CliniTouch Vie (digital health and remote clinical monitoring)
Patients love using CliniTouch Vie (CVie) to monitor themselves at home. Clinical teams welcome the ability to access this information, helping them prioritise who needs care.
CVie currently supports:
COPD and respiratory services;
Heart-Failure;
Early-discharge; and
More!
CVie delivers efficiencies in case management and generates cost savings through reduced admissions.
Features
- Class 1 medical device
- Hosted in the NHS secure network (HSCN)
- Designed by NHS clinicians
- Multi-user functionalities enabling it to be used in care homes
- Tablet device with 4G connectivity (99% population can access)
- Educational resources for specific conditions to support self-management
- Bluetooth and manual biometric data collection
- Dynamic care plans and evidence based algorithms enable automatic triage
- Evidence-based algorithms for COPD, Diabetes, Heart Failure, Frailty, Cancer
Benefits
- Evidence based digital health and remote monitoring service
- Emergency admission avoidance (proven 67% reduction)
- Helps increase staff productivity and efficiency
- Helps increase patient self-management of disease
- Reduces the need for repeat patient visits
- 24/7 access to service
- Real-time data: support the management most at risk patients
Pricing
£1.00 to £2.66 a licence a day
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 11
Service ID
7 0 7 7 5 9 2 6 5 3 9 5 5 4 5
Contact
Spirit Digital Ltd
Nadine Miles
Telephone: 07966766721
Email: Nadine.Miles@spirit-health.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Private cloud
- Service constraints
- N/A
- System requirements
-
- Essential: HSCN (N3) Network
- Essential: Internet Explorer 9 or above; Chrome 55 or above
- Desirable: VPN
- Desirable: remote working for clinicians not based at NHS buildings
User support
- Email or online ticketing support
- Yes, at extra cost
- Support response times
-
Within Business hours:
Priority 1 Issue — 1 elapsed hour;
Priority 2 Issue — 2 elapsed hours;
Priority 3 Issue — 8 elapsed hours;
Outside Business hours:
Priority 1 Issue — 2 elapsed hours;
Priority 2 Issue — 4 elapsed hours;
Priority 3 Issue — 12 elapsed hours; - User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
As part of our service and within the costs all our customers receive access to:
• access to our 24/7 telephone service line
• customer service manager who will be their main point of contact in the event they have any escalations
• technical account manager to resolve software issues
• programme manager for on-boarding and off-boarding processes
• training manager - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
Responsibility for helping users to start using our service will be taken by our Programme Manager. Our range of resources will be adapted for local use. We will establish a user forum to test and develop materials as part of the mobilisation process. The on-boarding package will comprise:
• For individuals receiving a CliniTouch installation through Spirit, training will be provided onsite at the time of the installation
• For all system users and system super users commencing one month prior to go live date on-site training will be delivered on the clinical and patients’ systems and associated interfaces. This training will be delivered at local venues for staff
• Ongoing sessions delivered on-site and locally as required throughout the duration of the contract for new starters and for existing users to explain system updates and new functionality
• Our written user manuals for users, and super users are in plain English and are approved through our medical approval process and through user accepting panels. These are available as hard copies and are updated regularly and available online.
All users will be able to access our freephone 24/7-customer support line, which has an overall 99% customer satisfaction rating. - Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
-
We have significant experience of importing and exporting patient data to and from clinical systems and has robust processes and procedures in place for when the contract ends.
We adhere to guiding principles laid out in the NHS Digital Exit and Transition Process 2015, Confidentiality; NHS Code of Practice 2003, The Data Protection Act 1998, Caldicott and Caldicott 2 and DH Records Management Code of Practice.
We will implement a secure method of data extraction, e.g. over N3 or encrypted external hard drive, and:
• Ensure contractual / permissions in place for data sharing
• Agree timetable for extraction and supply of data to ensure data sets complete prior to transfer
• Agree procedures / new contractor compliance with GDPR data sharing rules
• Identify and agree datasets required
• Agree format for extraction (Excel, CSV, etc)
• Provide test data set prior to fully supply of data
• Arrange for safe archiving of data
• Arrange cessation of customer helpline
• Remove system permissions as required
We delete all data from the system and provide assurance via System Retirement Notice to the customer that no data is now stored within the Spirit system. - End-of-contract process
-
At the end of a contract process Spirit will implement the co-developed and signed off exit plan strategy. This will involve off-boarding patients from the system into the traditional services and closing the contractual requirements with the commissioner.
