Dataphiles Ltd


PatientComms is a cloud based patient engagement platform which enables NHS Trusts, CCG's, CSU's, GP's, Dental Practices & other healthcare providers to complete patient surveys (like the NHS Friends & Family Test), patient studies, provide interactive appointment reminders and healthcare messaging.


  • Attendance Optimization - SMS appointment reminder campaigns and appointment rebooking
  • Patient Retention - Scheduler for automated, multi-channel recare reminders
  • Multi-channel messaging - Communication via SMS, Email and Letter
  • Patient Satisfaction - SMS-based patient and staff feedback surveys
  • Patient Studies - SMS-based studys for academic research
  • Friends & Family Test Service on Managed or Self-Service basis
  • Staff Friends & Family Test on Managed or Self-Service basis
  • Marketing Automation - Contact management and interactive, multi-channel campaigns
  • Analytical dashboards, thematic analysis, Statutory Friends & Family Test reports
  • Integration via web browser, API and email to SMS


  • Increase attendance rates with personalised, interactive reminder campaigns
  • Increase patient retention and recare with automated recall reminders
  • Increase effectiveness across all communications using multi-channel messaging
  • Contact hard to reach demographics via text messaging
  • Get better engagement by using patient preferred communication types
  • Save money on SMS messages and postage costs
  • Triangulate patient feedback from multiple points
  • View undelivered SMS and update patient records
  • Automate appointment booking and survey scheduling
  • More effective, multi-channel, personalised and automated marketing campaigns


£0.029 per unit

Service documents


G-Cloud 11

Service ID

7 6 5 6 7 3 7 6 2 6 2 8 6 1 3


Dataphiles Ltd

Lucy Burns

+44 (0) 1943 464090

Service scope

Software add-on or extension
Cloud deployment model
Hybrid cloud
Service constraints
Support packages are customised but can include 24/7 first contact technical support with site visits and review meetings on request.

We address issues with critical or severe business impact within 3 hours with a sliding scale for less critical items.
System requirements
  • Advanced automation and marketing tools are accessible on subscription
  • A basic internet connection is required

User support

Email or online ticketing support
Email or online ticketing
Support response times
We aim to provide an initial response to a support request within 1 hour during working hours, not including weekends and bank holidays.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
We allocate to each and every support request a priority level from the following classification:
a) Priority 1 - the system ceases to operate - response within 1 working hour and fix within 3 hours.
b) Priorty 2 - an error gives a noticeable decrease in the functionality, but the system remains useable - response within 4 hours and fix within 24 hours.
c) Priority 3 - issues where minor amendments are required to better facilitate the existing day-to-day functioning of the system - response within 8 hours and fix, upgrade or modification within 3 days or in accordance with any timescale agreed with the customer.
Basic support packages in line with the SLA described above are provided free of charge as an integral part of the PatientComms service. Enhanced support packages are sometimes required and these are priced on a case by case basis.
We provide customers with a technical account manager and a cloud support engineer.
Support available to third parties

Onboarding and offboarding

Getting started
Onboarding is specific to the requirements of each customer. Our dedicated onboarding team will work with you to take you through the process from start to finish. Basic onboarding can be as simple as entering your details and setting up your username and password. For more bespoke and advanced users the team will work with you to gather all your requirements and then configure the services to meet your needs. We will then provide training and hand-holding to help you get started. We also provide full documentation which shows how best to utilise the services. Again, for more advanced setups, this documentation will be specific to your needs.
Service documentation
Documentation formats
End-of-contract data extraction
Patientcomms has a full 'offboarding' process to help you extract your data when the contract ends. We will provide secure methods of removing the data and give it to you in a format that you can utilise going forward.
End-of-contract process
At the end of the contract the customer will be provided with tools to be able to export the raw data used as part of the service. This is included in the service cost. For more advanced requirements, such as export in specific data formats, additional costs may apply.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Service interface
What users can and can't do using the API
Patientcomms ensures a flexible approach for our clients by exposing core function for sending SMS through a public API. Clients are required to request API access and, once the request is accepted, a unique API key will be generated for you. This key must be used when passing through any request to the API. The API supports SOAP and RESTful services.
API documentation
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
The Patientcomms portal is customisable for each individual customer. This customisation can be the application of individual modules, user level configuration or bespoke development based on specific customer requirements.


Independence of resources
All the services are completely load balanced to make sure there is maximum service availability for any user requests.


