HTRAK LIMITED

h-trak Scan4Safety

Using barcode scanning, h-trak Scan4Safety system delivers comprehensive track and trace functionality on medical implants to patient level; procedure and patient level costing; inventory management for theatres, wards and clinics with automated stock replenishment and consumables price checking. h-trak enhances patient safety, delivers cost savings and process efficiencies for hospitals.

Features

• Procedure costing
• Track and Trace functionality for patient safety
• Patient level costing
• GS1 Certified solution inventory management
• Stock, materials and inventory management
• Private Patient Billing
• Expired, obsolete and waste stock identification
• Quick and efficient product and patient recall process
• Interoperable with existing hospital systems
• Stock Take Processing

Benefits

• Effective traceability to support and improve patient safety
• Efficient purchasing through reduction in expired or wasted stock
• Redirecting clinical admin time patient care
• Facilitates procedure analysis, to inform decision making
• Streamlines ordering and stock replenishment, saving time and budget
• Addresses clinical variation, with efficiencies in time and budget
• Greater collaboration between procurement, finance and clinicians
• Enables benchmarking of surgical procedures by specialisms
• Visibility of data across systems facilitates reporting

£99 to £375 a licence a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@htrak.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

110928915068172

Contact

k.kikirekov@htrak.com
0330 127 6240
info@htrak.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: The system requires WiFi connectivity and Internet connectivity to operate.
• System requirements:
  • Back up connectivity requires Microsoft Active Sync
  • WiFi must be available and enabled
  • Internet Connectivity or N3 Connectivity

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Severity level 1: Respond 1 hour | (1.5 hours outside Standard Business Hours) | resolve within 4 hours for Software & Web Services; /2 Business Days for hardware.; ; Severity level 2: Respond 2 hours | (2.5 hours outside Standard Business Hours) | resolve within 8 hours.; ; Severity level 3: Respond 1.5 days | resolve the date of next New Release (no earlier than 2.5 days) ; ; Severity 4:Respond 2 days | resolve the date of the next New Release (no earlier than 4.5 days); ; Severity 5:Respond 5 days | resolve 3 weeks
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Ongoing support from the Customer Services team is offered by telephone, email and through an online Freshdesk ticketing system. ; ; Availability: Monday to Friday during 08.30 – 17.00 hours excluding nationally observed holidays. ; ; On-site support is offered when required by users, during core office hours though most customers do not require it, after a detailed onboarding programme.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Due to the transformational nature of the h-trak Limited cloud service a tailored onboarding service is included, developed in conjunction with the customer. ; ; Customers advise us of their requirements when the system is set up, which are then configured, and changes can be requested on the same basis through the life of the contract. ; ; In summary the onboarding service typically follow a proven six-staged quality process leading to deployment:; ; • Pre-implementation planning which defines the critical success factors required and develops a project plan.; • Business Process Review which establishing the current process and maps the process following implementation.; • Data Profiling and Setup ensures each product has a price, supplier and where appropriate a contract. ; • Interface Development and Testing and System Installation ensures that the h-trak software can output data to feed into Financial systems, PLICS and other systems as required.; • Training – Front line clinical training is undertaken on the handhelds and back office training for nominated administrators of the system ; • User Acceptance Testing (UAT) will verify that the software functions to the satisfaction of the hospital customer.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Series of training videos, password protected and hosted online
• End-of-contract data extraction: The buyer contacts h-trak Limited to request the data they have captured over the length of the contract is transmitted to them via secure file transfer. ; Exports will be produced in industry standard formats of CSV for simple extracts such as product profile data and XML where data is more complex e.g. procedure cost reports. All data can be exported by the customer as required.
• End-of-contract process: At the end of the contract customer h-trak Limted will contact the buyer to offer to send a file of data in a format that suits the buyer. ; ; At this stage they will be informed that the data will be deleted within 3 months (unless mutually agreed by both parties to be a longer period).; ; Where a customer elects not to have the data deleted, a formal written and signed request by an authorised individual within the buyer’s organisation to keep the data will need to be provided. When removable media or devices that may have contained sensitive data are no longer required, h-trak Limited will contact the cloud provider, Carelink, a Redcentric company, who will ensure secure certified destruction on-site before removal. ; ; There is no additional cost for the buyer.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The mobile devices are used for data collection and for accessing functionality on the move where the users are actively moving about locations. This works well for Operating theatre and ward environment. The administrative functions are undertaken from a PC interface as they require more detailed information.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Many interfaces (~50) have been built to interface with specific systems. There is no generic interface.
• Accessibility standards: None or don’t know
• Description of accessibility: The service is based on scanning barcodes. People who are visually impaired will either be able to see the barcodes or not. If they are unable to see the barcodes, they could, in theory know that a barcode had been successfully scanned because the scanner beeps but in practice they could be scanning for a while before they are successful. People who are deaf or hard of hearing will be able to see if a barcode has been successfully scanned by reference to the scanner screen.
• Accessibility testing: No testing has been done with users of assistive technology.
• API: No
• Customisation available: Yes
• Description of customisation: The h-trak Scan4Safety system has many options that customers can choose from, to meet their individual needs. These include the types of products captured and stock types, timing points used, staffing categories, anaesthetic lists and procedure details. Handhelds can be customised to capture specific data such as OPCS codes, various reasons for timing points or reasons for delays. h-trak staff will collaborate with the customer to facilitate the customisation.

