InTouch virtualises healthcare delivery. Telehealth workflows have been developed for numerous clinical use cases, including Stroke, Critical Care, Mental Health, Neonatal Resuscitation, Sepsis response, Outpatient clinics. InTouch has deployed these workflows to more than 3,000 locations globally, including NHS Trusts and six of the top global health systems.
- Telemedicine consulting within a hospital eg A&E to major specialties
- Telemedicine consulting between hospitals for sharing expertise
- Telemedicine consulting to primary care for referral triage
- Telemedicine consulting to community eg care homes
- Connectivity to peripherals eg dermacams, otoscopes, stethoscopes, ultrasound
- Supply of connected certified medical devices for telemedicine
- Remote education to disseminate specialist expertise to clinicians
- HiTrust certification of software security
- Dynamic management of bandwidth to ensure optimal clinical experience
- 100% availability of the telemedicine network
- Sharing specialist skills and resources across health and care providers
- Improved quality of care processes and outcomes
- Reduced costs of delivering care
- Care provided closer to need, for improved patient experience
- Access to specialist care, irrespective of location or time
- Improved work-life balance, due to virtualisation of specialist advice
- Remote education to disseminate specialist expertise to clinicians
- Disseminate and drive adherence to best practice
£780 to £1500 per user per year
- Pricing document
- Skills Framework for the Information Age rate card
- Service definition document
- Terms and conditions
The IT Health IT Partnership
Robin Stern, Partner
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||EPRs, patient-held records, PACS, LHCRE systems|
|Cloud deployment model||Private cloud|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
We provide a 24/7/365 Technical Assistance Centre to troubleshoot all support tickets remotely. We provide four levels of support tickets:
- Level 1 (fatal errors) have a response time of 30 mins.
- Level 2 tickets (severe impact) have a response time of 1 hour.
- Level 3 tickets (degraded operations) have a response time of 2 hours.
- Level 4 tickets (minor impact) have a response time of 2 hours.
|User can manage status and priority of support tickets||No|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||Web chat|
|Web chat support availability||24 hours, 7 days a week|
|Web chat support accessibility standard||None or don’t know|
|How the web chat support is accessible||Web Chat is available in our software for registered users. Access and accessibility will be determined by the browser of choice. (In addition, an online Chat facility is available from our thick client software.) Our Web Chat is exclusively plain text-based, and excludes audio, video, graphics elements, captions and colours.|
|Web chat accessibility testing||We are working towards several accessibility standards in our redesign of our UI/UX. At this time our software standards meet minimum requirements. We are working towards standards such as 508 Compliance, W3C WCAG 2.0, W3C WAI-ARIA, and IEC Medical Device Standards.|
|Onsite support||Yes, at extra cost|
We maintain our Technical Assistance Center (TAC). TAC acts as a Tier 1 Support Level to support all InTouch solutions. TAC is staffed 24/7/365 with low wait times and we continue to increase staffing to meet the demands of our call times. Each call is addressed within 30 minutes in accordance with the ticket severity level. Other support options include:
1) Provider Support - we offer live chat functions for immediate assistance when a provider is logged in
2) Patient Support - when customers deploy solutions that require patients to leverage their personal devices to access virtual consultations, we offer first line support to address technical issues or concerns that might arise during patient intake or video consultations.
3) Hardware Support - we proactively monitor by live network operations personnel to ensure maximum availability. We actively monitor all InTouch provided devices to ensure they are ready for use, and if something goes offline, we will proactively reach out to get it turned back online.
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||During the implementation stage, we provide training for specific user groups that will be using our software (i.e. admin, provider, etc.)|
|End-of-contract data extraction||There is no patient-identifiable data stored in the InTouch system, as all such data will have been communicated and stored in customers' connected systems.|
|End-of-contract process||At the end of a contract: if to be ceased, the only potential cost is the removal of any supplied telemedicine devices, the cost of which will be determined by its nature and scale.|
Using the service
|Web browser interface||Yes|
|Application to install||Yes|
|Compatible operating systems||
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||Mobile devices supports a subset of the features of the desktop service. Principally the mobile platform does not support the acquisition and annotation of remote snapshots or video.|
|Accessibility standards||None or don’t know|
|Description of accessibility||
In a telemedical consultation, clinical users can:
- observe the remote subject at very high resolution
- communicate with the subject and remote clinical teams
- communicate verbally (privately) with remote clinicians
- capture and annotate snapshots
- capture video
- extend the consultation through the addition of peripheral devices (eg stethoscope, ultrasound).
