Strata Health LTD

Strata Pathways - Pathfinder

A flow and eReferral platform that integrates Health and Social Care IT systems to provide a single view of a patient and then matches this need to a live dynamic directory of service, It is aimed at organisations that wish to examine defined projects rather than a population-wide approach.

Features

  • Whole system patient flow across regions - ICO ICS STP
  • electronic referrals - any to any eReferrals
  • ED Admissions & Attendance Avoidance
  • Resource Matching - reducing DTOC Delayed discharges, ALOS
  • Live dynamic directory of services- all Health and social resources
  • Single view of a patient/ citizen for placement and transition
  • Pathway redesign - Clinical, social, financial, funding
  • Social Care placement & Social Prescribing- Care homes, Domiciliary care
  • Decision Support Tools - Clinical and funding finance CHC FNC
  • Bi-directional Single Assessments for Health and Social Care

Benefits

  • Reduce DTOC Delayed Discharges. Reduce Length of stay ALOS
  • Collaboration across organisations / stakeholders in one system
  • Manage Capacity, transitions and placements across populations
  • Patient Flow- Assess, Discharge withdraw ADW
  • Integration engine - open source and open standards, MESH eRS
  • Resource availability and characteristics matched to patient need
  • Reduce ED admissions and ED attendance
  • Improve data quality and enforce data capture
  • Simple to use - Works within existing systems. Existing Pathways
  • Management reports and BI tools included - Service redesign

Pricing

£150000 per instance per year

Service documents

G-Cloud 11

877731118144776

Strata Health LTD

Clint Schick

+44 (0) 7909863342

clint.schick@stratahealth.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints No - however additional costs will apply for integration with IT systems
System requirements
  • Access to internet connected device
  • Access to up to date internet browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Strata Pathways is a cloud solutions that is available and supported 24x7x365. All parts of the system are available at all times and scheduled upgrades and maintenance are planned and communicated in advance and only take place out of normal business hours. We operate a global round the clock approach to support and maintenance which allows us to accommodate full availability of support services at all times.
• We provide Software uptime of 99.5% with planned maintenance authorised in advance.
• Support is 24/7 with immediate support during business hours and call back within 60 mins outside of business hours.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support No
Support levels Strata Support is delivered to the highest standard at all times and this is included in the cost to clients. All NHS clients are treated equally and as Strata Pathways is a cloud solutions support is available and supported 24x7x365. All parts of the system are available at all times provided that clients have access to the internet. Scheduled upgrades and maintenance are planned and communicated in advance and only take place out of normal business hours. We operate a global round the clock approach to support and maintenance which allows us to accommodate full availability of support services at all times.
• We provide a Software uptime of 99.5% with planned maintenance authorised in advance.
• Call support is 24/7 with immediate support during business hours and call back within 60 mins outside of business hours.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started A full and structured training programme will be provided to admin and users at the start of the project but also on an ongoing basis if requested. Training can be provided on site or via webex sessions. The Strata Account Manager will worm with the client lead determine the frequency and when and where they should take place. It is expected that training would take place on client premises and that users will have access to a PC or mobile device with internet access.

This is delivered as part of the ongoing sessions where users are invited to attend training sessions to learn how to get the best from the solution and also how to build specific requirements that may be outside the normal requirements.
Full documentation tailored to the solution will also be provided.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction The users can either request Strata to extract data and return to them or they have the ability to do this themselves with the management console. Strata will be happy to supply destruction certificates etc if requested to do so.
End-of-contract process Towards the end of a contract when a client does not wish to continue with the service, the Strata Account team will work with the client well in advance of the termination date in order to smoothly switch of the service,

At the end of the contract a client can either download their data themselves and Strata will then carry out a full destruction and data removal process if requested to do so, This is a chargeable service and will be scoped and agreed with the client in advance. Strata will also switch off all links and APIs to any client system as soon as requested to do so.

Should a client need to extend the services in line with approved regulations, we will be happy assist but will charge at the normal monthly rate for any part of each monthly period after the contract termination date.

