PopNeed
PopNeed helps GPs, PCNs and others to manage population health more effectively by consolidating, analysing, and presenting information relevant to their local population in a single and easy to access on-line platform. The analysis includes practice/PCN benchmarking, geographic analysis, and care gap identification based on emergency service usage patterns.
Features
- Secure and easy to access on-line platform
- Metrics on wider determinants, activity and cost, and outcomes
- Geographic analysis and mapping
- Machine learning
- Statistical analysis
- Clustering
- Downloadable reports summarising metrics for key populations
Benefits
- One access point for population health management information
- Easy to access information for different users
- An intuitive user interface
- Identify population health differences across geography
- Facilitate benchmarking between practices and PCNs
- No user limits
- Joined-up view of activity
Pricing
£22,000 a unit a year
Service documents
Request an accessible format
Framework
G-Cloud 12
Service ID
9 9 6 0 3 9 3 4 1 7 4 3 0 5 5
Contact
Edge Health Ltd
George Batchelor
Telephone: 07980804956
Email: george@edgehealth.co.uk
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- None
- System requirements
-
- HSCN connectivity
- SQL Server Mgmt Studio License
- Web browsers
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Response within two working days
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
- We provide an integration engineer free of charge for the duration of 5 days in case integration requires additional support
- We provide a dedicated account manager who will respond to requests by phone and email and who will be supported by an engineer for technical requests - Support available to third parties
- No
Onboarding and offboarding
- Getting started
- An integration engineer and an account manager will support the IT department as well as deliver onsite training for the operational teams.
- Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- Users can request data from Edge.
- End-of-contract process
- The software will no longer be accessible past the end of the contract.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 7
- Internet Explorer 8
- Internet Explorer 10
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari 9+
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Both mobile and desktop accessibility possible but system optimised for desktop
- Service interface
- No
- API
- No
- Customisation available
- Yes
- Description of customisation
- Users (trust level) can choose different modules by specifying these in advance or purchasing them as add-ons.
Scaling
- Independence of resources
- The cloud provider ensures workloads are balanced fairly to minimise resource contention on the CCSP, and the platform itself constantly monitors and adjusts in line with defined policies. In some cases however, performance may be contended within or between tenants, and unless explicitly stated otherwise, no absolute guarantees of performance are given. Where performance-impacting contention or workloads are identified, the cloud provider may review the workload and, if it is considered inappropriate for the component or service, suggest alternatives or impose Quality of Service limits to safeguard the service available to other tenants.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Time spent by user and uptime of server
- Reporting types
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
-
- Physical access control, complying with another standard
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- No data export is necessary. If required users can be given access to underlying databases or request csv data from Edge Health.
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
- Private network or public sector network
- Data protection within supplier network
- Other
- Other protection within supplier network
- Dedicated site-to-site VPN links configured and terminated on EAL4 certified devices to provide service access across private HSCN network. Customer administration access will be provided via SSL with two factor authentication (TFA), using a one-time password (OTP) over SMS.
Availability and resilience
- Guaranteed availability
- Though the ITIL ISO 20000 Managed Services & Premier Facilities We host our software on we can guarantee 24/7/365 availability.
- Approach to resilience
- We are hosting our services on ITIL ISO 20000 Managed Services & Premier Facilities.
- Outage reporting
- There are email alerts in case of outage.
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Dedicated link (for example VPN)
- Access restrictions in management interfaces and support channels
- All staff of Edge Health undergo training as part of onboarding procedure (ISO 27001 certified). Only the staff working on the relevant accounts will have access to the service.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
Audit information for users
- Access to user activity audit information
- You control when users can access audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- You control when users can access audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- UKAS
- ISO/IEC 27001 accreditation date
- 31/12/2017
- What the ISO/IEC 27001 doesn’t cover
- -
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- Yes
- Any other security certifications
-
- Cyber Essentials
- ISO9001
- DSP Toolkit
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- We have a range of policies and procedures covering information security management, network access, change management controls, physical security and incident reporting. These policies have been independently reviewed and tested and Edge Health has achieved ISO27001 certification for our information security management
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Hosting company maintain an accurate CMDB, ensure all CIs are related to their owning service(s), record CI’s on the CMDB, audit the CMDB on a rolling basis, maintain CI attributes including status through other Service Management processes e.g. Change, Problem, Release and retain CI details within the CMDB even if they have been removed or expired. As part of the cloud provider's ITIL aligned service, changes raised via Requests for Change, documented, reviewed and assessed for approval. Within the review process, the potential risk and impact of a requested change is fully assessed and documented within the Service Management System.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
Hosting company ensures Hardened base Operating System images created as templates to ensure virtual machines created with a known baseline level of security and images are incorporated within patching policy. Planned monthly maintenance schedule. Patches applied automatically, rebooted and service checked on each occasion. The AV/Malware solution that’s applied and managed across the cloud provider's hosting service is Microsoft Forefront Endpoint protection and security structure is aligned alongside ISO27001 for continuous assurance and compliance.
More detail available on request. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
Hosting company's proactive monitoring processes are concerned with identifying, solving problems and known errors before further related incidents can occur. This is identified through monitoring and trending e.g. event management where a warning message is issued at 80% utilisation and acted upon to avoid 100% growth associated service disruption.
By proactively managing infrastructure where service events are identified before they impact normal service operations, more time can be spent looking at technically creative ways to re-align infrastructure and deliver tangible business benefits. - Incident management type
- Supplier-defined controls
- Incident management approach
- The cloud providers incident management process concentrates on restoring unexpectedly degraded or disrupted services as quickly as possible to minimise business impact. Incident prioritisation is based on the impact to the customers business and urgency. An incident can be raised either via phone , or email to the Service desk. All incidents logged. In the event of an HSSI, Service Delivery Manager will inform customer service owner of the incident, advise on ongoing investigation and continue to provide updates as agreed until resolution. Following resolution, Edge will conducted root cause investigation and and provide a Service Outage Analysis report.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
- NHS Network (N3)
Pricing
- Price
- £22,000 a unit a year
- Discount for educational organisations
- No
- Free trial available
- No