PUNGO LTD

Joy - Care Navigation

Joy creates a digital ecosystem around preventative health. The platform:

1) Identifies patients at risk from early death/disability/long-term condition
2) Helps to connect them to interventions e.g. VCFSE, digital therapeutics or other commissioned services
3) Enables outcomes-based payments to service providers

Features

• Two-way integration with EMIS and TPP SystmOne (read/write)
• Sits on-top of any NHS/Social-Care system (e.g.EPIC/ Rio/Cerner/Mosaic/LiquidLogic)
• AI-based insights to identify patients suitable for preventative healthcare interventions
• Clinician and batch messaging, appointment booking,and online triage (NHS-app-integrated)
• Localised digital front-door for care navigation and patient support
• View, manage and track incentives
• Reporting tool to measure/drill-down into efficacy of preventative interventions
• Resident facing pathways to enable self-referrals
• Add/remove approved service providers
• Track demand for local non-clinical services

Benefits

• Divert pressure away from GPs and other front door services
• Streamline referrals to non-clinical services
• Empower patients to self-manage their health and self-refer
• Uncover health inequalities through detailed, real-time reporting
• Measure and monitor the ROI from wellbeing initiatives
• Track demand for local non-clinical services
• Achieve DES targets for social prescribing
• Save admin time with online bookings; reduce DNAs effectively
• Direct patients to services; ease 8AM rush pressure effortlessly
• Enhances accountability and transparency, utilising spending more efficiently

£0.09 to £0.50 a unit a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at patrick@thejoyapp.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

117614375766298

Contact

Patrick Harding
07724467145
patrick@thejoyapp.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: EMIS Web, TPP SystmOne, Local DoS, Rio, Mosaic, Liquid Logic, Cerner, EPIC
• Cloud deployment model: Public cloud
• Service constraints: Any routine downtime required for system maintenance is scheduled outside normal office hours. ; ; A maximum 8 hour per month window is provisionally allocated for system maintenance, if required. ; ; In any month when the maintenance window is to be used, customers are notified at least seven working days in advance.
• System requirements:
  • Firefox/Chrome latest versions, Internet Explorer 10+, Safari, Opera, Microsoft Edge
  • Microsoft Office 10 or later

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 30 minutes during normal working hours on weekdays only
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Users can access the live chat from within their browser of choice
• Web chat accessibility testing: Joy tests all features with a diverse group of stakeholders
• Onsite support: Yes, at extra cost
• Support levels: Included:; ; Helpdesk: 9am to 5pm Monday to Friday (excluding bank holidays); ; Tickets can be logged 24/7.; ; Contact details for Customer Success Manager will be supplied.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: To help users get started with Joy we provide: 1) Online training sessions, 2) Access to a dedicated knowledge base, 3) How-to guides, 4) Email support, 5) Telephone support.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: At the end of a contract period the user will email us and their data will be compiled and sent to them in an encrypted CSV file.
• End-of-contract process: When off-boarding, the client will be supplied with an export of the file system and database.; ; Exports are supplied as an encrypted file containing the exported files.; ; On off-boarding, all consumer-generated data will be provided in the export. Custom data extractions can be provided on request (chargeable at hourly rates).

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems: Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile service is designed for patients/residents
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Joy is is available via a web-browser
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: An accessibility audit has been conducted using the Google accessibility assessment
• API: Yes
• What users can and can't do using the API: Joy's API enables information to be shared with other platforms, e.g., a local DoS or patient-facing application.
• API documentation: No
• API sandbox or test environment: No
• Customisation available: No

Scaling

• Independence of resources: Compute resources are actively monitored, allocated and controlled to ensure service is maintained.

Analytics

• Service usage metrics: Yes
• Metrics types: Reporting on service usage can be provided as an additional service, including number of referrals, source of referrals and where referrals have been made.; ; In addition, custom analysis for public health reporting can be performed.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Request to support team is made.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Availability: 99.9%; ; In any calendar month in which we have unscheduled down time that causes the service level to drop below agreed performance level, the basic monthly charge is reduced by 5% for each full percentage below the agreed level, up to a maximum credit in that month of 100%.
• Approach to resilience: Available on request
• Outage reporting: Email/telephone alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Management interfaces are available to Joy staff only. Roles and responsibilities are defined at project initiation and access to support channel granted to named contacts.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS
• ISO/IEC 27001 accreditation date: Jan 2021
• What the ISO/IEC 27001 doesn’t cover: The scope of ISO27001 is the entire company
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • ISO27001
  • Cyber essentials plus
  • Cyber essentials
  • IASME
  • NHS DSPT

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: IASME Governance standard; Cyber Essentials Plus; Cyber Essentials; NHS DSPT
• Information security policies and processes: Detailed information security policies designed, reviewed, implemented and enforced. Specific details are available on request.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The main Components of the change control process are:; • Documented channel through which a change is requested; • Change impact analysis; • Change Advisory Board (CAB) to assess change and recommend action; • Prioritisation and scheduling of the change, relative to other changes; • The development/implementation of the change, including testing,; • Updating of records to incorporate the change
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We monitor potential threats from a variety of sources including supplier notifications and industry updates. ; Potential threats are assessed by technical team. Critical patches are deployed as soon as possible.; Non-critical patches are applied on a weekly basis.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: System logs, system load and response times are monitored for suspicious activity. Users can also contact us if they suspect something. ; ; The compromised system is isolated, treated, brought back into service. ; ; Response is immediate.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We have incident management processes for major and minor incidents, including a comprehensive disaster recovery plan. Users can report incidents via the support team, who provide support levels according to service level agreements. ; ; Incident reports are generated as part of audit processes and urgently in the interim should significant events occur.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Joy’s environmental policy outlines our aims and principles around managing the environmental impact, including: ; ; • Transport ; • Recycling of packaging materials ; • Minimising waste ; • Efficient use of energy

  Covid-19 recovery

  Joy can be utilised by the system to identify health inequalities and enable more targeted spending that will better serve the community and reduce health inequalities exacerbated by Covid-19.

  Equal opportunity

  As an employer, we drive equality of opportunity. Joy is an equal opportunities employer and proactively encourages applications from people of all economic and cultural backgrounds.

  Wellbeing

  Wellbeing is at the core of our mission. Joy can provide a comprehensive directory, including healthcare services, support groups, recreational activities, and social services available in the area. This can help residents easily access the support they need to address a wide range of social, emotional, and practical needs.

Pricing

• Price: £0.09 to £0.50 a unit a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: A free/at cost trial can be provided if required

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at patrick@thejoyapp.com. Tell them what format you need. It will help if you say what assistive technology you use.