Dataphiles Ltd

PatientComms

PatientComms is a cloud based patient engagement platform which enables NHS Trusts, CCG's, CSU's, GP's, Dental Practices & other healthcare providers to complete patient surveys (like the NHS Friends & Family Test), patient studies, provide interactive appointment reminders and healthcare messaging.

Features

  • Attendance Optimization - SMS appointment reminder campaigns and appointment rebooking
  • Patient Retention - Scheduler for automated, multi-channel recare reminders
  • Multi-channel messaging - Communication via SMS, Email and Letter
  • Patient Satisfaction - SMS-based patient and staff feedback surveys
  • Patient Studies - SMS-based studys for academic research
  • Friends & Family Test Service on Managed or Self-Service basis
  • Staff Friends & Family Test on Managed or Self-Service basis
  • Marketing Automation - Contact management and interactive, multi-channel campaigns
  • Analytical dashboards, thematic analysis, Statutory Friends & Family Test reports
  • Integration via web browser, API and email to SMS

Benefits

  • Increase attendance rates with personalised, interactive reminder campaigns
  • Increase patient retention and recare with automated recall reminders
  • Increase effectiveness across all communications using multi-channel messaging
  • Contact hard to reach demographics via text messaging
  • Get better engagement by using patient preferred communication types
  • Save money on SMS messages and postage costs
  • Triangulate patient feedback from multiple points
  • View undelivered SMS and update patient records
  • Automate appointment booking and survey scheduling
  • More effective, multi-channel, personalised and automated marketing campaigns

Pricing

£0.029 per unit

Service documents

G-Cloud 9

733130134413900

Dataphiles Ltd

Lucy Burns

+44 (0) 1943 464090

lucy@dataphiles.co.uk

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints Support packages are customised but can include 24/7 first contact technical support with site visits and review meetings on request.

We address issues with critical or severe business impact within 3 hours with a sliding scale for less critical items.
System requirements
  • Advanced automation and marketing tools are accessible on subscription
  • A basic internet connection is required

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Our helpdesk is available within normal UK working hours - Monday to Friday 9am to 5.30 pm, except bank holidays. Enhanced packages offering out of hours/weekend support can be negotiated on request. We aim to respond to all questions within one hour but we guarantee all Priority level 1 requests will be responded to in 1 hour and Priority level 2 issues will be responded to within 4 hours.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels We allocate to each and every support request a priority level from the following classification:
a) Priority 1 - the system ceases to operate - response within 1 working hour and fix within 3 hours.
b) Priorty 2 - an error gives a noticeable decrease in the functionality, but the system remains useable - response within 4 hours and fix within 24 hours.
c) Priority 3 - issues where minor amendments are required to better facilitate the existing day-to-day functioning of the system - response within 8 hours and fix, upgrade or modification within 3 days or in accordance with any timescale agreed with the customer.
Basic support packages in line with the SLA described above are provided free of charge as an integral part of the PatientComms service. Enhanced support packages are sometimes required and these are priced on a case by case basis.
We provide customers with a technical account manager and a cloud support engineer.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Onboarding is specific to the requirements of each customer. Our dedicated onboarding team will work with you to take you through the process from start to finish. Basic onboarding can be as simple as entering your details and setting up your username and password. For more bespoke and advanced users the team will work with you to gather all your requirements and then configure the services to meet your needs. We will then provide training and hand-holding to help you get started. We also provide full documentation which shows how best to utilise the services. Again, for more advanced setups, this documentation will be specific to your needs.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Patientcomms has a full 'offboarding' process to help you extract your data when the contract ends. We will provide secure methods of removing the data and give it to you in a format that you can utilise going forward.
End-of-contract process At the end of the contract the customer will be provided with tools to be able to export the raw data used as part of the service. This is included in the service cost. For more advanced requirements, such as export in specific data formats, additional costs may apply.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices No
Accessibility standards None or don’t know
Description of accessibility The Patientcomms portal works is compatible with all major browser accessibility features
Accessibility testing The Patientcomms portal has been tested to be compatible with Screen Magnifier, Screen Reader, Speech Recognition and Readability. Messages sent from the Patientcomms gateway that are converted to voice are tested to ensure they can are delivered accurately with all dates and numbers are read out in the correct and appropriate format.
API Yes
What users can and can't do using the API Patientcomms ensures a flexible approach for our clients by exposing core function for sending SMS through a public API. Clients are required to request API access and, once the request is accepted, a unique API key will be generated for you. This key must be used when passing through any request to the API. The API supports SOAP and RESTful services.
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The Patientcomms portal is customisable for each individual customer. This customisation can be the application of individual modules, user level configuration or bespoke development based on specific customer requirements.

Scaling

Scaling
Independence of resources All the services are completely load balanced to make sure there is maximum service availability for any user requests.

