Pin.Health
Holistic patient health records platform giving with patient control over data. We help to identify health related issues in real-time by sending alerts to medical professionals. It's designed for use by individuals and all healthcare parties on Trust/Region/National level to provide patient centric care at the time it matters.
Features
- Holistic patient health records with patient control over data
- Work on any device over our web smartphone apps
- Integration with any PHR/EHR and Lab Systems
- Real-time health issues identification and recommendation
- Real-time alerting system for medical professionals
- Patient and population data visualization for precise analysis
- Cloud-based accessible 24x7 for authorized parties
- GDRP, UK DPA, HIPAA compliance
- HL7 standard API for receiving/sending data
Benefits
- More effective handover of tasks between clinical teams
- Alert to all team members about detected issue in real-time
- Go paperless — use any device for staff and patients
- No server requirements as fully hosted secure cloud solution
- Decreases amount of fatal cases at the Hospital
- Decreases number of doctors’ errors or human factors
- Increases time reaction on most critical acute cases
- Increases patient turnaround.
- that decreases the amount of fatal cases in hospitals
- Saves money on unnecessary blood tests & hospital bads
Pricing
£20 to £120 a user a month
- Education pricing available
Service documents
Request an accessible format
Framework
G-Cloud 11
Service ID
4 3 3 6 0 0 4 3 8 6 4 3 5 5 9
Contact
NewDerm Clinic
<removed>
Telephone: <removed>
Email: <removed>@7a0eb5ea-f185-4f9d-87c4-d8f1928aee79.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
-
— VPN channel between customer and Pin.Health infrastructure might required under customer request (but not necessary if customer's infrastructure supports authenticated SSL / TLS response)
— Android app might take up to 1.5 months to get access to the platform (should be clarified in each particular case) - System requirements
-
- Modern browsers under Windows/MacOS/Linux computers
- IOS and Android (current version and current version minus one)
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
24 x 7 support is provided to all customers.
Response times vary from 15 minutes to 24 on workdays and up to 48 hours (weekends, until first workin day) in accordance with the severity of the issue. - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- No
- Web chat support
- Yes, at an extra cost
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
- Access to web chat is available at all times in the software or Pin.Health website.
- Web chat accessibility testing
- In-house QA and beta testing with external stakeholders.
- Onsite support
- Yes, at extra cost
- Support levels
-
End user support — in-app tools and knowledge base
Technical support for enterprise customers
Additional services:
Training — £500/day
Technical Account Manager — £750/day
Cloud Support Engineer — £950/day - Support available to third parties
- No
Onboarding and offboarding
- Getting started
-
A support knowledge base is provided for guidance on initial configuration.
Pin.Health can provide on-demand, on-site training to assist with configuration and set-up. - Service documentation
- Yes
- Documentation formats
- HTML
- End-of-contract data extraction
-
All data related to customer account can be exported over file in following formats:
— TXT
— Tab delimited
— CSV
Customer can use API to export data as well. - End-of-contract process
-
At the end of the contract access to the Pin.Health platform is terminated and during certain amount of time account will be removed, if customer not showing interest in prolongation of the contact.
Pin.Health can assist with data extraction at extra charge, which includes the option to extract and return any audit data our customers require.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 9
- Internet Explorer 10
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari 9+
- Opera
- Application to install
- Yes
- Compatible operating systems
-
- Android
- IOS
- Linux or Unix
- MacOS
- Windows
- Windows Phone
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
-
— The navigational structure is necessarily different. All functional features are the same.
— Doctors, nurses and patients access available over mobile/tablet applications.
— All platform/customer account management features available only over web browser (trust/hospital admin, lab manager/worker and others).
— Our applications uses advantages of mobile operation systems to send notifications, which are not available in browsers. So we use mobile notifications to send alerts to authorized parties about detected findings. - Service interface
- No
- API
- Yes
- What users can and can't do using the API
-
Pin.Health users can read and write data with the Web and Events APIs.
