Wellola

Wellola: Virtual Care Pathways

Using the Wellola Virtual Care Pathway, Clinicians can curate and control personalised care pathways for multiple conditions, combining modules at pre-defined timepoints, supporting patients to self-manage conditions in their community.

Patients access virtual care pathways based on predefined protocols created by the hospital, guiding them through a structured care journey.

Features

• Patient Portal fully integrated with the EPR
• Curated and controlled personalised care pathways for multiple conditions
• Support patients to self-manage their condition in the community
• Virtual care pathways and virtual wards
• Educational resource module
• Health questionnaire and forms module
• Patient wearables.
• Remote Device Connectivity Module
• Symptom Tracker
• Patients access virtual care pathways, guiding through structured care journey

Benefits

• Patients access virtual care pathways, guiding through journey of care
• Curated educational resources and assessments to provided support.
• Patient conditions managed remotely
• Patients self-manage their condition in the community
• Manages the waiting well, peri/post operative and chronic conditions
• Patients and families gain empowerment to self-manage conditions
• NHS providers and healthcare professionals have better visibility
• Patients can provide information about their symptoms, progress, changes, concerns
• Self-assessment capability empowers patients to actively participate in their care,
• Supporting the delivery of virtual wards and virtual care pathways

£49,995.00 to £225,000.00 a licence a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sonia@wellola.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

200802513423086

Contact

Sonia Neary
+442039661698
sonia@wellola.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Fully interoperable with Electronic Patient Records systems (EPR/EMR/EHR) and healthcare software systems via FHIR/HL7 API. ; ; Can also be used stand-alone. ; ; Using Virtual Care Pathways, clinicians can curate and control personalised care pathways for multiple conditions, combining modules at pre-defined time points supporting patients to self-manage their condition in the community.
• Cloud deployment model: Hybrid cloud
• Service constraints: Critical to Wellola is ensuring a 24x7x365 service without interruption delivered in a manner that minimises unplanned interruptions for our customers. ; ; We aim for business continuity for our clients; any pre-planned interruptions are kept to a minimum and effectively devised to ensure the least possible impact on service users during agreed maintenance or software updates.
• System requirements:
  • Works on all web connected devices (PC, Mobile, Tablet)
  • Works on all browsers
  • Password protected
  • Capacity for incumbent systems to offer API integration where possible

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We offer a 24 hour response time to technical and customer support queries.; ; Customer Support is available to staff and patients Monday- Friday 08.30-17.30. Technical Support is available 24/7/365 for customers and their staff. A copy of our SLA can be made available on request.; ; We aim to respond to all emails and calls within a maximum of two hours, most are responded to within a few minutes.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Wellola rates include all hosting costs, customer service & technical support.; ; For the discovery and implementation phases of any project roll out we offer onsite and off-site project manager(s), dedicated senior developer(s) and customer support. ; ; 24/7 support, is available through phone, email, SMS. Enterprise Client Account Managers will manage all interactions, but the client can choose to directly contact engineering team if they so wish
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Our overarching aim at Wellola is to service our customers with a platform that is as accessible as possible. ; ; Virtual Care Pathways is integrated with the existing Electronic Patient Record and also supports Single Sign-On (SSO) via NHS Smartcard for staff. Authentication for the Patient App is completed via an encrypted NHS Login feature in cooperation with NHS England.; ; Features & functionality can be removed or pre-set for staff that avail of it. A Training Needs Analysis is completed and a personalised training programme is agreed and made available for buyer's of our solution. This includes an online training portal. ; ; The patient-facing portal has been designed with simplicity in mind. We have a wealth of resources (user guides, videos, webinars, screenshare demos) available to help familiarise patients with Wellola under the 'Support' tab on www.wellola.com. They cover a wide range of topics in a variety of formats to best match our customers on-boarding needs.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats:
  • Easy Set Up Wizard
  • Video set up guides
  • Screen share demonstration
  • Webinar
• End-of-contract data extraction: At the end of a contract, should the client wish to expedite the process of extracting all data in one transaction, we facilitate data transfer to the customer according to their requirements.; ; Wellola is committed to ensuring the continuity of care so is happy to work with both the customer and potentially new suppliers to ensure a seamless transition of patient and other data at the end of a contract.
• End-of-contract process: This process can be facilitated by making a written request to our customer support or account management teams.; ; Wellola is committed to ensuring the continuity of care so is happy to work with both the customer and potentially new suppliers to ensure a seamless transition of patient and other data at the end of a contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The patient-facing aspect of Wellola's platform is available both via a web-based desktop application and iOS and Android mobile applications. ; ; Staff at buyer sites would typically work with the Electronic Patient Record system they are most familiar with and our technology read/writes to/from the patient portal from there.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: Users can set up the service through the API in order to integrate with their incumbent electronic record patient record software systems.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The Wellola platform overall is highly configurable. ; ; Buyers can choose which of the 8 communication modules to implement. These modules cover viewing the patient record; integrating with an EPR via FHIR APIs; Appointment management; Digital Letters; Educational Resource Library; Online Forms & Assessments; Customisable Virtual Care Pathways; Symptom Tracker; Wearables Connectivity; Device Connectivity; Messaging; ; Within each module there are granular access controls/ user permissions and means to personalise communications with patients and service users (e.g. appointment reminders, the content of messaging, the content of educational resources shared etc.).

Scaling

• Independence of resources: We are well resourced from a human resources perspective, supported by a highly experienced clinical, technical and project management team. ; ; We also have the financial capacity to scale on demand, backed by private and state investment.; ; Technically, our system is automated to grow as spikes in user demand for hosting increases. We work with third party software development and information technology operations, Deloitte, who are AWS/Dev Ops experts to ensure the system is optimised from this perspective.; ; From May 2022 we have been live and active in several enterprise level organisations, across the UK and Ireland, all scaled without issue.

