Philips HealthSuite Platform
Cloud loT platform for at home and hospital monitoring. Cloud hosting on AWS infrastructure Interoperability (HL7) for EMR/LIMS. HC cloud storage. FHIR repository. DICOM store. Open ldentity&Access Management. RBAC-service. Audit-trail-logging service. Machine-Learning - Lifecycle: create-train and deploy Al models. Data lake management. Indexing large datasets. DICOM viewer service. Application development.
Features
- Cloud IoT platform for patient at home and hospital monitoring
- Managed cloud hosting on top of AWS infrastructure
- Interoperability service (HL7) for EMR and LIMS
- HC specific cloud storage, like FHIR repository, DICOM store
- Open Identity&Access Management service with RBAC
- Audit trail & logging service
- End-to-end Machine Learning lifecycle: create, train and deploy AI models
- Clinical data Lake management, indexing of very large research datasets
- DICOM viewer visualization service, multi modality and vendor
- Developer portal for development of HC cloud applications
Benefits
- HC compliant cloud PaaS with appropriate certifications to support
- Shorten Time-2-market forHC solutions by ready to consume services
- Security & Privacy certifications and attestations
- open cloud ecosystem with open API approach
- standards based services FHIR/HL7/etc
- True cloud pay-per-use PaaS
- PaaS developed as a medical device with the ISO13485 QMS
- Proven scale >50PB of Imaging data, large volumes of patients
- Trusted Philips company, high standards for social and environmental topics
- PaaS continuously updated to latest security privacy and legal requirements
Pricing
£16,000.00 to £5,000,000.00 a unit
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
1 8 0 1 3 9 5 6 7 8 1 6 6 9 4
Contact
Helicon Health Ltd.
Tony Bowden
Telephone: +44 (0)7850 905538
Email: info@heliconhealth.co.uk
Service scope
- Software add-on or extension
- Yes
- What software services is the service an extension to
- AWS cloud services
- Cloud deployment model
- Public cloud
- Service constraints
- No, the solution resides on Amazon Web Services.
- System requirements
- Internet browser
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Response times are within 30 minutes, unless by prior arrangement.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AAA
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- We have a single support level for all customers, included in the platform price.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- B2B onboarding support, online training, development support
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- Via API's, or alternative direct access for large data-sets
- End-of-contract process
- Contract ends when users stop using the service. Exact details of this are agreed in writing on a case by case basis.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- We use adaptive viewer to represent in the best possible way for the specific device.
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AAA
- Description of service interface
- A reporting and ticketing system which records the nature of the episode, the time reported and the severity and frequency of the problem.
- Accessibility standards
- WCAG 2.1 AAA
- Accessibility testing
- The initial testing involved unplugging the users mouse, turning off the track-pad and only using the keyboard to interact with the site. The "tab" key allows users to traverse forward in the tab order activating the shift & tab key at the same time will traverse backwards in tab order. This helps a large number of people with disabilities who cannot use a mouse to interact with the web. It also supports people who are blind or have low vision.
- API
- Yes
- What users can and can't do using the API
- All HealthSuite Micro-services can be accessed through API's (typically for developers)
- API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- HTML
- Other
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- Yes by agreement and with training and support and use of recognised API.
Scaling
- Independence of resources
- Using the high scalable cloud services from AWS and the design of our PaaS is such that it allows segregation and horizontal scaling
Analytics
- Service usage metrics
- Yes
- Metrics types
- Per service, but also as part of our billing metrics are provided
- Reporting types
- Reports on request
Resellers
- Supplier type
- Reseller providing extra support
- Organisation whose services are being resold
- PHILIPS PROVIDE THE SERVICES re-sold by HELICON HEALTH
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
- Encryption of all physical media
- Data sanitisation process
- No
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
- Data exports are generally in a CSV/pipe delimited format. Any variation to this is agreed in writing and by mutual consent. The exact format will depend on the kind of data and how it is stored in the platform.
- Data export formats
-
- CSV
- ODF
- Data import formats
-
- CSV
- ODF
Data-in-transit protection
- Data protection between buyer and supplier networks
- Other
- Other protection between networks
- Authenticated API's for secure access over public cloud
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- 99.90%
- Approach to resilience
- Designed as a high available fail-over service for core PaaS, Customer solutions depends on implementation choices
- Outage reporting
- Through web-site, Slack channels and direct customer communications
Identity and authentication
- User authentication needed
- Yes
- User authentication
- 2-factor authentication
- Access restrictions in management interfaces and support channels
-
The identity and access management service supplies critical mechanisms for trusted platform security, delivering robust services centered on single identity capability, and providing the vital framework for access control. It features practical and configurable protection capabilities, such as policy-based authentication and authorization and role-based access control. Authorize service activity is logged and auditable across the platform ecosystem.
