OPEN LINE VITALY LIMITED

Vitaly MDTs and Referral Management

Our Vitaly Platform helps NHS professionals connect different systems, care teams and patients, allows them to collaborate more efficiently and improves the patient healthcare experience. Our solution connects regional physicians and diagnosticians involved in multidisciplinary teams (MDTs) to ensure they can make the best treatment recommendation for their patients' care.

Features

• Used by regional multidisciplinary specialists during the diagnostic phase
• Connects regional physicians and diagnosticians involved in MDTs
• Retrieves patient data from different hospital systems in one application
• Streamlines the complex decision-making process through interoperable workflows
• Decisions are automatically securely shared back to the patient record
• Allows MDT participants to prioritise, manage and organise their time
• Tracks key metrics for operational activities and quality of care
• Compatible with NHS IT systems and video conferencing platforms
• Automates report generation by integrating with clinical systems

Benefits

• Reduces waiting times for treatment
• Results in a 35% increase in the quality-of-life score
• Reduces administrative costs and encourages standardised, high-quality care
• Improves communication by integrating multiple systems
• Allows clinicians to review information in advance of meetings
• Improves access to information and decision support in MDT meetings
• Allows decisions to be shared automatically with wider care team
• Empowers patients through increased involvement in their care/treatment plan
• Provides equitable access to the best available resources and interventions
• Reduces time spent on manual tasks through data exchange automation

£7.50 to £91 a unit a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at janez.bensa@parsek.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

163100230783333

Contact

Janez Bensa
02034888460
janez.bensa@parsek.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Services can be standalone or connected to other IT systems. Using configuration options, we can connect to systems that support HL7 V2&V3 and FHIR UK/HL7 interoperability standards. ; ; We can, on request/at an additional cost, establish connections to other external systems/devices, such as MS Teams, CISCO Webex and RPM Devices.
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: Our systems do not have any service constraints as the solution is hosted on clients' networks.
• System requirements:
  • 6x virtual servers, 2xvCPU, 8GB RAM, 100G storage
  • 1x managed PostgreSQL, multi-AZ, 2vCPU,8GB RAM, 200GB storage
  • 4x instances of managed service load balancer with SSL termination

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Typically within 2 hours during office hours.; ; Weekends and bank holidays critical support only to ensure uninterrupted service.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Service levels are developed in agreement with clients dependent on key factors including business criticality and budget. Initial response times are as agreed at the design of the service but are usually within 2 hours. We also provide our clients with a technical Account Manager who can escalate issues throughout the organisation.; ; Support is organised into three levels according to the IT Infrastructure Library (ITIL). ; ; 1) First level support: ; This is usually provided by the clients themselves or a dedicated team within the organisation and consists primarily of basic troubleshooting, such as identifying network errors, obtaining advice and support, and/or gathering additional information.; ; 2) Second level support:; This is provided by us and includes conducting in-depth investigations and problem-solving.; ; 3) Third level support:; This is provided by us for managing the most difficult problems, which may include developing solutions for novel issues.; ; Support is typically provided during working hours, from 9:00 to 17:30, Monday through Friday (excluding bank holidays). Support can be obtained by contacting us through e-mail or phone.; ; Additional support outside working hours can be provided at additional cost if required.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We assist users in transitioning smoothly to our service through a comprehensive onboarding plan. Our adoption plan encompasses several phases, each tailored to address the unique needs and roles of users within their organisation.; ; We help healthcare professional get up and running with the solution by providing:; • Training, including: ; - Immersive on-site sessions; - Online modules accessible through our platform or website; ; • Educational support, ongoing support, and user documentation, including: ; - Detailed instructions; - FAQs ; - Troubleshooting tips; - Tutorials; ; Our adoption plan also incorporates a set of materials and tools to support users throughout the adoption journey. This includes the Ambassadors and Power User program, which identifies and manages project supporters, and a comprehensive training program tailored to various user groups, including Users, Power Users, Project Management, and Support Specialist teams.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: The data is always controlled by the client. We are only acting as a data processor according to the contract and all applicable laws for the time of the contract. To ensure the data can be reused at the end of the service, we will extract the data in accordance with FHIR UK healthcare IT interoperability standards. Data can be destroyed at the Controller's request. The Controller can retain the data without any limitations according to applicable laws.
• End-of-contract process: Before a termination, we prepare a detailed Termination Plan which outlines how data will be transferred. The data is always controlled by the client. ; ; To ensure that the extracted data can be reused and seamlessly integrated with other healthcare IT systems/applications, data is extracted in accordance with FHIR UK healthcare IT interoperability standards. ; Users also have the option to request the destruction of their data at the end of the contract. We comply with such requests promptly and securely, ensuring that the data is permanently and irreversibly removed from our systems in accordance with GDPR and best practices.; ; Our offboarding process includes:; • Prioritising data security and integrity by employing robust encryption and authentication mechanisms to safeguard the confidentiality and integrity of the extracted data; • Ensuring compliance with relevant data protection regulations, such as the GDPR, to protect the privacy rights of individuals whose data is being processed; • Preventing unauthorised access and ensuring the security of the systems and data by making all environments managed by us inaccessible to users ; ; There are no additional charges for standard data extraction according to the FHIR UK. For any specific data extractions and/or migration, a tailored quotation will be provided.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: No functional differences. Responsive design and layout provide a user-friendly experience.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: There are different service interfaces, including:; ; • IAM interface: for setting users, realms, groups, permission, multi-factor authentication (MFA), and single sign-on (SSO); • Application Service Modules: where an ICT administrator can, for example, create teams and set up in-app permissions and roles; • Virtual server administration interface: used by System Administrators to operate virtual infrastructure and virtualised servers
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: We perform various usability tests. One of the focus areas is accessibility testing, which is done through:; ; • In-person user testing performed by volunteers with impairments; • Dedicated usability-testing service providers; • Using static markup analysis checking against WCAG 2.1 AA; • Our internal QA and QC verifying and validating using browser extensions and specialised tools used by users with impairments
• API: Yes
• What users can and can't do using the API: Our API is by default locked so that external systems cannot interact with it. To demonstrate how different systems and devices exchange data that enhances patient care and streamlines workflows, we open our API to provide interoperability use cases. This means that we expose standardised HL7 FHIR or HL7 V2. V3 API endpoints can be used according to the integration statement. The openness and configuration of the API is project-based because it must be aligned with the client. The client can use API in the pre-defined use-cases according to the Integration Design Document and HL7 standards.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The client cannot customise our solutions using a dedicated admin interface. In terms of customisation, we support:; ; • Visual design customisation, colour scheme, logo and translations; • Custom form extensions within a predefined application logic flow; • Customisation of application reporting capabilities; ; Please note that all the above customisations need to be aligned between parties and implemented by us or a certified partner.

