Skip to main content

Help us improve the Digital Marketplace - send your feedback

CONCENTRIC HEALTH LTD

Concentric

Concentric is a market-leading digital consent to treatment application trusted by over 30 NHS Trusts. It's proven to support organisations to transition from paper-based informed consent processes to digital consent by default.

Digital consent is sometimes known as econsent, e-consent, or electronic patient consent.

Concentric - easy, reassuring, digital consent.

Features

  • Proven use as default consent process within NHS organisations
  • 2000+ evidence-based templates for treatments across all specialties
  • Montgomery-compliant personalisation of consent information to the individual patient
  • Remote patient access to consent information digitally, with remote consent
  • HL7/FHIR demographics and documents integration, and launch in patient context
  • Single Sign-on via Microsoft Entra ID, NHSmail, or ADFS
  • NHS DTAC, DSPT and Cyber Essentials Plus (CE+) certification
  • DCB0129 compliant clinical safety case and PIF Tick accreditation
  • Administrator access to usage dashboards and management of user accounts
  • Audit trail of patient and clinician actions within consent episodes

Benefits

  • Medicolegal: Reduce form errors and omissions with evidence-based templates
  • Medicolegal: Reduce consent legal cases with improved documentation and transparency
  • Medicolegal: Increase two-stage consent rate with remote consent option
  • Medicolegal: Eliminate lost consent forms with digital access and integration
  • Medicolegal: Reduce wrong-site surgery with improved consent form legibility
  • SDM: Proven to improve shared decision making across the organisation
  • SDM: Patient access to personalised, accessible, understandable information
  • Efficiency: 5-10% reduction in day-of-treatment cancellations and delays
  • Efficiency: 1-minute reduction in administrative clinical time per episode
  • Cost: Health economic analysis demonstrates approximately £1/per consent saving

Pricing

£0.53 to £2.50 a unit

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at support@concentric.health. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

2 5 5 2 4 3 8 3 5 7 0 4 4 2 8

Contact

CONCENTRIC HEALTH LTD Concentric's support team
Telephone: +44 2922 947532
Email: support@concentric.health

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
We perform near-zero downtime deployments, and therefore you should not expect scheduled maintenance downtime except on the rare occasions that a near-zero downtime deployment is not possible. There are no service constraints beyond those outlined in the system requirements.
System requirements
Modern web browser (e.g. Edge, Chrome, or Safari)

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response from Concentric support team within one working day.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Onsite support
Support levels
Service Level Objective (SLO): 99.95% (less than 4.38 hours per year of unavailability). Near-zero downtime deployments except on rare occasions when this is not possible. Downtime is documented in real-time at https://concentric.statuspage.io/.

Organisations contact us via email to inform us of an issue, which is given an issue resolution time depending on severity, from P1 to P5. P1 issues have a resolution time target of 2 working hours.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Having introduced Concentric into several organisations, we have experience supporting a safe, efficient and effective implementation of Concentric as the default consent method. This includes a comprehensive delivery playbook (https://concentric.health/deployment/delivery-playbook/) with project management and clinician-facing resources, technical and integration documentation, and user guides.

A train-the-trainer model is used for clinician onboarding, alongside user guides, videos, and process flows for each group, including read-only users. Train-the-trainer sessions are delivered by the Concentric team and are supplemented by 6-monthly update sessions to trainers due to the continuous improvement of the product.

An onboarding guide is shared with each clinical user at account setup and can be hosted by Concentric or locally. These are made bespoke for each deployment, including any local considerations, such as the integrations in place, support details, test patient details, relevant policies, and business continuity processes.

In addition to training materials, project management teams and clinicians have access to the Concentric support team to aid with onboarding queries and ongoing support.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
The buyer is the data controller and therefore has the right to access to all data at contract end. Data is transferred securely to the buyer as both consent episode metadata and the associated consent form PDFs.

