Skip to main content

Help us improve the Digital Marketplace - send your feedback

HEALTHROAM LTD

Healthroam Remote

Healthroam Remote is our Always-On remote access VPN service that provides reliable, encrypted connectivity to HSCN systems and services. Our industry leading cloud-based VPN service is trusted, connected and flexible with a seamless Single Sign-On user experience.

Features

  • Fully managed cloud-based SaaS Remote Access VPN
  • Resilient connectivity to clinical and other HSCN systems
  • Seamless user experience with NHSMail authentication as standard
  • Integrate with any existing cloud provider for Single Sign-On authentication
  • Admin Dashboard for real-time visibility
  • Historical reporting available on request

Benefits

  • Rapidly deploy our simple, easy to use remote access service.
  • Deliver HSCN connectivity to all staff quickly and efficiently.
  • Reduce operational overheads with our fully managed SaaS-based VPN service.
  • Add operational resilience to your existing remote access solution.
  • Customise solution based on individual service requirements.

Pricing

£2.16 to £12.00 a licence a month

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at connect@healthroam.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

1 0 7 5 0 2 5 7 4 4 3 4 9 2 6

Contact

HEALTHROAM LTD Simon Lane
Telephone: 0208 3740935
Email: connect@healthroam.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
Healthroam Remote is supported on Windows and MacOS operating systems as standard. Bespoke support arrangements can be offered for iOS and Android devices should this be required.
System requirements
  • Windows 10/11 and above operating system
  • MacOS operating system
  • Intel processors supported
  • ARM processors supported e.g. Apple M1/M2

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response time for Informational requests is 48 hours (Mon - Fri Only) as per the SLA.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
No
Support levels
Standard Support Level
Healthroam Remote service operates throughout UK core business hours of 9am to 5pm Monday to Friday. Contactable by telephone or email Support@healthroam.co.uk
Outside of UK core business hours a Healthroam support ticket can be automatically raised via email Support@healthroam.co.uk providing full information in relation to the support required.

As per SLA our Standard Support Level provides the following:

Outage/Critical (P1) - Response time 1 hour
Urgent (P2) - Response time 2 hours
Monitor (P3) - Response time 8 hours
Informational (P4) - Response time 48 hours
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Full setup and user guides are provided to the user upon commencement of the service. The client software is simple to setup, the user can choose to install themselves or via their IT support provider. Guided setup and training can be provided upon request at no extra cost.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
At the written direction of the Client, Healthroam must delete or enable the return of Personal Data to the Client on termination of the Agreement unless Healthroam is required by Law to retain the Personal Data. The Client may retrieve its Personal Data at any time.
End-of-contract process
On termination of the Contract:
(a) Healthroam shall cease provision of any services still being provided under the Contract;
(b) Each Party shall return and make no further use of any equipment, property, materials and other items (and all copies of them) belonging to the other Party;
(c) Healthroam shall submit invoices for any services that it has supplied, but for which no invoice has been submitted, and the Client shall pay these invoices, if undisputed, within the Payment Term; and
(d) The Client shall pay any outstanding undisputed invoices within the Payment Term.

Using the service

Web browser interface
No
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Healthroam Remote client software is supported on Windows and MacOS as standard. Bespoke support can be provided for iOS and Android devices requiring alternative client software, authentication and setup process.
Service interface
No
User support accessibility
None or don’t know
API
No
Customisation available
Yes
Description of customisation
Healthroam Remote authentication can be customised with any cloud-based Single Sign-On(SSO) service. Our Remote service is integrated with NHSMail as standard for authentication however any healthcare SSO directory can be used. This customisation is performed by us prior to commencing the service, certain directory settings are required to be configured by the customer's IT support.

Scaling

Independence of resources
Healthroam core infrastructure is continually monitored. Capacity demands placed on the Remote service are measured in real-time and any events that exceed applied thresholds are alerted and reported. Any additional capacity requirements are remediated prior to any service impact.

Analytics

Service usage metrics
Yes
Metrics types
Number of user connections
Number of licenses used/unused
Usernames connected
Other customisable metrics are available on request
Available both real-time and historical.
Reporting types
  • Real-time dashboards
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
At the written direction of the Client, Healthroam must delete or enable the return of Personal Data to the Client on termination of the Agreement unless Healthroam is required by Law to retain the Personal Data. The Client may retrieve its Personal Data at any time.
Personal Data is returned where practicable in the format and method requested by the user.
Data export formats
  • CSV
  • Other
Other data export formats
  • Txt format
  • PDF
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Healthroam shall in all cases use reasonable endeavours to achieve any SLA stated to apply to services provided in the Contract. If a Service Credit is stated to apply in the Contract then such Service Credits shall be the Client's full and exclusive right and remedy, and Healthroam's only obligation and liability, in respect of the performance and availability of the services set out in the Contract.
If Healthroam fails to meet the applicable SLAs where an associated Service Credit is stated to apply in the Contract in respect of any of the services, then the Client may be entitled to such Service Credits as stated in the SLA as a credit against subsequent Charges.
The maximum Service Credits payable in respect of any failure(s) to meet the applicable SLAs in any one month shall be capped at 100% of the total monthly Charges.
Healthroam shall not be responsible for any failure to meet any SLA, nor for the failure to deliver any services, where such failure is caused by any Planned Maintenance carried out.
Approach to resilience
Information regarding Healthroam Remote service resilience is available on request.
Outage reporting
Healthroam core infrastructure is continually monitored. Healthroam undertakes to report to its Client’s details of the following incidents using the correct details provided by each client.
Each notification will include the Healthroam ticket ID, which needs to be quoted by the client’s personnel or representatives when following up on the reported incident.
The client remains responsible for onward communication of any incident.
- Core Infrastructure
- Application security incidents, software updates or bug fixes
- Health & Social Care Network