Scaling

• Independence of resources: Periodically capacity testing is undertaken. The service uses virtual servers to handle the demands of multiple concurrent users. As the number of users and the demands on the system increase over time, the resources of the UK virtual servers can be expanded to suit. The database is enterprise quality and can handle a large number of users and very large datasets.

Analytics

• Service usage metrics: Yes
• Metrics types: Full reporting is available on the time users spend accessing the system. ; Many standard reports are available from the h-trak service, covering procedures, purchasing and stock management. These reports give provide precise measurement of how much the service is being used, as well as measuring costs, the time taken for procedures, staff present, tracking of implantable devices and managing stock replenishment. This data can be compared to that extracted from the theatre management system or indeed integrated with that system.
• Reporting types:
  • API access
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Other
• Other data at rest protection approach: User access to our application is controlled by user name and password (stored in encrypted form), plus a number of access levels and other permissions to ensure users can only access data for which they have permissions. Backup data is encrypted.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users can export all their data from the h-trak Resource System, using standard reports which are then emailed to the user. If the dataset is too large for email, assistance can be provided to produce an export dataset via secure file transfer.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XML
  • TXT
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: The buyer's network and h-trak's network are completely separated with firewalls for both parties. Communication between parties is via interface programs at both ends so there is no direct link between databases or servers.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: Strict firewall rules, anti-intrusion software and anti-virus software protect the network.

