary an email alert is sent to all users if it cannot be fixed within 2 hours. Reports are recorded and documented within 48 hours. |
Secure development
Approach to secure software development best practice | Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0) |
Public sector networks
Connection to public sector networks | Yes |
Connected networks | New NHS Network (N3) |
Pricing
Price | £0.25 to £1.90 per person per year |
Discount for educational organisations | No |
Free trial available | Yes |
Description of free trial | Our "Digital Triage Toe Test" enables GPs to simulate using askmyGP with real but anonymised and randomised patient data. They make triage decisions, record their answers and receive a full set of results online. |
Documents
Pricing document | View uploaded document |
Service definition document | View uploaded document |
Terms and conditions document | View uploaded document |