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
Access restrictions in management interfaces and support channels
All management interfaces to Healthroam core infrastructure are restricted out-of-band and secured behind firewalls. All admin accounts for accessing management are secured in accordance with Cyber Essentials best practices.
Access restriction testing frequency
At least once a year
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
DSPToolkit

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
Cyber Essentials
Information security policies and processes
Healthroam is required to process Personal Data only in accordance with the terms & conditions specified in the applicable Contract, unless legally obligated to do otherwise. Healthroam must have Protective Measures in place, ensure its personnel only process data in alignment with the agreement, protect the data against unauthorized disclosure or transfer, and delete or return Personal Data to the Client upon contract termination, unless retention is required by Law. Additionally, Healthroam is subject to notification requirements in case of Data Subject Access Requests, data rectification or erasure requests, complaints, and Data Loss Events, providing the Client with prompt assistance and required information. Audits of data processing activities are allowed, Healthroam must designate a Data Protection Officer if required, and follow specific procedures before engaging sub-processors.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Configuration Management Process:
- Baseline configuration and use version control.
- Submit formal change request and thoroughly test in non-production environment.
- Update configuration documentation whenever changes occur.
Change Management Process:
- Submit change request.
- Assess the security impact considering factors like confidentiality, integrity, and availability.
- Identify potential risks, security vulnerabilities, service disruptions, compatibility issues and assign a risk level (low, medium, high).
- If approved, implement following the established process inc. communication, monitoring and rollback plan.
- After implementation, validate the change in a controlled environment.
Update documentation and communicate the change to relevant teams and end-users.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Healthroam assesses threats to services regularly, conducting vulnerability scans on service components and monitoring threat intelligence feeds such as Cisco Talos. These provide information about emerging threats, zero-day vulnerabilities, and attack patterns.
Healthroam also undertakes regular penetration testing on core infrastructure as part of security best practices.
Healthroam maintains a centralized repository for patches prioritized based on severity (critical, high, medium, low). All patches are first deployed in a testing environment to ensure they don't cause service disruptions.
Several information sources are monitored for potential threats including CVE and NVD databases, vendor notifications and HSCN Data Security Centre.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Healthroam's processes for identifying potential compromises include log review and analysis of security components. Monitoring threat intelligence feeds such as Cisco Talos for emerging threats, zero-day vulnerabilities, and attack patterns.
Healthroam's response to any potential compromises is to isolate the affected system immediately to prevent further spread. Conduct a forensic investigation to determine the scope of the compromise. Collect evidence, identify the attack vector and notify relevant stakeholders about the incident.
Healthroam is able to quickly respond to an incident using pre-defined steps and automated alerts to trigger immediate action, contain the incident, eradicate the threat and restore affected services.
Incident management type
Supplier-defined controls
Incident management approach
Healthroam's incident management process includes pre-defined steps and automated alerts to common events. Classifying incidents based on severity and escalating to appropriate level as per the recorded escalation matrix.
Users can report incidents via Healthroam support email or phone line triggering an automated support ticket providing full information.
Following investigation and closure of an incident a full summary report is provided detailing what happened, actions taken and preventive measures.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
Yes
Connected networks
Health and Social Care Network (HSCN)

Social Value

Social Value

Social Value

Covid-19 recovery

Covid-19 recovery

The COVID-19 pandemic has significantly impacted communities and economies. Delivering Social Value initiatives can aid in the recovery process.
Healthroam actively creates employment opportunities for those left unemployed due to Covid-19. Also prioritising the physical and mental health of people affected implementing standards from the Mental Health at Work commitment to support the workforce.
Exploring innovative new ways of working and delivering services that align with the changing landscape post-COVID-19 inc. remote working solutions and sustainable travel options.
Healthroam Ltd’s efforts align with several Sustainable Development Goals, including:
Goal 1: No poverty
Goal 3: Good health and well-being
Goal 8: Decent work and economic growth
Goal 11: Sustainable cities and communities
Goal 17: Partnership for the goals

Pricing

Price
£2.16 to £12.00 a licence a month
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
The free 14 day trial includes a single license to access the Remote service. This trial is available for NHSMail accounts only. Customer to provide the NHSMail account for the trial.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at connect@healthroam.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.