Digital/ Hybrid Patient Communications and Engagement
Supporting the NHS Digital Agenda/ Paperless2020: rollout of cloud-based, digital patient engagement/appointment-management throughout the referral-to-treatment/RtT pathway. Delivered via EPR Integration with patient portal, on-line engagement, Email/SMS/QRcodes/Hyperlinks and hybrid print/mail. GDPR/DPA compliant; Live/Real-time/Online delivery of outcomes (Slot-Utilisation/DNA Reduction) Improved patient outcomes/experience and accessibility standards. Escalation paths; reporting; BI/MI;
- Real Time Digital and hybrid-mail. Appointment notification and reminders
- Patient Communications (SMS/ Agent/ IVR/ IVM/ Email, On-line Patient-Portal)
- RtT Patient Pathway Appointments, reminders, scheduling, pre-operative/ post-discharge
- Improved Patient Experience, Patient Accessibility standards, PALS
- Reduction in DNA, improved slot-utilisation, cost saving, income generation
- Real Time reporting, results and outcome analysis
- Intelligence and results lead delivery paths
- Bi-directional engagement using multi-channel media and escalation paths
- Reduce print and costs up to 70%. Digital-Agenda Paperless 2020
- Cost effective routing of data, answer based response
- Secure data management (Data handling)
- Support patient accessibility standards - maps/instructions/leaflets/ audio/ language
- Accountability and audit trace (Live outcome reporting and results)
- Secure user based permissions and portal acess
- Cloud based and agnostic of EPR systems -
- Uses secure API and Interface (HL7, FHIR, N3)
- E-Referral, Choose and Book, Partial Booking
£0.018 per unit
- Free trial available
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||
EPR/ PAS systems
Hybrid mail and hybrid print
Appointment reminders; Pre-Admission & Post-Discharge communication services; Friends and Family testing; Ad-Hoc Surveys.
Additional services are added to the platform, using same data upload methods to reduce unnecessary complexity via N3/HSCN/PSN.
|Cloud deployment model||Private cloud|
There are no constraints using our portal - it fully supports all web browsers (incl. IE7 and above). Maintenance windows are outside of core hours and the service runs in active:active mode.
There are no hardware requirements for the Customer and no software installations - all delivered via a secure cloud portal with full user permissions and role access rights.
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Support queries are monitored Monday to Friday 8.00am to 8.00pm with a 24/7 363 functionality available if required.
Response times to support tickets raised are acknowledged within 1 hour, with resolutions confirmed and agreed within 24 hours.
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
|Support levels||24X7X363 Support is available. Support hours are Monday - Friday 8am-6pm (Core); 6pm-8am (On Call) Evenings and Weekends - On Call Support requests are captured by our Customer Services Team, your dedicated Account Manager, or directly into our IT Support Team. These come into our enterprise class ticketing portal and each given a unique reference number and an assigned, named technical engineer. We endeavour to respond to all Customer queries within 1 hour of receipt, however 4 hours is our standard response KPI.|
|Support available to third parties||Yes|
Onboarding and offboarding
There are two states to our customer on boarding. The first being our client, their user access is cloud based with a specific on-boarding process including the creation of the specification and SLA, go live timescales, data security credentials. We have a detailed integration support process and all customers are provided with an implementation plan. This also is supported by on-site roll out support, training and backed up by webinar training sessions for users, and regular on-site review meetings and system upgrade training sessions. We also support with train the trainer.
In addition, we support our clients in supporting their end users of the product. Our Client services team and dedicated security trained agents are on hand to support the seamless delivery of your solution.
Off boarding is available as per the exit strategy agreed as part of the SLA. Support with marketing, user engagement and migration to alternative services may also be available upon request.