The Pin.Health API can be used to integrate functionality directly into existing websites, apps, platforms or devices. - API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
Admin can customize core Trust/Hospital, lab, data mapping settings as well as set of some work/data flow processes. By using Pin.Health API own applications can be built from scratch with own identity, layouts, features etc.
We also open to any enhancements and features requests from our customers. If there will be requirements by which all our customers would be benefit — we will implement and deploy it for no additional cost for our customers.
Scaling
- Independence of resources
-
We use state of the art load-balanced, clustered and auto scaled architecture. If there is significant increase in demand in any cluster — additional servers instances added automatically to handle it and to maintain fast response rate.
We maintain data storages in different geography for customers across the world to meet local legal requirements, which means traffic is separated by different geography as well.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
— Stats about data circulated on the platform
— Stats how many case detected and alerts generated
— Stats how many alerts proceeded by doctors, by status, by type
— Stats how many labs tests ordered, proceeded
— Doctors performance based on alerts reviewed
— Interactive Trust, Regional, National dashboards/charts (on request to authorized NHS parties)
— General reports of the platform usage: users, logins etc. - Reporting types
-
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- None
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Physical access control, complying with another standard
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Other
- Other data at rest protection approach
- Pin.Health stores data such as personal, accounts, users, activity, health records, lab data, and customer’s data in different locations while also compiling and generating data when requested. All users/patients personification/identifications data and links between locations/entities in each location is encrypted at rest with AES-128 or AES-256 and sophisticated encryption keys management.
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- User can export their data on request. Access will be provided by an online sign in solution or in encrypted file.
- Data export formats
-
- CSV
- Other
- Other data export formats
- XML
- Data import formats
-
- CSV
- Other
- Other data import formats
-
- API (FHIR NL7, JSON, XML)
- Encrypted Excel
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Other
- Other protection between networks
- By default all data encrypted over SSL / TLS in transit (if supported by buyer's network/infrastructure). We can setup VPN channel between Trusts/Hospitals or local/regional interexchange health records systems / laboratory information systems as well by request, if buyer's network/infrastructure does not support SSL / TLS.
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Other
- Other protection within supplier network
-
The Pin.Health web application is multi-tiered into logical segments (front-end, mid-tier, and database), each independently separated from each other in a DMZ configuration. This guarantees maximum protection and independence between layers.
The production network segments are logically isolated from other Corporate, QA, and Development segments. In fact we are using separate cloud service provider for our Corporate, QA, and Development segments, so it is physically isolated from our production network segment.
Availability and resilience
- Guaranteed availability
-
Pin.Health is provided to guaranteed Availability Service Levels to 95.5% as standard. Pin.Health uses AWS, and their stated uptime is 99.99%. This does not include scheduled/planned maintenance carried out by Pin.Health. Enhanced availability up to 99.9% is available by arrangement for business critical services.
Pin.Health shall use commercially reasonable efforts to make the services available 24 hours a day, 7 days a week, except for: (a) planned downtime, or (b) any unavailability caused by circumstances beyond Infinity Health's reasonable control, including without limitation, acts of God, acts of government, floods, fires, earthquakes, civil unrest, acts of terror, strikes or other labor problems, Internet service provider failures or delays, or denial of service attacks. - Approach to resilience
- It’s available on request.
- Outage reporting
- Real time monitoring on both application and infrastructure levels. Third party hosting partner sends alert to Pin.Health. Email alerts to key staff 24/7. Broadcast email message to users to check Pin.Health status page.
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Username or password
- Access restrictions in management interfaces and support channels
-
Access is restricted on the following levels:
- Policy level - any access must be approved and documented in advance.
- Access granting - performed on a centralised system, which holds action logs and access logs.
- Authentication - critical management systems (cloud console, server access, DB, etc.) are protected by 2-factor-authentication.
- Access to data storage possible only from certain servers, no direct access possible from outside of the internal network.
