FITFILE GROUP LIMITED

Structured and Unstructured Healthcare Data Annotation and Standardisation

Data annotation of structured and unstructured healthcare data to common standards/formats such as SNOMED/ICD and standardisation under FHIR.

Features

• Near-time data annotation (after configuration)
• Structured and unstructured healthcare data annotation
• Schema agnostic service
• Agnostic as to data source
• Infrastructure-agnostic

Benefits

• Enjoy near time data annotation (after configuration)
• Achieve unstructured data annotation (from free text etc.)
• Work with healthcare data annotation specialists
• Several out-of-the-box, pre-configured, disease-specific trained models available

£0 a unit a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  ODT

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at petros.kotsidis@fitfile.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

144748023650384

Contact

Petros Kotsidis
01932 361 361
petros.kotsidis@fitfile.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: -Data Acquisition ; -Automated Data Anonymisation; -Data Analytics and Visualisation; -Data Processing - Data Linking / Unification / Integration of Anonymised Data; -Data Processing - Data / Unification / Integration of Identifiable Data (Personal Data)
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: Software requires a Linux operating system on any cloud or VMWare.
• System requirements: Virtual or physical space to deploy a software appliance

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support is available from a single-click in web application. Different support options and SLAs are available depending on customer requirements.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support levels are variable and costed based on customer requirements. Technical account managers and engineers for all relevant service levels are available.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Training and documentation is provided as required.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Secure transfer to the user or certified destruction where applicable.
• End-of-contract process: -Software ceases to function.; -Software is deleted.; -Data is destroyed or transferred to the customer.; *Additional cost applicable based on data volumes (only for transfer).

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems: Linux or Unix
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: -FITFILE Provide two key REST API services to customers.; a)For data ingestion, integration with specific customer APIs can be configured manually at setup. The ingestion API requires manual security configuration; b)For data export, there is a standard FITFILE REST API that can provide query result sets. The data export API requires internet access for authorisation and authentication.; -Alternative options (non-API) are also provided as a direct database export to a customer staging or reporting service
• API documentation: Yes
• API documentation formats: Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Fully customisable service. Users must work with FITFILE to customise the service.

Scaling

• Independence of resources: Independent software instances are deployed for each installation.; User load is usually low.

Analytics

• Service usage metrics: Yes
• Metrics types: Usage counts.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Secure download.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Any reasonable format can be catered for
  • API access on request
  • Native PowerBI
  • Tableau integration in Q3
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Direct database connection
  • Appropriate APIs

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: SLAs defined based on user requirements, service credits for SLA breaches.
• Approach to resilience: We operate out of Microsoft UK datacentres. Resilience information is available on request.
• Outage reporting: Slack incident channel and email alerts to support staff.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: -Strictly controlled user list.; -Higher access credentials only by CEO and CTO approval and specified process on how to obtain, including sign-offs.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Approachable Certification
• ISO/IEC 27001 accreditation date: 30/06/2021
• What the ISO/IEC 27001 doesn’t cover: The full range of FITFILE services is covered.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Data Security and Protection Toolkit (8KM90)

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: -FITFILE own policies.; -ISO 27001 provisions.; -DSPT requirements.; -Cyber Essentials Plus requirements.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: FITFILE's configuration and change management policies and procedures are available upon request.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: -Pen tests, continuous monitoring, external specialist services.; -Patches applied as soon as they become available (change control process followed).; -Multiple threat information sources (e.g. NCSC).; -Software library security checks at every stage of software build.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Third party tools are used to monitor our platform and applications. Once a compromise is noticed, the incident management process is actioned. There are clearly defined response and timelines for different types of incidents.
• Incident management type: Supplier-defined controls
• Incident management approach: -Policy and pre-defined process used for incident management, defining ways to report depending on the type of incident.; -FITFILE is ISO27001 compliant (part of the certification is adherence to ISO 27001 incident management requirements).

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Social Value

• Covid-19 recovery:

  Covid-19 recovery

  FITFILE aims to support local communities to manage and recover from the impact of COVID-19 both by collecting Real World Evidence (RWE) on the effects of COVID-19, Long COVID, and the impact of vaccination/other interventions. Further, for clinical trial feasibility and recruitment, FITFILE can support clinical research activity by safely identifying subjects in near-time.
• Tackling economic inequality:

  Tackling economic inequality

  FITFILE supports new job and skill creation in the healthcare data arena, a high-growth part of data-driven healthcare, increases collaboration between different actors in healthcare delivery (research, healthcare provision, novel medicine discovery, etc.) and can highlight how disparities in treatment may relate to differences in socio-economic or geographical aspects.
• Wellbeing:

  Wellbeing

  FITFILE works with multiple partners, communities and individuals to co-design and co-develop products and services, thereby supporting strong integration and collaboration between stakeholders.

Pricing

• Price: £0 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  ODT

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at petros.kotsidis@fitfile.com. Tell them what format you need. It will help if you say what assistive technology you use.