Proxximos Limited

Proxximos Safer Care

Proxximos combats the harmful and costly spread of communicable disease in hospitals through our next generation digital contact tracing solution. Healthcare settings are then safer for patients & staff whilst saving time and money. Our hyper precise location solution also delivers integrated, cost effective and real-time bed & asset tracking.

Features

• Real time precise contact tracing data
• Live infection & pathogen risk displayed to staff
• Real-time staff location data
• Real-time, precise location of assets
• Real-time alerts if patients leave defined area
• Real-time alerts if assets leave defined area
• Real-time location triggers into EPR
• Real-time patient location

Benefits

• More rapid implementation of Infection Control measures saves money
• Automating current manual contact tracing workloads saves time
• Improve staff utilization & efficiencies (surgery, portering etc)
• Reduce time searching for critical medical devices improving patient safety
• Early warning of a wandering patient improving patient safety
• Locate medical devices or assets that are lost or stolen
• EPR Workflow Automation reducing clerical inputs saving money
• Improve patient flow & optimise complex care pathways
• Improved patient flow through real-time bed tracking & location

£16.81 to £20.56 a device a month

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at martin.pipe@proxximos.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

250201660140453

Contact

Mr Martin Pipe
07976701491
martin.pipe@proxximos.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: The Proxximos system works by providing staff, patients & assets with a wearable device. The staff wearable is their NHS pass holder. The patient wearable can be worn on the wrist attached to their patient ID band. Hubs are located every ward, can then see the wearables. This data is then used to measure the precise location of the wearables every 10 seconds to 25cm accuracy. The Proxximos system needs to access the hospital WIFI network in order to get the location data out to the cloud. Wearables also need to be charged every few weeks.
• System requirements:
  • Access to a WIFI network with Internet access
  • Continuous mains power for the hubs
  • Ad hoc access to mains sockets for charging wearables
  • Devices with web browsers to access the webapp

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our standard support desk hours are 9am to 5pm Monday to Friday excluding bank holidays. We will immediately reply to confirm receipt of an email or online support ticket with a unique call reference. Responses are aimed to be made within 60 minutes of receipt during standard office hours only.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 A
• Web chat accessibility testing: None so far. We commit to have tested this with users of assistive technology as required
• Onsite support: Yes, at extra cost
• Support levels: We have a full support package included within our subscription service for all customers and then have 4 different priority levels of calls/incidents within the package:; P1’s cover critical support calls with a target response time of 30 minutes and target resolution time of 30 minutes; P2’s cover high priority support calls with a target response time of 60 minutes and target resolution time of 1 business day; P3’s cover moderate priority support calls with a target response time of 4 business hours and target resolution time of 2 business days; P4’s cover low priority support calls with a target response time of 6 business hours and target resolution time of 5 business days; We provide a named customer success manager (as part of our service) to ensure our system is used effectively and working as it should.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Proxximos will provide full support for the successful onboarding to all our customers. We provide onsite training for management and super users of the systems. We also provide 1 onsite go live training session for all staff (this is delivered onsite and can be streamed using a TEAM's call and recorded for those unable to attend). Our go live session will include how users can access the system, navigate & use the webapp features, see alerts, log activity, change and edit settings (where permission levels allow) and log support calls. We will also advise how reports can be generated and the systems tested. We will provide post launch monitoring to ensure the systems continues to be used and embedded.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: The core data in the Proxximos system relates to real-time location of people or assets. Trusts are the data controller for this data and Proxximos can provide the data to the Trust if required at the end of the contract. Noting that this is a large and historic data set it is unlikely customers may request this.
• End-of-contract process: At the end of the contract Proxximos will agree with the customer how best to off-board the service. This will include returning and/or deletion of customer data that Proxximos may hold following adherence to GDPR guidelines. We will agree a date from which access to the webapp will be discontinued. The price of the service includes the closure of access to the WebApp and Proxximos collecting all the wearable devices and hubs.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: There are no functionality differences between the mobile & desktop service but the screen is resized and layout optimized for the screen size of the specific mobile device being used
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: We provide a WebApp for users and we can also provide open API's (Application Programming Interfaces) access for other service providers presentation layers (interfaces)
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: None so far. We commit to have tested this with users of assistive technology as required
• API: Yes
• What users can and can't do using the API: The Proxximos systems comes with a WebApp interface. This is drawing data from our open API’s. Proxximos can make these API’s available to other service providers or users as required. Users with Administrator-level access can create new administration/API users through an API call. API calls exist for various functions including creating/deleting users, adding/removing wearables, logging infection data, retrieving exposure data, and other functionality. The initial Administrator user must be created by Proxximos.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Proxximos is designed to be highly configured for the individual NHS Trust requirement. Where multiple Trust’s require new features or customizations Proxximos would evolve the service offering accordingly.