Centralized identity management and shared control processes enable identity integration across applications built on the HealthSuite platform. Supported standards include OAuth2 for authentication/authorization, and "OpenID Connect" to enable cross-platform federated access to 3rd party systems and SAML2 to enable federation with third-party systems. - Access restriction testing frequency
- At least once a year
- Management access authentication
- 2-factor authentication
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- ASCB Accreditation Services Worldwide
- ISO/IEC 27001 accreditation date
- 18/01/2022
- What the ISO/IEC 27001 doesn’t cover
-
Applies to:
THE DELIVERY OF TECHNOLOGY-ENABLED CONSULTANCY SOLUTIONS AND ASSOCIATED HEALTH & CARE SERVICES - ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
- NHS DSPT
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- CSA CCM version 3.0
- ISO/IEC 27001
- Other
- Other security governance standards
-
NEN 7510-1 +A1:2020
ISO 13485:2016
ISO/IEC 27002:2013
NIST SP 800-53
HITRUST Common Security Framework version 9.3
Cloud Security Alliance (CSA) Star
HDS AGIP Santé
ISO27799:2016
ISO/IEC 27002
NEN 7510-2:2017
Medmij 1.5.0
ISO 27017:2015
ISO/IEC 27005:2018
NIST SP 800-30
ISO/IEC 27018:2019
NIST 800-88
ISO/IEC 27034-1:2011, 27034-2:2015
SOC2 Report - Information security policies and processes
-
SDP’s ISMS foundation is based on an ISO 27001, 27002, 27018, 27017, 27799 standards which can be easily mapped to many other standards and regulations including NIST 800-53, HIPAA and ASIP HDS. To effectively manage and continuously improve an ISMS, management commitment, governance, and a framework is a must. This is established within HSDP and has been attested to with the ISO certifications that have been achieved.
Governance
Governance begins with the HSP Management Team establishing key roles and responsibilities, top-level objectives, and an information security policy, each of which are translated into additional policies, standards, procedures as well as other activities that cascade through each level and every individual within HSDP.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- ITIL based processes for configuration and change management
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
Identifying and reporting security and privacy incidents is the responsibility of everyone. All security and privacy incidents are immediately escalated and managed by the HSP Director of Security and Privacy .
The incident response team is responsible for assessment, containment, eradication and ultimate recovery from a security and/or privacy incident.
If a security or privacy incident results in unauthorized access, loss, disclosure or alteration of Clients content, HSP will notify the designated authorized caller identified within 48 hours .
HSP takes a multi-facet approach to vulnerability management as there is no single way to identify security risks in any environment. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
Event logging, auditing, and monitoring
Comprehensive monitoring of the event and audit logs serves two purposes: early identification of attacks, and potential identification of attacker actions and impacted data.
HSP utilizes a common logging service across the platform. Log files are consolidated and sent to our third-party managed security service for monitoring and alerting on indicators of compromise, which are correlated and categorized within their Security Analytics Platform. The service is tuned to monitor critical activities and to trace scanning and probing activities, or patterns that appear to be attempts at unauthorized access to the Platform Services. - Incident management type
- Supplier-defined controls
- Incident management approach
-
Our incident management process is a Quality Management Systems Procedure governed by that quality process, it defines the procedures for managing reported requests and incidents as well as reporting, recording, assessing and responding to security and/or privacy incidents.
The procedure prepares the organization for a variety of incidents that can include failures, security and privacy events, security vulnerabilities and/or attacks, questions or queries reported by the users (via web service portal or a telephone call to the Service Desk), by technical staff, or automatically detected and reported by event monitoring tools. The Incident Management procedure applies to all applicable personnel.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Fighting climate change
-
Fighting climate change
Fighting climate change
Helicon Health is committed to sustainability and is certified to the ISO 14001:2015 standard. Helicon Health is fighting climate change by doing the following:
Our ISO 14001:2015 environmental management system enables us to enhance our environmental performance and helps us to manage our environmental responsibilities in a systematic manner that contributes to the environmental pillar of sustainability.
Our ISO 14001:2015 environmental management system sets out objectives and procedures to enable us to provide value for the environment, the organisation itself and interested parties. Consistent with the organisation's environmental policy, the outcomes of our environmental management system include:
• enhancement of environmental performance;
• fulfilment of compliance obligations;
• achievement of environmental objectives.
Pricing
- Price
- £16,000.00 to £5,000,000.00 a unit
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- A test environment representative of the live environment will be set up for a restricted period of no more than 1 month.