Strata PathWays transitions patients between care settings by matching clinical needs/preferences to available/appropriate resources using real-time information across all organisations involved. This shows available care options and waiting times so that patients are matched appropriately.
Strata cohort is licensed for use by population cohorts or distinct care pathways.
- Delayed Discharge Management
- DTOC reduction
- referral management
- patient flow
- care matching
- Length of Stay LOS reduction
- patient matching
- transfer audits
- system integration
- Patient flow audit and report
- Improved Patient Outcomes
- Reduced Delayed Transfer of Care DTOC
- Reduced Length of stay LOS
- Manages and audits all activity
£75000 per instance
Strata Health LTD
+44 (0) 7909863342
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
All client contracts will include technical support and this is provided on a client-by-client basis covering up to business hours to 24/7 support, by email and by telephone to a local support telephone number that is answered in the UK. Service levels, including escalation points are normally negotiated during contracting. We endeavour to respond to calls within one hour.
A super-user or product champion is also trained within each customer in order to provide local on-site expertise of the solution.
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||WCAG 2.0 AA or EN 301 549|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
As a cloud solution support is provided as part of all client contracts. The Service will include standard technical support and this is provided on a client-by-client basis covering up to business hours to 24/7 support, by email and by telephone to a local support telephone number that is answered in the UK.
Enhanced Service levels can be arranged if requested but are not normally required. All features of our support including escalation points are fully detailed during contracting and each client has a Strata Client Support Manager allocated as a main contact for all contractual and support issues. We endeavour to respond to all calls within one hour.
A super-user or product champion is also trained within each customer in order to provide local on-site expertise of the solution.
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||Once a Strata implementation begins part of project role-out will be the schedule for users access and user training. The users access tasks include entering the names and credentials of those users that will be allowed to access the system and allocating their username, initial password and users rights - i.e. what they can and can't do based on Role Based Access Controls. Prior to go-live we run a number of training classes to show users how the system operate, how all features relate to their role and how to deal with any follow-up tasks. We provide a full suite of training documents which are bespoke to the user system and ensure that we have trained super-users within the client organisations and also on their IT help desks if required.|
|End-of-contract data extraction||A full database extract will be provided to the client at that end of the contract term. Strata health will remove all client data from our systems either immediately after the extract has been received, tested and signed off by the client or within an agreed term if this is explicitly stated by the client.|
At the end of the contract term and in the event that a contract is not being renewed or extended, we will supply the client with a full extract of the system database for their data.
There is no cost for this service.
If Strata are requested to retain the data for a period of time after the contract termination date, we will then charge the client for the remaining term.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||It is accessed via mobile device browsers and renders to automatically fit the screen. We have an Apple app that launches the services rather than always having to type in the URL.|
|Accessibility standards||WCAG 2.0 AAA|
|What users can and can't do using the API||
The API link the service to their own data sources such as GP systems and PAS and Social care system. The API will facilitate:
1. Single Sign-on features
2. Search/create/update patients
3. Search/create/update encounters
4. Update Forms
5. Send referrals
6. Receive referral updates
|API documentation formats||
|API sandbox or test environment||Yes|
|Description of customisation||
Full Role based Access structures are inherent with Strata solutions and depending on access rights anyone can make changes if the client allows them to do so. The system can just as easily be locked down so that certain system changes can only be made at Admin level.
The solution has in-built editing features that facilitate changes.
Clients can customise fields to change headers or information relating to patients or encounters, They can also customised the clinical needs criteria at individual patient level to ensure that the patient is being directed to the correct care setting.
|Independence of resources||Strata solutions are delivered from state of the art data centres where our cloud solutions are load balanced across a number of servers depending on the client size and access demands. The solution architecture is designed in a way that the required sources can be scaled up instantly so that processing power is always available regardless of the number of users of the numbers of clients that we have accessing our services.|
|Service usage metrics||Yes|
Strata IQ business intelligence dashboards provide the ability to access a standard set of functional reports and also the ability to create custom report, both of which have the ability to drill down to the lowest level event. Reports include:
- Activity Reports
- Management Reports
- DTOC reports
- Completion reports
- Custom reports
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||Physical access control, complying with CSA CCM v3.0|
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||
The Strata systems will allow authorised client admin users to extract data within the system. This service is locked down using role based access to ensure that IG rules are maintained and therefore only users with the appropriate RBAC rights will be able to do this.
