Attend Anywhere

Attend Anywhere Video Consulting (telehealth) Capability

Attend Anywhere makes it easy for health care providers to offer video call access to their services, as a normal part of day-to-day operations. Our telehealth solutions are purpose-built for health, so security, privacy, data protection, and the ability to work within existing clinical processes, are integral.

Features

  • Patients enter through the same button on the provider web-site
  • Clinicians join patients when ready just like a physical waiting-area
  • Patients self-test connections and devices before consultation
  • Multiple ways to alert service providers when patients arrive
  • Any authorised clinician can join patients in the waiting-area
  • Transfer patients to another service without making a new call
  • Post consultation re-direction to a service-specific survey or information
  • 4-6 sites in same consult, everyone can share desktops
  • Pull multiple people from a waiting-area into current call
  • See https://nhs.attendanywhere.com/resourcecentre

Benefits

  • Easy to offer patients video call access to consults
  • Purpose-built for health and care
  • Simple extension of the way clinics are run today
  • Secure and private, no identifiable patient data is stored
  • Maintains service provider branding
  • High levels of patient and clinician confidence
  • Focusses on end-to-end workflow, not just the video call
  • Web-browser-based only – uses the devices people already have
  • No need to download special software or plugins
  • Supports both consulting and collaboration workflows

Pricing

£70 to £110 per unit per month

Service documents

G-Cloud 9

662995289691215

Attend Anywhere

Chris Ryan

+61 (0) 3 9863 7447

enquiries@attendanywhere.com

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to It’s simple to extend existing patient administration and accounting systems to include the option of attending via a video call.
Cloud deployment model Public cloud
Service constraints Recommended maximum sites in a video call is 4-6 depending on the available internet and the types of devices being used.
Requires use of Google Chrome web browser or an app on Apple iPhones and iPads (Apple Safari and other web browser support expected in 2017/18)
System requirements
  • Latest Google Chrome web browser on PC, MAC or Android
  • An App on Apple iPads or iPhones
  • A web camera (built-in or USB)
  • A microphone (built in to most devices and external webcams)
  • Speakers (built in to most devices)
  • A reliable connection to the internet
  • See https://nhs.attendanywhere.com/makingcalls for more

User support

User support
Email or online ticketing support Yes, at extra cost
Support response times Level 1: Service unavailable
Weekdays: 100% response within 15 minutes, 100% resolved within 4 hours
Weekends: 100% response within 30 minutes, 100% resolved within 8 hours
Level 2: Degradation of service
Weekdays: 100% response within 15 minutes, 100% resolved within 8 hours
Weekends: 100% response within 30 minutes, 100% resolved within 12 hours
Level 3: One or more non-critical functions affected (multiple users)
Weekdays: 95% response within 4 hours
Weekends: 95% response within 1 Business Day
Level 4: One or more non-critical functions affected (single user)
Weekdays: 95% response within 1 Business Day
Weekends: 95% response within 2 Business Days
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support No
Web chat support No
Onsite support No
Support levels Level 1: Service unavailable
Weekdays: 100% response within 15 minutes, 100% resolved within 4 hours
Weekends: 100% response within 30 minutes, 100% resolved within 8 hours
Level 2: Degradation of service
Weekdays: 100% response within 15 minutes, 100% resolved within 8 hours
Weekends: 100% response within 30 minutes, 100% resolved within 12 hours
Level 3: One or more non-critical functions affected (multiple users)
Weekdays: 95% response within 4 hours
Weekends: 95% response within 1 Business Day
Level 4: One or more non-critical functions affected (single user)
Weekdays: 95% response within 1 Business Day
Weekends: 95% response within 2 Business Days

Technical liaison provided for primary contacts.
See platform pricing
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Attend anywhere provides a lot of on-boarding support through https://nhs.attendanywhere.com/resourcecentre. Comprehensive online help is also accessible within the platform. Primary technical and adoption contacts can attend 'train-the-trainer' webinars.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction No patient identifiable information is stored in the platform. Consultation history reports can be downloaded in a .csv format.
End-of-contract process All organisation accounts are marked as inactive.

Using the service

Using the service
Web browser interface Yes
Supported browsers Chrome
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The video call screen works in a similar way between mobile and desktop with the exception that sending chat messages is not available in small form factor devices such as smartphones.

The provider management functions are the same.
Accessibility standards None or don’t know
Description of accessibility To be advised
Accessibility testing None to date, this is part of testing of Attend Anywhere version 4 currently under development
API Yes
What users can and can't do using the API Customised buttons:
Users can embed customised buttons on their websites which allow direct access in to waiting areas. This is done via HTML / JavaScript which is detailed within the application. The behaviour of the buttons can be changed within the script or within the application.The details about the waiting areas (e.g. the waiting area name) cannot be changed through any of the APIs.

Kiosk mode:
Users can construct URLs which will allow immediate access in to a waiting area. This allows 'kiosk'-style access in to the application where external applications can integrate more cleanly. Specific URL parameters can be passed when launching the integration url which allows specification of the waiting area and the name of the caller.
API documentation Yes
API documentation formats HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Examples of areas that can be customised include:
Branding; Messages given to patients at various stages of workflow; Buttons to insert on service providers web site; Patient information leaflets. These can be customised by service administrators using the platform interface.