- Access to production environment of the platform is restricted by encrypted security ssh certificates / keys. Only few designated senior technical staff have direct access to it. - Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- Username or password
- Other
- Description of management access authentication
- 2-factor authentication on request.
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- Yes
- Any other security certifications
-
- ISO/IEC 27001 certification issued for AWS (our cloud hosting)
- CSA certification issued for AWS (our cloud hosting)
- PCI DSS certification issued for AWS (our cloud hosting)
- ISO 9001 certification issued for AWS (our cloud hosting)
- ISO 27017 certification issued for AWS (our cloud hosting)
- ISO 27018 certification issued for AWS (our cloud hosting)
- SOC 1 certification issued for AWS (our cloud hosting)
- SOC 2 certification issued for AWS (our cloud hosting)
- SOC 3 certification issued for AWS (our cloud hosting)
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
Security of medical information, medical records and results of healthcare organizations and patients is a top priority at Pin.Health. Medical entries contain information that only particular patient and authorized medical professionals, healthcare organizations need to see, and we intend to keep it that way. Every day we ensure that our security is parallel with industry standards and compliance. We built and keeping Pin.Health platform in compliance with HIPAA, GDPR, UK DPA and some other local standards.
Pin.Health has defined roles and responsibilities to specify which roles in the organization are responsible for operating the various aspects of our Information Security Management System (ISMS). The responsibilities of each role are detailed in Pin.Health’s security documents.
At the center of administering our ISMS is Pin.Health's Security Team. Pin.Health has appointed a Chief Security Officer (CSO) with overall responsibility for the implementation and management of our ISMS. The CSO is supported by the other members of Pin.Health’s Security, Development and QA Team — focusing on Product Security, Security Operations, Computer Security Incident Response, and Risk and Compliance.
Our security documents help ensure that Pin.Health customers can rely on our workers to behave ethically and for our service to operate securely.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
We use iterative development for adding new features and fixes. All bug fixes, change requests, new features and releases, upgrades, maintenance and other elements that might impact our production environment are document and well tested before deployment to production. All changes are authorised, reviewed and fully logged.
To minimize the risk of data exposure, Pin.Health controls changes, especially changes to production systems, very carefully. Pin.Health applies change control requirements to systems that store data at higher levels of sensitivity. These requirements are designed to ensure that changes potentially impacting Customer Data are documented, tested, and approved before deployment. - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
Pin.Health operates continuous automated static analysis using advanced tools and techniques. Defects identified by this process are reviewed and followed to resolution by our team.
Platform security is evaluated by the development team in sync with the application release cycle. This vulnerability testing includes the use of commonly known web application security toolkits and scanners to identify application vulnerabilities before they are released into production.
Pin.Health has a defined vulnerability management process that will triage vulnerabilities based on severity levels, it monitors incoming bug reports, prioritizes true vulnerabilities and ensures their timely resolution. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
Pin.Health monitors servers, workstations and mobile devices 24×7 by comprehensive automated systems to retain and analyze a comprehensive view of the security state of its corporate and production infrastructure.
Analysis of logs is automated to the extent practical to detect potential issues and alert responsible personnel immediately to correct any issues. Alerts are examined and resolved based on documented priorities.
All incidents are managed by Pin.Health’s dedicated detection and response team. Pin.Health defines the types of events that must be managed via the incident response process. Incidents are classified by severity, response procedures are tested and updated at least annually. - Incident management type
- Supplier-defined controls
- Incident management approach
-
Users can report incidents via email or support page.
Pin.Health has established policies and procedures for responding to potential security incidents. All incidents are managed by Pin.Health’s dedicated Detection and Response Team. Incidents are reported to a nominated individual who investigates the issue and produces a full report within prescribed timescales.
Pin.Health defines the types of events that must be managed via the incident response process. Incidents are classified by severity, response procedures are tested and updated at least annually.
In the event of a security breach, Pin.Health will promptly notify you of any unauthorized access to your Customer Data.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Pricing
- Price
- £20 to £120 a user a month
- Discount for educational organisations
- Yes
- Free trial available
- No