Strata Health LTD

Strata Pathways Co-Hort

Strata PathWays transitions patients between care settings by matching clinical needs/preferences to available/appropriate resources using real-time information across all organisations involved. This shows available care options and waiting times so that patients are matched appropriately.

Strata cohort is licensed for use by population cohorts or distinct care pathways.


  • Delayed Discharge Management
  • DTOC reduction
  • referral management
  • patient flow
  • care matching
  • Length of Stay LOS reduction
  • patient matching
  • transfer audits
  • system integration
  • Patient flow audit and report


  • Improved Patient Outcomes
  • Reduced Delayed Transfer of Care DTOC
  • Reduced Length of stay LOS
  • Manages and audits all activity


£75000 per instance

Service documents

G-Cloud 9


Strata Health LTD

Clint Schick

+44 (0) 7909863342

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints No
System requirements
  • Access to internet
  • Access to N3
  • Access to Browser software

User support

User support
Email or online ticketing support Email or online ticketing
Support response times All client contracts will include technical support and this is provided on a client-by-client basis covering up to business hours to 24/7 support, by email and by telephone to a local support telephone number that is answered in the UK. Service levels, including escalation points are normally negotiated during contracting. We endeavour to respond to calls within one hour.

A super-user or product champion is also trained within each customer in order to provide local on-site expertise of the solution.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AA or EN 301 549
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels As a cloud solution support is provided as part of all client contracts. The Service will include standard technical support and this is provided on a client-by-client basis covering up to business hours to 24/7 support, by email and by telephone to a local support telephone number that is answered in the UK.

Enhanced Service levels can be arranged if requested but are not normally required. All features of our support including escalation points are fully detailed during contracting and each client has a Strata Client Support Manager allocated as a main contact for all contractual and support issues. We endeavour to respond to all calls within one hour.

A super-user or product champion is also trained within each customer in order to provide local on-site expertise of the solution.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Once a Strata implementation begins part of project role-out will be the schedule for users access and user training. The users access tasks include entering the names and credentials of those users that will be allowed to access the system and allocating their username, initial password and users rights - i.e. what they can and can't do based on Role Based Access Controls. Prior to go-live we run a number of training classes to show users how the system operate, how all features relate to their role and how to deal with any follow-up tasks. We provide a full suite of training documents which are bespoke to the user system and ensure that we have trained super-users within the client organisations and also on their IT help desks if required.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction A full database extract will be provided to the client at that end of the contract term. Strata health will remove all client data from our systems either immediately after the extract has been received, tested and signed off by the client or within an agreed term if this is explicitly stated by the client.
End-of-contract process At the end of the contract term and in the event that a contract is not being renewed or extended, we will supply the client with a full extract of the system database for their data.

There is no cost for this service.

If Strata are requested to retain the data for a period of time after the contract termination date, we will then charge the client for the remaining term.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service It is accessed via mobile device browsers and renders to automatically fit the screen. We have an Apple app that launches the services rather than always having to type in the URL.
Accessibility standards WCAG 2.0 AAA
Accessibility testing TBC
What users can and can't do using the API The API link the service to their own data sources such as GP systems and PAS and Social care system. The API will facilitate:
1. Single Sign-on features
2. Search/create/update patients
3. Search/create/update encounters
4. Update Forms
5. Send referrals
6. Receive referral updates
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Full Role based Access structures are inherent with Strata solutions and depending on access rights anyone can make changes if the client allows them to do so. The system can just as easily be locked down so that certain system changes can only be made at Admin level.

The solution has in-built editing features that facilitate changes.

Clients can customise fields to change headers or information relating to patients or encounters, They can also customised the clinical needs criteria at individual patient level to ensure that the patient is being directed to the correct care setting.


Independence of resources Strata solutions are delivered from state of the art data centres where our cloud solutions are load balanced across a number of servers depending on the client size and access demands. The solution architecture is designed in a way that the required sources can be scaled up instantly so that processing power is always available regardless of the number of users of the numbers of clients that we have accessing our services.