Scaling

Scaling
Independence of resources The system architecture and hosting implementation supports both vertical and horizontal scaling of components. Additional component array members can be added on demand to cope with increase in usage.
All components have at least one redundant member, which allows resizing on demand without service interruption.
Component performance metrics are tracked and alerts are configured to allow response where utilisation or response times fall outside of acceptable thresholds.

Analytics

Analytics
Service usage metrics Yes
Metrics types Reports are available for:-
Meeting room usage: Users, Time, Duration.
Service Waiting Area usage: Response time, Duration and Provider.
Service Provider: Calls answered, Meetings attended.
Organisation: Total Users, Active Users, Total Calls.
Service: Total Users, Active Users, Total Calls.
Video Call Quality: Resolution, Framerate, Bandwidth, Latency, Drop outs
Reporting types
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • Other locations
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Consultation histories and other reports can be exported in .csv formats
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network AES 128 encryption of cache and message bus payload data.

Availability and resilience

Availability and resilience
Guaranteed availability Service Availability Level is defined as 99.95%
No refund is agreed for breach of this SLA.
Approach to resilience The hosting design is made resilient by adoption of High Availability principles which support both availability and performance. All components have at least one redundant member in flexible arrays.
Redundant units are deployed across geographically separate locations.

Redundant components share the service load and so any component failure is automatically handled by requests flowing to surviving members.

A single geographic zone can independently serve requests if the others fail. Additional capacity can be activated on demand in surviving zones.

Resiliency for users is assisted by approach to re-establishment of consultation calls in the event of failure, anywhere in the chain of delivery. Being an Internet delivered real-time service, failures that have minor inconvenience in most web applications can be critical. The web application uses a rich client javascript framework with a local model of the call, so that interruptions of service can be repaired with a single click. The local web page is aware of its status in relation to the management application and self heals or prompts user for simple action.
Outage reporting A service availability API is provided to report regular, ad-hoc and unplanned service periods.

Scripts are provided to access the API.

System component outages are reported automatically to service managers to invoke remedial action.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels View or action upon service entities are restricted to a tenants owned entities.
There are several layers of roles with distinct and/or increasing access to information and functions
Admin roles are assigned to authorised persons.
The software authorisation layer denies access to protected management URLs for unauthorised users.
Navigation to protected functions is hidden from unauthorised users.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation No
Security governance approach The system is implements a Defense in Depth design, with a layering of technical and administrative controls over the physical controls offered by the data centre operator.

The security design and as built implementation are captured in system documentation and subject to change control processes and defined role's Authority to Act.

The Attend Anywhere CTO is the assigned most senior Security Officer and responsible for convening appropriate change review forum for approval of security changes.

Automated security systems are configured to report on emerging vulnerabilities and essential protective action.
Information security policies and processes All reporting regarding security incidents flow via the CTO role to the Managing Director. Design Assurance also rests with the CTO and incorporates implementation of security principles.
Security is a domain in all operational policies and supported by roles' separation of responsibility and tracking of change control and authorisation.

Specific policies ensure compliance with various jurisdictions' Privacy, Security and Information Governance regulations.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Change controls are risk focused, based on ISO/IEC 27002. All requests, design, implementation and deployment of changes are tracked via an Issue Management system.
Gates for review and approval for progression exist at transition of each development phase.
A mature QA process backs the transition from development, through testing to release candidate and customer acceptance. Distinct configurations are maintained for each phase
Changes to configuration of released software product and/or hosting are considered exceptional and subject to extraordinary change review process. Design assurance incorporates review of security domain.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Vulnerability management involves test and inspection for known existing technical threats as well as automation of host based protection layer.

A centrally managed on host security components is deployed to each server and configured to be aware of the services hosted. A central, managed and curated source of existing and emerging vulnerabilities is matched against service profiles and host base protections are recommended, with option of automatic or approved deployment.

Subscriptions to general vulnerability alerts are monitored along with business and solution specific sources.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Multiple layers of protective monitoring exist at network and host levels.
At the network layer Application Load Balancers are monitored for Denial of Service activity. At web proxy level Web Application Firewalls are deployed to detect patterns based on OWASP Core Rule Set.
On host detection and prevention of network layer is based on recommended and customised rules.
Detection of configuration changes to system and application configuration assets is monitored in real time.
Alerts of potential malicious activity are investigated and analysed within 24 hours. Required remediation is delivered after extraordinary change approval usually within 2 days.
Incident management type Supplier-defined controls
Incident management approach Incident management is responsive to both systems generated events and user reported events. Systems alerts are configured for both infrastructure and application level abnormalities. Required remediation action is defined for a series of know incidents aligned with system alerting and/or use reported symptoms.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £70 to £110 per unit per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Service providers are offered a free evaluation trial on the condition they:

1. Commit internal project and other resources required to run the trial.
2. Add a Waiting Area entry button to their web site for the trial.
3. Are prepared in principle to adopt the service if satisfactory.
Link to free trial Contact us: www.attendanywhere.com/contact-us

Documents

Documents
Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