InTouch Telemedicine

InTouch virtualises healthcare delivery. Telehealth workflows have been developed for numerous clinical use cases, including Stroke, Critical Care, Mental Health, Neonatal Resuscitation, Sepsis response, Outpatient clinics. InTouch has deployed these workflows to more than 3,000 locations globally, including NHS Trusts and six of the top global health systems.


  • Telemedicine consulting within a hospital eg A&E to major specialties
  • Telemedicine consulting between hospitals for sharing expertise
  • Telemedicine consulting to primary care for referral triage
  • Telemedicine consulting to community eg care homes
  • Connectivity to peripherals eg dermacams, otoscopes, stethoscopes, ultrasound
  • Supply of connected certified medical devices for telemedicine
  • Remote education to disseminate specialist expertise to clinicians
  • HiTrust certification of software security
  • Dynamic management of bandwidth to ensure optimal clinical experience
  • 100% availability of the telemedicine network


  • Sharing specialist skills and resources across health and care providers
  • Improved quality of care processes and outcomes
  • Reduced costs of delivering care
  • Care provided closer to need, for improved patient experience
  • Access to specialist care, irrespective of location or time
  • Improved work-life balance, due to virtualisation of specialist advice
  • Remote education to disseminate specialist expertise to clinicians
  • Disseminate and drive adherence to best practice


£780 to £1500 per user per year

Service documents


G-Cloud 11

Service ID

3 2 4 4 8 0 6 8 9 1 8 1 4 6 4



Robin Stern, Director

07785 375700


Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
EPRs, patient-held records, PACS, LHCRE systems
Cloud deployment model
Private cloud
Service constraints
System requirements
  • OS: Windows 7/8/10, MacOS X10.7.5+, Android, iOS9+ (via app)
  • RAM: 2GB
  • Graphics Card: Min 512 MB video memory, DirectX 10
  • Network speed: 1 mbs upload/download for video
  • Network speed: 0.05 mbs upload/download for audio
  • Network speed: 2 mbs upload/download for group video
  • ED and HD video: minimum 1 mbs to display 480p
  • IOS devices: iPhone, iPad or iPod Touch running iOS 9+
  • Web Camera / Mic: any

User support

Email or online ticketing support
Email or online ticketing
Support response times
We provide a 24/7/365 Technical Assistance Centre to troubleshoot all support tickets remotely. We provide four levels of support tickets:
- Level 1 (fatal errors) have a response time of 30 mins.
- Level 2 tickets (severe impact) have a response time of 1 hour.
- Level 3 tickets (degraded operations) have a response time of 2 hours.
- Level 4 tickets (minor impact) have a response time of 2 hours.
User can manage status and priority of support tickets
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Web Chat is available in our software for registered users. Access and accessibility will be determined by the browser of choice. (In addition, an online Chat facility is available from our thick client software.) Our Web Chat is exclusively plain text-based, and excludes audio, video, graphics elements, captions and colours.
Web chat accessibility testing
We are working towards several accessibility standards in our redesign of our UI/UX. At this time our software standards meet minimum requirements. We are working towards standards such as 508 Compliance, W3C WCAG 2.0, W3C WAI-ARIA, and IEC Medical Device Standards.
Onsite support
Yes, at extra cost
Support levels
We maintain our Technical Assistance Center (TAC). TAC acts as a Tier 1 Support Level to support all InTouch solutions. TAC is staffed 24/7/365 with low wait times and we continue to increase staffing to meet the demands of our call times. Each call is addressed within 30 minutes in accordance with the ticket severity level. Other support options include:
1) Provider Support - we offer live chat functions for immediate assistance when a provider is logged in
2) Patient Support - when customers deploy solutions that require patients to leverage their personal devices to access virtual consultations, we offer first line support to address technical issues or concerns that might arise during patient intake or video consultations.
3) Hardware Support - we proactively monitor by live network operations personnel to ensure maximum availability. We actively monitor all InTouch provided devices to ensure they are ready for use, and if something goes offline, we will proactively reach out to get it turned back online.
Support available to third parties

Onboarding and offboarding

Getting started
During the implementation stage, we provide training for specific user groups that will be using our software (i.e. admin, provider, etc.)
Service documentation
Documentation formats
End-of-contract data extraction
There is no patient-identifiable data stored in the InTouch system, as all such data will have been communicated and stored in customers' connected systems.
End-of-contract process
At the end of a contract: if to be ceased, the only potential cost is the removal of any supplied telemedicine devices, the cost of which will be determined by its nature and scale.

Using the service

Web browser interface
Supported browsers
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
Designed for use on mobile devices
Differences between the mobile and desktop service
Mobile devices supports a subset of the features of the desktop service. Principally the mobile platform does not support the acquisition and annotation of remote snapshots or video.
Service interface
Description of service interface
The service is accessed on a desktop or laptop via a browser or thick client module, or on a mobile device (iOS or Android). It allows a clinical user to attach to a remote telemedicine device and perform a virtual consultation.
Accessibility standards
None or don’t know
Description of accessibility
In a telemedical consultation, clinical users can:
- observe the remote subject at very high resolution
- communicate with the subject and remote clinical teams
- communicate verbally (privately) with remote clinicians
- capture and annotate snapshots
- capture video
- extend the consultation through the addition of peripheral devices (eg stethoscope, ultrasound).
Accessibility testing
We are working towards several accessibility standards in our redesign of our UI/UX. At this time our software standards meet minimum requirements. We are working towards standards such as 508 Compliance, W3C WCAG 2.0, W3C WAI-ARIA, and IEC Medical Device Standards.
What users can and can't do using the API
API documentation is, upon contract, available to clients' technical leads. In general terms, the InTouch API is used to integrate the InTouch platform with client EMR/EPR systems via HL7, FHIR, and SmartOn FHIR. Clients who require extensions to the API capabilities should engage with IT Health Partnership.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
We offer a range of configuration tools that will enable construction of virtual interactions to support your clinical and business requirements. In general, the supplier will co-define the scope and then develop and deliver the configured system. The supplier will also train local leads to undertake configuration independently (for which supplier guidance and checks can be provided, if sought).


