Four Eyes Insight Limited

Medical Efficiency & Productivity System (MEPS) - various modules

“MEPS” has been developed from the medical productivity work carried out by Four Eyes. The software helps NHS Trusts establish clinically credible opportunities delivering financial and performance benefits, through improvements in key operational areas such as Risk Stratification, Theatres, Outpatients, Cath Labs, Endoscopy suites, Radiology and Job Planning .

Features

• Produce productivity reports by specialty, consultant, procedure, activity type
• Produce benchmark comparison reports at procedural code level
• Identify efficiency targets by clinician and specialty
• Identify cost out and income opportunities linked to productivity
• Track performance by clinician and specialty against KPIs
• User friendly, interactive dashboard
• Provide data driven scheduling capabilities including automated reports
• Regular data updates (depending on service purchased)
• Regular data updates (depending on service purchased)
• Multi user, and remote access from any device

Benefits

• Inform operational decision making on 'shop-floor' to optimise productivity
• Deliver 'quick win' productivity opportunities
• Measure impact of operational improvements on productivity
• Improve operational performance (RTT, waiting list size, etc.)
• Repatriate work referred to private sector and other NHS organisations
• Reduce variable and fixed pay
• Reduce spend on waiting list initiatives
• Drive revenue growth (where appropriate to do so)
• Implement a sustainable methodology for productivity improvements
• Support NHS Trust's CIP / income plans

£20,500 a unit a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at julia.barling@foureyesinsight.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

343261778787954

Contact

Julia Barling
07704 777459
julia.barling@foureyesinsight.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Hybrid cloud
• Service constraints: No
• System requirements:
  • Uninterrupted broadband access to the Internet
  • Access to the N3/HSCN Network for NHS Users

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: UK time: 9 to 5 Monday to Friday (except national holidays)
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: The software support service comprises an email help desk providing first line technical support to all users of the software, which will include a BIU support team.; ; The software support service is available to all users of the system between 9am and 5pm, Monday to Friday excluding national holidays.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: The process of on-boarding a client will usually take between 5 and 10 working days depending on:; ; • The number of Software modules included in the Call Off Order Form;; • The number of users;; • The complexity of the client’s requirements…;; • The availability of the data requested by Four Eyes from the Client;; • Whether the Client can make data available via an API.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: As this a performance management tool set not an operational tool set, there will be no requirement to extract data at the end of the contract .
• End-of-contract process: Unless replaced by a new order, the agreement between FourEyes and the Client will automatically expire at the end of the licence period set out on the Call Off Order Form;; ; The Software will become inoperative and the users will be unable to access any data stored on the software or use the software in any way;; The Client’s right to receive the services shall cease automatically;; Each party shall immediately return to the other all property and materials containing confidential information belonging to the other;; The Client shall immediately pay to Four Eyes any sums due to Four Eyes under this Agreement;; It is the Client’s responsibility to extract and save any data stored on the software prior to the expiry of the agreement;; If the Client does not remove its data prior to the expiry of the agreement, the Client can request that Four Eyes will remove the Client’s data from its systems and provide a copy of that data to the Client. Four Eyes reserves the right to charge for this service at its standard rate of £1,000 per day;; Client data not removed from the Software within 1 month of the agreement expiring will be deleted.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The Service has been predominently designed for desktop use however the application is fully reponsive
• Service interface: No
• API: No
• Customisation available: No

Scaling

• Independence of resources: Each individual user is provided with unique access to their own data thereby facilitating and allowing availability.

Analytics

• Service usage metrics: Yes
• Metrics types: User Reporting
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Standard csv file
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: CVS files will be password encrypted and saved to a secure network location with restricted user access and 256 bit encryption

Availability and resilience

• Guaranteed availability: Services provides a 99.5% availability up-time. This is backed by a 10%fee guarantee and 25% if up-time drops to 99%.
• Approach to resilience: Available on request
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Username or password
• Access restrictions in management interfaces and support channels: Each user client has an unique username and password and cannot gain access to other user's accounts in other sites.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: Yes
• Any other security certifications:
  • NHS Data Security and Protection Toolkit
  • Cyber Essentials

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials; NHS Data Security and Protection Toolkit
• Information security policies and processes: We have an IT policy which sets out our data privacy policy that relates to the handling of client sensitive data. This policy is strictly adhered to and reviewed annually.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Internal testing; Annual external reviews of systems; All changes adhere to the ITIL/ITSM standards; components adhere to the following process of identification, control, status and accounting, verification and audit.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Annual penetration testing for potential threats; Each module is pen tested before release; All data we hold is low risk- all anonymised with no patient identifiable data; All data stored in a ISO27001 accredited facility
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: There is an online and automatic auditing of activity which will allow a quick response to incidents
• Incident management type: Supplier-defined controls
• Incident management approach: Our approach complies with ITSM definition; We record incidents using Zendesk (activity of faults include unexpected faults, bugs, errors. All incidents are logged, and a risk assessment is applied with priority ratings of 1-4 ; we track all incidents, escalate incidents to senior management if not resolved in a timely fashion. An incident report is produced for every incident.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Pricing

• Price: £20,500 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at julia.barling@foureyesinsight.com. Tell them what format you need. It will help if you say what assistive technology you use.