|Other documentation formats||
|End-of-contract data extraction||We are Data processors and handlers, not data controllers. All data is annonymised upon completion. End of contract data is encrypted and identifiable only to the client. Data deletion is recommended at the end of a contract term due to the nature of the service not requiring long term availability. However, GDPR opt out information may be required or specific patient contact timeframes. Upon written request by an authorised client, we can provide any extract of data up to data deletion as agreed with the Client - typically between 90-180 days. All data received will be in an anonymised format to ensure that no Patient Identifiable Data is visible. A full version of our Business Management Policies and whitepapers are available upon request.|
|End-of-contract process||Prior to the end of the contract we recommend our client engage in an exit strategy to agree timescales, extract changes and provide support for any new service that may follow. Up to date MI and BI will be provided, along with the return on investment and up to date performance metrics. The on-line portal is accessible to our clients with their information up to an agreed time frame. Any required data extracts and secure information within permitted guidelines will also be made available for the customer. Anatomised as per the service requirement and only delivered by secure means which must be made available by the client. Additional on-site support or engagement with non standard service users or requirement of non standard data as per the SLA will be available upon request on a chargeable basis.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||Secure accessibility from un-known locations may prohibit mobile access for client interface, but end user accessibility is designed for mobiles (patients etc)|
|Accessibility standards||None or don’t know|
|Description of accessibility||Supports National Accessibility standards. Predominantly surrounding language, visual and audio support mechanisms|
|Accessibility testing||All relevant industry testing|
|What users can and can't do using the API||The API is used for data uploads; role based security; managing data transfer via N3/HSCN There are no requirements to make changes by users for delivery of the secure cloud service.|
|API documentation formats||
|API sandbox or test environment||Yes|
|Description of customisation||
Our service can be customised to deliver templates with fixed/fluid merge fields including dates; names; addresses; specialty; location; time; appointment date.
Also, users can elect (user permissions in place) on:
Colour - Mono/Black&White
Postage: First-Class; Second-Class (default); Special
Inserts: Select as required *unlimited options
Templates: Use existing or create on the fly templates (with governance approval chain)
Ad-Hoc: Surveys by type; postcards
Customisation is roles/permission based and is agreed as part of scoping with a client.
Customisation is simple and completed on the Chronos portal, once a user has successfully authenticated onto the secure cloud portal.
As part of the Customisation, we can also include a unique hyperlink/security options onto a letter for secure access onto an end user portal - this will allow an end user to view online, view maps; supporting information; questionnaires (FFT/Ad-Hoc etc.) and the option to listen/translate and print their documentation as required or send to their mobile device of choice.
Additionally, we capture feedback, for example, in the NHS & Public Sector to ACCEPT:CANCEL:RE-ARRANGE an appointment digitally - with a comprehensive, real-time reporting suite both online and as a subscription report available to authorised users. Please ask for more information or Demo.
|Independence of resources||The ERS Connect Chronos portal sits on ultra-resilient infrastructure from world-class leading providers - It is a 24x7x365 managed service and is fully scalable to burst should demand require it. We monitor our services with threshold alarms in the event of usage being reached, to ensure we can spin up to meet demand with no limitations. For more information, you are welcome to review our Business Management System overviews upon request.|
|Service usage metrics||Yes|
The ERS Connect service can provide both a portal dashboard view of key usage metrics including communication type; if the patient has downloaded documents (& requisite documents); opted to translate; postage day/time/cost; review of escalation methods; reductions in print/postage costs (upto 70%), full audit history.
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||Other|
|Other data at rest protection approach||
All backup data is encrypted. Physical access control to all SQL databases. Physical role and access levels and authorisation for access to the data. Layered access controls in place based on role; permissions and responsibilities. Sensitive fields, ie.passwords are hashed, to non-readable format in the database (no plain text storage). Full joiner and leaver process in place as part of our Business Management System and ISO certifications.
For more information or to view our fully audited Business Management System, please request more information or site visit.
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||Data can be uploaded onto the Chronos service, irrespective of which service(s) are being used - all use the same methodology for client ease: 1) HL7 integation - either 1-way or bi-directional, via an upload script (given to you by our IT team); 2) Manual upload - either by uploading a .vbs file into the web application, or; 3) Manual upload - directly onto the portal itself. Full training is provided|
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||
|Other protection between networks||Behind a dedicated firewall in a secure leading manufacturer Tier 3 Data Centre with active:active load balancing and redundancy. Authorised users only with Connect permissions have access utilising roles based authentication.|
|Data protection within supplier network||
|Other protection within supplier network||Data is protected behind leading firewalls along with anti-virus and malware protection. Role based security access and physical access security. VPN access for remote access. All servers are privately addressed. Data backups are stored behind secure location and are encrypted within leading T3 Data Centres running as Active:Active. SQL Cluster, with active:passive configuration for 99.99% uptime. More information is available upon request and detailed within our Business Management System under an NDA|
Availability and resilience
|Guaranteed availability||ERS Connect offers a 99.99% uptime. There are no refunds for any service not meeting levels of availability - this is due to our service being ultra resilient and we have UK data centres, on separate networks in the event of any not being unavailable.|
|Approach to resilience||
We operate using the leading Data Centre providers, running in active:active sync across 3 DC's. These are fully managed on a 24x7x365 basis with SLA's in place. Supplier audits and reviews ensure these are met.
