Skip to main content

Help us improve the Digital Marketplace - send your feedback

Helicon Health Ltd.

Philips HealthSuite Platform

Cloud loT platform for at home and hospital monitoring. Cloud hosting on AWS infrastructure Interoperability (HL7) for EMR/LIMS. HC cloud storage. FHIR repository. DICOM store. Open ldentity&Access Management. RBAC-service. Audit-trail-logging service. Machine-Learning - Lifecycle: create-train and deploy Al models. Data lake management. Indexing large datasets. DICOM viewer service. Application development.

Features

  • Cloud IoT platform for patient at home and hospital monitoring
  • Managed cloud hosting on top of AWS infrastructure
  • Interoperability service (HL7) for EMR and LIMS
  • HC specific cloud storage, like FHIR repository, DICOM store
  • Open Identity&Access Management service with RBAC
  • Audit trail & logging service
  • End-to-end Machine Learning lifecycle: create, train and deploy AI models
  • Clinical data Lake management, indexing of very large research datasets
  • DICOM viewer visualization service, multi modality and vendor
  • Developer portal for development of HC cloud applications

Benefits

  • HC compliant cloud PaaS with appropriate certifications to support
  • Shorten Time-2-market forHC solutions by ready to consume services
  • Security & Privacy certifications and attestations
  • open cloud ecosystem with open API approach
  • standards based services FHIR/HL7/etc
  • True cloud pay-per-use PaaS
  • PaaS developed as a medical device with the ISO13485 QMS
  • Proven scale >50PB of Imaging data, large volumes of patients
  • Trusted Philips company, high standards for social and environmental topics
  • PaaS continuously updated to latest security privacy and legal requirements

Pricing

£16,000.00 to £5,000,000.00 a unit

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@heliconhealth.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

1 8 0 1 3 9 5 6 7 8 1 6 6 9 4

Contact

Helicon Health Ltd. Tony Bowden
Telephone: +44 (0)7850 905538
Email: info@heliconhealth.co.uk

Service scope

Software add-on or extension
Yes
What software services is the service an extension to
AWS cloud services
Cloud deployment model
Public cloud
Service constraints
No, the solution resides on Amazon Web Services.
System requirements
Internet browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response times are within 30 minutes, unless by prior arrangement.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AAA
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
We have a single support level for all customers, included in the platform price.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
B2B onboarding support, online training, development support
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Via API's, or alternative direct access for large data-sets
End-of-contract process
Contract ends when users stop using the service. Exact details of this are agreed in writing on a case by case basis.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
We use adaptive viewer to represent in the best possible way for the specific device.
Service interface
Yes
User support accessibility
WCAG 2.1 AAA
Description of service interface
A reporting and ticketing system which records the nature of the episode, the time reported and the severity and frequency of the problem.
Accessibility standards
WCAG 2.1 AAA
Accessibility testing
The initial testing involved unplugging the users mouse, turning off the track-pad and only using the keyboard to interact with the site. The "tab" key allows users to traverse forward in the tab order activating the shift & tab key at the same time will traverse backwards in tab order. This helps a large number of people with disabilities who cannot use a mouse to interact with the web. It also supports people who are blind or have low vision.
API
Yes
What users can and can't do using the API
All HealthSuite Micro-services can be accessed through API's (typically for developers)
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • Other
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Yes by agreement and with training and support and use of recognised API.

Scaling

Independence of resources
Using the high scalable cloud services from AWS and the design of our PaaS is such that it allows segregation and horizontal scaling

Analytics

Service usage metrics
Yes
Metrics types
Per service, but also as part of our billing metrics are provided
Reporting types
Reports on request

Resellers

Supplier type
Reseller providing extra support
Organisation whose services are being resold
PHILIPS PROVIDE THE SERVICES re-sold by HELICON HEALTH

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Encryption of all physical media
Data sanitisation process
No
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Data exports are generally in a CSV/pipe delimited format. Any variation to this is agreed in writing and by mutual consent. The exact format will depend on the kind of data and how it is stored in the platform.
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data protection between buyer and supplier networks
Other
Other protection between networks
Authenticated API's for secure access over public cloud
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
99.90%
Approach to resilience
Designed as a high available fail-over service for core PaaS, Customer solutions depends on implementation choices
Outage reporting
Through web-site, Slack channels and direct customer communications

