Skip to main content

Help us improve the Digital Marketplace - send your feedback

HENRY SCHEIN ONE UK LIMITED

Dentally

Fully cloud hosted Dental Practice Management platform for multiple clinical locations under a single patient database. We provide a comprehensive suite of software including integrated Digital Radiography and Patient Portal services, supported by a UK based team of experts.

Features

  • Comprehensive real time reporting suite
  • Browser based remote access
  • Online patient forms (e.g Medical History)
  • Online patient appointment booking
  • Open API for extended reporting & interoperability
  • Full dental clinical recording
  • Automated recall management
  • Configurable role based user access
  • Full NHS features & claiming capabilities
  • Integrated Digital Radiography

Benefits

  • Automated features reduce administrative workload
  • Reduction in paper usage through use of e-forms
  • Increase in patient mobility through centralised database
  • Reduction in local infrastructure costs
  • Centralised administration & configuration

Pricing

£2,220 to £6,180 a licence a year

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at paul.edwards@henryscheinone.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

1 6 9 4 0 0 5 3 9 5 8 6 9 1 3

Contact

HENRY SCHEIN ONE UK LIMITED Paul Edwards
Telephone: 07968537916
Email: paul.edwards@henryscheinone.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
Not Applicable
System requirements
  • Windows 10 or macOS 3.15
  • Intel Core i3 or equivalent
  • 8GB RAM
  • High Speed Broadband (Download - 24+Mbps: Upload - 10+Mbps)
  • Google Chrome Browser
  • Monitor resolution 1920x1024 : 21.5" Screen
  • IOS 13 or higher for iPad App
  • 64-Bit OS
  • Dentally Vision Module: TWAIN Drivers v1.9 or later
  • Dentaly Vision Module: 3D - 4+MB Graphics Card

User support

Email or online ticketing support
Email or online ticketing
Support response times
Initial response - 5 minutes
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
Delivered using Intercom platform (https://www.intercom.com/)
Onsite support
No
Support levels
All software support is included in subscription costs and is provided primarily via an in-application chat feature (although phone & email are available).
'How to' queries are answered immediately
'Software Issues' are triaged based on a Severity/Impact Matrix & prioritised accordingly
'Feature Requests' are captured in an internal system and prioritised appropriately
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Full engagement is undertaken to understand how the Service operates on daily basis in order to map workflows into Dentally and personalise the solution according local requirements. A training plan is then drawn up for Super Users and End User (implementing a 'Train the Trainer' model if desired). Training is delivered via a series of remote sessions that allow flexibility in staff scheduling & access to workstations, and are recorded for future use by the Service. This is supported by an open virtual room when going live, access to an online library of support articles & videos and ongoing access to support agents via email or chat.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Our Development Team will enable an export of the data into a series of CSV Files. Any documents or files uploaded to Dentally will be returned in their original format. Any correspondence generated from within Dentally will be exported as a PDF file.
End-of-contract process
Included:
Enabling the manual extract of data into CSV.
Export of document/correspondence library
Excluded:
Everything else

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Chrome
Application to install
Yes
Compatible operating systems
  • MacOS
  • Windows
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Dentally has an iPad application to manage Reception or Chairside completion of Medical History and Consent Forms only.
The core application has not been optimised for use on mobile devices. It can technically used, but navigation is unlikely to be user friendly.
Service interface
No
User support accessibility
None or don’t know
API
Yes
What users can and can't do using the API
Our Open API is accessed via Token Key & OAuth Authentication.
Most are limited to read events, but changes can be made in the following areas:
- Patient Appointment Add/Edit/Delete
- Patient Record Add/Edit/Delete
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
The solution can be fully personalised to suit existing working process and some elements can be enabled or disabled as required as part of the account e.g.
-SMS Messaging
-iPad integration
-Online Booking
-Patient Portal
-Address Lookup
- E-Referral integration
- Integrated Digital Imaging
- Online Payment integration
- Accounting software integration

Personalisation can be undertaken by any user with appropriate security permissions within the solution at any time or by the supplier durign the onboarding process.

