UNIVERSITY HOSPITALS BIRMINGHAM NHS FOUNDATION TRUST

Healthcare Evaluation Data - Performance analytics and benchmarking system

An intuitive healthcare performance and benchmarking system supporting analysis across key areas : clinical quality, operational efficiency, data quality, patient safety & financial opportunity.
Highlighting clinical & financial opportunities, monitoring Improvement programmes and giving assurance to senior service leaders.
Designed by the NHS for the NHS

Features

• Inbuilt dashboards: Trust-wide & Specialty comparing Trust, peer, national values
• Customisable dashboards & peer groups
• Incorporates multiple datasets (HES, ONS, ECDS & national datasets)
• In-depth module analytics including patient-details linked to Trust PAS system
• Report saving & recall for repeat / monthly reports
• Automated monthly Mortality alerts
• Analysis by Region, ICB, ICP, PCN, GP, Trusts and Sites
• Export functionality for reports, charts and graphs
• Upload Local SUS data submissions
• HED API supports direct data extraction

Benefits

• High-level view of performance & benchmarking focusing attention on outliers
• Create & share bespoke dashboards and peer groups
• One-stop repository to support operational, clinical governance, strategy, BI teams
• User defined permutation to analyse data with on-screen patient-details access
• Quick recall of regular reports. Automatically refreshed to latest data
• Focused investigations for learning from deaths & mortality reporting
• Analyse performance at all levels, provide context to board reporting
• Various export formats (CSV/excel/ PDF) including exporting module visualisations
• Provides a SUS-based (earlier) view of key performance measures
• Direct download of any metric values to local data warehouse

£35,000 a licence a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hed@uhb.nhs.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

168107390788685

Contact

HED Team
01213712427
hed@uhb.nhs.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Users must be employed by the organisation purchasing the licence to benefit the health & social care system
• System requirements: Internet connection

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 24 hours
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: All support and training listed below is included in the cost of the licence.; Dedicated HED support inbox and phone line (Mon - Fri 9am - 5pm); Dedicated account manager.; Access to HED trainer - 5 days (or 40 virtual hours) training per annum for the duration of the licence (group or individual).; Consultancy at extra cost
• Support available to third parties: No

Onboarding and offboarding

• Getting started: 1.The agreed implementation plan defines training for each area of the organisation (bespoke to customer requirements). ; 2.Online ( MS Teams) or onsite full on-boarding training - focussed sessions across all areas within the HED system; 3.In addition, online support via videos, manuals and FAQ's within the HED Support area ; 4. Access to dedicated HED Support Inbox for user questions & queries.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Not applicable
• End-of-contract process: Deactivate users access to the HED portal. ; User login credentials will be deactivated. ; No additional cost to buyer.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Desktop and mobile application is the same
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: The HED API allows users to extract dashboard metrics data straight into any internal systems and software that support API integration & consuming, without the need to use the visual interface provided by HED. Examples of this include software such as SoapUI, Postman, Power Bi, but this is not an exhaustive list. Ability to set up timed procedures to consume the API following each data refresh. Users are able to select specific metrics to be extracted or all metrics.; Limited number of consumptions (30) per user, per month
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: All customers can customise;; -Dashboards; -Peers; -Module outputs; -ICB mapping; -Saved reports ; -Email alerts for named recipients; -Map internal trust divisions for an extra layer of analysis by division ; Users customise by selecting preferred metrics & peers from a drop down list.

Scaling

• Independence of resources: Multiple servers ensure service continuity at times of higher demand - we utilise failover capability. ; ; IT monitor the servers and take the required action if necessary.

Analytics

• Service usage metrics: Yes
• Metrics types: Number of users; Names of users; Non-usage by user; Last used date; Type of data accessed; Trend data
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Users run or recall the required report, right click and export data into CSV / Excel or PDF.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • CSV/Excel
  • PDF
• Data import formats: Other
• Other data import formats:
  • Users do not upload data in to HED.
  • There is no requirement for users to upload their data
  • HED sources data from NHSD and other data providers.

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: No data transfers from the buyers network to our network.; Data is viewed in the HED portal on the internet via login & password credentials.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: UHB shall use its reasonable endeavours to make the Online Services available but cannot guarantee that the Online Services will operate continuously or without interruptions or that they will be error free and UHB does not accept any liability for it’s unavailability. The HED benchmarking tool utilises robust and secure Information technology. HED is hosted on a private and secure network located on site and uses HSCN connectivity. The server is load balanced and access is restricted to approved users. In the event of an outage we have high availability service on our servers and therefore can mobilise disaster recovery.
• Approach to resilience: The HED system has multiple load balancing servers that serve to ensure efficiency but also in the event of a problem, the users would not notice any issues as the service will shift to an alternative server and continue to be in operation.
• Outage reporting: Users are notified as early as possible, initially notified via email about any outages as well as if possible via the system portal. Users will be kept up to date about the issues the service is experiencing including timescales and updates regarding a fix . An email is delivered to all users from HED support

