Skip to main content

Help us improve the Digital Marketplace - send your feedback

Preventx Limited

Freetest.me - Online STI Screening

Freetest.me is a fully integrated self-sampling online sexual health platform focusing on remote screening for sexually transmitted infections. The service includes cloud-based intervention with postal sample collection kits backed up by integrated laboratory Services.

Features

  • Simple patient pathway and secure cloud-based clinical record system
  • Service user registration and postcode geo-location eligibility look up
  • Flexible web-based kit and test selection triage with safeguarding
  • Customers provide their own in-house clinical support/patient management
  • In-house laboratory testing service accredited to ISO 15189
  • Secure web-based reporting hub for reporting / live service information
  • National datasets (such as CTAD) automatically submitted
  • Automated patient notifications for kit completion, results ect (email/SMS)
  • Flexible and integrated fully offline kit model for local services/venues

Benefits

  • Highly cost-effective cost-per-screen and cost-per-positive
  • Intuitive cloud-based clinical record system with training available for clinics
  • Automated processes reduce workload for local services and overheads
  • Simple triage process allows alignment with local service requirements
  • Secure web-based reporting hub for reporting / live service information
  • Live service information/reports available via secure cloud-based reporting hub
  • In-house laboratory testing service accredited to ISO 15189
  • Flexible and integrated fully offline kit model for local services/venues

Pricing

£6.25 to £80.50 a transaction

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mark.clune@preventx.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

1 7 8 8 3 3 3 9 3 2 5 2 7 6 5

Contact

Preventx Limited Mark Clune
Telephone: 07812731315
Email: mark.clune@preventx.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
None.
System requirements
  • Access to internet connection
  • Access to HSCN network (Optional)

User support

Email or online ticketing support
Email or online ticketing
Support response times
We operate support during business hours (8:00 - 17:00) and working days (Mon - Fri). However, the ability to add support tickets is always available to users. Given the nature of the service we provide we find this currently works for the users. However, we continuously assess this.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Onsite support
Support levels
Because of the nature of the service we provide we have no defined service levels. All users are provided with same level of support.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Preventx has over 14 years of experience at onboarding new users of their services, which has allowed us to develop a tried and tested mobilisation approach. Onboarding requirements of customers are varied; therefore we work with them to understand their requirements and develop a bespoke a bespoke mobilisation package.

Onboarding of new customers can include the following training;

Remote and/or online training for clinicians who will be using the SH.UK secure cloud based clinical record system to manage patients.

Remote and/or online training for clinicians who will be using the SH.UK secure cloud based clinical record system to access reporting tools.

Remote and/or online training for clinicians who will be using the SH.UK secure cloud based portal to access reporting tools.

Remote and/or online system training for all commissioners requiring aggregate data reporting access through the SH.UK secure cloud based portal.

Top up training / support for all local clinicians managing onward care of positive patients in local services.

All training is supplemented by key FAQ training documentation, allowing staff to have a key reference guide for their development. Throughout the contract cycle, customers can access the Preventx service development manager, who is available to support, re-train and advise.
Service documentation
Yes
Documentation formats
  • ODF
  • PDF
End-of-contract data extraction
Throughout the life of the contract, users are able to export various (anonymised) data from the platform in order to fulfil their specific internal reporting obligations. Also during the time of the contract, users with the appropriate role-based access are able (with suitable DPIA in place) to access service user (patient records) which they are able to transpose information from into their own Electronic Patient Record (EPR) systems. At contract termination the Preventx becomes sole Data Controller for the data generated as part of the contract and as such cannot transfer / extract this data in line with EU GDPR. All data will then be managed in line with guidelines set out in the Records Management Code of Practice for Health and Social Care 2021 and where data is stored that falls outside of this Code, we have internal processes to ensure that the subject rights under article 17 of the GDPR are met.
End-of-contract process
At the end of a contract the following processes are implemented with the supplier;

- Set date for closure of kit request service.

- Set date for closure of kit receipt and laboratory testing services (usually within 1-3 months of the kit request closure).

- Set date for data management access closure (this is agreed with the supplier).

- Set agreed data retention period, Preventx deletion policy anonymises all PID.

- Provision made to return the patient record and this data to the customer as requested by them.

- Final invoice generation.

There are no additional costs for these end of contract services.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
None.
Service interface
No
User support accessibility
WCAG 2.1 A
API
No
Customisation available
Yes
Description of customisation
Users have the ability to customise significant parts of the service user consultation journey and various branding options. These are implemented during the onboarding process for the service using internal technology resource.

Scaling

Independence of resources
We continually monitor resource utilisation across our hosting estate and ensure that all our servers are 'right-sized' to accommodate the fairly well-defined, well understood demand placed upon them by existing clients and the additional demand placed upon them by new clients.