Service usage metrics
Metrics types
Full usage statistics are provided within the portal and are updated in real time. The analytical dashboard will present the customer will full usage trends from the beginning of the services. Users are also able to filter between specific dates and send types (SMS, Email and Letter).
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Users can export their data, securely, directly from the Patientcomms portal. This will export the data over SSL in a text delimited format. More advanced export requirements will be dealt with on request.
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We will use all commercially reasonable endeavours to make the hosted
services and patient responses available 24/7 for 99.9% of the time in any given calendar month. Any scheduled maintenance will take place outside of normal UK business hours and Dataphiles will give the customer at least 48 hours’ notice. The free Friends & Family Test for NHS GPs and Dental Practices module contains permanent online support, and for other services the standard support package includes telephone and email support 9am-5.30pm GMT (excluding Public Holidays), with up to 24/7 first contact and extended technical support packages available at additional cost.
Approach to resilience
Available on request
Outage reporting
The PatientComms service is monitored on a 24/7 basis with predictive fault analysis tools in place to alert our support teams of any potential issues. Service levels are monitored and supported both in house and by 3rd party infrastructure providers. In the event of any potential service loss we will use all commercially reasonable endeavours to inform customers in advance. Announcements of services loss will be issued via email alerts and a publicly available dashboard. Customers will be regularly informed throughout and also provided, where possible, with a timeframe for when service restoration will occur.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
All access to Patientcomms services are controlled and restricted to registered users only. No user passwords are stored or can be retrieved. Passwords resets can only be completed by the original end user. All services are provided using the most secure and highest encryption standards available.
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users receive audit information on a regular basis
How long user audit data is stored for
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
The British Assessment Bureau
ISO/IEC 27001 accreditation date
First accredited 13/05/2014
What the ISO/IEC 27001 doesn’t cover
Our ISO 27001 certification covers the provision of databases, websites, bespoke software and IT infrastructure. These are our main lines of business.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
We have published level 2 of the IG Toolkit

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
We are ISO 27001 accredited and maintain an effective Information Security Management System (ISMS), using a continual improvement approach. We are continually, systematically examining any risks to the organisation’s information security and have put in place comprehensive policies to manage those risks which we have control over. We are continually improving the set of controls and measures to manage any threats to our information assets.

Kieran Bentham, Managing Director of Dataphiles is ultimately responsible for information security. Day to day responsibility is taken by Lucy Burns, Office Manager. Monthly meetings are held to address different aspects of our information security policies and processes. Audits are also carried out each month.

Dataphiles became ISO 27001:2013 accredited in 2014 and we are coming up to our third annual audit where our processes and procedures in relation to information security are reviewed by an independent auditor.

We have also published Level 2 of the IGToolkit.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Patientcomms uses an Agile approach when developing its products. This is to ensure change requests can be incorporated into the product roadmap. All change requests are logged and subjected to a review process where they are accepted or rejected. This review process looks at the functional viability, security implications, legal and ethical considerations linked to the change request. Changes requests that are accepted are prioritised and assigned to a version release within the product roadmap.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Patientcomms is continually monitored to asses vulnerability and threats to the service. All Patientcomms products and underlying infrastructure are annually penetration tested by external agencies to ensure all potential security vulnerabilities are identified. Any new release is subjected to Penetration testing ahead of its release. In the event new threats and vulnerabilities coming to light, Patientcomms will use all commercially reasonable endeavours to release fixes and patches to mitigate the threat.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Patientcomms uses stringent internal process and software to continually monitor and identify potential compromises. Automated, bespoke software algorithms are used to identify any unusual user behavior or any automated attacks to the portal or infrastructure. 3rd party agencies are also employed to monitor all services. Patientcomms will use all commercially reasonable endeavours to respond to any incidents inline with our published incident response SLAs.
Incident management type
Supplier-defined controls
Incident management approach
We have a defined incident management process outlined in our Incident Management Policy. We ensures all users are aware of the process of reporting a security incident or data breach and the importance of reporting these incidents as quickly as possible. We are committed to reacting appropriately to any actual or suspected incident relating to information systems and information within the custody of the organization. Users report incidents to the Information Governance Manager. Reporting forms are completed and the Incident log is brought up to date. The Information Governance Manager follows the documented procedure to bring the incident to resolution.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£0.029 per unit
Discount for educational organisations
Free trial available
Description of free trial
Patientcomms offers free trial periods all its products. The length of the trial period is one month, however, this can differ based on customer requirements. Free trial options usually defer the subscription cost of the product, however, customers are still required to pay the unit cost of any messages sent.
Link to free trial

Service documents

Return to top ↑