Scaling

• Independence of resources: Each client has a dedicated segregated deployment hosted on the chosen cloud or self-hosted which can be scaled up in line with demand.; ; Environments are actively managed and scaled up in line with needs.; ; To facilitate immediate action to address it, in the event of performance degradation occurring, our service management tooling will automatically trigger an incident that will alert us to the problem.

Analytics

• Service usage metrics: Yes
• Metrics types: Auditing, usage data, user logins, errors and exceptions logs, security metrics, capacity metrics, application performances, system performances, key application events, various clinical insights.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Data can be exported in a number of structured ways depending on the user and their access privileges.; ; Patients can self-export all their direct data that is contained in the platform with restrictions placed on external linked data.; ; Healthcare users can export data in any structured way.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Images - media files
  • XML
  • CDA
  • Zip
• Data import formats: Other
• Other data import formats:
  • HL7 Interoperability Standard/FHIR Resources
  • HL7 V2/V3
  • Custom Structured Data Import (e.g. CDA and XML)

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The Vitaly platform is hosted on the user’s site or a third-party hosting site. We therefore do not have availability responsibility as the Vitaly platform is hosted remotely for us. We have service levels for support that are detailed in that section. Product updates are scheduled and agreed upon with the client prior to installation.
• Approach to resilience: Our service primarily utilises a service provider that has multiple hosting sites within the UK and/or EU with the diverse routing of communications and power. To provide a resilient service, we use a service configuration that makes use of these capabilities. In case the client requires a private cloud- or self-hosted deployment, we recommend a high-availability (HA) deployment model.
• Outage reporting: The client is informed of outages through our Helpdesk. If the client has a monitoring or telemetry service, we can feed outages and other system events directly as well. The service provider uses a proprietary monitoring and alerting solution for virtualisation and networking. On the application level, we proactively monitor all services and perform log aggregation and rule-based alerting in order to trigger proactive alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Our preferred cloud platforms are AWS and Microsoft Azure. For our standard service Management Console, we offer console-based configuration management and web-based web application server management. Identity and access (IAM) management is web-based. For accessing the management and support consoles, a secured connection is needed and multi-factor authentication is mandatory. Typically we whitelist IP ranges that are allowed to connect.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Slovenian Institute of Quality SiQ
• ISO/IEC 27001 accreditation date: Q3-2022
• What the ISO/IEC 27001 doesn’t cover: All organisational processes are covered and there are no exceptions from standard controls.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: To guarantee IT security, information asset confidentiality, integrity and availability, we have all ISO 27001:2022-required policies and controls in place , including but not limited to:; ; • Information Security Policy; • Risk assessment methodology; • Definition of security roles and responsibilities; • Disaster Recovery Plan; • System Resilience Testing Plan; • Incident Management; • Asset acceptable use; • Access Control and User Rights Policy; • Operating procedures for IT management; • Supplier Security Policy; ; We have a nominated Security Officer who undertakes scheduled audits and ensures security policies are followed. The Security Officer reports directly to the Management board. External review and audit are performed at least once a year.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our configuration and change management approach is aligned with ITIL, and PMBOK practices and is further strengthened by ISO 9001, ISO 14001, ISO 13485, IEC 62304 and ISO 27001 controls.; ; We adopted the configuration as code principle years ago, which means all our configurations are scripted and versioned. To catalogue all active configurations on any deployment, we use a configuration management server.; ; Every change is first tested in a dedicated sandbox environment and in a client pre-production environment. Our QC and DevOps teams have a test plan ready to assert the applied changes.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerability management is aligned with ISO27001:2022 standards. We have a dedicated team and clear ownership over vulnerability management. To assess potential threats, we: ; ; -Have a set of manual controls ; -Use static/dynamic vulnerability detection using specialised tools; -Are currently implementing a SIEM tool linked to our Log Aggregation platform; ; Patches are deployed according to SLA agreement, depending on criticality. Critical 2nd level incidents are typically responded to within 2h. For the 3rd level of support, response time is usually within 2h.; ; We derive information about potential threats from:; ; -Security vendors/advisories ; -Threat intelligence feeds; -Industry reports/research; -Security forums/communities; -Internal incident data