Patient off-boarding
• Communication with each patient to discuss the end date of the service
• Step-down procedures into existing local clinical services
• Collection of the CliniTouch Vie tablet and peripherals
• Decontamination of equipment
Reporting
• Provide an end of contract KPI delivery report
• Provide a summary service report
• Co-develop a lesson learned report
Other
• Arrange commissioner exit meetings and communication requirements
• Produce case studies
• Notify referrers
TUPE (If new service provider and Spirit is delivering the clinical service for monitoring and management)
• Identify staff who will transfer
• Consultation process (if required)
• Due diligence meeting with new employer
• One-to-one meetings with transferring staff
• Production of ELI data
• Communication plan and roll out
• Advise pension authority
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 9
- Internet Explorer 10
- Internet Explorer 11
- Chrome
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
-
The difference between the mobile and desktop service can be described as follows:
• Patients access the system on a mobile device (provided by Spirit) and can only access it on that system.
• Clinicians access the system via a web browser on any device. Internet Explorer 9(or above) or Chrome 55 (or above) guarantees full functionality, but the Clinician portal is available on any web browser, including mobile phones/tablets, that are connected to the N3/HSCN network
• Mobile browsers may not work with video conferencing, due to HTML 5 which is a relatively new technology - Service interface
- Yes
- Description of service interface
-
The service interface via a tablet that interfaces wirelessly with a variety of peripheral devices (e.g. pulse oximeters, blood pressure monitors) to capture biometric data.
CliniTouch is a registered medical device approved by the MHRA and the data server sits within the HSNC [NHS N3] secure data environment, which enables it to push and pull data securely between healthcare provider data systems and service users. - Accessibility standards
- WCAG 2.1 A
- Accessibility testing
- We have not done any specific testing with users of assistive technology to meet accessibility standards. However, we ensure that every effort has been made to caters for a wide range of accessibility requirements and continues to review on a regular basis with our clinician and user forum. Due to Android’s innovative accessibility options, we can cater for hard of sight with increased contrast or larger text, or text to speech. Extensive User Acceptance Testing was done as part of the CE marking process, with a large cohort of patients and clinicians.
- API
- No
- Customisation available
- Yes
- Description of customisation
- As part of the service setup and configuration of the disease specific pathways, it is possible to bespoke specific elements of the digital health platform to be tailored for each customer. For example, the flow of information between clinicians and patients and make it unique for the service or patient.
Scaling
- Independence of resources
- Spirit consistently monitors the bandwidth usage of our services, ensuring that the service is not reaching capacity. Due to the network architecture, all servers, portals and database could and do have their load replicated and balanced across many different spindles. Currently there is a limit on the number of I/O (input/output) connections allowed on the service (which is in excess of 500% above current usage limits), but this could be scaled up/down when required.
Analytics
- Service usage metrics
- Yes
- Metrics types
- CliniTouch Vie system has capacity and capability to monitor and produce reports based on the biometric health data, well-being responses and care professional (clinical system user) activity. The reporting utilises a variety of parameters that have the ability to sort, filter and select and can be self-configured by the commissioning Clinical Service Provider. We provide regular business intelligence reports based upon the analytics from within the system and report again the clinical, quality and financial KPIs set by the customer.
- Reporting types
-
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2012
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- In-house
- Protecting data at rest
- Physical access control, complying with CSA CCM v3.0
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- In-house destruction process
Data importing and exporting
- Data export approach
-
Our Information Governance Manager provides oversight to the data export approach. We have developed data export processes in line with GDPR requirements.
Clinicians can export Patient Care Plans by PDF and then attach to the patient’s record in other Electronic Patient Record systems.
Approved Clinicians or Admin users can export any data within the database, customisable in a variety of formats to either CSV or PDF format. These can be exported instantly (i.e. ‘download now’) or scheduled to export by either File Transfer Protocol or email. - Data export formats
-
- CSV
- Other
- Other data export formats
- Discharge summary document
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Bonded fibre optic connections
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
-
There are 3 points of the service that have their availability measured and guaranteed: data reception for patients, server up-time and clinician connectivity.
Patient consoles are supplied with multi-network SIMs that cover 99% of the population. The 4G SIMs will choose the strongest available network.
Servers are hosted by AIMES who offer 99.9% up-time and have fail-over servers located in a different city, if required.
