InTouch Telemedicine

InTouch virtualises healthcare delivery. Telehealth workflows have been developed for numerous clinical use cases, including Stroke, Critical Care, Mental Health, Neonatal Resuscitation, Sepsis response, Outpatient clinics. InTouch has deployed these workflows to more than 3,000 locations globally, including NHS Trusts and six of the top global health systems.


  • Telemedicine consulting within a hospital eg A&E to major specialties
  • Telemedicine consulting between hospitals for sharing expertise
  • Telemedicine consulting to primary care for referral triage
  • Telemedicine consulting to community eg care homes
  • Connectivity to peripherals eg dermacams, otoscopes, stethoscopes, ultrasound
  • Supply of connected certified medical devices for telemedicine
  • Remote education to disseminate specialist expertise to clinicians
  • HiTrust certification of software security
  • Dynamic management of bandwidth to ensure optimal clinical experience
  • 100% availability of the telemedicine network


  • Sharing specialist skills and resources across health and care providers
  • Improved quality of care processes and outcomes
  • Reduced costs of delivering care
  • Care provided closer to need, for improved patient experience
  • Access to specialist care, irrespective of location or time
  • Improved work-life balance, due to virtualisation of specialist advice
  • Remote education to disseminate specialist expertise to clinicians
  • Disseminate and drive adherence to best practice


£780 to £1500 per user per year

Service documents


G-Cloud 11

Service ID

3 2 4 4 8 0 6 8 9 1 8 1 4 6 4



Robin Stern, Director

07785 375700


Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to EPRs, patient-held records, PACS, LHCRE systems
Cloud deployment model Private cloud
Service constraints None.
System requirements
  • OS: Windows 7/8/10, MacOS X10.7.5+, Android, iOS9+ (via app)
  • RAM: 2GB
  • Graphics Card: Min 512 MB video memory, DirectX 10
  • Network speed: 1 mbs upload/download for video
  • Network speed: 0.05 mbs upload/download for audio
  • Network speed: 2 mbs upload/download for group video
  • ED and HD video: minimum 1 mbs to display 480p
  • IOS devices: iPhone, iPad or iPod Touch running iOS 9+
  • Web Camera / Mic: any

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We provide a 24/7/365 Technical Assistance Centre to troubleshoot all support tickets remotely. We provide four levels of support tickets:
- Level 1 (fatal errors) have a response time of 30 mins.
- Level 2 tickets (severe impact) have a response time of 1 hour.
- Level 3 tickets (degraded operations) have a response time of 2 hours.
- Level 4 tickets (minor impact) have a response time of 2 hours.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 24 hours, 7 days a week
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Web Chat is available in our software for registered users. Access and accessibility will be determined by the browser of choice. (In addition, an online Chat facility is available from our thick client software.) Our Web Chat is exclusively plain text-based, and excludes audio, video, graphics elements, captions and colours.
Web chat accessibility testing We are working towards several accessibility standards in our redesign of our UI/UX. At this time our software standards meet minimum requirements. We are working towards standards such as 508 Compliance, W3C WCAG 2.0, W3C WAI-ARIA, and IEC Medical Device Standards.
Onsite support Yes, at extra cost
Support levels We maintain our Technical Assistance Center (TAC). TAC acts as a Tier 1 Support Level to support all InTouch solutions. TAC is staffed 24/7/365 with low wait times and we continue to increase staffing to meet the demands of our call times. Each call is addressed within 30 minutes in accordance with the ticket severity level. Other support options include:
1) Provider Support - we offer live chat functions for immediate assistance when a provider is logged in
2) Patient Support - when customers deploy solutions that require patients to leverage their personal devices to access virtual consultations, we offer first line support to address technical issues or concerns that might arise during patient intake or video consultations.
3) Hardware Support - we proactively monitor by live network operations personnel to ensure maximum availability. We actively monitor all InTouch provided devices to ensure they are ready for use, and if something goes offline, we will proactively reach out to get it turned back online.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started During the implementation stage, we provide training for specific user groups that will be using our software (i.e. admin, provider, etc.)
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction There is no patient-identifiable data stored in the InTouch system, as all such data will have been communicated and stored in customers' connected systems.
End-of-contract process At the end of a contract: if to be ceased, the only potential cost is the removal of any supplied telemedicine devices, the cost of which will be determined by its nature and scale.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Firefox
  • Chrome
  • Safari 9+
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Mobile devices supports a subset of the features of the desktop service. Principally the mobile platform does not support the acquisition and annotation of remote snapshots or video.
Service interface Yes
Description of service interface The service is accessed on a desktop or laptop via a browser or thick client module, or on a mobile device (iOS or Android). It allows a clinical user to attach to a remote telemedicine device and perform a virtual consultation.
Accessibility standards None or don’t know
Description of accessibility In a telemedical consultation, clinical users can:
- observe the remote subject at very high resolution
- communicate with the subject and remote clinical teams
- communicate verbally (privately) with remote clinicians
- capture and annotate snapshots
- capture video
- extend the consultation through the addition of peripheral devices (eg stethoscope, ultrasound).
Accessibility testing We are working towards several accessibility standards in our redesign of our UI/UX. At this time our software standards meet minimum requirements. We are working towards standards such as 508 Compliance, W3C WCAG 2.0, W3C WAI-ARIA, and IEC Medical Device Standards.
What users can and can't do using the API API documentation is, upon contract, available to clients' technical leads. In general terms, the InTouch API is used to integrate the InTouch platform with client EMR/EPR systems via HL7, FHIR, and SmartOn FHIR. Clients who require extensions to the API capabilities should engage with IT Health Partnership.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation We offer a range of configuration tools that will enable construction of virtual interactions to support your clinical and business requirements. In general, the supplier will co-define the scope and then develop and deliver the configured system. The supplier will also train local leads to undertake configuration independently (for which supplier guidance and checks can be provided, if sought).


