Dentally
Fully cloud hosted Dental Practice Management platform for multiple clinical locations under a single patient database. We provide a comprehensive suite of software including integrated Digital Radiography and Patient Portal services, supported by a UK based team of experts.
Features
- Comprehensive real time reporting suite
- Browser based remote access
- Online patient forms (e.g Medical History)
- Online patient appointment booking
- Open API for extended reporting & interoperability
- Full dental clinical recording
- Automated recall management
- Configurable role based user access
- Full NHS features & claiming capabilities
- Integrated Digital Radiography
Benefits
- Automated features reduce administrative workload
- Reduction in paper usage through use of e-forms
- Increase in patient mobility through centralised database
- Reduction in local infrastructure costs
- Centralised administration & configuration
Pricing
£2,220 to £6,180 a licence a year
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
1 6 9 4 0 0 5 3 9 5 8 6 9 1 3
Contact
HENRY SCHEIN ONE UK LIMITED
Paul Edwards
Telephone: 07968537916
Email: paul.edwards@henryscheinone.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- Not Applicable
- System requirements
-
- Windows 10 or macOS 3.15
- Intel Core i3 or equivalent
- 8GB RAM
- High Speed Broadband (Download - 24+Mbps: Upload - 10+Mbps)
- Google Chrome Browser
- Monitor resolution 1920x1024 : 21.5" Screen
- IOS 13 or higher for iPad App
- 64-Bit OS
- Dentally Vision Module: TWAIN Drivers v1.9 or later
- Dentaly Vision Module: 3D - 4+MB Graphics Card
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Initial response - 5 minutes
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- WCAG 2.1 AA or EN 301 549
- Web chat accessibility testing
- Delivered using Intercom platform (https://www.intercom.com/)
- Onsite support
- No
- Support levels
-
All software support is included in subscription costs and is provided primarily via an in-application chat feature (although phone & email are available).
'How to' queries are answered immediately
'Software Issues' are triaged based on a Severity/Impact Matrix & prioritised accordingly
'Feature Requests' are captured in an internal system and prioritised appropriately - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Full engagement is undertaken to understand how the Service operates on daily basis in order to map workflows into Dentally and personalise the solution according local requirements. A training plan is then drawn up for Super Users and End User (implementing a 'Train the Trainer' model if desired). Training is delivered via a series of remote sessions that allow flexibility in staff scheduling & access to workstations, and are recorded for future use by the Service. This is supported by an open virtual room when going live, access to an online library of support articles & videos and ongoing access to support agents via email or chat.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- Our Development Team will enable an export of the data into a series of CSV Files. Any documents or files uploaded to Dentally will be returned in their original format. Any correspondence generated from within Dentally will be exported as a PDF file.
- End-of-contract process
-
Included:
Enabling the manual extract of data into CSV.
Export of document/correspondence library
Excluded:
Everything else
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Chrome
- Application to install
- Yes
- Compatible operating systems
-
- MacOS
- Windows
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
-
Dentally has an iPad application to manage Reception or Chairside completion of Medical History and Consent Forms only.
The core application has not been optimised for use on mobile devices. It can technically used, but navigation is unlikely to be user friendly. - Service interface
- No
- User support accessibility
- None or don’t know
- API
- Yes
- What users can and can't do using the API
-
Our Open API is accessed via Token Key & OAuth Authentication.
Most are limited to read events, but changes can be made in the following areas:
- Patient Appointment Add/Edit/Delete
- Patient Record Add/Edit/Delete - API documentation
- Yes
- API documentation formats
- Open API (also known as Swagger)
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
The solution can be fully personalised to suit existing working process and some elements can be enabled or disabled as required as part of the account e.g.
-SMS Messaging
-iPad integration
-Online Booking
-Patient Portal
-Address Lookup
- E-Referral integration
- Integrated Digital Imaging
- Online Payment integration
- Accounting software integration
Personalisation can be undertaken by any user with appropriate security permissions within the solution at any time or by the supplier durign the onboarding process.
