eConsult
eConsult is an online consultation platform for General Practice developed NHS clinicians. Specifically designed for triage and remote closure of minor conditions, it encourages self-care, and frees up clinician time for the most needy and complex patients. 70% of eConsults can be managed without a face to face appointment.
Features
- Online GP consultations (including a video consultation feature)
- Diversion of patient demand to self-help and sign-posting offers
- Red-Flag functionality to intercept and divert patients with serious symptoms
- Federated options available for working at scale (ie. PCNs)
- Available via the NHS App
- Provision of marketing materials to promote eConsult to patients
- Clinical and non-clinical training included
- Integration with clinical system providers
- Patient experience and patient usage reporting included
- NHS Login integration
Benefits
- Implementation can be managed alongside practices ambition, capability and capacity
- 70% of patients managed remotely (ie. without a F2F appointment)
- Improved patient satisfaction and recommendation rates
- Improved patient access to General Practice
- Capture critical illness quicker
- Improved use of other primary care services (ie. local pharmacy)
- No changes to insurance premiums or level of indemnity
- Efficiency gains generated can be spent inline with practice requirements
- Better use of a multi-disciplinary team
- No additional/further software required at the practice
Pricing
£0.21 to £0.63 a person a year
Service documents
Request an accessible format
Framework
G-Cloud 11
Service ID
9 0 5 7 7 7 0 2 2 1 9 4 6 7 4
Contact
eConsult Health
Aman Kundraw
Telephone: 020 7062 5737
Email: commercial@econsult.health
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Private cloud
- Service constraints
-
- Compliant browser technology (we support all browsers that hold a market share of over 1%).
- Scheduled software updates every 2-4wks (c.15mins planned down time outside of office hours). - System requirements
-
- Practices have access to N3 and/or HSCN
- Practices have access to NHS Mail
- Practices have up-to-date browsers
- Practice has a patient-accessible website
- Practice has been enabled for the NHS App (not mandatory)
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
We work on three severity levels as follows:
P1 (total/severe loss of eConsult functionality) - 24/7 - 8hr target resolution
P2 (partial loss of eConsult functionality) - 24/7 - 16hr target resolution
P3 (minor issue that does not have a material impact one the customers ability to function) - Mon-Fri (8:00 - 18:30), Sat (9:00 - 13:00), target resolution subject to severity and also P1 and P2 issues presently being handled
For every year that eConsult has been in operation we have achieved service uptime exceeding 99.992%. - User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Onsite support
- Support levels
-
- Operations Support: An inbound and outbound office based team available as front line support for practices.
- Account Management Team: Field based team that support CCGs/STPs/Health Boards who have commissioned the service.
- Transformation Team: Field based team that work with selected practices to create exemplar sites
- Clinical Support: An office based team of experienced platform users who are available to support with clinical queries and clinical management of eConsults
- Technical Team: Specialist second line support team to support with specifics on integration, APIs, web site configurations
- Commercial Director: Available for any required escalations.
- ICE (incase of emergency) Line: Managed 24/7
All services noted above are provided within the license fee. - Support available to third parties
- No
Onboarding and offboarding
- Getting started
-
- Our operations teams walk practices through and support practices in the setup processes
- Initial group training is provided F2F or via Webex
- Subsequent training is provided via online training modules
- Transformation teams work with selected practices to create exemplars and support knowledge sharing
- An online customer support portal is available through the license period (this include access to online training)
Practices are provided a 30 day deployment window which typically includes 4-8 hours of work for the practice. - Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
-
Upon contract end, customers can place a request with our operations team for all data held pertaining to the account/practice. This request is actioned within 24 hours (Mon-Fri, 8am-6:30pm).
Note: We do not retain any patient data as part of the our platform once is has been fully processed. The only data retained is aggregated data in terms of patient utilisation of the platform. - End-of-contract process
-
The pricing model is all inclusive. There are no further applicable fees during the contract term, nor post contract end.
The notice period required is 90 days. Should notice not be served the agreement will auto-renew for a further 12 months.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 9
- Internet Explorer 10
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari 9+
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
-
- The core platform is fully mobile browser compliant
- Patients are also able to access the platform via the NHS App
There are no functional differences between desktop, mobile or app access. - Service interface
- No
- API
- No
- Customisation available
- Yes
- Description of customisation
-
Configurable options for users:
- Branding
- Look and feel of the eConsult website banner that sits on the practice website.
- Selection of specific local healthcare services.
- Selection of select patient facing templates .
- Timelines for processing of responses to patients.
- Interoperability functionality
All configurations can be selected by the customer at anytime during their license period.