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Login credentials determine (restrict) system access. This is based on pre-configured user access requirements which are set up at point of implementation.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Lloyd's Register Quality Assurance Limited (LRQA)
• ISO/IEC 27001 accreditation date: 09/04/2019
• What the ISO/IEC 27001 doesn’t cover: Provision of IT services to non NHS organisations
• ISO 28000:2007 certification: Yes
• Who accredited the ISO 28000:2007: Lloyd's Register Quality Assurance Limited (LRQA)
• ISO 28000:2007 accreditation date: 09/04/2019
• What the ISO 28000:2007 doesn’t cover: Provision of IT services to non NHS organisations
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: ISO 9001 for Quality Governance; Data Protection Act (2018) ; Relevant GDPR regulations as well as the Caldicott Principles and NHS code of Practice for Confidentially.; Data encrypted to Advanced Encryption Standard AES-256 encryption ; Registered with the UK Information Commissioner’s Data Protection Public Register https://ico.org.uk/ESDWebPages/Search
• Information security policies and processes: The services associated with HED are provided by UHB ( University Hospitals Birmingham). UHB Information Security and Access Policy and it’s associated documents ensure UHB has in place an overall information security management framework, which protects to a consistently high standard from all potentially damaging threats and vulnerabilities, external and internal, deliberate or accidental. ; All Trust IT system users must abide by the rules set out in this policy and it’s associated documents, the policy is supported Controlled documents; Access Control Procedure, IT acceptable Use Policy, Procurement Policy, Removable Media Procedure, Information Governance Policy, Information Asset Procedure; Information security is included in the mandatory annual Information Governance Training. All staff must attend Information Security training as identified. The Information Governance lead is responsible for developing and maintaining policies, procedures and protocols in compliance with relevant legislation as well as monitoring implementation. ; Managers are required to provide regular reminders to staff through 1-1’s and team meetings regarding their responsibilities when processing data (on-going awareness) and to do so in compliance with the Trusts IG / IT policies and procedures and Data Protection legislation.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Process:; Change Request initiation is via service request form.; Change request submission content and details discussed between the requestor and the relevant ICT service teams ; ICT Quality and Change Manager enters details on Systems register; The Head of Technical Operations and Infrastructure reviews the content and accuracy of the Change Form. ; The ICT Quality and Change Manager or nominated deputy will carry out checks before submitting to CAG; Trust Representation receives submission for quality check ; Categorisation and Prioritisation; Approval/Rejection – if rejection re-evaluate and modify request; Change Implementation; Post Implementation Testing; Unsuccessful Change Outcome; Cancelled Changes; Post-Change Implementation; Change Reporting
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: UHBs Information Security and Access Control Policy, requires an annual penetration test of the network on all existing systems, includes a vulnerability scan. Any vulnerability classified as critical or high detected is logged with the SIRO. The penetration test is conducted by a third-party supplier, agreed upon, authorised and reviewed by the IT Security Manager. In addition to the annual penetration test, IT systems are regularly tested to ensure ‘business as usual’ and each business unit is responsible for ensuring that business critical systems have approved business impact assessments and business continuity/recovery plans, deployed in the event of an emergency
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: All risks are managed in line with the Trust’s Risk Management Policy. Incidents are managed through the incident reporting system ( Datix)IT assets are protected under the trusts Information Security Policy - ensuring only authorised individuals have access. IT systems are maintained through the implementation of patches and new deployments. Unsupported software are identified and risk assessed with the Senior Information Risk Owner (SIRO). Monitoring user usage activity via user logs. IT assets containing business critical information assigned an Information Asset Owner (AO)
• Incident management type: Supplier-defined controls
• Incident management approach: Senior Information Risk Owner(SIRO) supported by IG ensures identified information security incidents are investigated and acted upon. All suspected or actual information security incidents must be reported via trusts online incident reporting system, managed in accordance with the Policy for the reporting and management of incidents, Information Governance and IT Security Management Procedure. Root Cause Analysis ( RCA) is conducted routinely as part of the trusts lessons learned activities following an information security incident; Members of the trusts Information Security Assurance Group are responsible for ensuring common approaches to risks and for monitoring compliance with Information Security and Access Policy

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity

  Fighting climate change

  During the contract UHB will continue to deliver local environmental initiatives including the solar panels project across 19 trust locations in the region, saving more that 1,100 tonnes of CO2 and generating enough electricity to power 680 homes. The waste reduction initiative; which reduces waste going into local landfill by increasing use of reusable and recyclable material - keeping this from landfill reduces the amount of waste which can damage the natural environment. UHB’s planting initiative sees more than 300 trees and one hectare of wildflowers planted to boost the environment for staff and patients, benefit air quality locally and encourage biodiversity.

  Equal opportunity

  UHB informatics department will participate in the annual open day / careers event for local & regional schools and colleges to present insight into Health data analysis and Informatics.

Pricing

• Price: £35,000 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: One week's usage of HED portal

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hed@uhb.nhs.uk. Tell them what format you need. It will help if you say what assistive technology you use.