Concentric
Concentric is a market-leading digital consent to treatment application trusted by over 30 NHS Trusts. It's proven to support organisations to transition from paper-based informed consent processes to digital consent by default.
Digital consent is sometimes known as econsent, e-consent, or electronic patient consent.
Concentric - easy, reassuring, digital consent.
Features
- Proven use as default consent process within NHS organisations
- 2000+ evidence-based templates for treatments across all specialties
- Montgomery-compliant personalisation of consent information to the individual patient
- Remote patient access to consent information digitally, with remote consent
- HL7/FHIR demographics and documents integration, and launch in patient context
- Single Sign-on via Microsoft Entra ID, NHSmail, or ADFS
- NHS DTAC, DSPT and Cyber Essentials Plus (CE+) certification
- DCB0129 compliant clinical safety case and PIF Tick accreditation
- Administrator access to usage dashboards and management of user accounts
- Audit trail of patient and clinician actions within consent episodes
Benefits
- Medicolegal: Reduce form errors and omissions with evidence-based templates
- Medicolegal: Reduce consent legal cases with improved documentation and transparency
- Medicolegal: Increase two-stage consent rate with remote consent option
- Medicolegal: Eliminate lost consent forms with digital access and integration
- Medicolegal: Reduce wrong-site surgery with improved consent form legibility
- SDM: Proven to improve shared decision making across the organisation
- SDM: Patient access to personalised, accessible, understandable information
- Efficiency: 5-10% reduction in day-of-treatment cancellations and delays
- Efficiency: 1-minute reduction in administrative clinical time per episode
- Cost: Health economic analysis demonstrates approximately £1/per consent saving
Pricing
£0.53 to £2.50 a unit
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
2 5 5 2 4 3 8 3 5 7 0 4 4 2 8
Contact
CONCENTRIC HEALTH LTD
Concentric's support team
Telephone: +44 2922 947532
Email: support@concentric.health
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- We perform near-zero downtime deployments, and therefore you should not expect scheduled maintenance downtime except on the rare occasions that a near-zero downtime deployment is not possible. There are no service constraints beyond those outlined in the system requirements.
- System requirements
- Modern web browser (e.g. Edge, Chrome, or Safari)
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Response from Concentric support team within one working day.
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Onsite support
- Support levels
-
Service Level Objective (SLO): 99.95% (less than 4.38 hours per year of unavailability). Near-zero downtime deployments except on rare occasions when this is not possible. Downtime is documented in real-time at https://concentric.statuspage.io/.
Organisations contact us via email to inform us of an issue, which is given an issue resolution time depending on severity, from P1 to P5. P1 issues have a resolution time target of 2 working hours. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
Having introduced Concentric into several organisations, we have experience supporting a safe, efficient and effective implementation of Concentric as the default consent method. This includes a comprehensive delivery playbook (https://concentric.health/deployment/delivery-playbook/) with project management and clinician-facing resources, technical and integration documentation, and user guides.
A train-the-trainer model is used for clinician onboarding, alongside user guides, videos, and process flows for each group, including read-only users. Train-the-trainer sessions are delivered by the Concentric team and are supplemented by 6-monthly update sessions to trainers due to the continuous improvement of the product.
An onboarding guide is shared with each clinical user at account setup and can be hosted by Concentric or locally. These are made bespoke for each deployment, including any local considerations, such as the integrations in place, support details, test patient details, relevant policies, and business continuity processes.
In addition to training materials, project management teams and clinicians have access to the Concentric support team to aid with onboarding queries and ongoing support. - Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
-
The buyer is the data controller and therefore has the right to access to all data at contract end. Data is transferred securely to the buyer as both consent episode metadata and the associated consent form PDFs.
Following data extraction, a process of data deletion occurs. At a high level, the approach taken is that all data is stored encrypted at rest and that on deletion encryption keys are first deleted ensuring that data is unreadable (cryptographic erasure), with the physical data later deleted and over time expired from backup systems. Additionally at end of life drives are securely sanitised. - End-of-contract process
- There is no additional fee for a standard data extract. Where required, other extracts are chargeable at commercial rates.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- All functionality is available across mobile and desktop with responsive web design.
- Service interface
- No
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- API
- Yes
- What users can and can't do using the API
-
Our technical team have significant experience integrating with NHS systems, with local integrations in place across 30 NHS Trusts, as well as national infrastructure integrations including the NHS FHIR PDS API (Spine), NHS CIS2 Authentication, and NHSmail. Details regarding integration approaches are outlined at https://concentric.health/deployment/technical/integration/.