The client admin team will determine what information can or can't be exported and which users are allowed to access this function of the Strata PathWays solution.
|Data export formats||
|Other data export formats|
|Data import formats||Other|
|Other data import formats||NONE|
|Data protection between buyer and supplier networks||Private network or public sector network|
|Data protection within supplier network||Other|
|Other protection within supplier network||
All data within our solution network is held with the N3 Network and cannot be accessed from outside that network. We are currently working to move to the HSCN which will replace N3.
In Scotland, we only use the SWAN network for access to our services.
Availability and resilience
|Guaranteed availability||Strata provides a service delivered at 99.5% availability. This level is usually more than enough for our service and is delivered within the stated costs. If a client wishes to discuss increased levels of availability, we would be happy to put such enhanced service levels agreements in place and to establish any additional costs for this service. We would also facilitate compensation to the client if the SLA was breached.|
|Approach to resilience||This information is available on request.|
Our clients will receive a weekly email service report as standard from New Relic. This report will show all uptime, downtime (scheduled and unscheduled) and all access to each part of the solution.
In addition the client will be able to access performance reporting from within the system as well.
Identity and authentication
|User authentication needed||Yes|
|User authentication||2-factor authentication|
|Access restrictions in management interfaces and support channels||Dependant on the specific client requirement: Application environment is firewalled to specific client networks; password and username standard; 2 factor in use with some clients. Role Based Access Hierarchy is in place which is designed and populated by the client administrators. Each authorised users is assigned a profile that determined what they can and cannot do within the system and all actions are audited to record all activity whilst using the system or attempting to access unauthorised features.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||2-factor authentication|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||QAS International|
|ISO/IEC 27001 accreditation date||30/06/2016|
|What the ISO/IEC 27001 doesn’t cover||All parts of the Strata UK operations are covered by our 27001 Certification|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security accreditations||No|
|Named board-level person responsible for service security||Yes|
|Security governance accreditation||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
Strata Health has developed an overarching set of policies based on the ISO 27001:2013 standard that apply to everyone in the organization. As part of these policies, Strata Health is committed to:
- Comply with all applicable laws and regulations and contractual obligations.
- Implement continual improvement initiatives, including risk assessment and risk treatment strategies, while making best use of its management resources to better meet information security requirements.
- Communicate its information security objectives, and its performance in achieving these objectives, throughout the company and to interested parties.
- Adopt an information security management system comprising a security manual and procedures which provide direction and guidance on information security matters relating to employees, customers, suppliers and interested parties who come into contact with its work.
- Work closely with its customers, business partners and suppliers in seeking to establish appropriate information security standards.
- Adopt a forward-looking view on future business decisions, including the continual review of risk evaluation criteria, which may have an impact on information security.
- Train all members of staff in the needs and responsibilities of information security management.
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||Strata Health follows ISO27001 best practices for Configuration and Change Management|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
The Strata Health technical teams evaluate all patches and releases and compare them to the services we offer and assess the following:
- impacted dependencies
- level of risk
These teams will determine the real risk to our systems and will embark on a patching/testing process to ensure there are no adverse effects.
Patches can take anywhere from 3 weeks to 90 days depending on severity and level of testing required.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Strata Health has implemented multiple levels of auditing, logging and alerting of invents in the system.
Perimeter security device logging and alerting of unsuccessful attempts
Audit logging of failed/successful authentication attempts at the application layer.
Detailed audit logging of all actions against affecting patient data within the application as well as at the database layer.
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||
Strata Health solutions has developed an incident management process that is based on the ISO 27001:2013 standard.
This process includes the notification to clients and regulatory bodies as required by law.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||Yes|
|Price||£75000 per instance|
|Discount for educational organisations||No|
|Free trial available||No|
|Pricing document||View uploaded document|
|Skills Framework for the Information Age rate card||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|