Availability and resilience

• Guaranteed availability: Our servers are available 24 hours a day/7 days a week subject to scheduled downtime for system upgrades or maintenance, which are communicated to buyers with 72 hours notice and usually take place outside normal business hours unless there is an urgent need for it to take place during business hours. ; Typically maintenance and upgrades take place once or twice a month and will result in the system being unavailable for one to two hours at a time. ; Telephone support is provided from 08:30 to 17:00 hours. Monday – Friday. Calls received out of office hours will be forwarded to an answer phone service and a response provided the next working day. ; ; If the customer's network or our servers go down there will be no interruption to data capture at point of care so there is no requirement for compensation. Information can be collected on the handheld device and then synchronised up to the system when it is reinstated. Monitored Email support is provided 24/7. Support requests are triaged depending on urgency and nature of problem and addressed Monday – Friday between the hours of 08:30 to 17:00 hours.
• Approach to resilience: H-trak Limited servers are hosted by Carelink – A Redcentric company. Their infrastructure is located in the UK’s premier hosting facilities, with the highest levels of security and resilience and supported 24x7x365 from their York based operations centre, providing a foundation for their SLA of 99.95% uptimes and availability.
• Outage reporting: The h-trak Scan4Safety system uses handheld mobile devices which periodically synchronise with the host server. The handheld devices are able to continue functioning even when there is an outage at the host server, so the service is not interrupted. A failure with a particular handheld device is mitigated by remote access of the device for diagnosis and repair by our Support desk. The provision of additional devices can be used as replacements. Users accessing non-critical features of the service, such as reporting are notified of outages by email from the Customer Services team.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Access to the h-trak system is tiered, based on role and authority. Registered users are issued with a valid user name and password. Passwords are encrypted within the database by Salted MD5. The h-trak system can also be configured so for users to enter a 4-digit pin onto the handheld. Access is secured over a VPN connection.; Customer users have no access to management interfaces. The service is split into two parts, each part requires a username and password and only authorised users are given access to management interfaces. Authorised users are not customer users.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Description of management access authentication: Users are only added after approval by Buyer's management. Management access to the application is authenticated by user name and password, and is linked to a special access level. Access to the server is heavily restricted and is via VPN. It is authenticated by user name and password as well as 2 Factor Authentication (2FA)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSi
• ISO/IEC 27001 accreditation date: 20/08/2020
• What the ISO/IEC 27001 doesn’t cover: All customer data gathered is held within our data centre which has an ISO27001 certification.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: * Cyber Essentials Plus; ; * NHS Data Security and Protection Toolkit
• Information security policies and processes: H-trak Limited has an Information Security policy in line with GDPR that;; 1. Ensures the protection of all information systems and the mitigation of risks associated with the misuse or abuse of these systems. ; 2. Systems are protected by ensuring only authorised users who have been provided with a username and password can access the system. User passwords are encrypted by Salted MD5, a hashing algorithm which is extremely secure, particularly from automated attacks. ; 3.Provides a safe and secure information systems working environment for all authorised users. ; 4.Makes certain that users are aware of and comply with the information security policy and are aware of their own responsibilities for protecting the confidentiality and integrity of the data they handle. ; If an employee or user of the h-trak service becomes aware of an information security incident then they must report it to the IT/Operations Director by sending an email marked c/o IT/Operations Director to info@htrak.com or custserviceuk@htrak.com. ; The company Data Protection Officer may be involved at this stage to oversee the escalation and resolution process.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The configuration of the components making up the service are visible only to authorised users. Versions of components are saved in the source control system TFS, which allows all changes to be tracked to the person who made the change. ; Whenever changes are made to the components that form part of the service the Development team conduct a security impact analysis to identify any additional security requirements. New versions of components are thoroughly tested prior to deployment.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Windows Defender and Bitdefender Endpoint Security Tools Antimalware are installed on all computers used by h-trak Limited. On-access scanning is enabled on all the computers to minimise vulnerable periods and Bitdefender is configured to automatically clean up items that contain a virus or spyware. Bitdefender update manager is configured to check for updates on a regular basis.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Access logs for the service are reviewed to identify any potential compromises and or any sustained attempts by unauthorised users to access the service. Any firewall intrusion for the server will send an alert to the Redcentric Data centre. ; ; Potential compromises from external sources are reviewed internally by the Development department and IP addresses or ranges of IP addresses are blocked as appropriate.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents can be reported using phone, email or direct contact with the project management team if they are on-site. Incidents are resolved by a combination of the project team, customer service team and/or the development team depending on the nature of the incident. The Project team and Customer Service team maintain issue logs and software incidents are tracked using Freshdesk.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Wellbeing

  Wellbeing

  By electronically capturing details of medical devices implanted into a patient, the h-trak Scan4Safety System provides details of the exact device, size, lot number and expiry dates (where available). This data can be transmitted to clnical systems, such as an Electronic Patient Record (EPR), for future use, either in patient assessment or in the event of a device recall.; ; If there is a device recall, affected patients can be quickly identified to ensure remedial treatment is given promptly

Pricing

• Price: £99 to £375 a licence a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@htrak.com. Tell them what format you need. It will help if you say what assistive technology you use.