Scaling

• Independence of resources: Our service is based in scalable AWS services and these scale as demand changes thus mitigating any such impact.; Our tracking devices need WIFI to send data to AWS but the data is low volume and not anticipated to impact other WIFI services

Analytics

• Service usage metrics: Yes
• Metrics types: Usage data for users. ; System health metrics (e.g. devices registered but not seen etc)
• Reporting types:
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Regular service users can export data as reports in PDF format. Proxximos can provide API access or customized data exports to more specialist users.
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Our commitment to availability surpasses industry standards, ensuring five nines (99.999%) uptime for our services. This excludes scheduled (out of hours) downtime. Backed by robust Service Level Agreements (SLAs), we guarantee this level of availability to our users. In the rare event that we fall short of our promised uptime, our SLAs detail clear refund processes to compensate affected users. This includes prorated refunds based on the duration and severity of the outage, demonstrating our accountability and dedication to customer satisfaction. Our meticulous monitoring and proactive mitigation strategies minimize the risk of downtime, reinforcing our promise of uninterrupted service delivery. With our stringent SLAs and relentless focus on reliability, users can trust in our platform's stability to support their mission-critical operations without compromise.
• Approach to resilience: Our service is crafted to ensure resilience, employing industry-standard techniques to fortify against potential disruptions. High Availability (HA) is a cornerstone, achieved through redundant components distributed across multiple Availability Zones (AZs). We leverage AWS Auto Scaling to dynamically adjust resources in response to demand fluctuations, ensuring consistent performance even during peak loads. Load balancing further enhances reliability by distributing traffic evenly across instances.; Data durability is paramount, supported by Amazon S3's eleven 9s of durability. ; Regarding data centre setup resilience, we leverage AWS’ best practices outlined in the government's Cloud Security Principle on Asset Protection and Resilience. While specific details are not public, comprehensive information can be provided upon request, demonstrating our commitment to transparency and security.; In summary, our service architecture prioritizes resilience at every layer, empowering customers to confidently navigate any operational challenges with peace of mind.
• Outage reporting: Notifications are given for any planned outages via email, and any unexpected outages are notified via email upon discovery.

