KINATA LTD

Kinesis Advice and Guidance

Kinesis Advice and Guidance has been specifically developed to provide a Specialist Advice and Guidance platform for referral management. This has been demonstrated to improve referral practices and patient outcomes, contributing to significant savings.

Features

• Real-time reporting
• NICE Integration
• Search Functionality
• Auditable
• 24/7 support
• Development and feature requests welcomed
• PDS Integration
• Full administrative capabilities
• Ers Integration and Referral

Benefits

• Fast Response Times
• Simple search functions
• Find individual consultants or speciality groups
• Send referrals without leaving the system
• Overviews of your personal performance
• Easy access to high-level data and tends
• Treat more patient's locally
• Prevent unnecessary referrals
• PDS integration
• A&G and eRS Referrals, all in one space.

£2,000 to £49,000 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ben.harrison@kinata.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

160887234744568

Contact

Ben Harrison
07891624419
ben.harrison@kinata.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Hybrid cloud
• Service constraints: We currently don't have a direct integration with patient record systems. We are currently working on the implementation of a floating toolbar that will mitigate this issue.
• System requirements: Requires Wifi or mobile-data connection.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Monday to Friday our support team will respond to questions within the hour. On weekends, our support team will take up to 3 hours to respond.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Kinata's first and second line support comes at no additional cost to the buyer. Kinata provides first-line email and phone support to all clients. Our users can contact us and their local CCG through our 'help' tab on the system. Kinata also has 'Kinesis Administrators' working at the CCG, Hospital, and GP surgeries.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Kinata have a formal implementation plan in place for each buyer. As our solution is a web-based service there is no need for downloading software. Kinata's implementation includes gaining buy-in from the local NHS Trust as well as all primary and community services in the clients commissioning area. The Kinata team will offer the client a choice of in-person training or alternatively online training via MS Teams. Kinata will manage all administrative duties including adding the NHS services and users to the system. By following our implementation plan we can assure the client experiences as little disruption as possible. Thanks to our user-friendlly four-step process, our training sessions take no longer than 30-minutes and in some cases, users don't require training at all.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Training videos.
• End-of-contract data extraction: If a clinical user would like to be removed from the system, they can request for their account to be 'disabled' by the Kinesis support team. ; ; We collect minimal patient identifiable data (only NHS Number, Full Name and Date of Birth) however the system allows clinicians to hold a complete conversation relating to a patient.; ; We collect the patient identity only once at the point of conversation start and the conversation is added to repeatedly until closed by the clinicians involved. ; ; Data is retained indefinitely, in accordance with each customer contract.; We store data on any individual who requires advice and guidance. To date, we have processed data on around 200,000 individuals.; ; No processing of the data beyond the clinical purpose described takes place.
• End-of-contract process: If a client would like to end the contract, we require three months' formal notice from the client's directors. Once the contract has been terminated Kinata would then block access for all clinical users and services attached to the client. All data is retained indefinitely in accordance with each client contract however, the client can request for the data to be removed when terminating the contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The system works as effectively on a mobile phone as it does on a Laptop or tablet device.
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: No

Scaling

• Independence of resources: The application is constantly monitored on performance and is hosted on Microsoft Azure allowing us to increase or decrease resources as required.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide many measurable metrics among which are, user activity such as log in or log off as well as sessions reports to understand the number of messages created.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Other
• Other data at rest protection approach: Sensitive data is encrypted at rest within an Azure SQL database or Azure Storage.
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Only Kinata Administrators can export data. Administrators have access to a full reporting suite where they can extract outcome-based data. Administrators can export data on users, outcomes of the clinical conversations, response times and much more. We do not report on any PID data. We have no relationship with individual patients. The Data Controller and their designated genets (GPs, consultants and other health professionals) maintain those relationships, in accordance with their contracts and professional duties. We understand that GPs seek consent from the patient to use the service; we operate the system in accordance with this.
• Data export formats: Other
• Other data export formats: Excel
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Our SLA guarantees 99.9% uptime.
• Approach to resilience: We are hosted on Microsoft Azure.
• Outage reporting: Email alerts to administrators.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: We use Microsoft.net Identity with roles.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • DTAC Certification
  • ICO Registration Certification

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials and DTAC Approved.
• Information security policies and processes: Kinata have an obligation to ensure that policies and procedures are in place to protect information and access to systems. This obligation is protected in law through the Data Protection Act 2018, which incorporates GDPR and is required for us to meet the requirements of the Data Security and Protection Toolkit (https://www.dsptoolkit.nhs.uk/Assessment) ; ; Information flow needs to be controlled and any security breaches must be reported in a timely matter. It is the responsibility of all employees to be aware of these procedures and any information assets they are responsible for. All Kinata staff undertake yearly IG training which is monitored by our DPO.; ; Information security incident:; ; An information security incident is any violation of Kinata Information Governance (IG) Policy. The term security incident and suspected incidents include, but are not limited to, incidents that disclose, deny access to, destroy or modify of the company’s data without this being the company’s intent. ; ; An incident may arise in any of the Company’s many information handling requirements, including: ; ; The NHS confidentiality Code of Practice ; ; Information Security Assurance ; ; The Data Protection Act 2018, which incorporates GDPR ; ; Data Security and Protection Toolkit (https://www.dsptoolkit.nhs.uk/Assessment)

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Any change request whether internal or from a client is discussed internally for any potential security breach such as exposing data, unauthorized access etc. Where sensitive data will be exposed we always seek written sign off from the CCG.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: As we are hosted on Microsoft Azure PAAS security patches are automatically applied by Microsoft. Our code base is also kept up to date with the latest frameworks usually within two weeks of release. We receive information directly from Microsoft and the NHS as well as monitoring security sites such as Cyber Essentials.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We use Microsoft application insights to actively monitor and alert for potential compromises. We will respond immediately to incidents reported by the client or our active monitoring. If a compromise is found we would immediately contact our NHS clients and follow our incident procedure.
• Incident management type: Supplier-defined controls
• Incident management approach: Kinata has a GRC Operational Procedure that details what must be taken if a security breach/incident occurs. Users will report incidents directly to the Data Protection Officer who is then responsible for completing the incident log and necessary actions. Kinata has an Incident log that captures ALL security and information governance breaches/incidents. Kinata can provide the documented procedure upon request.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  The Kinesis A&G system can reduce the NHS's carbon footprint by mitigating the need for unnecessary patient travel to unneeded first outpatient appointments.
• Covid-19 recovery:

  Covid-19 recovery

  Throughout the pandemic, Kinesis A&G saw its usage double. As many patients could not access hospital appointments, it became even more apparent that our solution could support GPs to treat more patients in a local setting. The NHS now has the longest waiting times since records began. Kinesis can support the NHS to reduce the waiting lists by supporting primary care to treat more patients locally.
• Tackling economic inequality:

  Tackling economic inequality

  Kinesis A&G can make an economic impact by helping the NHS to avoid unnecessary outpatient appointments. Currently, Kinata has helped the NHS to save over £14m on avoided first outpatient appointments.

Pricing

• Price: £2,000 to £49,000 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ben.harrison@kinata.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.