Clinicians access through the N3/HSCN network, which is supplied by BT and outside the scope of our product, though is very redundant and typically offers near-100% uptime. - Approach to resilience
-
Information is available upon request.
AIMES Ltd have ensured that their servers meet the latest NHS Digital standards, utilise the latest anti-virus and meet industry-standards for information governance. Up-time is constantly monitored and all customers are notified of any significant downtime with an SLA in place to resolve. Servers are hosted by AIMES who offer 99.9% up-time and have failover servers located in a different city, if required. - Outage reporting
-
Due to patient data regulations, patients cannot be contacted by Spirit when there is a network outage as they would not have access to their contact details.
Outages are communicated by email to all clinical service users and admin(s), as well as by telephone to all clinical leads. All clinical users are then kept up to date, where appropriate.
Local arrangements are put in place for clinical users to contact the patients directly.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Dedicated link (for example VPN)
- Username or password
- Access restrictions in management interfaces and support channels
-
Management interfaces are restricted to a limited number of individuals. The individuals must connect to AIMES’ infrastructure by VPN, which uses Multi Factor Authentication, RDP on to a remote desktop (which requires a 32 character password) and then log in with another unique user ID and password to the admin portal itself.
VPN is only accessible from a specific computer to that individual, which is also password protected.
To authenticate, there is a total of 6 layers of authentication:
• Machine password
• VPN
• Phone password
• MFA for VPN
• RDP password
• Admin portal password - Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Dedicated link (for example VPN)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
We are committed to delivering the highest levels of quality of care for patients and their data. We demonstrate this through assurance processes and accreditations as applicable.
We are compliant with IGSoC level 2, we were audited and approved in August 2016 by NHS Digital.
We have submitted logical Architecture and Network Design documentation and has achieved N3 connectivity. This has been audited as compliant by NHS Digital using our third party N3 host Aimes Ltd based in Liverpool.
We have undertaken the Healthcare Gateway MiG integration process to be an accredited partner and is compliant.
We operate an ISO 9001 Certified Quality management system of which our ISO27001 compliant Information Security Policy (a copy of which is available upon request) is a part. Our N3 data centre host is certified as ISO 27001 compliant and we are working towards ISO27001 formal accreditation as part of our Quality Management System.
We use an accredited ISO 27001 compliant data centre to store all NHS data.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
-
The software at the patient end is bespoke and not publicly available (i.e. not on app store/google play store). The software has been designed using the latest HTML5 technologies and to be forward-compatible with any new versions of Android, should a security flaw require device operating systems be upgraded.
New versions of the patient app can be deployed remotely to meet any technological requirements of OS upgrades.
The clinician portal is accessed from NHS managed IT equipment and the data privacy and security for clinicians is administered locally by NHS Health Informatics Services. - Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- We hold a contract with AIMES, a leading commercial data centre service provider. We subscribe to NHS Digital’s careCERT weekly mailing blasts and take note of relevant threads to IT security, co-assessing against CliniTouch Vie’s technologies, making changes, where required. Depending on the level of severity, potential threats are patched either same day, same week or the following week. In addition, AIMES will regularly update and maintain their network security to meet the latest standards.
- Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- Spirit sub-contracts AIMES, a leading commercial data centre service provider. We subscribe to NHS Digital’s careCERT weekly mailing blasts and take note of relevant threads to IT security, co-assessing against CliniTouch Vie’s technologies, making changes, where required. Depending on the level of severity, potential threats are patched either same day, same week or the following week. In addition, AIMES will regularly update and maintain their network security to meet the latest standards. On a regular basis we conduct audit information searches and our protective processes are likely to detect and respond quickly to attacks, or attempted attacks.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
We don’t have any common events, but the process is the same for any incident or event.
• Incidents are reported by phone or email, whatever is quickest to enable an immediate response.
• Template report to include a risk assessment, notification requirements, disciplinary action, root cause, trend analysis, corrective action, preventative action and later, effectiveness.
• Policy to ensure that incident reports are provided to users in the event of a major incident, which details the root cause and the steps that have been undertaken to mitigate the risk of it occurring again in the future.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
- NHS Network (N3)
Pricing
- Price
- £1.00 to £2.66 a licence a day
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- A free trial is offered to organisations that commission a new service that is co-created with local clinical teams and built into the software. It is offered to a small number of patients on a maximum 6-month trial period. It includes the full service: technology, service, maintenance and support.