Analytics

Service usage metrics
Yes
Metrics types
Preventx’s services are data-rich, we provide a wide range of real-time reporting tools that provide access to a number of key service metrics:

-Gender
-Age
-Ethnicity
-Positivity rate by STI
-Return Rate
-Service Lookups
-Offline test kit reports
-Positivity rate by kit distribution channel
-Activity rate by channel
-Activity tracker
-Lab outcomes report
-Average cost per screen
-Average cost per diagnosis
-Spend tracker
-Spend tracker by channel/site
-User feedback survey report
-Local Authority ward report
-Local Authority LSOA report
-Local Authority Population Report
-Offline Kit expiry report
-Custom report generation
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Customers/local providers are able to export data from the Preventx system in a number of ways:

Raw data export (enables local data analysis).

Custom report downloads (custom report design and implementation is provided as part of ongoing consultancy services).

CTAD/GUMAD data download (all CTAD/GUMCAD data is submitted by Preventx, however downloads of these submissions are available to customers/local providers).
Data export formats
  • CSV
  • Other
Other data export formats
XML
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Given the nature of the service we don't provide (or are required to provide) SLAs for availability. However, we generally strive for 99.9% uptime and historically we have generally met this. We generally don't (and are not required) to provide users with refunds if we don't meet availability levels.
Approach to resilience
Available on request.
Outage reporting
We report significant planned / unplanned outages to clients via email alerts and through our account management team.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Areas of the public facing Preventx platform that will access and display patient data (for example account areas, online test results, etc.) will follow strict rules around the authentication of the user, including the use / option of 2 factor authentication (2FA).

Clinician access for result management and advisory services is managed via our clinician portal, which is secured via industry standard TLS/HTTPS encryption. In addition to mitigating risk using IP whitelisting and encryption we can enforce the use of One Time Password (OTP) devices or 2FA applications.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
NHS DSP Toolkit

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
We are Cyber Essentials Plus certified. As an provider to NHS we also complete the Data Security Protection Toolkit assessment that allows us to measure our performance against the National Data Guardian’s 10 data security standards. All new services are required to be GDPR compliant with Data Protection Impact Assessments and Data Sharing Agreements required to be in place before commencement. We are working towards ISO27001 certification.
Information security policies and processes
We have a board-level responsibility around information security where the Chief Technology Officer acts a the Information Governance Lead and Chief Information Security Officer for the business. Information security risks are monitored through a corporate risk register which are also reviewed at each monthly board meeting.

We have a Data Protection Officer (DPO) who is responsible for ensuring compliance to the EU GDPR and again our compliance is regularly monitored and reported on at the monthly board meetings.

We have a number of policies around information security (mobile device policy, remote working policy, etc.) that are included as part our employee handbook and a corporate IT Security policy that has been adopted at board level.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We have a well-defined change management process and mechanisms in place as part of our software development process to assess the security impacts of any change. We have a clearly defined and documented process around code review and code release that ensures full traceability and auditing of any change. We implement annual web application penetration tests to confirm overall security conformance.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We subscribe to NHS Cyber Security Batsignal to provide early warning of significant vulnerabilities and also regularly scan security alert newsletters and cyber alerts posted on the NHS Digital site. Once a vulnerability is identified we assess the risk to our internal network within 8 hours and try to implement patches as soon as possible after that.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Available upon request.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
We have pre-defined processes for common events and users report incidents via our online support portal. For most incidents these tickets and the responses form part of the incident reports.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
Yes
Connected networks
Health and Social Care Network (HSCN)

Social Value

Fighting climate change

Fighting climate change

Preventx’s HR and environmental policies outline the company’s commitment and compliance to labour rights and ethical
issues and how we consider and reduce the carbon impact of activities on the environment directly, and in-directly
through our supply chain, demonstrating how we would deliver the contract to generate social value out of the health
pound.

To encourage staff to reduce their carbon impact on the environment whilst travelling to the office Preventx offers a cycle to work scheme with showering facilities available on site. All staff are encouraged to use public transport to commute to the office or to car share. For external off-site meetings, Preventx has implemented a ‘train first’ policy to further reduce carbon impact on the environment.

Preventx installed Electric Vehicle charging points for the use of employees who commute via electric vehicles.

Preventx operates from several sites which are located on the Meadowhall business park in Sheffield, the business purchased an electric van which is used solely to travel between the sites. The company has committed to only purchasing electric business vehicles in the future.

Preventx has completed installation of a combined heat and power system, which will further reduce energy waste and has upgraded all laboratory lighting to an LED system.

We source our packaging via Greenshires who have Forest Stewardship
Council certification and are certified with the ISO 14001:2004
Environmental Standard.

Cardboard waste from test kits received back at the Preventx laboratory is recycled and service users are asked to return unused parts from testing kits for reuse or recycling. Plastic packaging is common for similar services and can only be
disposed of in landfill.
Covid-19 recovery

Covid-19 recovery

The FTM service supports people to self-care and self-manage at home through the self-sampling for STIs.

This in turn has helped to reduce demand on face-to-face health and care services and also supports those who are worse affected, or shielding to access services remotely without having to visit a healthcare setting.

The FTM service involves the training of sexual health clinicians on how to use the FTM clinical record system, which can allow staff who are shielding or having to work remotely to be able to provide services to users.

Pricing

Price
£6.25 to £80.50 a transaction
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mark.clune@preventx.com. Tell them what format you need. It will help if you say what assistive technology you use.