Analytics

Analytics
Service usage metrics Yes
Metrics types Full usage statistics are provided within the portal and are updated in real time. The analytical dashboard will present the customer will full usage trends from the beginning of the services. Users are also able to filter between specific dates and send types (SMS, Email and Letter).
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Users can export their data, securely, directly from the Patientcomms portal. This will export the data over SSL in a text delimited format. More advanced export requirements will be dealt with on request.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability We will use all commercially reasonable endeavours to make the hosted
services and patient responses available 24/7 for 99.9% of the time in any given calendar month. Any scheduled maintenance will take place outside of normal UK business hours and Dataphiles will give the customer at least 48 hours’ notice. The free Friends & Family Test for NHS GPs and Dental Practices module contains permanent online support, and for other services the standard support package includes telephone and email support 9am-5.30pm GMT (excluding Public Holidays), with up to 24/7 first contact and extended technical support packages available at additional cost.
Approach to resilience Available on request
Outage reporting The PatientComms service is monitored on a 24/7 basis with predictive fault analysis tools in place to alert our support teams of any potential issues. Service levels are monitored and supported both in house and by 3rd party infrastructure providers. In the event of any potential service loss we will use all commercially reasonable endeavours to inform customers in advance. Announcements of services loss will be issued via email alerts and a publicly available dashboard. Customers will be regularly informed throughout and also provided, where possible, with a timeframe for when service restoration will occur.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels All access to Patientcomms services are controlled and restricted to registered users only. No user passwords are stored or can be retrieved. Passwords resets can only be completed by the original end user. All services are provided using the most secure and highest encryption standards available.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users receive audit information on a regular basis
How long user audit data is stored for User-defined
Access to supplier activity audit information Users receive audit information on a regular basis
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 The British Assessment Bureau
ISO/IEC 27001 accreditation date First accredited 13/05/2014
What the ISO/IEC 27001 doesn’t cover Our ISO 27001 certification covers the provision of databases, websites, bespoke software and IT infrastructure. These are our main lines of business.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations We have published level 2 of the IG Toolkit

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We are ISO 27001 accredited and maintain an effective Information Security Management System (ISMS), using a continual improvement approach. We are continually, systematically examining any risks to the organisation’s information security and have put in place comprehensive policies to manage those risks which we have control over. We are continually improving the set of controls and measures to manage any threats to our information assets.

Kieran Bentham, Managing Director of Dataphiles is ultimately responsible for information security. Day to day responsibility is taken by Lucy Burns, Office Manager. Monthly meetings are held to address different aspects of our information security policies and processes. Audits are also carried out each month.

Dataphiles became ISO 27001:2013 accredited in 2014 and we are coming up to our third annual audit where our processes and procedures in relation to information security are reviewed by an independent auditor.

We have also published Level 2 of the IGToolkit.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Patientcomms uses an Agile approach when developing its products. This is to ensure change requests can be incorporated into the product roadmap. All change requests are logged and subjected to a review process where they are accepted or rejected. This review process looks at the functional viability, security implications, legal and ethical considerations linked to the change request. Changes requests that are accepted are prioritised and assigned to a version release within the product roadmap.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Patientcomms is continually monitored to asses vulnerability and threats to the service. All Patientcomms products and underlying infrastructure are annually penetration tested by external agencies to ensure all potential security vulnerabilities are identified. Any new release is subjected to Penetration testing ahead of its release. In the event new threats and vulnerabilities coming to light, Patientcomms will use all commercially reasonable endeavours to release fixes and patches to mitigate the threat.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Patientcomms uses stringent internal process and software to continually monitor and identify potential compromises. Automated, bespoke software algorithms are used to identify any unusual user behavior or any automated attacks to the portal or infrastructure. 3rd party agencies are also employed to monitor all services. Patientcomms will use all commercially reasonable endeavours to respond to any incidents inline with our published incident response SLAs.
Incident management type Supplier-defined controls
Incident management approach We have a defined incident management process outlined in our Incident Management Policy. We ensures all users are aware of the process of reporting a security incident or data breach and the importance of reporting these incidents as quickly as possible. We are committed to reacting appropriately to any actual or suspected incident relating to information systems and information within the custody of the organization. Users report incidents to the Information Governance Manager. Reporting forms are completed and the Incident log is brought up to date. The Information Governance Manager follows the documented procedure to bring the incident to resolution.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £0.029 per unit
Discount for educational organisations No
Free trial available Yes
Description of free trial Patientcomms offers free trial periods all its products. The length of the trial period is one month, however, this can differ based on customer requirements. Free trial options usually defer the subscription cost of the product, however, customers are still required to pay the unit cost of any messages sent.
Link to free trial Www.patientcomms.co.uk

Documents

Documents
Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