PATIENTMPOWER LIMITED

patientMpower

Configurable self-care, self-management, remote monitoring, remote management and virtual ward software for patient activation, virtual care, digital care. Multi-pathway including respiratory (COPD, asthma, specialist lung conditions), oncology, cardiology (heart failure, hypertension, atrial fibrillation), cardio-metabolic-renal, kidney, disease, maternity care, general early discharge, frailty and more. Inbuilt integration / interoperability with EMR.

Features

• Fully configurable across multiple patient pathways
• Intuitive platform, co-design with clinical and patient user
• Tailored alerts
• Device agnostic, with curated integrated device options
• Collection of objective and subjective measures inc. PROMs
• Virtual consultations
• Home spirometry quality validation
• Educational content for supported self-management
• Inbuilt integration engine for easy EMR interoperability
• Inbuilt exercise tolerance testing protocol

Benefits

• Enables digital transformation of care pathways
• Reduces need for out-patient clinic appointments
• Enables early detection of complications for rapid triage
• Reduces unplanned hospitalisation and readmission
• Empowers patients self-management
• Enables early patient discharge or avoids admission
• Increases service capacity
• Improves access to care and reduces geographic care inequality
• Improves patient symptoms and quality of life
• Increases patient reassurance and convenience

£1,850 an instance a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at eamonn@patientmpower.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

150361741867854

Contact

Eamonn Costello
+44 20 3322 4121
eamonn@patientmpower.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: No
• System requirements: Web browser: Chrome, Firefox or Internet Explorer

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Critical support request: 24 hour, 365 day support, response within 30 minutes, target for resolution <4 hours. Major support request (e.g. system is down for some users, core functionality is significantly impacted): 24 hour, 365 day support, response within 2 hours, target for resolution < 12 hours. Minor support request (minor inconvenience, work around available) Monday - Friday 7 am - 7 pm, response within 4 hours, resolution <2 working days. Query (e.g. information or features request) Monday- Friday 7 am - 7 pm, response within 1 working day.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 A
• Web chat accessibility testing: We have conducted some testing with Google’s TalkBack feature.
• Onsite support: No
• Support levels: Critical support request (e.g. system is down for all users): 24 hour, 365 day support, response within 30 minutes, target for resolution <4 hours. Major support request (e.g. system is down for some users, core functionality is significantly impacted): 24 hour, 365 day support, response within 2 hours, target for resolution < 12 hours. Minor support request (minor inconvenience, work around available) Monday - Friday 7 am - 7 pm, response within 4 hours, resolution <2 working days. ; Support provided as part of package. Initial support from customer service team triaged to development engineers etc as required.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Online training for clinical users and full suite of user support materials and videos provided plus continued. User support materials and videos for patient and access to phone/web support if required. Please see Service Description for full details of implementation support available.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Video
• End-of-contract data extraction: Data will be retained in accordance with EU GDPR Law subsequent to the end of processing. If a user or data subject whishes to extract their data they can do so by request to the support team or DPO.
• End-of-contract process: Data can be archived or deleted as per clients request. This will not incur an additional cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Desktop service is used by healthcare staff to assess patients' remote monitoring data. ; Mobile service is used by patients - via an app - to input remote monitoring data.
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: Web based portal for clinicians - may be integrated in to electronic medical records if required. Patient facing app on mobile device.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: We have conducted some testing with Google’s TalkBack feature.
• API: No
• Customisation available: Yes
• Description of customisation: Protocols can be configured by clinical users for multiple care pathways and condition types. Alerts can be tailored by clinical users for individual patients. Tailored educational content.

Scaling

• Independence of resources: The application containers are deployed using a “serverless” approach, with auto-scaling. If a spike in usage occurs, new instances of the application will be provisioned to handle the increased load to reduce the risk of the application being overwhelmed.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Can be integrated into electronic medical records. ; PDF exporting also available.
• Data export formats: Other
• Other data export formats: PDF
• Data import formats: Other
• Other data import formats: N/A

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Levels of Service: patientMpower’s target availability is 99.9%, excluding any pre-notified scheduled downtime. ; Critical support request (e.g. system is down for all users): 24 hour, 365 day support, response within 30 minutes, target for resolution <4 hours. Major support request (e.g. system is down for some users, core functionality is significantly impacted): 24 hour, 365 day support, response within 2 hours, target for resolution < 12 hours. Minor support request (minor inconvenience, work around available) Monday - Friday 7 am - 7 pm, response within 4 hours, resolution <2 working days. Query (e.g. information or features request) Monday- Friday 7 am - 7 pm, response within 1 working day.
• Approach to resilience: The system infrastructure is designed for high availability to mitigate the risk of downtime. An application monitoring system is in place to alert unplanned outages, so the team is immediately aware and can remediate. The application containers are deployed using a “serverless” approach, with auto-scaling. If a spike in usage occurs, new instances of the application will be provisioned to handle the increased load to reduce the risk of the application being overwhelmed. A “multiple Availability Zone” approach is used to mitigate the risk of the application going down if part of the underlying infrastructure has a problem. A further benefit is that if an application container does go down, the infrastructure will automatically restart.; ; Data from the application is stored in a managed database, which provides tools to ensure availability. Replica databases are used to provide a failover if the primary database experiences downtime. The replica will automatically takeover as the primary if needed. A multiple Availability Zone approach is used, with the replica separated from the primary so it will be unaffected if the infrastructure underpinning the primary database has an issue. Daily backups and ongoing transaction logging provide granular backup and restore capabilities in case of shutdown.
• Outage reporting: Planned outages notified via email

