Social Prescribing Software
Elemental helps organisations to enhance the impact of their social prescribing programmes via their award-winning digital social prescribing products and services. Elemental offers a range of social prescribing solutions designed to support the strategy and practice of self-care and independence in health, housing and the community.
- Social Prescription Generator
- Clinical Record Integration
- API - Social Prescription Connector
- Directory of Services
- Health Risk Analysis
- Analytics Module (Reports, Dashboards & Data Export)
- EMIS Integration
- Monitoring Tool
- Attendance Tracker
- Self Referral Module
- Referring patients to a range of quality assured community interventions
- Frees GP time by sending referral straight to relevant hub
- Connect patient health risks to specific interventions in their community
- Helping patients better understand health risks using validated monitoring tools
- Provide accurate epidemiological information to facilitate greater reporting
- Track patient’s health and wellbeing improvement journey in real time
- Generate bookings with providers using a patient's personal calendar
- Provide analytics to justify commissioning
- Crossreference health journeys against specific and cohort health risks
- Facilitate, track and measure attendance rates
£20000 per licence per year
In Your Element Ltd (Trading as Elemental Software)
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||
- Insignia Health (Patient Activation Measure (PAM) Within Flourish System)
- EMIS (Social Prescription Connector within EMIS Web)
- Triangle (Well-being Star)
|Cloud deployment model||Public cloud|
|Service constraints||No, the system is compatible with all modern browsers (that is supported by the vendor), although Chrome is recommended. There are no additional plug-in requirements.|
|System requirements||Requires a modern browser (that is supported by your vendor)|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Within 2 hours|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||Web chat|
|Web chat support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support accessibility standard||None or don’t know|
|How the web chat support is accessible||Web chat and chat bot both available on the website and Zendesk support built into the Elemental platform|
|Web chat accessibility testing||Initial pilots have been carried out in small focus groups to date. In addition to this, we have recently (in the past month) signed a contract with a large disability charity in Northern Ireland and part of our plans of working together with this charity is to carry out these such tests more frequently and in more detail.|
|Onsite support||Yes, at extra cost|
We provide the following support levels;
- As standard a customer support help desk via telephone, email and through our online ticketing platform from 9am-5.30pm Monday to Friday. If any issue needs escalating then second line support will be provided via our in-house development team and the licensee client will have access to one of our cloud support engineers. This standard support is included in the cost of the annual software license fee.
- On-site training for Licensees. A set number of training days is allocated to each licensee depending upon the package option they opt for. Once these days have been used up additional training days can be purchased and are costed at £500 per day.
- Dedicated Project Manager for each licensee client throughout the on-boarding process. Once on-boarding is complete then a dedicated customer support team works with the licensee client post go live. This is included as standard in the cost of the annual software license fee.
|Support available to third parties||Yes|
Onboarding and offboarding
To help users get started with our products we provide a blended learning environment through a combination of;
- Face to Face training workshops
- Online training webinars
- E-learning training
- Online support via our integrated customer support platform Zendesk
- Email support
- Telephone support
In addition to this we also carry out a range of community development tasks that helps engage the community in which the social prescribing platform will be used. This includes;
- Mapping of community assets
- Stakeholder community engagement workshops
This allows us to define a shared vision with partners and stakeholders in order to truly co-design a training programme based on the vision for social prescribing for that area and the strategic objectives around well-being and other indicators.
|End-of-contract data extraction||At the end of a contract period the user will email us and their data will be compiled and sent to them in an encrypted CSV file.|
At the end of the contract process, all data will be provided to the client in the form of an encrypted CSV file. This is included in the cost of the annual software license fee.
Any requests to transfer the data in a different format will be considered but there may be an additional cost associated with this.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||Yes, the platform layout is responsive and will adapt to display on a range of mobile and desktop screens.|
|Accessibility standards||None or don’t know|
|Description of accessibility||
Elemental's service interface is available in the following ways to all users (as mentioned in above question), using an individual username and password for users. Different access points include;
-Via a web-browser
-Via a dedicated self-refer kiosk
-Via a customer Website powered by Elemental on the back-end
-Via EMIS Partner API within EMISWeb
-Via Elemental's own API to a variety of partner platforms (i.e. directory of services)
Users are supported digitally with Elemental right across the social prescribing journey from making a referral to co-creating a social prescription package and supporting a patient along their journey to better health outcomes.
|Accessibility testing||Initial pilots have been carried out in small focus groups to date. In addition to this, we have recently (in the past month) signed a contract with a large disability charity in Northern Ireland and part of our plans of working together with this charity is to carry out these such tests more frequently and in more detail.|
|What users can and can't do using the API||
We currently have an API service.
It provides User management (Create, Read, Update, Delete) and search features for registered and authorised users of our system via a REST interface.
|API documentation formats||Open API (also known as Swagger)|
|API sandbox or test environment||Yes|
|Description of customisation||
What can be customised?
The set up of the platform can be customised depending on:
- Who is making referrals. Referrals can be set to be received via the standalone platform or via several clinical systems/in house systems i.e. EMIS Web
- What they want to use the platform to capture. For example, the monitoring tools that the licensee wishes to use can be customised (Elemental has several commercial partnerships set up with companies like Insignia (PAM scores) Triangle (Outcomes star)).
- User functionality can be customised to ensure that the project pathways are managed and followed
- Reporting and KPIs can be customised per customer
How can users customise?
- Customisation is done within the hub management area of the platform for that particular licensee
Who can customise?