Independence of resources Our global infrastructure is designed around a mesh network concept, which provides built-in redundancy and failover from 11 data centres around the world. In the event that a data centre reaches capacity or goes offline, all communications are routed through the closest neighbouring data centre.


Service usage metrics Yes
Metrics types We provide the following information: Care Locations, Network Users, Session Data, Location Audit, User Audit, and a glossary.
Reporting types Regular reports


Supplier type Reseller providing extra features and support
Organisation whose services are being resold InTouch Health

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest Other
Other data at rest protection approach AES 256 encryption.
Data sanitisation process No
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach InTouch does not hold clinical data and there is therefore nothing to export. The data generated through telemedicine will be of either audio-only or audio-video formats. The user may opt to record and store such data, and this will be stored in customer-controlled locations, from which customers can access it, for example, for clinical and business analysis.

Session data (ie metadata of telemedicine consultations) will typically include: IP addresses, usernames, device-types and locations. This data can be provided, as required.
Data export formats CSV
Data import formats Other
Other data import formats Upload of data is not supported.

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Other
Other protection between networks All data in transit and at rest is encrypted AES-256.
Data protection within supplier network Other
Other protection within supplier network We follow TLS protocols to protect the transfer of data. AES-256 is used to encrypt all data in transit and at rest to protect classified or sensitive information and data. Where appropriate, InTouch also utilises VPN connections for specific products.

Availability and resilience

Availability and resilience
Guaranteed availability To ensure the highest availability, our platform was architected and designed with dynamic bandwidth management, our platform allows our network to enable telehealth consultation in low bandwidth instances to optimise sessions when limited bandwidth is available, such as when the provider is using a mobile device on a cellular network.

Our network is 100% available, owing to the inbuilt redundancy. We maintain a 99.6% first time connection success rate.
Approach to resilience Our data centres are geographically dispersed for failover, redundancy, and load balancing.
Outage reporting Any scheduled downtime is communicated to the impacted group of customers via email with a two-week notice. Because of redundancy in the network, there is no unscheduled downtime.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
Access restrictions in management interfaces and support channels The InTouch system’s authorisation service is based on a Role Based Access Controls model. For administrative users using management interfaces, the four roles are at the Organisational, Practice, Service and Location levels and access to specific information or capabilities is limited by role.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

Audit information for users
Access to user activity audit information Users receive audit information on a regular basis
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users receive audit information on a regular basis
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications HiTrust-CSF. Based on ISO27001, HIPAA, NIST. Formal ISO27001 certification imminent.

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards InTouch is compliant with Hitrust CSF, which is built on the foundations of ISO27001, GDPR and NIST. InTouch has extensive policies on IT security, written in accordance with ISO 27001 requirements. InTouch will imminently formally and fully certify under ISO27001.
Information security policies and processes Information security policies and procedures are outlined in our Security Programme procedures. These contain company sensitive information which cannot be shared in its entirety. Data security standards are managed and audited under the existing HITRUST CSF certification program (to be demonstrably certified, also, under ISO270001 imminently), throughout the development and engineering lifecycles. Policy, procedure, enforcement and audit ensure the integrity of the data security programme and associated technical and administrative safeguards.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach IT Health Partnership provides a configuration and change management process, for both technical and business change.

The change process is governance by "Managing Successful Programmes" (MSP), focused on defining and realising benefits, while identifying and mitigating business/technical risks. Business and technical needs analysis provides clarity of As-Is and To-Be positions and a plan for getting between them.

Under MSP Quality Management, a rolling record is maintained of user configurations of the system for clinical usage. Software and service configuration is defined early-on and managed thereafter by our design team.

We support a process of contractual change control.
Vulnerability management type Supplier-defined controls
Vulnerability management approach InTouch uses a PCI vulnerability scanning tool to test the servers. Access is limited to specific ports which are granted to only 2 trusted IPs, SSL security standards are employed, and traffic must traverse the site’s firewall as well as InTouch’s. We also stringently comply with GDPR, HIPAA and FDA privacy standards.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We monitor our public-facing and internal-facing systems in real time, by taking down every connected device for 90 seconds per day. Additionally monthly patching is completed to test for any vulnerabilities.
Incident management type Supplier-defined controls
Incident management approach Our incident management procedures are in accordance with the US FDA requirements for Class I and Class IIa medical devices.

With regard to information management incidents specifically, InTouch maintains policies, procedures and ongoing training to maintain information security. Access to sensitive information is on an “as needed” basis only. Internal, customer facing, technical support and incident management are handled by different groups ensuring a segregation of duties and no conflict of interest.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £780 to £1500 per user per year
Discount for educational organisations No
Free trial available No

Service documents

Return to top ↑