Following data extraction, a process of data deletion occurs. At a high level, the approach taken is that all data is stored encrypted at rest and that on deletion encryption keys are first deleted ensuring that data is unreadable (cryptographic erasure), with the physical data later deleted and over time expired from backup systems. Additionally at end of life drives are securely sanitised.
End-of-contract process
There is no additional fee for a standard data extract. Where required, other extracts are chargeable at commercial rates.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
All functionality is available across mobile and desktop with responsive web design.
Service interface
No
User support accessibility
WCAG 2.1 AA or EN 301 549
API
Yes
What users can and can't do using the API
Our technical team have significant experience integrating with NHS systems, with local integrations in place across 30 NHS Trusts, as well as national infrastructure integrations including the NHS FHIR PDS API (Spine), NHS CIS2 Authentication, and NHSmail. Details regarding integration approaches are outlined at https://concentric.health/deployment/technical/integration/.

As part of all G Cloud 14 deployments, Concentric Health will support the buyer to put in place the following integrations: patient demographic query, document ingestion, single sign-on, and launch in the patient context from EHR. Integration documentation and support are provided by Concentric Health.
API documentation
Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Buyers can customise the service in the following areas: white-labelling, integration metadata passed, content and patient information links customisation, additional consent modules, and reporting dashboard queries.

White-labelling: The organisation name and branding are used across key areas of the application and email/SMS notifications.

Integration metadata: The organisation can state which patient identifier(s) they wish to use and show in the UI, and can state what metadata to pass with the document integration so that key information (e.g treatment name) can be shown at a glance.

Content and patient information link customisation: Where local updates are required to the Concentric ontology these can be requested and are done in collaboration with the Concentric team.

Reporting dashboard queries: If there are queries that would be useful to present within the admin dashboard area these can be requested.

Scaling

Independence of resources
Monitoring data is collected for early warning of increased demand and the system is designed to scale horizontally. The system operates with significant headroom and demand for this service is inherently predictable.

Analytics

Service usage metrics
Yes
Metrics types
Our admin application is where user accounts can be managed, and a dashboard of the organisation’s use of Concentric can be explored and exported. Full details regarding usage metrics within the admin application are shared at https://concentric.health/deployment/delivery-playbook/usage-metrics/. Metrics include recent usage and trends of usage over time and by specialty, a breakdown of usage patterns for each clinician, in-app patient feedback, episode lists, and a list of users with access. Data for each graph or database can be exported in .csv, .xlsx, or .json formats.
Reporting types
  • Real-time dashboards
  • Regular reports

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Consent form PDFs can be downloaded by users from within the application. Admin users can export raw data for all reporting dashboards, and request individual episodes' audit trails.
Data export formats
  • CSV
  • Other
Other data export formats
  • XLSX
  • JSON
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Service Level Objective (SLO): 99.95% (less than 4.38 hours per year of unavailability). Near-zero downtime deployments except on rare occasions when this is not possible. Downtime is documented in real-time at https://concentric.statuspage.io/.
Approach to resilience
Automatic failover is configured to handle all server failures, which is designed to cause less than 5 minutes of unavailability. The system is designed to not need any scheduled maintenance. Near-zero downtime deployments of new application code are done. Concentric is designed to be resilient to a single data center failure within a region.

Data recovery processes are in place, in the unlikely event of total system failure:
- Database backups can be used in the case of total system failure. This scenario is not anticipated and would be a manual operation taken as a last resort.
- Configuration management system is used to configure all cloud services and hosts, allowing rapid total replacement of cloud infrastructure in the case of total failure.

Database backups are taken daily and stored for 28 days.
Outage reporting
A public statuspage is maintained to report any incidents. Email alerts can be subscribed to for any incident updates posted to the statuspage.