More information is available upon request that includes our SLA's with world-leading providers; along with our architecture/network diagrams on a request basis.
Outage's are classified as follows:
ERS Connect generated outage - this is only in exceptional circumstances (as yet never used), whereby notice would be given to all Clients 5 days ahead with timely reminders at intervals.
Non ERS Connect outages are communicated using either Email and/or SMS messages to all Clients notifying them of an outage and regular updates. Users can also see any notifications on our website and in the example of WannaCry, we mobilised our Agent Teams to call all Clients to advise them of WannaCry and that our service was not compromised.
Identity and authentication
|User authentication needed||Yes|
|Other user authentication||Customers have options for inclusion of Staff and/or Patient/End User 2-factor authentication, offered via a unique pin code (Patient Portal Access), along with a further option for additional authentication around a last know digit sequence|
|Access restrictions in management interfaces and support channels||All access follows our fully auditable ISO accredited BMS process. Users are restricted by permissions as follows: Internal ERS Connect staff members are limited based on role/function permissions. General Client users are restricted by role/function with a cut down service Administrators/Managers have more functionality and access to services on the Chronos portal. Additionally ERS Connect has a hierarchical department structure which is used for permissions access for sensitive and non-sensitive information and data.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||BSI Group|
|ISO/IEC 27001 accreditation date||02/11/2017|
|What the ISO/IEC 27001 doesn’t cover||N/A|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
ERS Connect is certified against ISO9001/ISO14001/ISO27001:2015; IG Toolkit 14.2 Level 3 Partner (100%). We have a dedicated Compliance team headed up at senior management level as part of the company leadership team. All ERS Connect employees undertake security and governance training and must pass, IG Toolkit certification along with internal security measures. A full 'Security Policy and Processes' is available for review (upon request) and sits within our Business Management System. This is reviewed at least twice per annum, or sooner as required and forms part of our Senior Leadership Team annual meeting.
Additionally, our partner for secure delivery of letters, meets many of the same standards, along with others including:
•C&CCC Standard 55: Cheque Printer Accreditation Scheme
•UK Finance Standard 72: PINS Printer Accreditation Scheme
•BS ISO IEC 27001:2013 Information Security Management Systems
•BS ISO 9001-2015 Quality Management System
•Connecting for Health - 100% approval Information Governance Toolkit.
All information processing and mailings are undertaken under the guidance of these standards
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||All documented within our BMS under ISO standards Service request, work item generated (unique detail); code checked-in against code item; code reviewed; tested; merged into code base; released. Testing is broken down into Unit; Integration and System testing. Documented system testing compiled - for end to end processes alongside test plans for completedness. A full Change Management and Configuration process and supporting guides are available upon request|
|Vulnerability management type||Undisclosed|
|Vulnerability management approach||This is sensitive information and therefore only the highest level information is provided here - more detail can be provided on request. We test daily for vulnerabilities and further deeper monthly testing and tests run against all releases of new software. Any changes to our vulnerability scans is addressed in line with our BMS ISO and Security processes - available upon request. Against all public IP's and applications. Automated and manual patching. Technical team across alerts from leading manufacturers and orgainisations such as Microsoft, Rackspace, NHS Digital etc.|
|Protective monitoring type||Undisclosed|
|Protective monitoring approach||This information is not for public domain, however it can be supplied upon request. Identification of potential compromises are managed via leading manufacturers and organisations. These are managed within a risk register available on our BMS. Any virus, open port, vulnerability will be handled immediately as a P1 instance Bulletins and communications are given to customers should a breach be identified with our actions. During WannaCry we patched immediately and kept the NHS working - this is a case reference we are happy to Share with you|
|Incident management type||Undisclosed|
|Incident management approach||
Pre-defined processes in-place; within BMS
Breaches notified immediately at the point breach; Raised on the approved system by any team member. This auto escalates to the Director of Compliance & Manager.
Management review the breach - mobilisation as set out in our BMS,
Manager signs off incident at point of completion
Director of Compliance presents in monthly senior leadership team, review of incidents/ear misses. full report.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||Yes|
|Other public sector networks||
|Price||£0.018 per unit|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||MAP ACROSS|