Scaling
- Independence of resources
-
EConsult is hosted on a fault-tolerant, load balanced, N3/HSCN environment. For every year that eConsult has been in operation we have achieved service uptime exceeding 99.9%. We have multiple levels of monitoring in place; to detect infrastructure outages (via a contract with our N3/HSCN supplier), system-level issues (e.g. high memory usage), and application-level issues (e.g. problems with delivery of eConsults to practices). We have a number of operational and technical staff on standby for urgent system problems.
The supplier is able to flexibly adjust the platform as required in the event of considerable increase in usage.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
We provide two reporting packages:
- Patient utilisation (provided weekly and monthly): Number of users and unique users, all patient journey types, patient demographics (age and sex), clinical/admin template type, time and date of entry
- Patient experience survey (provided monthly): Patient recommendation and satisfaction rates, marketing sources, re-attendance rates and anonymised patient comments. - Reporting types
-
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- No
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
- Physical access control, complying with another standard
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- In-house destruction process
Data importing and exporting
- Data export approach
-
We do not retain any patient data as part of the our platform once is has been fully processed. The only data retained is aggregated data in terms of patient utilisation of the platform.
Customers are provided regular analytics data (patient experience and performance) as part of their service agreement. This is provided on a weekly and monthly basis. Ad hoc data requests can be made via the service desk.
All submitted eConsult's are transmitted to the nominated clinical organisation for processing and management. This data should be appropriately SNOMED coded to enable data extraction at a later date. - Data export formats
- CSV
- Data import formats
- Other
- Other data import formats
-
- CDA
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- Other
- Other protection within supplier network
- AES encryption
Availability and resilience
- Guaranteed availability
-
Availability - 99.9%
Excludes downtime for scheduled maintenance - Approach to resilience
- Datacentre information including resilience and security is available upon request form customers.
- Outage reporting
-
Outages would be reported via email alerts.
Also, for partial service issues such as slow working we have a dashboard/banner notification system.
Identity and authentication
- User authentication needed
- No
- Access restrictions in management interfaces and support channels
- Access is restricted to backend platform systems via 2-factor authentication, and restricted RBAC control.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- Between 6 months and 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- Yes
- Any other security certifications
-
- DSP Toolkit
- Hosted on N3/HSCN
- IG SoC
- Cyber Essentials
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- ISO/IEC 27001
- Other
- Other security governance standards
-
ITK/MESH
DSP Toolkit
Cyber Essentials Certification
Note: ISO 27001 relates to our hosted data centre only - Information security policies and processes
-
An Information Governance team has been defined, and meets regularly. All staff are required to undertake basic Information Governance training.
Defined procedures are in place for data sharing & confidentiality, the handling of sensitive data, and information asset security. These procedures are detailed in the organisation's DSP Toolkit documentation.
A Change Control team is assembled when required and is responsible for producing Privacy Impact Assessments of any changes that relate to information security.
Penetration tests are carried out regularly by an accredited, external organisation.
An escalation/notification process exists, detailing 5 levels of risk and an associated chain of responsibility and the procedures that must be followed accordingly.
The Chief Technology Officer is responsible for ensuring the above policies are adhered to.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
All change requests are managed by our Product Manager.
1.Requests are reviewed at our monthly roadmap meetings.
2.Approved requests are allocated to a work stream and prioritised.
3.Requests planning considers:
-Accessibility requirements
-Teams involved.
-Clinical and information governance.
-Beta testing.
-Customer communications.
-Training needs.
-Documentation updates
-Evaluation needs
4.Features are reviewed at a minimum of 12 month intervals.
5.We apply standards of clinical risk management defined in SCCI0129.
6.We have a fortnightly release cycle when deploying a new release. This is always performed outside of working hours.
7.Internal metrics are used to analyse the performance of the product and features. - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
Threat management - using our network of specialist cyber security suppliers and contacts we continually monitor potential security threats. We also only use specialist software tools and products to monitor all security elements of the service.
Patches - server patching is managed by our specialist data centre provider. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
Alerts system - the platform has an inbuilt alerting system.
Hosting supplier - our specialist hosting supplier also continually monitors the platform.
Issue Resolution - patches and updates can be implemented on a same day basis where required. - Incident management type
- Supplier-defined controls
- Incident management approach
-
Incident Reporting - we have pre-defined process for as many common events as possible.
We have a defined notification / escalation process in place. This details 5 levels of risk, and the escalation procedures for each.
A number of potential risks have been highlighted, and detailed processes to follow in the event of such an incident have been defined for each.
A standardised form is used to document any event, including unscheduled service outages, and a defined process is in place to follow-up on any such event.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
-
- NHS Network (N3)
- Health and Social Care Network (HSCN)
Pricing
- Price
- £0.21 to £0.63 a person a year
- Discount for educational organisations
- No
- Free trial available
- No