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Protective monitoring is part of our ISO 27001:2022-aligned policies for continuity, availability and resilience management. The practices are also aligned with recognised standards such as CSA CCM v3.0.; ; All services are managed at the boundary by NIDS. Our services also provide application-level logging and HIDS protection. All alerts are forward to the centralised monitoring platform and trigger support intervention. Depending on the severity, we would respond within the SLAs of our services.
• Incident management type: Supplier-defined controls
• Incident management approach: Conforms to recognised ISO 27001:2022 standard and ITIL practices. We have a clear incident management protocol with clear ownership and a predefined runbook for remediation and reporting. Users can log an incident via email, phone, web interface and also chat. Incident reporting is via the web interface. Additional reports can be supplied by request at additional cost. The Head of Quality and Compliance oversees communication with authorities, and the Chief Operating Officer is responsible for communicating with clients and users. The IT System administrator runs the remediation activities. Our incident management process is based on ITIL principles.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Other
• Other public sector networks: Can connect upon request

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Aligned with our ISO14001 accreditation and Environmental Management Systems (EMS), we are committed to fighting climate change and have set targets to achieve Net Zero by 2050. ; ; By providing solutions that allow specialists to collaborate remotely on highly complex patient cases that require attention over an extended timeframe, we contribute to several main factors in regulating climate change. Contributions through our service provision include: ; ; • Contributing significantly to the reduction of paper-based communication, which leads to a reduction in water and tree consumption at a high level; • Reducing the need for in-person visits by both patients in hospitals and specialists during in-hospital meetings, which has a significant impact on logistics-related traffic and associated greenhouse gas emissions; • Helping our clients decrease their environmental impact by reducing travel for both their staff and patients; ; To fight climate change in line with our environmental policy, our wider initiatives include: ; ; • Regularly evaluating our environmental objectives and working to continuously improve our environmental practices; • Promoting the segregation of waste at our workplaces and separating any waste generated by our activities, then handing it over to authorised waste collectors; • Promoting the use of environmentally friendly/advanced technologies that reduce energy consumption ; • Only establishing partnerships with suppliers who act in accordance with our environmental principles; • Communicating our environmental policy to all employees and providing carbon literacy training during induction, which is refreshed annually

  Covid-19 recovery

  Our solution assists with Covid-19 recovery aims as it:; ; • Supports people and communities to manage and recover from the impacts of Covid-19, including those worst affected or who are shielding; • Supports organisations and businesses to manage and recover from the impacts of Covid-19, and provides new ways of working to deliver services; • Supports the physical and mental health of people affected by Covid-19, including reducing the demand on health and care services; • Improves workplace conditions that support the COVID-19 recovery effort including effective social distancing, remote working, and sustainable travel; • Supports the physical and mental health of people affected by COVID-19; • Protects clinicians’ health ; • Improves access to care ; ; It achieves the above by:; ; • Minimising in-person contact and the need to travel; • Offering virtual collaboration options between different organisations and patients; • The embedded smart workflow engine, which streamlines the process, ensures comprehensive access to all relevant patient information, and optimises clinicians' time and administration efforts; • Allowing the team to exchange opinions, communicate, review documents, and manage patients remotely without travelling or any other logistic effort required to perform care activities