Service usage metrics Yes
Metrics types Strata IQ business intelligence dashboards provide the ability to access a standard set of functional reports and also the ability to create custom report, both of which have the ability to drill down to the lowest level event. Reports include:
- Activity Reports
- Management Reports
- DTOC reports
- Completion reports
- Custom reports
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with CSA CCM v3.0
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach The Strata systems will allow authorised client admin users to extract data within the system. This service is locked down using role based access to ensure that IG rules are maintained and therefore only users with the appropriate RBAC rights will be able to do this.

The client admin team will determine what information can or can't be exported and which users are allowed to access this function of the Strata PathWays solution.
Data export formats
  • CSV
  • Other
Other data export formats PDF
Data import formats Other
Other data import formats NONE

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Private network or public sector network
Data protection within supplier network Other
Other protection within supplier network All data within our solution network is held with the N3 Network and cannot be accessed from outside that network. We are currently working to move to the HSCN which will replace N3.

In Scotland, we only use the SWAN network for access to our services.

Availability and resilience

Availability and resilience
Guaranteed availability Strata provides a service delivered at 99.5% availability. This level is usually more than enough for our service and is delivered within the stated costs. If a client wishes to discuss increased levels of availability, we would be happy to put such enhanced service levels agreements in place and to establish any additional costs for this service. We would also facilitate compensation to the client if the SLA was breached.
Approach to resilience This information is available on request.
Outage reporting Our clients will receive a weekly email service report as standard from New Relic. This report will show all uptime, downtime (scheduled and unscheduled) and all access to each part of the solution.

In addition the client will be able to access performance reporting from within the system as well.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication 2-factor authentication
Access restrictions in management interfaces and support channels Dependant on the specific client requirement: Application environment is firewalled to specific client networks; password and username standard; 2 factor in use with some clients. Role Based Access Hierarchy is in place which is designed and populated by the client administrators. Each authorised users is assigned a profile that determined what they can and cannot do within the system and all actions are audited to record all activity whilst using the system or attempting to access unauthorised features.
Access restriction testing frequency At least once a year
Management access authentication 2-factor authentication

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 QAS International
ISO/IEC 27001 accreditation date 30/06/2016
What the ISO/IEC 27001 doesn’t cover All parts of the Strata UK operations are covered by our 27001 Certification
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Strata Health has developed an overarching set of policies based on the ISO 27001:2013 standard that apply to everyone in the organization. As part of these policies, Strata Health is committed to:

- Comply with all applicable laws and regulations and contractual obligations.

- Implement continual improvement initiatives, including risk assessment and risk treatment strategies, while making best use of its management resources to better meet information security requirements.

- Communicate its information security objectives, and its performance in achieving these objectives, throughout the company and to interested parties.

- Adopt an information security management system comprising a security manual and procedures which provide direction and guidance on information security matters relating to employees, customers, suppliers and interested parties who come into contact with its work.

- Work closely with its customers, business partners and suppliers in seeking to establish appropriate information security standards.

- Adopt a forward-looking view on future business decisions, including the continual review of risk evaluation criteria, which may have an impact on information security.

- Train all members of staff in the needs and responsibilities of information security management.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Strata Health follows ISO27001 best practices for Configuration and Change Management
Vulnerability management type Supplier-defined controls
Vulnerability management approach The Strata Health technical teams evaluate all patches and releases and compare them to the services we offer and assess the following:
- applicability
- impacted dependencies
- level of risk

These teams will determine the real risk to our systems and will embark on a patching/testing process to ensure there are no adverse effects.

Patches can take anywhere from 3 weeks to 90 days depending on severity and level of testing required.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Strata Health has implemented multiple levels of auditing, logging and alerting of invents in the system.

This includes:
Perimeter security device logging and alerting of unsuccessful attempts
Audit logging of failed/successful authentication attempts at the application layer.
Detailed audit logging of all actions against affecting patient data within the application as well as at the database layer.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Strata Health solutions has developed an incident management process that is based on the ISO 27001:2013 standard.

This process includes the notification to clients and regulatory bodies as required by law.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks
  • New NHS Network (N3)
  • Scottish Wide Area Network (SWAN)


Price £75000 per instance
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