- Only those nominated as super users for that particular licensee hub can customise for the licensee
|Independence of resources||Our system is built in the Amazon Cloud and is deployed across multiple availability zones. This is to ensure it is both resilient to hardware failure and scalable should demand require. Based on the System Metrics, we can quickly provision additional virtual servers to cope with demand when it arises.|
|Service usage metrics||Yes|
-Reports: Patient Progress (Health Journey), Patient Attendance + Health Journey, Intervention Activity (upcoming meetings), Activity Report (Referrals - Sources and Destinations, Case Status updates, Social Prescriptions to Interventions), Programme Report (Targets / Actuals, Interventions), User Health Journeys
-User Count (for each role)
Other metrics are via request (available on SysAdmin dashboard)
-System Metrics: (the time for the server to respond to the request) - Total Requests, Average Transaction Time, Per Component (Page), Average Transaction Time, Max Transaction Time
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Supplier-defined controls|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||Other|
|Other data at rest protection approach||
- Amazon WebServices RDS settings include an ‘encrypted at rest’ option
- All automated backups are also encrypted
- All sensitive data (within the data) is encrypted at field level.
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||In-house destruction process|
Data importing and exporting
|Data export approach||Users can contact Elemental for a complete copy of their data. There is a self-service feature in development to handle this.|
|Data export formats||
|Other data export formats||JSON|
|Data import formats||
|Other data import formats||JSON|
|Data protection between buyer and supplier networks||
|Other protection between networks||In addition, all sensitive data transmitted within the Server’s VPC (Virtual Private Cloud) network is also encrypted. This is achieved by utilising field level encryption in any sensitive fields within the database.|
|Data protection within supplier network||Other|
|Other protection within supplier network||All platform data is secured on AWS. Access to server instances is via secure ssh sessions. All confidential data is encrypted.|
Availability and resilience
Our system is resilient to hardware or zone failure. Uptime over the last few years is close to 100%. Either party may terminate the Service Level Agreement - if it gives the other no less than 3 months’ notice in writing, such notice to expire no sooner than the end of the Initial Period or any subsequent Renewal Period.
A party may end this call-off contract if the other party is affected by a Force Majeure event that lasts for more than 30 consecutive days.
|Approach to resilience||The system is deployed across multiple Availability Zones within the AWS infrastructure. Should any part fail, or a zone fail entirely, this is detected and the other nodes handle the load until the issue is resolved.|
Performance is automatically monitored and issues are sent to the engineering team via email and slack.
Service outages (scheduled/unscheduled) are made public via our Zendesk powered forum.
Identity and authentication
|User authentication needed||Yes|
|Other user authentication||Users currently log in using a username and password. The password is ‘hashed’ and can only be reset (not requested).|
|Access restrictions in management interfaces and support channels||
All management and support channels are secured using Username and password.
Management channels are limited to specific user roles.
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
|Description of management access authentication||Access to servers is restricted using Public Key Authentication (a PEM certificate file securely stored)|
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||Other|
|Other security governance standards||Data Security & Protection (DSP) compliant and Cyber Essentials compliant (certified through IASME consortium). Working towards ISO27001.|
|Information security policies and processes||
Alongside our 'Privacy by Design' approach to protecting data, we ensure the maximum security of data that is processed, including as a priority, when shared, disclosed and transferred. Our Information Security Policy & Procedures provide the detailed measures and controls that we take to protect personal information and to ensure its security from consent to disposal.
We carry out information audits to ensure that all personal data held and processed by us is accounted for and recorded, alongside risk assessments as to the scope and impact a data breach could have on data subject(s). We have implemented adequate and appropriate technical and organisational measures to ensure a level of security appropriate to the risk.
Whilst every effort and measure is taken to reduce the risk of data breaches, the Company has dedicated controls and procedures in place for such situations, along with the notifications to be made to the Supervisory Authority and data subjects.
Through our strong commitment and robust controls, we ensure that all staff understand, have access to and can easily interpret the data protection laws requirements and its Principles and that they have ongoing training, support, and assessments to ensure and demonstrate their knowledge, competence, and adequacy.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||We have no physical assets upon which live data and processes run. Our service runs on secure AWS instances. The only people with accesses to this are senior engineers who have RSA keys stored securely on their PCs, which are encrypted and password protected.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
All processes and data are securely stored on AWS instances, and all confidential data is encrypted.
User access is over HTTP and is Username/Password protected. Multiple failed login attempts will lock users out of the system temporally to disrupt brute force attacks.
Multi-Factor Authentication work is in progress
Server logs are monitored and alarms set to flag suspicious activity.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
System logs, system load and response times are monitored for suspicious activity. Users can also contact us if they suspect something. If a compromise is suspected all senior staff are notified immediately. Senior engineers analyse the system.
Depending on the nature of the threat, we can blacklist the connection performing the attack temporarily close all incoming connections to protect the data.
All relevant parties are notified and report given as to what happened, and if any data was compromised. If such an incident were to occur senior engineers would respond ASAP, normally detected within seconds and responded to within minutes.
|Incident management type||Supplier-defined controls|
|Incident management approach||
We have a designated Data Protection Officer (DPO). Users can report directly to the DPO if they suspect anything via email, phone or support website.
Incident reports are supplied over secure connection to any parties affected by an incident.
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||Yes|
|Connected networks||NHS Network (N3)|
|Price||£20000 per licence per year|
|Discount for educational organisations||No|
|Free trial available||No|