Bespoke feature functionality or other custom development requests are not supported for this solution, although all such requests or suggestions are welcome to assist in the evolution of Dentally

Scaling

Independence of resources
We employ cloud infrastructure auto scaling rules to ensure our product has enough capacity to cope with fluctuating demand throughout a 24hr period

Analytics

Service usage metrics
Yes
Metrics types
Limited to service & service component uptime stats via https://status.dentally.co/
Reporting types
Real-time dashboards

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
1. A Reporting Dashboard allows for the export of in-application reports into CSV format for further use
2. Our Public API permits the extended extraction of data according to published documentation. We do not provide any bespoke query writing for the extraction data via the API or provisioning of Data Warehousing resources.
Data export formats
  • CSV
  • Other
Other data export formats
API gateway for communication with external parties
Data import formats
  • CSV
  • Other
Other data import formats
  • Managed conversion from all main Practice Management Systems
  • Ongoing Patient Correspondence - all standard file types
  • Managed conversion based on structured CSV file (format supplied)
  • Email directed to the Dentally instance's mailbox

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Dentally provides a high level of availability due to our robust infrastructure. We are very transparent with availability and all incidents are reported and detailed on our publicly available status page. We have a target of minimum 99% uptime
Approach to resilience
Available on request
Outage reporting
Public Dashboard with an option to subscribe to email alerts https://status.dentally.co
Any contracts with dedicated Account Managers will reach out directly

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
  • Other
Other user authentication
Single Sign On via Microsoft Azure AD
Access restrictions in management interfaces and support channels
Users are applied a security group which controls access to these aspects of the solution according to requirements
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
November 22, 2023
CSA STAR certification level
Level 2: CSA STAR Attestation
What the CSA STAR doesn’t cover
We leverage AWS CSA Star accreditation for this.
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Our Information Security program models our approaches after industry standard frameworks and practices. We have a Circilium of cyber security that all staff undertake. From a practical perspective, we have cloud security controls monitoring and logging, including AI analysis and intrusion detection systems, with a number of these inherited from, or otherwise included with our AWS hosting arrangement
Information security policies and processes
We have an Information Security Management System (ISMS) that defines and monitors all information security objectives in alignment with ISO 27001. A Chief Information Security Officer (CISO) is responsible for establishing, maintaining, implementing, administering, and interpreting enterprise-wide information security policies, standards, guidelines, and procedures. The CISO leads the Global Office of Cyber Security (OCS) in the implementation of the information security, compliance, and risk management program. An Information Security Executive Steering Committee exists to oversee the overall operations of the Henry Schein global information security program of which Software of Excellence is part. Information Asset (Data) Owners & Data Custodians are appropriately identified and the Office of Cyber Security periodically reviews all information processing, storage, and communication/transmission channels and controls. Information risks are addressed through mitigation, acceptance, avoidance, or transference. Information systems are both physically protected from security threats and also the risks of malicious software attacks and/or hacking. Password & Multi-Factor Authentication controls are used to limit access to network resources

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Our product development team follow modern continuous delivery practices via automated pipelines that scan for security and maintainability issues throughout the software lifecycle delivery process. All production changes are tracked against who made the change and when it was made Full audit trails are available where required. We adopt a 'Gateway' framework to ensure all coding passes through 7 'gates' (Peer Review, Best Practice Conformity, Code Linting, Automated Unit Testing, Static Code Analysis, End-to_end UI testing & Functional Reviews) before a decision is made to release anything.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We leverage a suite of tools to ensure Dentally is continually protected against threats. We employ an application security management platform to protect against emerging threats in production, while leveraging automated tooling into our software delivery pipeline (such as dependabot) to alert us to threats inside our application code. Annual Penetration also are undertaken to ensure continued protection. Within our business we have a centralised Application Security team to proactively monitor the web for security threats. All vulnerability responses are in line with internal SLA agreements. We get advice on strategic threats from the National Cyber Security Centre (NCSC)
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We ensure that our software and its dependencies are up to date eliminating any potential security vulnerabilities. We employ a wide range of monitoring solutions for preventing and eliminating attacks to the site. We leverage an Application Security Management solution that enables us to protect our application and APIs from malicious attacks. This service proactively monitors for threats and runs playbooks to remediate the issue in real-time and alerts us for further investigation.
Incident management type
Supplier-defined controls
Incident management approach
Plan exists for handling general cyber security events. Augmented with GDPR Data Breach protocols for investigating & reporting such events. Users report via an external mailbox for GDPR incidents or escalate through our support lines. Internal incident reports are generated and summaries are shared externally.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
Yes
Connected networks
Scottish Wide Area Network (SWAN)

