In Your Element Ltd (Trading as Elemental Software)

Social Prescribing Software

Elemental helps organisations to enhance the impact of their social prescribing programmes via their award-winning digital social prescribing products and services. Elemental offers a range of social prescribing solutions designed to support the strategy and practice of self-care and independence in health, housing and the community.

Features

  • Social Prescription Generator
  • Clinical Record Integration
  • API - Social Prescription Connector
  • Directory of Services
  • Health Risk Analysis
  • Analytics Module (Reports, Dashboards & Data Export)
  • EMIS Integration
  • Monitoring Tool
  • Attendance Tracker
  • Self Referral Module

Benefits

  • Referring patients to a range of quality assured community interventions
  • Frees GP time by sending referral straight to relevant hub
  • Connect patient health risks to specific interventions in their community
  • Helping patients better understand health risks using validated monitoring tools
  • Provide accurate epidemiological information to facilitate greater reporting
  • Track patient’s health and wellbeing improvement journey in real time
  • Generate bookings with providers using a patient's personal calendar
  • Provide analytics to justify commissioning
  • Crossreference health journeys against specific and cohort health risks
  • Facilitate, track and measure attendance rates

Pricing

£20000 per licence per year

Service documents

Framework

G-Cloud 11

Service ID

3 1 3 5 6 6 1 3 7 8 8 8 6 7 3

Contact

In Your Element Ltd (Trading as Elemental Software)

Helen McPeake

02871 271800

Helen@elementalsoftware.co

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
- Insignia Health (Patient Activation Measure (PAM) Within Flourish System)
- EMIS (Social Prescription Connector within EMIS Web)
- Triangle (Well-being Star)
Cloud deployment model
Public cloud
Service constraints
No, the system is compatible with all modern browsers (that is supported by the vendor), although Chrome is recommended. There are no additional plug-in requirements.
System requirements
Requires a modern browser (that is supported by your vendor)

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within 2 hours
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Web chat and chat bot both available on the website and Zendesk support built into the Elemental platform
Web chat accessibility testing
Initial pilots have been carried out in small focus groups to date. In addition to this, we have recently (in the past month) signed a contract with a large disability charity in Northern Ireland and part of our plans of working together with this charity is to carry out these such tests more frequently and in more detail.
Onsite support
Yes, at extra cost
Support levels
We provide the following support levels;

- As standard a customer support help desk via telephone, email and through our online ticketing platform from 9am-5.30pm Monday to Friday. If any issue needs escalating then second line support will be provided via our in-house development team and the licensee client will have access to one of our cloud support engineers. This standard support is included in the cost of the annual software license fee.

- On-site training for Licensees. A set number of training days is allocated to each licensee depending upon the package option they opt for. Once these days have been used up additional training days can be purchased and are costed at £500 per day.

- Dedicated Project Manager for each licensee client throughout the on-boarding process. Once on-boarding is complete then a dedicated customer support team works with the licensee client post go live. This is included as standard in the cost of the annual software license fee.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
To help users get started with our products we provide a blended learning environment through a combination of;

- Face to Face training workshops
- Online training webinars
- E-learning training
- Online support via our integrated customer support platform Zendesk
- Email support
- Telephone support

In addition to this we also carry out a range of community development tasks that helps engage the community in which the social prescribing platform will be used. This includes;

- Mapping of community assets
- Stakeholder community engagement workshops

This allows us to define a shared vision with partners and stakeholders in order to truly co-design a training programme based on the vision for social prescribing for that area and the strategic objectives around well-being and other indicators.
Service documentation
Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction
At the end of a contract period the user will email us and their data will be compiled and sent to them in an encrypted CSV file.
End-of-contract process
At the end of the contract process, all data will be provided to the client in the form of an encrypted CSV file. This is included in the cost of the annual software license fee.