Bespoke feature functionality or other custom development requests are not supported for this solution, although all such requests or suggestions are welcome to assist in the evolution of Dentally
Scaling
- Independence of resources
- We employ cloud infrastructure auto scaling rules to ensure our product has enough capacity to cope with fluctuating demand throughout a 24hr period
Analytics
- Service usage metrics
- Yes
- Metrics types
- Limited to service & service component uptime stats via https://status.dentally.co/
- Reporting types
- Real-time dashboards
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Staff screening not performed
- Government security clearance
- None
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- European Economic Area (EEA)
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
-
1. A Reporting Dashboard allows for the export of in-application reports into CSV format for further use
2. Our Public API permits the extended extraction of data according to published documentation. We do not provide any bespoke query writing for the extraction data via the API or provisioning of Data Warehousing resources. - Data export formats
-
- CSV
- Other
- Other data export formats
- API gateway for communication with external parties
- Data import formats
-
- CSV
- Other
- Other data import formats
-
- Managed conversion from all main Practice Management Systems
- Ongoing Patient Correspondence - all standard file types
- Managed conversion based on structured CSV file (format supplied)
- Email directed to the Dentally instance's mailbox
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- Dentally provides a high level of availability due to our robust infrastructure. We are very transparent with availability and all incidents are reported and detailed on our publicly available status page. We have a target of minimum 99% uptime
- Approach to resilience
- Available on request
- Outage reporting
-
Public Dashboard with an option to subscribe to email alerts https://status.dentally.co
Any contracts with dedicated Account Managers will reach out directly
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Username or password
- Other
- Other user authentication
- Single Sign On via Microsoft Azure AD
- Access restrictions in management interfaces and support channels
- Users are applied a security group which controls access to these aspects of the solution according to requirements
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- Yes
- CSA STAR accreditation date
- November 22, 2023
- CSA STAR certification level
- Level 2: CSA STAR Attestation
- What the CSA STAR doesn’t cover
- We leverage AWS CSA Star accreditation for this.
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
- Our Information Security program models our approaches after industry standard frameworks and practices. We have a Circilium of cyber security that all staff undertake. From a practical perspective, we have cloud security controls monitoring and logging, including AI analysis and intrusion detection systems, with a number of these inherited from, or otherwise included with our AWS hosting arrangement
- Information security policies and processes
- We have an Information Security Management System (ISMS) that defines and monitors all information security objectives in alignment with ISO 27001. A Chief Information Security Officer (CISO) is responsible for establishing, maintaining, implementing, administering, and interpreting enterprise-wide information security policies, standards, guidelines, and procedures. The CISO leads the Global Office of Cyber Security (OCS) in the implementation of the information security, compliance, and risk management program. An Information Security Executive Steering Committee exists to oversee the overall operations of the Henry Schein global information security program of which Software of Excellence is part. Information Asset (Data) Owners & Data Custodians are appropriately identified and the Office of Cyber Security periodically reviews all information processing, storage, and communication/transmission channels and controls. Information risks are addressed through mitigation, acceptance, avoidance, or transference. Information systems are both physically protected from security threats and also the risks of malicious software attacks and/or hacking. Password & Multi-Factor Authentication controls are used to limit access to network resources
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Our product development team follow modern continuous delivery practices via automated pipelines that scan for security and maintainability issues throughout the software lifecycle delivery process. All production changes are tracked against who made the change and when it was made Full audit trails are available where required. We adopt a 'Gateway' framework to ensure all coding passes through 7 'gates' (Peer Review, Best Practice Conformity, Code Linting, Automated Unit Testing, Static Code Analysis, End-to_end UI testing & Functional Reviews) before a decision is made to release anything.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- We leverage a suite of tools to ensure Dentally is continually protected against threats. We employ an application security management platform to protect against emerging threats in production, while leveraging automated tooling into our software delivery pipeline (such as dependabot) to alert us to threats inside our application code. Annual Penetration also are undertaken to ensure continued protection. Within our business we have a centralised Application Security team to proactively monitor the web for security threats. All vulnerability responses are in line with internal SLA agreements. We get advice on strategic threats from the National Cyber Security Centre (NCSC)
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- We ensure that our software and its dependencies are up to date eliminating any potential security vulnerabilities. We employ a wide range of monitoring solutions for preventing and eliminating attacks to the site. We leverage an Application Security Management solution that enables us to protect our application and APIs from malicious attacks. This service proactively monitors for threats and runs playbooks to remediate the issue in real-time and alerts us for further investigation.