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: User-level fine-grained access controls provide administrative permissions only to authorised users. Support/feedback mechanisms are available to all users, but data protection rules are enforced so that sensitive information is not available outside of administrative channels/users.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials
• Information security policies and processes: Regular audits and assessments validate compliance with established policies, supplemented by ongoing employee training to reinforce security protocols. We employ robust technologies, including intrusion detection systems and encryption mechanisms, to fortify our defences against potential breaches. Incident response protocols enable swift and coordinated action in the event of security incidents, minimizing impact and facilitating rapid recovery.; Furthermore, our governance framework includes regular review and updates to policies and procedures, ensuring alignment with evolving regulatory requirements and emerging threats. By integrating security into every aspect of our operations and fostering a culture of continuous improvement, we uphold the highest standards of information security to protect our assets and those of our customers.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our configuration and change management processes leverage Agile methodologies and GitHub workflows. Each component is tracked via version control, allowing for traceability throughout its lifecycle. Changes undergo thorough code review, with security impact assessments integrated into our automated testing pipelines including third-party vulnerability scanning. Continuous monitoring ensures rapid detection and response to any deviations, maintaining the integrity and security of our services.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Software patches are applied based on security advisories reported on: The US National Vulnerability database, Npm Security advisories database, FriendsOfPHP database, Go Vulncheck database, Python Packaging Advisory database, Ruby Advisory database, RustSec advisory database. ; ; Security risk is scored using the Common Vulnerability Scoring System (CVSS). Critical and High patches are applied within 24 hours with Medium and Low patches applied within 48 hours. OS vulnerability analysis is based on data from the US National Vulnerability database and scored using the CVSS. Patches and minor OS upgrades are applied automatically by AWS Systems Manager Patch Manager nightly for all CVSS scores.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We proactively identify potential compromises through continuous monitoring and anomaly detection. Upon detection, we swiftly initiate our incident response protocol, isolating affected systems and launching forensic analysis. Our rapid response aims to contain and mitigate the impact, with critical incidents addressed within minutes and comprehensive resolution within hours.
• Incident management type: Supplier-defined controls
• Incident management approach: While not formally on SSAE-18 standards, we broadly comply with pre-defined processes for common events, ensuring consistency and efficiency. Users report incidents via designated channels including web-app based feedback and telephone, facilitating prompt response and resolution. Incident reports are provided through secure channels, detailing the event, its impact, and mitigation measures, in alignment with SSAE-18 guidelines.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  As Proxximos enables data driven targeted intervention we help with; reducing the environmental impact associated with the production, transportation, and disposal of medical supplies and equipment. We support localised & targeting testing campaigns, minimizing unnecessary waste in areas where the risk is relatively lower and only targeting the distribution of PPE to specific locations or high-risk individuals (as such wasteful and unnecessary use of PPE can be minimized). As Proxximos provides real-time cloud-based data we eliminate the need for the traditional manual contact tracing methods involving physical paperwork, forms, and in-person interviews therefore minimising paper waste and associated carbon emissions. Trust wide data dashboards allows IPC teams to manage multiple locations from 1 location supporting both remote work and reduced travel. Healthcare teams can provide contact tracing insight and also monitor movement of individuals without requiring physical meetings or visits thus reducing emissions.

  Covid-19 recovery

  Having a digital contact tracing solution in place in hospitals (and care homes) ahead of any future pandemic will prepare and mitigate for any such future eventuality. By customers investing with us as part of Covid-19 recovery (and supporting our business growth) we will have a tested solution in place that can contain future covid-19 variants of concern as well as other infectious disease risks such as Marberg, Nipah, MERS, Ebola, SARS, Lassa Fever, Disease X and the like.

  Tackling economic inequality

  Proxximos can provide valuable data on the geographic areas with higher transmission risks. By then focusing resources where they are most needed, Proxximos helps mitigate the impact of the disease on marginalized communities with economic inequality and areas with more limited access to healthcare.

  Equal opportunity

  Proxximos supports vulnerable populations and can be particularly beneficial for the elderly or individuals with underlying health conditions. ; By quickly identifying and notifying individuals who may have been exposed to a contagious disease, it helps protect those who are at higher risk.; We demonstrate a commitment to social responsibility by prioritizing the well-being of the most vulnerable members of society.

  Wellbeing

  Employee well-being and safety: Implementing Proxximos in a hospital or workplace can help protect employees' health and safety. Proxximos helps create a safer work environment by minimizing infection spread. It fosters a greater sense of well-being among employees who may have underlying health conditions or family members who could be susceptible. ; By being aware of potential infection exposure risks, people may adopt preventive measures, such as maintaining physical distancing, practicing good hand hygiene, and following safety guidelines. These measures, when combined with Proxximos’ surveillance software, can help reduce the overall transmission rate of a disease and thus improve wellbeing on many fronts.

Pricing

• Price: £16.81 to £20.56 a device a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at martin.pipe@proxximos.com. Tell them what format you need. It will help if you say what assistive technology you use.