Any requests to transfer the data in a different format will be considered but there may be an additional cost associated with this.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Yes, the platform layout is responsive and will adapt to display on a range of mobile and desktop screens.
Service interface
Yes
Description of service interface
Elemental’s award-winning platform is easy to use, cloud-based, and responsive that;
-Measures the uptake and impact of social prescribing
-Tracks user journeys
-Measures the impact on the person, the community and the health and social care system
-Delivers on national/ regional and local community health strategies

Elemental’s platform has several USPs. The most significant is that its a fully integrated 5-way system, linking;
1-Referral Agents (Typically health and social care professionals, other examples include Housing, Fire Service, Police Service, etc)
2-Referral Handlers (Typically Social Prescribing staff)
3-Local providers of Social Prescribing interventions (Typically VCSE organisations)
4-Patients
5-Commissioners
Accessibility standards
None or don’t know
Description of accessibility
Elemental's service interface is available in the following ways to all users (as mentioned in above question), using an individual username and password for users. Different access points include;
-Via a web-browser
-Via a dedicated self-refer kiosk
-Via a customer Website powered by Elemental on the back-end
-Via EMIS Partner API within EMISWeb
-Via Elemental's own API to a variety of partner platforms (i.e. directory of services)

Users are supported digitally with Elemental right across the social prescribing journey from making a referral to co-creating a social prescription package and supporting a patient along their journey to better health outcomes.
Accessibility testing
Initial pilots have been carried out in small focus groups to date. In addition to this, we have recently (in the past month) signed a contract with a large disability charity in Northern Ireland and part of our plans of working together with this charity is to carry out these such tests more frequently and in more detail.
API
Yes
What users can and can't do using the API
We currently have an API service.

It provides User management (Create, Read, Update, Delete) and search features for registered and authorised users of our system via a REST interface.
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
What can be customised?
The set up of the platform can be customised depending on:
- Who is making referrals. Referrals can be set to be received via the standalone platform or via several clinical systems/in house systems i.e. EMIS Web
- What they want to use the platform to capture. For example, the monitoring tools that the licensee wishes to use can be customised (Elemental has several commercial partnerships set up with companies like Insignia (PAM scores) Triangle (Outcomes star)).
- User functionality can be customised to ensure that the project pathways are managed and followed
- Reporting and KPIs can be customised per customer

How can users customise?
- Customisation is done within the hub management area of the platform for that particular licensee

Who can customise?
- Only those nominated as super users for that particular licensee hub can customise for the licensee

Scaling

Independence of resources
Our system is built in the Amazon Cloud and is deployed across multiple availability zones. This is to ensure it is both resilient to hardware failure and scalable should demand require. Based on the System Metrics, we can quickly provision additional virtual servers to cope with demand when it arises.

Analytics

Service usage metrics
Yes
Metrics types
Per Licensee:
-Reports: Patient Progress (Health Journey), Patient Attendance + Health Journey, Intervention Activity (upcoming meetings), Activity Report (Referrals - Sources and Destinations, Case Status updates, Social Prescriptions to Interventions), Programme Report (Targets / Actuals, Interventions), User Health Journeys

-User Count (for each role)

Other metrics are via request (available on SysAdmin dashboard)

-System Metrics: (the time for the server to respond to the request) - Total Requests, Average Transaction Time, Per Component (Page), Average Transaction Time, Max Transaction Time
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Other
Other data at rest protection approach
- Amazon WebServices RDS settings include an ‘encrypted at rest’ option
- All automated backups are also encrypted
- All sensitive data (within the data) is encrypted at field level.
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Users can contact Elemental for a complete copy of their data. There is a self-service feature in development to handle this.
Data export formats
  • CSV
  • Other
Other data export formats
JSON
Data import formats
  • CSV
  • Other
Other data import formats
JSON

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
In addition, all sensitive data transmitted within the Server’s VPC (Virtual Private Cloud) network is also encrypted. This is achieved by utilising field level encryption in any sensitive fields within the database.
Data protection within supplier network
Other
Other protection within supplier network
All platform data is secured on AWS. Access to server instances is via secure ssh sessions. All confidential data is encrypted.