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: - Limited to defined personnel with full audit trail.; - MFA Authentication is mandatory.; - Can only access via VPN static IP address.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Citation ISO Ceritification https://www.qmsuk.com/
• ISO/IEC 27001 accreditation date: 2022
• What the ISO/IEC 27001 doesn’t cover: Our 27001 Certification covers all departments & services of patientMpower. ; The official scope of our ISO 27001 Certification is as follows:; The certification applies to all systems, people, data and processes that constitute the patientMpower information system. This information system is to support the development of IT software, apps and data research for the healthcare industries. This includes directors, employees, suppliers and other third parties who have access to patientMpower systems and data.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • Cyber Essentials
  • Data Security and Protection Toolkit
  • Digital Technology Assessment Criteria (DTAC)

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials
• Information security policies and processes: Information security is the responsibility of the CEO.; ; The Information Security Policies in force at patientMpower are as follows:; ISMS Policy; ISMS Audit Policy; ISMS Improvements Policy; Document Control Policy; Social Media Policy; Acceptable Use Policy (AUP) for patientMpower; Teleworking and Remote Access Policy; Information Security Incident Response Plan; Human Resource Security Standard; Password Policy; Physical and Environmental Security Policy; Access Control Policy; Business Continuity Plan; Vendor Management Policy; Secure Disposal Policy; Encryption and Key Management Policy; Secure Application Development Policy; Change Management Policy; Information Security Policy

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Using Infrastructure as Code allows for configuration changes to be managed in the same manner as other changes in the software development lifecycle. When a change to the configuration is required, a merge request is opened containing the change. As per the standard process for code changes, the merge request is reviewed in a manner appropriate to the scope, risk, and impact of the proposed change. Automated tests will also validate the change. If the change is accepted and merged, automated pipelines roll the update out to existing deployments. This also provides an auditable history of changes to the infrastructure.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Managed computing services are used to ensure security patches are automatically applied to operating systems. The Clair project is used for static analysis of vulnerabilities in application containers. AWS CloudFront is used to serve the web application, and integrates with both AWS WAF, a web application firewall that helps protect web applications from common web exploits, and AWS Shield, a managed DDoS protection service for web applications running on AWS. Furthermore, CloudFront allows for setting the minimum TLS version required in a request for the content, which defaults to TLSv1.2 for patientMpower deployments.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Application servers are monitored using New Relic, and AWS monitoring services such as CloudWatch. Monitoring metrics on these services, as well as a regular security review of AWS of AWS accounts, are used to identify potential compromises. When compromises are found, they are acted upon immediately. We are engaging with a partner specialising in AWS for Healthcare to provide even more robust monitoring and 24/7 support.
• Incident management type: Supplier-defined controls
• Incident management approach: An internal SOP & policy on incident management provides the steps for convening an Incident Response team, the steps they follow when investigating and reporting an incident, and templates for any reports. The incident response team will gather all relevant personnel from management, engineering, communications, and legal, as required depending on the severity of the incident. If the incident requires reporting to a government body, this will be done.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  patientMpower Ltd is committed to achieving Net Zero carbon emissions by 2045. In order to progress to achieving Net Zero since the base year of 2023, we have adopted the following carbon reduction target.; We project that carbon emissions will decrease over the next five years to 22.70 tCO2e by 2028. This is a reduction of 22.72% from 2023. We project that we will reach Net Zero carbon emissions by 2045.; The NHS accounts for 5% of all road traffic in the UK. The patientMpower system has been shown to reduce face to face up appointments by 70%, reducing unnecessary journeys to the hospital and reducing associated CO2 emissions.; The full patientMpower Carbon Reduction Plan will be posted on our website for public reading in May 2024.

  Covid-19 recovery

  A blend of virtual and face to face care facilitated by the patientMpower system has been shown to reduce face to face follow up appointments by 70%, and increase the overall number of clinical contacts that hospital teams are able to make as a result of more efficient working. This can reduce NHS waiting lists and reduces reliance on specialist clinical roles. Reduced hospitalisation and early discharge reduces hospital capacity enabling front-line services to focus on patients with the highest needs. Supported self-management can also reduce pressure on primary care services.

  Tackling economic inequality

  patientMpower enabled virtual care enables faster and more equitable care access for patients and removes the financial burden of travel to hospital based appointments. The platform has been shown to reduce the cost of travel and reduce missed days from work for patients and caregivers.

  Equal opportunity

  The platform is available to all users prescribed the service by a clinician. The platform has been co-designed with users to support high accessibility standards. It is available in multiple languages and has been demonstrated to be usable by those with impaired hand function.

  Wellbeing

  The patientMpower platform has been shown to improve patient's wellbeing, support them in maintaining exercise and activity goals and offer a sense of reassurance and security. The platform can offer tailored educational content to patients, such as mindfulness support or advice on managing anxiety. The platform has been co-designed with clinical users to ensure ease of use and reduce work-load pressure on busy healthcare professionals.

Pricing

• Price: £1,850 an instance a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Free trial of service including provision of integrated devices for three patients.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at eamonn@patientmpower.com. Tell them what format you need. It will help if you say what assistive technology you use.