Analytics

• Service usage metrics: Yes
• Metrics types: Analytics include: Patient usage (total app download, engagement with features), Clinician Usage (Logins); ; Current metrics (bookings, online bookings, time of bookings, telecare engagement, no shows, reschedules, cancelations, correspondence, invoices/billing, clinic income/ savings). ; ; Customisable analytics available on request
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: In-built exporting and interfacing with medical informatics allows continual export of data. ; ; Users are able to generate reports and facilitate export of data on demand. ; ; Users can request support to manually extract data in any required standard format.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Defined By Client Request
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Defined By Client Request
  • PDF, Word, Excel
  • JPEG, PNG, EPS

Data-in-transit protection

• Data protection between buyer and supplier networks: Private network or public sector network
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.9% uptime, 24/7 availability; ; Our system operates in a highly reliable environment where replacement instances can be rapidly and predictably commissioned. The service runs within Amazon’s proven network infrastructure and data centers. ; ; SLA available at link https://aws.amazon.com/ec2/sla/historical/
• Approach to resilience: Failover/rollover servers offer continual secure backup processes and enable resilience of data. ; ; Round-the-clock third party and in-house monitoring allows for a preventative approach in terms of datacentre management. ; ; Further details available on request.
• Outage reporting: We report any outages via email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: The primary user classes include the following: -; • Systems Administrator ; • Dashboard Setting Administrator (Customer); • Daily Administrator; • Clinician; • Patient; ; Each has their own interface access privilege level, supported by a variety of defined security measures (password protected login, 2-factor authentication, SMS PIN codes etc). The level of security/access is defined by the client requirements.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Certification Europe
• ISO/IEC 27001 accreditation date: July 2020
• What the ISO/IEC 27001 doesn’t cover: Wellola works with a managed service provider with ISO20000 and ISO27001 compliance (Deloitte owned DNM Group- www.dnmgroup.com) who have validated that we have appropriate Technical and Organisational Measures (TOMs) in situ.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Wellola works with Stripe to insure PCI DSS certification
• PCI DSS accreditation date: N/A
• What the PCI DSS doesn’t cover: N/A
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Wellola is registered with the ICO and adheres to the UK General Data Protection Regulation (GDPR) and Data Protection Acts 1998 & 2003, 2018. ; ; We are DCB0129 Compliant and ISO 27001 Certified and our information security policies and processes are guided by this. This, therefore dictates the following:; • Information security policies ; • Organisation of information security ; • Human resource security ; • Asset management ; • Access control ; • Cryptography ; • Physical and environmental security ; • Operations security ; • Communications security ; • System acquisition, development and maintenance ; • Supplier relationships ; • Information security incident management ; • Information security aspects of business continuity management ; • Compliance; with internal requirements, such as policies, and with external requirements, such as legislation.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Any changes related to the product specification or project process are captured by the Project Manager as a Change Control Note (CCN) as per our Change Control Policy.; ; These are then logged as 'Change Requests' and prioritised for implementation; all affected project parameters will be assessed, analyzed for impact and acted upon.; ; The customer is kept informed as the CCN moves from requested to completed, user acceptance tested and signed-off by the customer representative.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: (1) Our IT/Customer Service team review threats on a case by case basis (garnered from suppliers, industry sources, and industry publications); (2) Once alerted they review the threat and identify a plan of action based on industry best practices; (3) Depending on the patch we look to deploy all patches within seven days of release and critical and security patches within 48 hours
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Wellola avails itself of third party 24/7 monitoring that takes advantage of the latest statistical mechanisms and machine learning to provide a premium quality control & risk management service. ; ; As such, we are able to identify abnormal patterns of behaviour quickly and take the appropriate action, thanks to our heterogeneous monitoring and logging systems. ; ; (1) Internal & external monitoring addresses potential compromises on a case by case basis ; (2) Once alerted we review the potential compromise and identify a plan of action based on industry best practices; (3) We respond within 24 hours to incidents of this nature
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: (1) Our approach to incident management consists of the following components: Incident detection and recording, Classification and initial support, Investigation and diagnosis, Resolution and recovery, Incident closure, Ownership, monitoring, tracking and communication; (2) Users report incidents directly to the IT/Customer Service team; (3) Incident reports are provided directly to the relevant client point of contact

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Wellbeing

  Fighting climate change

  Fighting climate change; ; Wellola is fully committed to supporting climate change and reducing carbon emissions. Our platform is designed to reduce travel for healthcare- which, pre COVID represented approximately 5% of all travel in the UK. We run a hybrid (work from home/ office) business and the majority of our work with our clients is remote, saving on the need for travel and reducing our carbon footprint.

  Wellbeing

  Wellbeing; ; The Wellola (www.wellola.com) team believes only the sickest of the sick should be hospitalised and that the future of healthcare is preventative, community-based and supported by digital tools. Ensuring high quality care that is effective, efficient, equitable, accessible and acceptable to patient users underpins all that we do.; ; Wellola's software revolutionises the way hospitals & community-based clinics care for and communicate with their patients. Service users can now self-manage and schedule online appointments, securely receive real-time care via messaging and video consultation, or avail of the other communication tools within Wellola's customer-branded patient-facing platform.; ; Wellola enables connected care through our integrated technology solution. Our patient-facing solution adds value by personalising & enhancing the patient experience, empowering self-management and ensuring care is delivered in the right place, at the right time, by the right person.

Pricing

• Price: £49,995.00 to £225,000.00 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sonia@wellola.com. Tell them what format you need. It will help if you say what assistive technology you use.