Independence of resources
Our global infrastructure is designed around a mesh network concept, which provides built-in redundancy and failover from 11 data centres around the world. In the event that a data centre reaches capacity or goes offline, all communications are routed through the closest neighbouring data centre.


Service usage metrics
Metrics types
We provide the following information: Care Locations, Network Users, Session Data, Location Audit, User Audit, and a glossary.
Reporting types
Regular reports


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
InTouch Health

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Protecting data at rest
Other data at rest protection approach
AES 256 encryption.
Data sanitisation process
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
InTouch does not hold clinical data and there is therefore nothing to export. The data generated through telemedicine will be of either audio-only or audio-video formats. The user may opt to record and store such data, and this will be stored in customer-controlled locations, from which customers can access it, for example, for clinical and business analysis.

Session data (ie metadata of telemedicine consultations) will typically include: IP addresses, usernames, device-types and locations. This data can be provided, as required.
Data export formats
Data import formats
Other data import formats
Upload of data is not supported.

Data-in-transit protection

Data protection between buyer and supplier networks
Other protection between networks
All data in transit and at rest is encrypted AES-256.
Data protection within supplier network
Other protection within supplier network
We follow TLS protocols to protect the transfer of data. AES-256 is used to encrypt all data in transit and at rest to protect classified or sensitive information and data. Where appropriate, InTouch also utilises VPN connections for specific products.

Availability and resilience

Guaranteed availability
To ensure the highest availability, our platform was architected and designed with dynamic bandwidth management, our platform allows our network to enable telehealth consultation in low bandwidth instances to optimise sessions when limited bandwidth is available, such as when the provider is using a mobile device on a cellular network.

Our network is 100% available, owing to the inbuilt redundancy. We maintain a 99.6% first time connection success rate.
Approach to resilience
Our data centres are geographically dispersed for failover, redundancy, and load balancing.
Outage reporting
Any scheduled downtime is communicated to the impacted group of customers via email with a two-week notice. Because of redundancy in the network, there is no unscheduled downtime.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
Access restrictions in management interfaces and support channels
The InTouch system’s authorisation service is based on a Role Based Access Controls model. For administrative users using management interfaces, the four roles are at the Organisational, Practice, Service and Location levels and access to specific information or capabilities is limited by role.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

Access to user activity audit information
Users receive audit information on a regular basis
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
HiTrust-CSF. Based on ISO27001, HIPAA, NIST. Formal ISO27001 certification imminent.

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
Other security governance standards
InTouch is compliant with Hitrust CSF, which is built on the foundations of ISO27001, GDPR and NIST. InTouch has extensive policies on IT security, written in accordance with ISO 27001 requirements. InTouch will imminently formally and fully certify under ISO27001.
Information security policies and processes
Information security policies and procedures are outlined in our Security Programme procedures. These contain company sensitive information which cannot be shared in its entirety. Data security standards are managed and audited under the existing HITRUST CSF certification program (to be demonstrably certified, also, under ISO270001 imminently), throughout the development and engineering lifecycles. Policy, procedure, enforcement and audit ensure the integrity of the data security programme and associated technical and administrative safeguards.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
IT Health Partnership provides a configuration and change management process, for both technical and business change.

The change process is governance by "Managing Successful Programmes" (MSP), focused on defining and realising benefits, while identifying and mitigating business/technical risks. Business and technical needs analysis provides clarity of As-Is and To-Be positions and a plan for getting between them.

Under MSP Quality Management, a rolling record is maintained of user configurations of the system for clinical usage. Software and service configuration is defined early-on and managed thereafter by our design team.

We support a process of contractual change control.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
InTouch uses a PCI vulnerability scanning tool to test the servers. Access is limited to specific ports which are granted to only 2 trusted IPs, SSL security standards are employed, and traffic must traverse the site’s firewall as well as InTouch’s. We also stringently comply with GDPR, HIPAA and FDA privacy standards.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We monitor our public-facing and internal-facing systems in real time, by taking down every connected device for 90 seconds per day. Additionally monthly patching is completed to test for any vulnerabilities.
Incident management type
Supplier-defined controls
Incident management approach
Our incident management procedures are in accordance with the US FDA requirements for Class I and Class IIa medical devices.

With regard to information management incidents specifically, InTouch maintains policies, procedures and ongoing training to maintain information security. Access to sensitive information is on an “as needed” basis only. Internal, customer facing, technical support and incident management are handled by different groups ensuring a segregation of duties and no conflict of interest.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£780 to £1500 per user per year
Discount for educational organisations
Free trial available

Service documents

Return to top ↑