Data Led Prioritisation for Outpatient Services

Service scope

Software add-on or extension: No
Cloud deployment model: Public cloud

Private cloud

Hybrid cloud
Service constraints: None
System requirements: Access to secure file transfer servers (or similar)

User support

Email or online ticketing support: Email or online ticketing
Support response times: A response to support queries will be given within 48 working hours (i.e. excluding weekends), although every effort will be made to respond as soon as is feasible.
User can manage status and priority of support tickets: No
Phone support: No
Web chat support: No
Onsite support: Yes, at extra cost
Support levels: All clients will be given a named technical relationship manager who will work with the client to agree the appropriate support model.

Our service is built on highly available, scalable and fault-tolerant public cloud services, and deployed across multiple data centres. This ensures that: the service is available 24/7, 365 days per year: deployments require only minimal service disruption, and there is no need for extended pre-planned maintenance windows or outages; the service is highly resilient and backed up regularly to permit rapid resumption of service in the unlikely event of an outage.

In the event of any issue, queries/tickets can be raised via email. Response to support queries will be given within 48 working hours (i.e. excluding weekends), although every effort will be made to respond as soon as is feasible. While no phone or webchat support is provided as standard.

Standard support is covered under the SaaS licence cost; bespoke support models and/or onsite support is available should it be required (though may carry additional cost).
Support available to third parties: Yes

Onboarding and offboarding

Getting started: The service has been designed to be intuitive to the user, and we provide clear user documentation that covers functionality available across core user groups: Clinical staff; Admin and service management staff; Data and analytical teams.

Documentation covers: User registration and login; Workflow management; MI outputs; Data flows and exports.

Some documentation will be specific to the implementation employed by the customer, and where this occurs we will provide documentation tailored to that specific implementation.

We can provide onsite training upon request.
Service documentation: Yes
Documentation formats: PDF
End-of-contract data extraction: Any data stored within the service will be indexed against the user organisation(s) meaning that it can be readily extracted in a range of formats (including .csv), which can be returned to the user organisation via the same file or data sharing capabilities as is used for the normal running of the service.

The majority of pertinent data is already returned on a regular basis to the user organisation(s) as part of the normal running of the service.
End-of-contract process: The contract covers the set-up and implementation of the service (including appropriate documentation and training etc.), and its ongoing use and support. At the end of the contract, an organisation would no longer have access to the service, as is standard under a SaaS arrangement. Should organisations wish to restart the service at a later date, setup costs may be waived should this reflect a resumption of the previous normal running of the service i.e. the service is simply "switched back on".

Organisations would be provided with such data as they require for audit purposes prior to any data purging required to honour IG obligations.

Any activities that go over and above that described above would be considered, but may carry an additional cost.

Using the service

Web browser interface: Yes
Supported browsers: Internet Explorer 11

Microsoft Edge

Firefox

Chrome

Safari

Opera
Application to install: No
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: All functionality will be available on mobile.
Service interface: Yes
User support accessibility: None or don’t know
Description of service interface: Interface allows: clinicians to review a scored and prioritised list of patients on their waitlist; details of individuals patients to be reviewed by the clinician (or suitably trained admin staff); any clinical decisions and adminisitrative actions taken to be recorded; viewing of KPIs in relation to the service/waitlist being prioritised.
Accessibility standards: None or don’t know
Description of accessibility: Our off-the-shelf solution provides a PowerBI dashboard. PowerBI is provided by Microsoft, so we are dependant on the accessibility standards they adhere to.
Accessibility testing: Our off-the-shelf solution provides a PowerBI dashboard. PowerBI is provided by Microsoft, so we are dependant on the accessibility standards they adhere to.
API: Yes
What users can and can't do using the API: Risk stratification functionality is available to registered users via an API. It will be possible to retrieve the risk score (and related data) for a given patient against one or more of the available clinical scorecards (bulk scoring can be achieved by queuing many such requests).
API documentation: Yes
API documentation formats: Open API (also known as Swagger)
API sandbox or test environment: Yes
Customisation available: Yes
Description of customisation: Factor 50 will work closely with clinical staff to understand their clinical requirements and ensure these are accomodated within the platform, in a way that is also consistent with the latest national guidelines.

Data imports and exports can also be configured in order to support the scorecards in use, as well as to meet the MI requirements of the customer.

Bespoke development to meet specific customer need will be considered but will carry additional costs.

Scaling

Independence of resources: Our service is built on scalable public cloud technologies, to avoid capacity bottlenecks.

Load tests are run at 10x expected load, to ensure this scaling works as expected in practice.

Analytics

Service usage metrics: Yes
Metrics types: The precise metrics may vary according to the specifics of an implementation and/or user configuration.

However, metrics likely to include: Number of patients on the waiting list; The % that fall into user specified risk segments; trends over time.