  Tackling economic inequality

  We help organisations reduce the costs of administrating healthcare pathways and support the development of scalable and future-proofed new methods to modernise delivery and increase productivity. This reduction in cost is achieved through our technological solutions. These savings can then be used by the organisation to increase the frontline service and hence have a direct impact on creating new jobs.; ; We can also help create employment opportunities, including for those who face barriers to employment and may be located in deprived areas. We do this by providing solutions that enable collaboration between organisations and digital care that are closer to home. This leads to the automation of clinical routines, data sharing and easing the workload of clinical teams while creating a need for new roles. These roles include administration, research, ICT and support roles that require soft and digital skills rather than extensive medical knowledge.; ; Our solution enables healthcare professionals from diverse backgrounds and geographic locations to collaborate effectively during MDT meetings. This means that individuals, especially those in underserved or rural areas, can access specialised healthcare services without the need to travel long distances or incur additional expenses. By providing equitable access to high-quality healthcare, our solution helps mitigate disparities in health outcomes and reduces the financial burden on economically disadvantaged individuals.; ; Often serving economically vulnerable populations, our solution offers support for small healthcare practices and community clinics. By facilitating collaboration and information sharing among multidisciplinary healthcare teams, these practices can deliver more comprehensive and coordinated care to patients, leading to improved health outcomes and reduced healthcare costs. Additionally, our solution may provide small practices with access to specialised expertise and resources that they may not have otherwise, enhancing their capacity to serve economically disadvantaged communities effectively.

  Equal opportunity

  To tackle workforce inequality and reduce the disability employment gap, we are an equal opportunities employer, and we have policies and procedures in place to ensure that none of our staff are discriminated against in any way. We monitor protected characteristics and work with organisations that represent these cohorts to encourage representation, including those with disabilities, in our recruitment processes and amongst our staff. ; ; Reflecting our values of empathy and inclusion, staff are made aware of the impact of discrimination on any grounds, and we provide training to ensure awareness and empathy are always exhibited. ; ; We have zero tolerance for any kind of sexual, racial, disability, or social discrimination. Evidencing actions to bridge the gender pay gap, we pay men and women the same wage according to their roles in our organisation.; ; Involving people and understanding their experiences is essential for achieving qualitative results. To support people with disabilities, impairments or those with less experience in technology, when designing our solutions, we follow WCAG 2.1 guidelines to ensure access to as many people as possible.; ; Providing accessible solutions, our digital platform is designed with accessibility features that accommodate individuals with disabilities, such as screen readers, voice recognition and customisable user interfaces. By ensuring that the platform is accessible to all users, including those with disabilities, we promote inclusivity and provide equal opportunities for participation in MDT meetings.; ; Enabling remote working, our solution enables remote participation in MDT meetings, allowing individuals with disabilities to contribute to healthcare teams without the need for physical presence. This flexibility in work arrangement removes barriers to employment for individuals with mobility, transportation, or other challenges associated with traditional office-based work environments.

  Wellbeing

  We are committed to ensuring the wellbeing of our staff, and this is fundamental to the way we work. Staff are encouraged to propose flexible ways of working that best suit their lifestyles. Additionally, we offer wellbeing programmes that focus on healthy eating, exercise and encouraging outside interests.; ; Our biggest impact is on the wellbeing of patients undergoing treatment, recovery and long-term care. Our solutions help these patients by involving them in their treatment and care programmes and by providing a means for remote support by healthcare professionals. This collaborative multidisciplinary approach has resulted in a 35% increase in the quality-of-life score, due to continuous support, improved communication and remote surveillance options.; ; Patients in recovery and care programmes are fully empowered with our patient application, which enables them access to all their medical data and important health-related information on their preferred device. Supporting their mental health, they can easily let their care teams know how they feel by filling in digital forms (such as HNA and EPIC) from the comfort of their home. ; ; To help ease anxieties over missing appointments, they can set alerts to be reminded of appointments or other activities within their proposed care plan. Above all, they can get in touch with their care teams when they need them, and they benefit from less disruption to their lives from fewer hospital visits if they are not necessary.

Pricing

• Price: £7.50 to £91 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at janez.bensa@parsek.com. Tell them what format you need. It will help if you say what assistive technology you use.