G-Cloud 11 services are suspended on Digital Marketplace

If you have an ongoing procurement on G-Cloud 11, you must complete it by 18 December 2020. Existing contracts with eConsult Health are still valid.
eConsult Health

eConsult

eConsult is an online consultation platform for General Practice developed NHS clinicians. Specifically designed for triage and remote closure of minor conditions, it encourages self-care, and frees up clinician time for the most needy and complex patients. 70% of eConsults can be managed without a face to face appointment.

Features

  • Online GP consultations (including a video consultation feature)
  • Diversion of patient demand to self-help and sign-posting offers
  • Red-Flag functionality to intercept and divert patients with serious symptoms
  • Federated options available for working at scale (ie. PCNs)
  • Available via the NHS App
  • Provision of marketing materials to promote eConsult to patients
  • Clinical and non-clinical training included
  • Integration with clinical system providers
  • Patient experience and patient usage reporting included
  • NHS Login integration

Benefits

  • Implementation can be managed alongside practices ambition, capability and capacity
  • 70% of patients managed remotely (ie. without a F2F appointment)
  • Improved patient satisfaction and recommendation rates
  • Improved patient access to General Practice
  • Capture critical illness quicker
  • Improved use of other primary care services (ie. local pharmacy)
  • No changes to insurance premiums or level of indemnity
  • Efficiency gains generated can be spent inline with practice requirements
  • Better use of a multi-disciplinary team
  • No additional/further software required at the practice

Pricing

£0.21 to £0.63 a person a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at commercial@econsult.health. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 11

Service ID

9 0 5 7 7 7 0 2 2 1 9 4 6 7 4

Contact

eConsult Health Aman Kundraw
Telephone: 020 7062 5737
Email: commercial@econsult.health

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
- Compliant browser technology (we support all browsers that hold a market share of over 1%).
- Scheduled software updates every 2-4wks (c.15mins planned down time outside of office hours).
System requirements
  • Practices have access to N3 and/or HSCN
  • Practices have access to NHS Mail
  • Practices have up-to-date browsers
  • Practice has a patient-accessible website
  • Practice has been enabled for the NHS App (not mandatory)

User support

Email or online ticketing support
Email or online ticketing
Support response times
We work on three severity levels as follows:

P1 (total/severe loss of eConsult functionality) - 24/7 - 8hr target resolution

P2 (partial loss of eConsult functionality) - 24/7 - 16hr target resolution

P3 (minor issue that does not have a material impact one the customers ability to function) - Mon-Fri (8:00 - 18:30), Sat (9:00 - 13:00), target resolution subject to severity and also P1 and P2 issues presently being handled

For every year that eConsult has been in operation we have achieved service uptime exceeding 99.992%.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Onsite support
Support levels
- Operations Support: An inbound and outbound office based team available as front line support for practices.
- Account Management Team: Field based team that support CCGs/STPs/Health Boards who have commissioned the service.
- Transformation Team: Field based team that work with selected practices to create exemplar sites
- Clinical Support: An office based team of experienced platform users who are available to support with clinical queries and clinical management of eConsults
- Technical Team: Specialist second line support team to support with specifics on integration, APIs, web site configurations
- Commercial Director: Available for any required escalations.
- ICE (incase of emergency) Line: Managed 24/7

All services noted above are provided within the license fee.
Support available to third parties
No

Onboarding and offboarding

Getting started
- Our operations teams walk practices through and support practices in the setup processes
- Initial group training is provided F2F or via Webex
- Subsequent training is provided via online training modules
- Transformation teams work with selected practices to create exemplars and support knowledge sharing
- An online customer support portal is available through the license period (this include access to online training)

Practices are provided a 30 day deployment window which typically includes 4-8 hours of work for the practice.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Upon contract end, customers can place a request with our operations team for all data held pertaining to the account/practice. This request is actioned within 24 hours (Mon-Fri, 8am-6:30pm).
Note: We do not retain any patient data as part of the our platform once is has been fully processed. The only data retained is aggregated data in terms of patient utilisation of the platform.
End-of-contract process
The pricing model is all inclusive. There are no further applicable fees during the contract term, nor post contract end.

The notice period required is 90 days. Should notice not be served the agreement will auto-renew for a further 12 months.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
- The core platform is fully mobile browser compliant
- Patients are also able to access the platform via the NHS App

There are no functional differences between desktop, mobile or app access.
Service interface
No
API
No
Customisation available
Yes
Description of customisation
Configurable options for users:
- Branding
- Look and feel of the eConsult website banner that sits on the practice website.
- Selection of specific local healthcare services.
- Selection of select patient facing templates .
- Timelines for processing of responses to patients.
- Interoperability functionality

All configurations can be selected by the customer at anytime during their license period.