These metrics will be segmented by: List (Specialty and/or sub-specialities); Individual clinics/sessions; Risk stratification levels; Ethnic and deprivation measures.
Reporting types: Real-time dashboards

Regular reports

Reports on request

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Other security clearance
Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: Yes
Datacentre security standards: Managed by a third party
Penetration testing frequency: At least once a year
Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402

Encryption of all physical media

Scale, obfuscating techniques, or data storage sharding
Data sanitisation process: Yes
Data sanitisation type: Deleted data can’t be directly accessed
Equipment disposal approach: A third-party destruction service

Data importing and exporting

Data export approach: Any data stored within the service will be indexed against the user organisation(s) meaning that it can be readily extracted in a range of formats (including .csv), which can be returned to the user organisation via the same file or data sharing capabilities as is used for the normal running of the service.

The majority of pertinent data is available in MI views and/or is already returned to the user organisation(s) on a regular basis as part of the normal running of the service.

Ad hoc data extracts may also be provided upon request, but this may carry additional cost.
Data export formats: CSV
Data import formats: CSV

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)
Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability: The SLA available will depend on the data storage approach preferred by the client - which may include the application connecting to a client data store. SLAs can be discussed and agreed as part of the on-boarding process.
Approach to resilience: Our service is built on highly available and fault-tolerant public cloud services, and deployed across multiple data centres for resilience.
Outage reporting: Outages will be reported via email alerts.

Identity and authentication

User authentication needed: Yes
User authentication: 2-factor authentication

Identity federation with existing provider (for example Google Apps)

Username or password

Other
Other user authentication: Specific authentication requirements can be discussed during the on-boarding process.
Access restrictions in management interfaces and support channels: All access to privileged areas requires 2-factor authentication.
Access restriction testing frequency: At least every 6 months
Management access authentication: 2-factor authentication

Identity federation with existing provider (for example Google Apps)

Username or password

Audit information for users

Access to user activity audit information: Users contact the support team to get audit information
How long user audit data is stored for: At least 12 months
Access to supplier activity audit information: Users contact the support team to get audit information
How long supplier audit data is stored for: At least 12 months
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: No
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: No
Cyber essentials plus: No
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: Other
Other security governance standards: NHS Data and Security Protection Toolkit.
Organisation code: 8K896
Information security policies and processes: Factor 50 has a comprehensive set of information security policies - which are available upon request.

Due to our focus on healthcare, much of the structure is designed to mirror what is required for the NHS Data and Security Protection toolkit.

These policies include detail on reporting structure and how we ensure policies are met.

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: All changes are implemented via source control, and peer reviewed prior to being deployed to test environments.

Any changes to sensitive areas such as login are subject to an additional review, and significant changes to those areas trigger a fresh penetration test.
Vulnerability management type: Supplier-defined controls
Vulnerability management approach: A combination of vulnerability assessment approaches are implemented including static code scanning, tracking open source dependencies, implmenting cloud vendor recommendations, penetration testing and staying abreast of industry news.

We utilise public cloud managed services, which are patched constantly.
Protective monitoring type: Supplier-defined controls
Protective monitoring approach: All logs are aggregated in a central location and reviewed automatically by machine learning algorithms supported by our public cloud provider.

Any alerts generated are reviewed by our staff within one working day.
Incident management type: Supplier-defined controls
Incident management approach: Users can report incidents via email. We will then invoke our incident management process and respond with an incident reference.

Users will be kept informed of progress, and incident reports will be made available on request.

Secure development

Approach to secure software development best practice: Supplier-defined process

Public sector networks

Connection to public sector networks: No

Social Value

Fighting climate change
Covid-19 recovery
Tackling economic inequality

Fighting climate change

Our service (Data Led Prioritisation) helps NHS trusts to prioritise patients; to see those that are most needed, but also to let 'relatively stable' patients know that they do not need to come into hospital. This reduces the number of outpatient appointments.

This creates huge capacity in the system.

Importantly for the climate, this reduces unnecessary journeys back and forth for these patients - saving the fuel, energy, emissions of these unnecessary journeys.

Covid-19 recovery

Many NHS trusts were struggling as the country emerged from Covid-19.

In particular this was visible through the Elective Waitlist figures (~8m), but also the less visible, but larger follow-up lists (~11m).

These waiting lists have grown considerably since 2018.

Our platform and solution helps an NHS trust to focus its scarce resource to those patients who really need help, and this can bring down waiting lists.

Tackling economic inequality

Economic inequality and health inequality are very closely linked.

Our solution uses a comprehensive view of healthcare data for a patient, and then objectively clinically prioritises them.

We have evidence that those patients who are most in need of attention over-index on coming from ethnic minorities and also from poorer socio-economic backgrounds.

Therefore, if an NHS Trusts uses our methodology to allocate its scarce resource, we can demonstrate that this will start to tackle health (and therefore economic) inequalities.

Pricing

Price: £2,000 to £4,000 a licence a month
Discount for educational organisations: No
Free trial available: No

Data Led Prioritisation for Outpatient Services

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

Data Led Prioritisation for Outpatient Services

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents