My Clinical Outcomes Ltd

My Clinical Outcomes PROMs

My Clinical Outcomes (MCO) is a highly configurable solution for collection and real-time analysis of Patient Reported Outcome Measures (PROMs) in routine practice. MCO is flexible to integrate around existing clinical workflows and with existing technology; our expert team make implementation fast and cost-effective in any condition and care setting.

Features

• Configurable, remote PROMs for routine clinical practice
• Clinical team: longitudinal data available to inform real-time care
• Patient: engaging patient dashboard, automated email & SMS prompts
• Management: aggregate analytics of uptake, unwarranted variation and value
• Analytics: bespoke reports to identify trends and variation, including benchmarking
• Deployment: any condition, treatment, pathways, fast and cost-effective
• Security: ISO27001 accredited, DSPT, DTAC, Cyber Essentials Plus
• Integration: interoperable with local PAS, EMR e.g. via HL7 FHIR
• Clinically-led, passionate about Value-Based Healthcare VBHC since 2011
• Affiliate of ICHOM, PHIN, NHS England Outcomes Registry Platform

Benefits

• Help safely minimise face-to-face consultations
• Enable virtual clinics through asynchronous remote monitoring
• Prioritise limited clinical capacity to patients according to need
• Get patients onto right treatment(s) faster to improve outcomes
• Focus consultations on what matters most to patients
• Support patient quality of life, improve patient satisfaction
• Identify unwarranted outcomes variation between patient cohorts
• Remove costs of ineffective activity, ensure high value care pathways
• Demonstrate quality and value to patients and payers
• Potential to externally benchmark results to learn and improve

£500 a unit a quarter

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@myclinicaloutcomes.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

177878206586127

Contact

Sally Damms
02034885051
info@myclinicaloutcomes.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: No
• System requirements: Requires access to web browser (all major versions supported)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 1 business day
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Nil
• Onsite support: Yes, at extra cost
• Support levels: Onsite support delivered usually not required; basic support e.g. initial training session are included. Other levels of support available by agreement.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: MCO provide comprehensive training for all users with many options available and combinations tailored to each customer. Training may be delivered face-to-face or remotely with as many user groups as required. ; ; Training materials include: PDF documentation, videos, pre-recorded webinars and MCO can provide content for use on customer’s intranets. The platform itself contains a help page and site tour which explains how to use the system.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Video
• End-of-contract data extraction: All raw data is provided when the contract ends as required by each customer, for example in csv format.
• End-of-contract process: As standard, at the end of the contract MCO will deliver to the customer a complete copy of all data. Following which MCO shall remove, delete or destroy any patient-identifiable data.; ; The Terms of Service detail the process regarding refunds.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: No difference in content or functionality.
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: Yes
• What users can and can't do using the API: Bespoke APIs are created per client requirements. For example, patient assessment documentation is shared through an API to electronic healthcare records.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The platform is highly configurable to each customer’s needs. Requirements are understood at the beginning of an engagement and the platform is tailored by the MCO technical team accordingly. Out of the box customisation includes URL, co-branding, PROMs assessments asked and frequency, patient dashboard content, policy wording etc.; ; Within the platform itself, users are able to create custom views of the data by filtering and sorting lists and charts and by toggling to view different PROMs scores.; ; Bespoke activity and analytics reports are created for each customer.

Scaling

• Independence of resources: CPU usage monitored and thresholds in places with proactive alerting. Able to scale up server with ease. Maintenance only performed out of ours. Releases don’t affect running of the system.

Analytics

• Service usage metrics: Yes
• Metrics types: As standard MCO provides reporting regarding platform usage (customer and patient), helpdesk and incident response times and system availability. Bespoke activity and analytics reports are also generated with detailed analysis regarding patient usage and assessment responses.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data extracts are made available to clients via secure transfer.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: MCO is accessible via any web browser, not via public sector networks.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: MCO warrants a minimum of 98% uptime. The Terms of Service provide detail regarding service refunds where this uptime commitment isn’t met. Service credits are proportionate to the time that the site is unavailable.
• Approach to resilience: AWS infrastructure is used with data stored in multi-availability zones. Further information available on request.
• Outage reporting: Email alerts.

Identity and authentication

• User authentication needed: No
• Access restrictions in management interfaces and support channels: User access is role based with access granted on the principle of least privilege. Access is also often dependent on completion of relevant training, Access control is audited twice a year.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 14/01/2020
• What the ISO/IEC 27001 doesn’t cover: No exclusions.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: MCO has an Information Security Management System that has been externally assessed and certified through ISO 27001. This includes an Information Security Policy, Business Continuity Policy and Incident Management and Improvement Procedure.; ; At board level the COO is responsible for information security and ensuring policies are followed. All employees receive information security training when they are onboarded and at least annually, as well as whenever updates to policies are made. MCO also use a third party to audit that the processes are being followed with at least four internal audits throughout the year.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: MCO’s Change Management process is comprehensively documented and regularly audited.; ; Infrastructure change control requests are logged on Confluence and are controlled by a formal change control procedure. For each change request a number of factors are considered and a risk assessment is always conducted. Jira is used to manage all code changes made to the core platform with structured release processes followed and logged.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Potential vulnerabilities are detected from a number of sources: penetration testing, internal risk assessments, audits conducted by third parties, user notification and regular review of emerging threats from sources such as NSCS. This a standard agenda item at MCO’s quarterly security board, attended by senior management. There is a defined framework for assessing the risk associated with potential threats.; ; MCO has as a defined patch management process. Rolling updates are applied nightly and critical issues can be patched immediately. Updates are applied to test and staging systems before live.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Standard processes are technologies are in place for monitoring of errors, CPU usage and access, with proactive monitoring and alerts enabled. ; ; An incident management policy details the process for dealing with incidents and response time commitments depend on incident severity.
• Incident management type: Supplier-defined controls
• Incident management approach: MCO has an established incident management process in place that has been assessed through ISO 27001. Incidents are raised internally and tracked using Jira with corrective and preventative action taken as appropriate. Root cause analysis is conducted for all incidents and they are reviewed by senior management. All employees are given incident management training.; ; Third parties can raise incidents by clicking ‘contact us’ on any page of the site, or by emailing our support email address. Customers are notified promptly of any incidents and they are resolved in line with our service level agreements.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Covid-19 recovery

  Covid-19 recovery

  MCO supports remote patient monitoring that can helps NHS services with Covid-19 recovery including, for example: ; - elective backlog recovery by prioritising surgical capacity according to the impact of a patient's condition on their life; - improving resource utilisation in chemotherapy settings; - enhancing the information available to help teams implementing virtual ward monitoring systems to free-up in-hospital capacity

Pricing

• Price: £500 a unit a quarter
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@myclinicaloutcomes.com. Tell them what format you need. It will help if you say what assistive technology you use.