Periodic monitoring of the system results in automatic notification to a human in the case of over 5 minutes of system unavailability. Tenants are provided with a company operational and technical contact for use in an emergency, with emergency support available 24/7/365.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Concentric infrastructure: Security critical services are only accessible to a subset of the engineering team, at the CTO's discretion. Access is protected by cryptographic controls.

Tenant administration interface: Role-based administration access with 2-factor authentication.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
  • NHS Digital - Data Security and Protection Toolkit
  • NHS Digital Technology Assessment Criteria (DTAC)
  • NHS Digital DCB0129 clinical safety standard

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
Cyber Essentials Plus.
NHS Digital Data Security and Protection Toolkit.
NHS Digital Technology Assessment Criteria (DTAC).
Information security policies and processes
The Chief Technical Officer and Data Protection Officer have overall responsibility for information security at Concentric Health.

Concentric is compliant and undertakes annual recertification with NHS Digital's Data Security and Protection Toolkit (DSPT) and Cyber Essentials Plus. In addition, independent penetration testing is done annually. Covering both clinical safety and elements of information security, Concentric Health also maintains compliance with NHS Digital DCB0129 clinical safety standards.

Policies and documentation include all those required as part of the Information Security Management System for ISO27001 certification.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Software releases are done every few weeks with release notes made available following each release at https://concentric.health/using-concentric/release-notes/. Before each release, both manual and automated end-to-end quality assurance testing is undertaken. Before a release is deployed, the Chief Technical Officer and Clinical Safety Officer must approve the release. Clinical safety and security impacts are considered as part of any release to ensure ongoing compliance with NHS Digital DSPT, NHS Digital DCB0129, and Cyber Essentials Plus standards.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Concentric is hosted on Linux VMs which receive automatic patch updates.

Application code runs within containers which depend upon a small number of official base images. As part of our regular release process, containers are continually rebuilt using updated base images.

Automatic pull requests are created and reviewed for all application code dependency updates. Security updates are sent to designated individuals. Our policy is to deploy security-related updates within 2 weeks, or sooner if deemed necessary by our Chief Technical Officer.

Security vulnerabilities may be responsibly disclosed to security@concentric.health.

Independent penetration testing is done annually to assess for potential threats.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Log data is collected centrally and monitored for signs of unusual activity.

Application logging is carefully designed to log unusual activity at warn level or above. The rate of such logs is monitored to provide an early warning signal.

Internally services are designed along zero-trust principles. This prevents a single compromised component from allowing access to other information.

Internal authentication is by way of signed authentication tokens. The private keys underlying these tokens can be replaced in case of a suspected breach which will invalidate all existing tokens and cause all users to become immediately logged out.
Incident management type
Supplier-defined controls
Incident management approach
Concentric Health is committed to managing and reporting incidents in a transparent and robust way.

Periodic monitoring of the system results in automatic notification to a human in the case of over 5 minutes of system unavailability. System status is reported in real-time and notification of any status updates is sent to all subscribers with incident details.

Tenants are provided with a company operational and technical contact for use in an emergency, with emergency support available 24/7. Root cause analysis investigations are undertaken in response to failure.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

As an organisation, we are committed to supporting net zero efforts both in our activities as a company and through the impact of the products we develop.

We are involved in a specific NHS/SBRI-backed project to support the NHS to reach net zero by 2040 (with an ambition to reach an 80% reduction by 2028 to 2032). The project explores the feasibility of introducing carbon data to support patient-clinician shared decision making conversations.

The report for this project is available in our insight toolkit (https://concentric.health/assets/img/resources/net-zero-insight-toolkit.pdf), while the key findings were published in The Bulletin of the Royal College of Surgeons of England.

The core Concentric product reduces the carbon impact of healthcare, both by remote consent functionality reducing the number of in-person outpatient appointments required and the removal of paper use in the consent process.

Where possible, we use carbon-neutral providers in our supply chain, such as Google, for our cloud hosting. Google is carbon neutral today, but aiming higher: their goal is to run on carbon-free energy, 24/7, at all their data centres by 2030.

