Dynamic Health Systems Services Ltd

VitruCare Digital Patient Engagement Platform

VitruCare is a digital Patient Engagement Platform. Enabling patient self-care and self-management, co-creating health with their healthcare team. VitruCare supports patient engagement at population level. Provides highly personalised digitally supported care to activate each patient taking account of their multi-morbidity needs. Broad digital services library supporting many therapeutic areas.


  • Access via any web-enabled device
  • Digital engagement to drive patients to higher levels of activation
  • Patient data, including contact information, held in secure NHS datacentre
  • Single managed personalised workspace for the patient
  • Patient centered and personalised care plans
  • Personalised package of Apps which can push content
  • Continuous remote monitoring of vitals using integrated wearables
  • Platform integrated with the patient's electronic health record
  • Patients track progress, healthcare professionals view and manage by exception
  • PAM, PREM, PROM or any user defined Patient surveys.


  • Improved health outcomes - independently evaluated clinical evidence of efficacy
  • Ability to co-ordinate care plans across organisations and providers
  • Better supported patients through their emotional and physical journey
  • Better supported patients, feeling more in control through their condition
  • Enables increased patient and care team communication
  • Enables NHS to support groups or individuals with (multiple) LTCs
  • Improved care quality by sharing data from patient medical consultations
  • Delivers improved productivity for the clinicians
  • A platform regularly being enhanced using AI and machine learning
  • Generates population level Commissioning Intelligence


£30500 per licence

  • Free trial available

Service documents

G-Cloud 10


Dynamic Health Systems Services Ltd

Axel Schulte



Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Add-on to clinical system, to MSFT Office 365 or free standing
Cloud deployment model Hybrid cloud
Service constraints There are no constraints that buyers should be aware of other than the requirement for access through a modern browser.
System requirements Modern Broswer

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Monday to Friday, from 9:00am to 5:30pm. Typical response within one working day.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Onsite support
Support levels All support is included in the fee, and the different levels are provided, including a technical account manager.

Level 1 - email and phone support;
Level 2 - technical account manager;
Level 3 - technical support (technology team)
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started A dedicated project manager will be assigned to the Customer immediately and they will act as the single point of contact throughout the contract.

At the beginning of the project the team will create a Project Initiation Document (PID) that covers the Information Governance, technical, configuration, integration, and on-boarding tasks to complete, including technical and legal due diligence.

Training is ongoing and includes face-to-face workshops, e-learning platform, video resources and online help manual, as well as full technical assistance.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats In Application
End-of-contract data extraction There are two user communities within VitruCare, NHS Healthcare professionals and the patients. The patients continue to have access to their data indefinitely.

Access to the data for NHS healthcare professionals ceases to be available at contract end, however we can provide a copy database, power BI, CSV. ==> .csv file for download.
End-of-contract process Patients, as data subjects, retain access to their account and data. Healthcare professionals from the customer organisations will no longer be able to access the system. Together with the customer as data controller, a decision will be taken what to do with the data stored in the system.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows Phone
  • Other
Designed for use on mobile devices Yes
Differences between the mobile and desktop service None
Accessibility standards None or don’t know
Description of accessibility Designed for users without perception of colour
Accessibility testing The user interface has been designed according to the standards for visual contrast required for the colour blind.
What users can and can't do using the API VitruCare has a REST API that allows read and write operations on the database, including clinician-generated and citizen-generated data.

The data categories supported are

* Clinical health data
* Patient profile and preferences
* Communications
* Patient / citizen tracking data
* Tasks and work management

REST APIwill allow all technical operations, including data exchange and clinical systems and health economy warehouse.
API documentation Yes
API documentation formats HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation VitruCare is designed to be versatile and address many clinical settings. Customers can create their own content and publish this to patients. Customers use from a library and create their own digital engagement campaigns, patient care plans, questionnaires and reports. Clinical specialty vital signs are easily added to the database schema and UI. Patients create their own goals and action plans, and even their own trackers. The modular build-up enables customers to create their custom Apps on the platform and prescribe these, together with the standard apps, to their patients. Typically, DHS supports this effort with a service redesign project.


Independence of resources The service is designed for massive scale and hosted on virtual servers and storage that can flex with demand.


Service usage metrics Yes
Metrics types VitruCare makes it possible to create reports on any of the entities of the system. Professional users can create their own reports. DHS will provide a set of standard reports the definition of which is usually prepared in collaboration with the users.
Reporting types
  • Real-time dashboards
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with CSA CCM v3.0
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Users can request an export of their data. Some data, such as documents sent by a healthcare professional to the patient, can be downloaded directly from the document viewer. Healthcare professionals, depending on their user privileges, are by default prevented from downloading data to safeguard storage. However, privileges can be given to professional users upon request. Integration with clinical systems also enables selected data to be shared.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability • VitruCare is generally not used as a safety critical system. Therefore, the system availability is set to balance high availability with economy.

• For customers who require very high system availability the service can be adjusted with system redundancy to achieve very high levels of business continuity at additional cost.
Approach to resilience VitruCare uses Microsoft Azure mechanisms to achieve system resilience. Further information on configuration is available on request.
Outage reporting Email-alerts are sent for system outages

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels Each user has defined User Privileges that determine access to records and functionality. These privileges are set and managed by the system administrator and cannot be changed by anyone else. The system supporting user management is built, maintained by and licensed from Microsoft.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information You control when users can access audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • Microsoft Azure, that hosts the VitruCare service, holds the following:
  • ISO 27001
  • FedRAMP
  • SOC1
  • SOC2
  • UK Official

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We follow the ISO 27001 policy standards and processes, as well as the directives set out in the IG Toolkit. Our datacentre also holds UK Official Accreditation

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Changes are assessed by domain.

The life cycle of all architectures, designs, design updates, sprints, code releases and documentation are created, managed, authorised and tracked using the professional Microsoft VSTS tool set. This toolset brings the design, development and operations teams together around a fully managed code base.
Vulnerability management type Supplier-defined controls
Vulnerability management approach An installed software agent supports with:

• identification, classification, and monitoring of assets and
• Compliance with internal and external policies
• Prioritisation of vulnerability remediation
• Patches on server OS are deployed automatically by the Microsoft
Azure update agent
• Automatically finding and eradicating malware infections on the
VitruCare webportals
• The software agent gathers the vulnerability data and sends it to a
vulnerability cloud platform, which in turn, provides vulnerability and
system health monitoring data back to the VitruCare Azure Security
Protective monitoring type Supplier-defined controls
Protective monitoring approach VitruCare runs on the Azure Stack and is designed with a security posture to defend against modern threats, and built to meet the requirements from the major compliance standards.

It is delivered as an integrated system, the security posture of the Azure Stack infrastructure is Microsoft defined. It utilises Windows Server 2016 security features such as Windows Defender Device Guard providing application whitelisting and ensures that only authorised code runs within the Azure Stack infrastructure.

On detection of a potential compromise, a root cause analysis and remediation plan are implemented dependent on compromise characteristics. All incidents are responded to immediately.
Incident management type Supplier-defined controls
Incident management approach The VitruCare platform uses Microsoft Security Centre toolsets to monitor systems and identify incidents
• Incident logging
• Incident categorization
• Incident prioritization
• Initial diagnosis
• Escalation, as necessary, to level 2 support
• Incident resolution
• Incident closure
• Communication with the user community throughout the life of the incident

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks New NHS Network (N3)


Price £30500 per licence
Discount for educational organisations No
Free trial available Yes
Description of free trial The free version of our service is the same as our regular service with full functionality, but the trial is time limited.


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