Additional charges will be incurred for any services involved in Strata being requested to download the data on behalf of the client, Again this will be scoped and agreed in Advance.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service None
API No
Customisation available No

Scaling

Scaling
Independence of resources The Strata Software as a service is delivered within UK Data centres within HSCN and with the ability to scale up and down our service requirements based on service usage and demands on the platform. The service is fully resilient over a number of sites and fully managed by our ISO processes.

The Strata services is a stand alone service which is not co-located with any other services. It operates with virtual servers and can be quickly expanded as needed.

Analytics

Analytics
Service usage metrics Yes
Metrics types The Strata Pathways application layer and cloud infrastructure system as well as activity and usage is measured using a service called New Relic APM which lets us know what’s happening in platform application environment and shows full usage and access stats

This provides a complete picture by combining key metrics from mobile and browser apps with supporting services, datastores, and hosts, so we can optimize performance holistically and ensure the system is up and running as peak performance based on the level of user and service usage.
Reporting types
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Data Export can be carried out directly by the client using bulk export via the Strata Pathways management console. Strata will be happy to work with clients to assist them in doing this.
Data export formats CSV
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability We provide 99.5 availability of the service under our standard SLA. Our Service Level Agreement is include with the Terms and Conditions and in the event of an outage Strata will work with the clients to agree any monetary compensation based on lost whole service days.
Approach to resilience This information can be provided on request. The Data centre is managed with HSCN and is bound by the SLA in place for that service.
Outage reporting Outage reports are extremely rare but if they do occur clients will be notified by email and through a notification in the log-in page

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels The Strata Platform used Role Based Access Control to determine which individuals or groups of individuals can access any part of the system. The ability to restrict access can be controlled by client leadership and the Strata system will only provide access to the features and parts of the system that their role and level dictates. This can also be applied to the users ability to access support and management consoles features,
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 QAS International
ISO/IEC 27001 accreditation date 30 June 2014 and annually since
What the ISO/IEC 27001 doesn’t cover Not Applicable
ISO 28000:2007 certification Yes
Who accredited the ISO 28000:2007 QAS International
ISO 28000:2007 accreditation date 30June 2018
What the ISO 28000:2007 doesn’t cover Not Applicable
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes To ensure all Patient Health Information is secure and safe, Strata Health Solutions has created in depth policies and procedures around the handling of PHI or PID. Strata Health defines confidential data into two categories, client confidential and business confidential as defined in ISF03 Information Security Document Classification. Confidential information is any data stored on our systems as pertains to our clients or business. This includes but is not limited to:
• Personal Health Information (PHI) as defined by the privacy acts of the regions we operate in. 

• Information regarding the services provided by any of our customers or client sites. 

• Information regarding clinicians and any other customer contacts. 

• Any other Personally Identifiable Information (PII) that falls outside of the health care 
privacy acts. 


All staff share a responsibility to safeguard any and all confidential and client confidential information and to ensure it is used appropriately and must agree to a stringent set of security criteria linked to how all information in handled and secured. The CEO is ultimately responsible for ensuring that all policies are adhered to and the Security office is responsible for ensuring that the service is fit for purpose.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach All aspect of configuration and change management are managed under our ISO 27001 guidelines, processes and principles. Strata use various system to track and manage all config and change programme and follows industry best practices and guidelines at all times.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach All aspect of vulnerability management are managed under our ISO 27001 guidelines, processes and principles. Strata use various system to track and manage all potential threats and can mobilise quickly to address threats and apply patches. Strata follows industry best practices and guidelines at all times and work with industry leading partners to keep ahead of all information relevant to threat management.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach All aspect of protective monitoring are managed under our ISO 27001 guidelines, processes and principles. Strata use various systems to track and manage all potential threats and can mobilise quickly to address threats and apply patches. Strata follows industry best practices and guidelines at all times and work with industry leading partners to keep ahead of all information relevant to threat management.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach All aspect of incident management are managed under our ISO 27001 guidelines, processes and principles. Strata use an incident management system called JIRA and follows industry best practices and guidelines including ITIL for service desk management. Users can reports incidents by email or using our 24/7 support numbers. Using our support processes we will track and monitor progress and report back to users as necessary.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks
  • Public Services Network (PSN)
  • NHS Network (N3)
  • Scottish Wide Area Network (SWAN)
  • Health and Social Care Network (HSCN)

Pricing

Pricing
Price £150000 per instance per year
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