Availability and resilience

Guaranteed availability
Our system is resilient to hardware or zone failure. Uptime over the last few years is close to 100%. Either party may terminate the Service Level Agreement - if it gives the other no less than 3 months’ notice in writing, such notice to expire no sooner than the end of the Initial Period or any subsequent Renewal Period.

A party may end this call-off contract if the other party is affected by a Force Majeure event that lasts for more than 30 consecutive days.
Approach to resilience
The system is deployed across multiple Availability Zones within the AWS infrastructure. Should any part fail, or a zone fail entirely, this is detected and the other nodes handle the load until the issue is resolved.
Outage reporting
Performance is automatically monitored and issues are sent to the engineering team via email and slack.

Service outages (scheduled/unscheduled) are made public via our Zendesk powered forum.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
  • Other
Other user authentication
Users currently log in using a username and password. The password is ‘hashed’ and can only be reset (not requested).
Access restrictions in management interfaces and support channels
All management and support channels are secured using Username and password.

Management channels are limited to specific user roles.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
Description of management access authentication
Access to servers is restricted using Public Key Authentication (a PEM certificate file securely stored)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • Data Security & Protection compliant
  • Cyber Essentials
  • Working towards ISO27001

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
Data Security & Protection (DSP) compliant and Cyber Essentials compliant (certified through IASME consortium). Working towards ISO27001.
Information security policies and processes
Alongside our 'Privacy by Design' approach to protecting data, we ensure the maximum security of data that is processed, including as a priority, when shared, disclosed and transferred. Our Information Security Policy & Procedures provide the detailed measures and controls that we take to protect personal information and to ensure its security from consent to disposal.
We carry out information audits to ensure that all personal data held and processed by us is accounted for and recorded, alongside risk assessments as to the scope and impact a data breach could have on data subject(s). We have implemented adequate and appropriate technical and organisational measures to ensure a level of security appropriate to the risk.
Whilst every effort and measure is taken to reduce the risk of data breaches, the Company has dedicated controls and procedures in place for such situations, along with the notifications to be made to the Supervisory Authority and data subjects.
Through our strong commitment and robust controls, we ensure that all staff understand, have access to and can easily interpret the data protection laws requirements and its Principles and that they have ongoing training, support, and assessments to ensure and demonstrate their knowledge, competence, and adequacy.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We have no physical assets upon which live data and processes run. Our service runs on secure AWS instances. The only people with accesses to this are senior engineers who have RSA keys stored securely on their PCs, which are encrypted and password protected.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
All processes and data are securely stored on AWS instances, and all confidential data is encrypted.

User access is over HTTP and is Username/Password protected. Multiple failed login attempts will lock users out of the system temporally to disrupt brute force attacks.

Multi-Factor Authentication work is in progress

Server logs are monitored and alarms set to flag suspicious activity.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
System logs, system load and response times are monitored for suspicious activity. Users can also contact us if they suspect something. If a compromise is suspected all senior staff are notified immediately. Senior engineers analyse the system.
Depending on the nature of the threat, we can blacklist the connection performing the attack temporarily close all incoming connections to protect the data.
All relevant parties are notified and report given as to what happened, and if any data was compromised. If such an incident were to occur senior engineers would respond ASAP, normally detected within seconds and responded to within minutes.
Incident management type
Supplier-defined controls
Incident management approach
We have a designated Data Protection Officer (DPO). Users can report directly to the DPO if they suspect anything via email, phone or support website.

Incident reports are supplied over secure connection to any parties affected by an incident.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
Yes
Connected networks
NHS Network (N3)

Pricing

Price
£20000 per licence per year
Discount for educational organisations
No
Free trial available
No

Service documents

Return to top ↑