Insight

Insight - Novari eRequest

Route and manage any type of request or referral for any type of healthcare service (i.e., endoscopy, diabetes, surgical, ambulatory clinics, palliative care, diagnostic imaging, mental health, etc.).
Configurable software, supporting the coordination of care for various referral workflow use cases at individual hospital trusts, across ICS’s, or clinical networks.

Features

• Know the status and location of every referral in real-time
• Real-time reporting -customisable dashboards provide information and alerts.
• Load balancing through routing to a central intake/hub model
• Integrate with PMS, EPR, and others via FHIR or HL7

Benefits

• Enables mandatory referral data, so referrals are complete and appropriate.
• Updates the referring providers using email and automated mess
• Customised workflows (e.g., intake, triage, routing, etc.) for load balancing.

£105,815 a unit a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at pstenderteam@insight.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

210059097762097

Contact

Public Sector Tender Team
0344 846 3333
pstenderteam@insight.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Bi-weekly code deployments. Transparent to end-users
• System requirements: Running on recent chromium based browsers

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 1-2 hours during regular business hours, 9 to 5 (UK time), Monday to Friday. No weekend coverage. We have incident monitoring in place for key services.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Novari Health offers a structured support framework encompassing various tiers:; Tier 1: Novari Client Administrators deliver Tier 1 support directly to end-users of Novari solutions. They address basic troubleshooting and resolve issues related to desktop, browser, configuration, and networking. This includes tasks such as table maintenance, user access management, and data correction.; Tier 2: Novari Health provides Tier 2 support for advanced troubleshooting and issue resolution. Accessible exclusively by Novari Client Administrators, Tier 2 support involves capturing reported issues and providing tailored troubleshooting steps based on the information provided.; Tier 3: Handled by the Novari professional services team, Tier 3 support focuses on addressing configuration-related issues and optimizing system performance.; Tier 4: Managed by the Novari product engineering team, Tier 4 support addresses complex issues, often related to product functionalities or software bugs. This team leverages their expertise to resolve intricate technical challenges.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We run an implementation project to configure client's system. UAT and role based training is part of the implementation.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Video
• End-of-contract data extraction: Bespoke exports. Client requests data, we provide formatted to their choice.
• End-of-contract process: "Extensions are available.; Otherwise Novari will return and/or destroy data per client's wish."

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: There are no differences. There is an adaptive UI.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Browser based interface.
• Accessibility standards: None or don’t know
• Description of accessibility: Browser based interface can leverage the accessibility functions related to the browser being used.
• Accessibility testing: N/A
• API: Yes
• What users can and can't do using the API: "Users cannot access the API's ; API's are designed for interoperability using ADT, HL7, or FHIR.; "
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: "User Interface and metadata can be adapted to meet clients workflow needs.; Customization during implementation or via change requests post-implementation by Novari implementation services.; Users with elevated privileges can make customizations.; Users can also set profile default settings within predefined options.; "

Scaling

• Independence of resources: "Server resources can be scaled up or down based on demand. Auto-scaling is available.; "

Analytics

• Service usage metrics: Yes
• Metrics types: Volume and status of referrals
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller (no extras)
• Organisation whose services are being resold: Novari Health

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Client requests data, we provide formatted to their choice.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Bacpac or as requested by client
• Data import formats: Other
• Other data import formats:
  • Manual upload of case records
  • Import of data through integrated patient data

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.99% in alignment with Microsoft Azure availability. There is no default refund for failure to meet SLA.
• Approach to resilience: We build and host our services on Microsoft Azure. The resilience of their data centres is the foundation for our products. This includes data replication in secondary geolocation site. Any additional information would be available on request.
• Outage reporting: Email alerts to clients.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Role based access control
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI Canada
• ISO/IEC 27001 accreditation date: 25/03/2020
• What the ISO/IEC 27001 doesn’t cover: N/A All standards and Annex A items apply
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: "Novari Health has an Information Security Management System (ISMS) certified to ISO27001 which is governed by our senior executive team via our ISMS Governance Committee (IGC); which includes our Chief Information Security Officer (CISO) & Chief Technical Officer (CTO), Data Protection Officer (DPO), Chief Executive Office (CEO) and Chairman of the Board, President and others. The IGC meets on a quarterly basis and reports directly to the organisation's Board of Directors. Our information security policies are focused on protecting the confidentiality, integrity and availability (CIA) of the data we own and process. Policies and processes have been created to support our risk-based framework, of which governance, risk management, incident management, business continuity and disaster recovery are core elements. Our policies and procedures fall within the following categories:; - Information Security Policy;; - Human Resources (vetting, employment contracts, discipline, employment termination, annual Information Security Staff Awareness training etc);; - Asset Management (including information and physical asset registers);; - Access Control;; - Change Management;; - Cryptography controls;; - Physical Security;; - Operations Security;; - Communications Security;; - Development and Testing Standard Operating Procedures (SOPs);; - Supplier Management;; - Incident Management;; - Business Continuity and Disaster Recovery;; - Compliance."

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All aspect of configuration and change management are managed under our ISO 27001 guidelines, processes and principles. Novari uses various system to track and manage all config and change programme and follows industry best practices and guidelines at all times.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: All aspect of vulnerability management are managed under our ISO 27001 guidelines, processes and principles. Novari uses various system to track and manage all potential threats and can mobilise quickly to address threats and apply patches. Novari follows industry best practices and guidelines at all times and work with industry leading partners to keep ahead of all information relevant to threat management.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Azure sentinel linked to Better Stack
• Incident management type: Supplier-defined controls
• Incident management approach: Our incident management process is documented and adheres to ISO27001;2013. Incidents are reported via a range of sources e.g. customer, SIEM, internal reporting, and are investigated, contained and managed by our Incident Response Team, major incidents can be escalated to the ISMS Governance Committee (IGC) and all incidents are reviewed on a quarterly basis and reported on at the IGC meetings.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Reducing wait times for services through better resource allocation and prioritization resulting less use of paper and re-processing of information.

  Covid-19 recovery

  Reducing wait times for services through better resource allocation and prioritization resulting in increased operational efficiency and expiditing backlogs.

  Tackling economic inequality

  Reducing wait times for services through better resource allocation and prioritization resulting in transparent access and monitoring for all patients.

  Equal opportunity

  Centralized management of resources improves accessiblity to services and resources across the healthcare domain.

  Wellbeing

  Reducing wait times for services through better resource allocation and prioritization resulting in improved outcomes for patients.

Pricing

• Price: £105,815 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at pstenderteam@insight.com. Tell them what format you need. It will help if you say what assistive technology you use.