Identity and authentication

User authentication needed
Yes
User authentication
2-factor authentication
Access restrictions in management interfaces and support channels
The identity and access management service supplies critical mechanisms for trusted platform security, delivering robust services centered on single identity capability, and providing the vital framework for access control. It features practical and configurable protection capabilities, such as policy-based authentication and authorization and role-based access control. Authorize service activity is logged and auditable across the platform ecosystem.
Centralized identity management and shared control processes enable identity integration across applications built on the HealthSuite platform. Supported standards include OAuth2 for authentication/authorization, and "OpenID Connect" to enable cross-platform federated access to 3rd party systems and SAML2 to enable federation with third-party systems.
Access restriction testing frequency
At least once a year
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
ASCB Accreditation Services Worldwide
ISO/IEC 27001 accreditation date
18/01/2022
What the ISO/IEC 27001 doesn’t cover
Applies to:
THE DELIVERY OF TECHNOLOGY-ENABLED CONSULTANCY SOLUTIONS AND ASSOCIATED HEALTH & CARE SERVICES
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
NHS DSPT

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
Other security governance standards
NEN 7510-1 +A1:2020
ISO 13485:2016
ISO/IEC 27002:2013
NIST SP 800-53
HITRUST Common Security Framework version 9.3
Cloud Security Alliance (CSA) Star
HDS AGIP Santé
ISO27799:2016
ISO/IEC 27002
NEN 7510-2:2017
Medmij 1.5.0
ISO 27017:2015
ISO/IEC 27005:2018
NIST SP 800-30 
ISO/IEC 27018:2019
NIST 800-88
ISO/IEC 27034-1:2011, 27034-2:2015  
SOC2 Report
Information security policies and processes
SDP’s ISMS foundation is based on an ISO 27001, 27002, 27018, 27017, 27799 standards which can be easily mapped to many other standards and regulations including NIST 800-53, HIPAA and ASIP HDS. To effectively manage and continuously improve an ISMS, management commitment, governance, and a framework is a must. This is established within HSDP and has been attested to with the ISO certifications that have been achieved.

Governance
Governance begins with the HSP Management Team establishing key roles and responsibilities, top-level objectives, and an information security policy, each of which are translated into additional policies, standards, procedures as well as other activities that cascade through each level and every individual within HSDP.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
ITIL based processes for configuration and change management
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Identifying and reporting security and privacy incidents is the responsibility of everyone. All security and privacy incidents are immediately escalated and managed by the HSP Director of Security and Privacy .

The incident response team is responsible for assessment, containment, eradication and ultimate recovery from a security and/or privacy incident.

If a security or privacy incident results in unauthorized access, loss, disclosure or alteration of Clients content, HSP will notify the designated authorized caller identified within 48 hours .

HSP takes a multi-facet approach to vulnerability management as there is no single way to identify security risks in any environment.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Event logging, auditing, and monitoring
Comprehensive monitoring of the event and audit logs serves two purposes: early identification of attacks, and potential identification of attacker actions and impacted data.

HSP utilizes a common logging service across the platform. Log files are consolidated and sent to our third-party managed security service for monitoring and alerting on indicators of compromise, which are correlated and categorized within their Security Analytics Platform. The service is tuned to monitor critical activities and to trace scanning and probing activities, or patterns that appear to be attempts at unauthorized access to the Platform Services.
Incident management type
Supplier-defined controls
Incident management approach
Our incident management process is a Quality Management Systems Procedure governed by that quality process, it defines the procedures for managing reported requests and incidents as well as reporting, recording, assessing and responding to security and/or privacy incidents.
The procedure prepares the organization for a variety of incidents that can include failures, security and privacy events, security vulnerabilities and/or attacks, questions or queries reported by the users (via web service portal or a telephone call to the Service Desk), by technical staff, or automatically detected and reported by event monitoring tools. The Incident Management procedure applies to all applicable personnel.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Fighting climate change

Fighting climate change

Fighting climate change
Helicon Health is committed to sustainability and is certified to the ISO 14001:2015 standard. Helicon Health is fighting climate change by doing the following:
Our ISO 14001:2015 environmental management system enables us to enhance our environmental performance and helps us to manage our environmental responsibilities in a systematic manner that contributes to the environmental pillar of sustainability.
Our ISO 14001:2015 environmental management system sets out objectives and procedures to enable us to provide value for the environment, the organisation itself and interested parties. Consistent with the organisation's environmental policy, the outcomes of our environmental management system include:
• enhancement of environmental performance;
• fulfilment of compliance obligations;
• achievement of environmental objectives.

Pricing

Price
£16,000.00 to £5,000,000.00 a unit
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
A test environment representative of the live environment will be set up for a restricted period of no more than 1 month.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@heliconhealth.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.