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

The implementation of the contract involves remote delivery of all aspects of the project including the following:
-All Training, both during & post implementation (unless otherwise requested) is provided by use of remote conferencing tools eliminating the need for the supplier or Trust staff to make any additional journeys to a specific training location.
-The data conversion that forms part of the contract is executed by remote upload to our working area and subsequent deployment to the live hosted environment is also handled remotely removing any requirement to manually transport data via removable media to the supplier
-The system being provided as part of the contract is supported remotely by the supplier without the need for onsite visits
-The solution being provided is fully hosted by the supplier removing the requirement for local IT Teams to spend time or otherwise visit Trust datacentres to install or prepare infrastructure.

In addition, the supplier’s operational environment for the lifetime of the contract will be based around a mix of the following scenarios which significantly reduces our working footprint:
- Staff who work full time in a dedicated office environment (currently 5% of Staff)
-Staff who work exclusively from home (except on specific corporate occasions as required - currently 29% of Staff)
-Staff who work on a hybrid basis between office attendance & working from home - typically 2-3 days per week in office (currently 66% of Staff)

The solution itself being provided as part of the contract is hosted on Amazon Web Servers (AWS), which has committed itself to utilise 100% renewable energy sources by 2025, and the suppliers actively seeks out 3rd party partnerships who have similar goals.

Covid-19 recovery

No specific community projects are being invoked for this contract, but all supplier staff are permitted 2 days volunteering leave per annum for external activities, and the company has historically been directly involved the Outward-Bound Trust, and will continue to do so in a post COVID world. In addition, the supplier also forms part of its parent company’s ‘Henry Schein Cares Foundation’, which seeks to support and promote community-based programmes and innovations that result in better health outcomes and generate greater health equality globally.

Tackling economic inequality

The delivery of the Service does not expect to directly create new employment opportunities, but our hybrid work environment means we have the flexibility to hire from across the country, irrespective of place of residence. All the supplier's staff additionally have access to the Government’s Apprenticeship Levy scheme for learning new skills, and separately the company will sponsor any courses external to this that a member of the supplier’s staff may wish to pursue. Internally, we have a comprehensive suite of course available for self improvement & learning.

Equal opportunity

Henry Schein One embraces and celebrates the diversity of our team members, customers, patients, shareholders, supplier partners, and the communities in which we operate. In our workplace, everyone's voice matters, and we make decisions that reflect the collective input of everyone. Business success is about valuing people, not just profits.

To foster a diverse and inclusive workplace, we have made diversity and inclusion (D&I) a strategic priority. By 2030, we are striving to achieve gender parity at senior leadership levels, ensuring equal opportunities for all.

To promote a diverse and inclusive environment, Employee Resource Groups (ERGs) have been established, led by our dedicated team members. These global groups foster a sense of belonging, support personal development, and educate us about the challenges and successes of diverse communities. Our ERGs, including the Women's Leadership Network, Pride & Allies, Black Legacy Professionals, and COLEGAS, are instrumental in promoting diversity and inclusion throughout our organisation.

Wellbeing

Promoting health equity, strengthening healthcare systems, and optimising healthcare delivery are issues at the very heart of Henry Schein One. Not only are we doing what we can to support our team members' health and wellbeing physically, mentally, and emotionally, but we also extend our efforts to the broader community.

Quality, affordable healthcare should be accessible to all, regardless of their social or economic background, and we are dedicated to making this vision a reality.

Pricing

Price
£2,220 to £6,180 a licence a year
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Basic system evaluation in a sandbox environment, not to be used in a live clinical setting

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at paul.edwards@henryscheinone.com. Tell them what format you need. It will help if you say what assistive technology you use.