Covid-19 recovery

Digital-first elective care pathways are crucial for healthcare organisations recovering from the COVID-19 pandemic, particularly concerning the surgical backlog. Concentric and other digital consent / econsent applications are vital in enabling digital-first elective care pathways, particularly with remote consent. The NHS features Concentric as a tool to support COVID-19 recovery.

We have been responsive to the needs of our partner organisations during the pandemic and secured Welsh Government and Innovate UK grant funding to deliver projects to support the initial response to and recovery from the pandemic.

Tackling economic inequality

Concentric Health is a health technology startup / SME (small/medium-sized enterprise) based in Wales. Founded and based in Wales, the Company has created job opportunities in Wales and has led to international inward investment.

Since 2019, Concentric Health has been hiring team members in the high-growth digital health sector. Our recruitment practices and employment conditions aim to follow the Good Work Plan’s foundational principles of quality work: fair pay, participation and progression, voice and autonomy. We support workforce development by training existing employees and medical and technical student placements with Cardiff University.

We aim to support other SMEs across the UK and, by doing so, increase supply chain resilience and capacity. Examples include our use of co-working spaces across the UK and our Cyber security partner Pen Test Partners.

We are willing to commit 1% of any Concentric Health contract revenue to support communities local to the contracting healthcare organisation. Support decisions will be made collaboratively with the healthcare organisation.

Equal opportunity

Concentric Health is committed to encouraging equality, diversity and inclusion among our workforce, and eliminating unlawful discrimination. The aim is for our workforce to be truly representative of all sections of society and our customers, and for each employee to feel respected and able to give their best. The organisation - in providing goods and/or services and/or facilities - is also committed against unlawful discrimination of customers or the public.

We publicly commit to:

(a) Encourage equality, diversity and inclusion in the workplace as they are good practice and make business sense.
(b) Create a working environment free of bullying, harassment, victimisation and unlawful discrimination, promoting dignity and respect for all, and where individual differences and the contributions of all staff are recognised and valued.
(c) Take seriously complaints of bullying, harassment, victimisation and unlawful discrimination by fellow employees, customers, suppliers, visitors, the public and any others in the course of the organisation’s work activities.
(d) Make opportunities for training, development and progress available to all staff, who will be helped and encouraged to develop their full potential, so their talents and resources can be fully utilised to maximise the efficiency of the organisation.
(e) Make decisions concerning staff being based on merit (apart from in any necessary and limited exemptions and exceptions allowed under the Equality Act).
(f) Review employment practices and procedures when necessary to ensure fairness, and also update them and the policy to take account of changes in the law.
(g) Monitor the make-up of the workforce regarding information such as age, sex, ethnic background, sexual orientation, religion or belief, and disability in encouraging equality, diversity and inclusion, and in meeting the aims and commitments set out in the equality, diversity and inclusion policy.

Wellbeing

We are committed to supporting mental health in the workplace, implementing the six standards of the ‘Mental Health at Work commitment’:

(a) Prioritise mental health in the workplace by developing and delivering a systematic programme of activity.
(b) Proactively ensure work design and organisational culture drive positive mental health outcomes.
(c) Promote an open culture around mental health.
(d) Increase organisational confidence and capability.
(e) Provide mental health tools and support.
(f) Increase transparency and accountability through internal and external reporting.

In addition, we commit to providing paid-for volunteering time for all staff, to support community-led initiatives or good causes of significance to the individual.

Pricing

Price
£0.53 to £2.50 a unit
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
A free trial is offered to NHS organisations as per https://concentric.health/pricing/. This can be for up to 2,000 episodes over 12 months, includes full functionality and updates, and where demographic integrations can be completed using modern standards, demographic integration is included at no cost.
Link to free trial
https://concentric.health/pricing/

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at support@concentric.health. Tell them what format you need. It will help if you say what assistive technology you use.