|Accessibility testing||We are working towards several accessibility standards in our redesign of our UI/UX. At this time our software standards meet minimum requirements. We are working towards standards such as 508 Compliance, W3C WCAG 2.0, W3C WAI-ARIA, and IEC Medical Device Standards.|
|What users can and can't do using the API||API documentation is, upon contract, available to clients' technical leads. In general terms, the InTouch API is used to integrate the InTouch platform with client EMR/EPR systems via HL7, FHIR, and SmartOn FHIR. Clients who require extensions to the API capabilities should engage with IT Health Partnership.|
|API documentation formats|
|API sandbox or test environment||Yes|
|Description of customisation||We offer a range of configuration tools that will enable construction of virtual interactions to support your clinical and business requirements. In general, the supplier will co-define the scope and then develop and deliver the configured system. The supplier will also train local leads to undertake configuration independently (for which supplier guidance and checks can be provided, if sought).|
|Independence of resources||Our global infrastructure is designed around a mesh network concept, which provides built-in redundancy and failover from 11 data centres around the world. In the event that a data centre reaches capacity or goes offline, all communications are routed through the closest neighbouring data centre.|
|Service usage metrics||Yes|
|Metrics types||We provide the following information: Care Locations, Network Users, Session Data, Location Audit, User Audit, and a glossary.|
|Reporting types||Regular reports|
|Supplier type||Reseller providing extra features and support|
|Organisation whose services are being resold||InTouch Health|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||In-house|
|Protecting data at rest||Other|
|Other data at rest protection approach||AES 256 encryption.|
|Data sanitisation process||No|
|Equipment disposal approach||In-house destruction process|
Data importing and exporting
|Data export approach||
InTouch does not hold clinical data and there is therefore nothing to export. The data generated through telemedicine will be of either audio-only or audio-video formats. The user may opt to record and store such data, and this will be stored in customer-controlled locations, from which customers can access it, for example, for clinical and business analysis.
Session data (ie metadata of telemedicine consultations) will typically include: IP addresses, usernames, device-types and locations. This data can be provided, as required.
|Data export formats||CSV|
|Data import formats||Other|
|Other data import formats||Upload of data is not supported.|
|Data protection between buyer and supplier networks||Other|
|Other protection between networks||All data in transit and at rest is encrypted AES-256.|
|Data protection within supplier network||Other|
|Other protection within supplier network||We follow TLS protocols to protect the transfer of data. AES-256 is used to encrypt all data in transit and at rest to protect classified or sensitive information and data. Where appropriate, InTouch also utilises VPN connections for specific products.|
Availability and resilience
To ensure the highest availability, our platform was architected and designed with dynamic bandwidth management, our platform allows our network to enable telehealth consultation in low bandwidth instances to optimise sessions when limited bandwidth is available, such as when the provider is using a mobile device on a cellular network.
Our network is 100% available, owing to the inbuilt redundancy. We maintain a 99.6% first time connection success rate.
|Approach to resilience||Our data centres are geographically dispersed for failover, redundancy, and load balancing.|
|Outage reporting||Any scheduled downtime is communicated to the impacted group of customers via email with a two-week notice. Because of redundancy in the network, there is no unscheduled downtime.|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||The InTouch system’s authorisation service is based on a Role Based Access Controls model. For administrative users using management interfaces, the four roles are at the Organisational, Practice, Service and Location levels and access to specific information or capabilities is limited by role.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users receive audit information on a regular basis|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users receive audit information on a regular basis|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||HiTrust-CSF. Based on ISO27001, HIPAA, NIST. Formal ISO27001 certification imminent.|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||Other|
|Other security governance standards||InTouch is compliant with Hitrust CSF, which is built on the foundations of ISO27001, GDPR and NIST. InTouch has extensive policies on IT security, written in accordance with ISO 27001 requirements. InTouch will imminently formally and fully certify under ISO27001.|
|Information security policies and processes||Information security policies and procedures are outlined in our Security Programme procedures. These contain company sensitive information which cannot be shared in its entirety. Data security standards are managed and audited under the existing HITRUST CSF certification program (to be demonstrably certified, also, under ISO270001 imminently), throughout the development and engineering lifecycles. Policy, procedure, enforcement and audit ensure the integrity of the data security programme and associated technical and administrative safeguards.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
IT Health Partnership provides a configuration and change management process, for both technical and business change.
The change process is governance by "Managing Successful Programmes" (MSP), focused on defining and realising benefits, while identifying and mitigating business/technical risks. Business and technical needs analysis provides clarity of As-Is and To-Be positions and a plan for getting between them.
Under MSP Quality Management, a rolling record is maintained of user configurations of the system for clinical usage. Software and service configuration is defined early-on and managed thereafter by our design team.
We support a process of contractual change control.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||InTouch uses a PCI vulnerability scanning tool to test the servers. Access is limited to specific ports which are granted to only 2 trusted IPs, SSL security standards are employed, and traffic must traverse the site’s firewall as well as InTouch’s. We also stringently comply with GDPR, HIPAA and FDA privacy standards.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||We monitor our public-facing and internal-facing systems in real time, by taking down every connected device for 90 seconds per day. Additionally monthly patching is completed to test for any vulnerabilities.|
|Incident management type||Supplier-defined controls|
|Incident management approach||
Our incident management procedures are in accordance with the US FDA requirements for Class I and Class IIa medical devices.
With regard to information management incidents specifically, InTouch maintains policies, procedures and ongoing training to maintain information security. Access to sensitive information is on an “as needed” basis only. Internal, customer facing, technical support and incident management are handled by different groups ensuring a segregation of duties and no conflict of interest.
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£780 to £1500 per user per year|
|Discount for educational organisations||No|
|Free trial available||No|