Scaling

Independence of resources
EConsult is hosted on a fault-tolerant, load balanced, N3/HSCN environment. For every year that eConsult has been in operation we have achieved service uptime exceeding 99.9%. We have multiple levels of monitoring in place; to detect infrastructure outages (via a contract with our N3/HSCN supplier), system-level issues (e.g. high memory usage), and application-level issues (e.g. problems with delivery of eConsults to practices). We have a number of operational and technical staff on standby for urgent system problems.

The supplier is able to flexibly adjust the platform as required in the event of considerable increase in usage.

Analytics

Service usage metrics
Yes
Metrics types
We provide two reporting packages:
- Patient utilisation (provided weekly and monthly): Number of users and unique users, all patient journey types, patient demographics (age and sex), clinical/admin template type, time and date of entry
- Patient experience survey (provided monthly): Patient recommendation and satisfaction rates, marketing sources, re-attendance rates and anonymised patient comments.
Reporting types
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
We do not retain any patient data as part of the our platform once is has been fully processed. The only data retained is aggregated data in terms of patient utilisation of the platform.

Customers are provided regular analytics data (patient experience and performance) as part of their service agreement. This is provided on a weekly and monthly basis. Ad hoc data requests can be made via the service desk.

All submitted eConsult's are transmitted to the nominated clinical organisation for processing and management. This data should be appropriately SNOMED coded to enable data extraction at a later date.
Data export formats
CSV
Data import formats
Other
Other data import formats
  • CDA
  • PDF

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
AES encryption

Availability and resilience

Guaranteed availability
Availability - 99.9%
Excludes downtime for scheduled maintenance
Approach to resilience
Datacentre information including resilience and security is available upon request form customers.
Outage reporting
Outages would be reported via email alerts.

Also, for partial service issues such as slow working we have a dashboard/banner notification system.

Identity and authentication

User authentication needed
No
Access restrictions in management interfaces and support channels
Access is restricted to backend platform systems via 2-factor authentication, and restricted RBAC control.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • DSP Toolkit
  • Hosted on N3/HSCN
  • IG SoC
  • Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
ITK/MESH
DSP Toolkit
Cyber Essentials Certification
Note: ISO 27001 relates to our hosted data centre only
Information security policies and processes
An Information Governance team has been defined, and meets regularly. All staff are required to undertake basic Information Governance training.

Defined procedures are in place for data sharing & confidentiality, the handling of sensitive data, and information asset security. These procedures are detailed in the organisation's DSP Toolkit documentation.

A Change Control team is assembled when required and is responsible for producing Privacy Impact Assessments of any changes that relate to information security.

Penetration tests are carried out regularly by an accredited, external organisation.

An escalation/notification process exists, detailing 5 levels of risk and an associated chain of responsibility and the procedures that must be followed accordingly.

The Chief Technology Officer is responsible for ensuring the above policies are adhered to.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All change requests are managed by our Product Manager.
1.Requests are reviewed at our monthly roadmap meetings.
2.Approved requests are allocated to a work stream and prioritised.
3.Requests planning considers:
-Accessibility requirements
-Teams involved.
-Clinical and information governance.
-Beta testing.
-Customer communications.
-Training needs.
-Documentation updates
-Evaluation needs
4.Features are reviewed at a minimum of 12 month intervals.
5.We apply standards of clinical risk management defined in SCCI0129.
6.We have a fortnightly release cycle when deploying a new release. This is always performed outside of working hours.
7.Internal metrics are used to analyse the performance of the product and features.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Threat management - using our network of specialist cyber security suppliers and contacts we continually monitor potential security threats. We also only use specialist software tools and products to monitor all security elements of the service.

Patches - server patching is managed by our specialist data centre provider.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Alerts system - the platform has an inbuilt alerting system.

Hosting supplier - our specialist hosting supplier also continually monitors the platform.

Issue Resolution - patches and updates can be implemented on a same day basis where required.
Incident management type
Supplier-defined controls
Incident management approach
Incident Reporting - we have pre-defined process for as many common events as possible.

We have a defined notification / escalation process in place. This details 5 levels of risk, and the escalation procedures for each.

A number of potential risks have been highlighted, and detailed processes to follow in the event of such an incident have been defined for each.

A standardised form is used to document any event, including unscheduled service outages, and a defined process is in place to follow-up on any such event.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
Yes
Connected networks
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Pricing

Price
£0.21 to £0.63 a person a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at commercial@econsult.health. Tell them what format you need. It will help if you say what assistive technology you use.