- Incident management type
- Supplier-defined controls
- Incident management approach
- Plan exists for handling general cyber security events. Augmented with GDPR Data Breach protocols for investigating & reporting such events. Users report via an external mailbox for GDPR incidents or escalate through our support lines. Internal incident reports are generated and summaries are shared externally.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
- Scottish Wide Area Network (SWAN)
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
The implementation of the contract involves remote delivery of all aspects of the project including the following:
-All Training, both during & post implementation (unless otherwise requested) is provided by use of remote conferencing tools eliminating the need for the supplier or Trust staff to make any additional journeys to a specific training location.
-The data conversion that forms part of the contract is executed by remote upload to our working area and subsequent deployment to the live hosted environment is also handled remotely removing any requirement to manually transport data via removable media to the supplier
-The system being provided as part of the contract is supported remotely by the supplier without the need for onsite visits
-The solution being provided is fully hosted by the supplier removing the requirement for local IT Teams to spend time or otherwise visit Trust datacentres to install or prepare infrastructure.
In addition, the supplier’s operational environment for the lifetime of the contract will be based around a mix of the following scenarios which significantly reduces our working footprint:
- Staff who work full time in a dedicated office environment (currently 5% of Staff)
-Staff who work exclusively from home (except on specific corporate occasions as required - currently 29% of Staff)
-Staff who work on a hybrid basis between office attendance & working from home - typically 2-3 days per week in office (currently 66% of Staff)
The solution itself being provided as part of the contract is hosted on Amazon Web Servers (AWS), which has committed itself to utilise 100% renewable energy sources by 2025, and the suppliers actively seeks out 3rd party partnerships who have similar goals.Covid-19 recovery
No specific community projects are being invoked for this contract, but all supplier staff are permitted 2 days volunteering leave per annum for external activities, and the company has historically been directly involved the Outward-Bound Trust, and will continue to do so in a post COVID world. In addition, the supplier also forms part of its parent company’s ‘Henry Schein Cares Foundation’, which seeks to support and promote community-based programmes and innovations that result in better health outcomes and generate greater health equality globally.Tackling economic inequality
The delivery of the Service does not expect to directly create new employment opportunities, but our hybrid work environment means we have the flexibility to hire from across the country, irrespective of place of residence. All the supplier's staff additionally have access to the Government’s Apprenticeship Levy scheme for learning new skills, and separately the company will sponsor any courses external to this that a member of the supplier’s staff may wish to pursue. Internally, we have a comprehensive suite of course available for self improvement & learning.Equal opportunity
Henry Schein One embraces and celebrates the diversity of our team members, customers, patients, shareholders, supplier partners, and the communities in which we operate. In our workplace, everyone's voice matters, and we make decisions that reflect the collective input of everyone. Business success is about valuing people, not just profits.
To foster a diverse and inclusive workplace, we have made diversity and inclusion (D&I) a strategic priority. By 2030, we are striving to achieve gender parity at senior leadership levels, ensuring equal opportunities for all.
To promote a diverse and inclusive environment, Employee Resource Groups (ERGs) have been established, led by our dedicated team members. These global groups foster a sense of belonging, support personal development, and educate us about the challenges and successes of diverse communities. Our ERGs, including the Women's Leadership Network, Pride & Allies, Black Legacy Professionals, and COLEGAS, are instrumental in promoting diversity and inclusion throughout our organisation.Wellbeing
Promoting health equity, strengthening healthcare systems, and optimising healthcare delivery are issues at the very heart of Henry Schein One. Not only are we doing what we can to support our team members' health and wellbeing physically, mentally, and emotionally, but we also extend our efforts to the broader community.
Quality, affordable healthcare should be accessible to all, regardless of their social or economic background, and we are dedicated to making this vision a reality.
Pricing
- Price
- £2,220 to £6,180 a licence a year
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- Basic system evaluation in a sandbox environment, not to be used in a live clinical setting