As part of all G Cloud 14 deployments, Concentric Health will support the buyer to put in place the following integrations: patient demographic query, document ingestion, single sign-on, and launch in the patient context from EHR. Integration documentation and support are provided by Concentric Health. - API documentation
- Yes
- API documentation formats
-
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
Buyers can customise the service in the following areas: white-labelling, integration metadata passed, content and patient information links customisation, additional consent modules, and reporting dashboard queries.
White-labelling: The organisation name and branding are used across key areas of the application and email/SMS notifications.
Integration metadata: The organisation can state which patient identifier(s) they wish to use and show in the UI, and can state what metadata to pass with the document integration so that key information (e.g treatment name) can be shown at a glance.
Content and patient information link customisation: Where local updates are required to the Concentric ontology these can be requested and are done in collaboration with the Concentric team.
Reporting dashboard queries: If there are queries that would be useful to present within the admin dashboard area these can be requested.
Scaling
- Independence of resources
- Monitoring data is collected for early warning of increased demand and the system is designed to scale horizontally. The system operates with significant headroom and demand for this service is inherently predictable.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Our admin application is where user accounts can be managed, and a dashboard of the organisation’s use of Concentric can be explored and exported. Full details regarding usage metrics within the admin application are shared at https://concentric.health/deployment/delivery-playbook/usage-metrics/. Metrics include recent usage and trends of usage over time and by specialty, a breakdown of usage patterns for each clinician, in-app patient feedback, episode lists, and a list of users with access. Data for each graph or database can be exported in .csv, .xlsx, or .json formats.
- Reporting types
-
- Real-time dashboards
- Regular reports
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Staff screening not performed
- Government security clearance
- None
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- Other locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Consent form PDFs can be downloaded by users from within the application. Admin users can export raw data for all reporting dashboards, and request individual episodes' audit trails.
- Data export formats
-
- CSV
- Other
- Other data export formats
-
- XLSX
- JSON
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- Service Level Objective (SLO): 99.95% (less than 4.38 hours per year of unavailability). Near-zero downtime deployments except on rare occasions when this is not possible. Downtime is documented in real-time at https://concentric.statuspage.io/.
- Approach to resilience
-
Automatic failover is configured to handle all server failures, which is designed to cause less than 5 minutes of unavailability. The system is designed to not need any scheduled maintenance. Near-zero downtime deployments of new application code are done. Concentric is designed to be resilient to a single data center failure within a region.
Data recovery processes are in place, in the unlikely event of total system failure:
- Database backups can be used in the case of total system failure. This scenario is not anticipated and would be a manual operation taken as a last resort.
- Configuration management system is used to configure all cloud services and hosts, allowing rapid total replacement of cloud infrastructure in the case of total failure.
Database backups are taken daily and stored for 28 days. - Outage reporting
-
A public statuspage is maintained to report any incidents. Email alerts can be subscribed to for any incident updates posted to the statuspage.
Periodic monitoring of the system results in automatic notification to a human in the case of over 5 minutes of system unavailability. Tenants are provided with a company operational and technical contact for use in an emergency, with emergency support available 24/7/365.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Access restrictions in management interfaces and support channels
-
Concentric infrastructure: Security critical services are only accessible to a subset of the engineering team, at the CTO's discretion. Access is protected by cryptographic controls.
Tenant administration interface: Role-based administration access with 2-factor authentication. - Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- Between 1 month and 6 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
-
- NHS Digital - Data Security and Protection Toolkit
- NHS Digital Technology Assessment Criteria (DTAC)
- NHS Digital DCB0129 clinical safety standard
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- Other
- Other security governance standards
-
Cyber Essentials Plus.
NHS Digital Data Security and Protection Toolkit.
NHS Digital Technology Assessment Criteria (DTAC). - Information security policies and processes
-
The Chief Technical Officer and Data Protection Officer have overall responsibility for information security at Concentric Health.
Concentric is compliant and undertakes annual recertification with NHS Digital's Data Security and Protection Toolkit (DSPT) and Cyber Essentials Plus. In addition, independent penetration testing is done annually. Covering both clinical safety and elements of information security, Concentric Health also maintains compliance with NHS Digital DCB0129 clinical safety standards.
Policies and documentation include all those required as part of the Information Security Management System for ISO27001 certification.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Software releases are done every few weeks with release notes made available following each release at https://concentric.health/using-concentric/release-notes/. Before each release, both manual and automated end-to-end quality assurance testing is undertaken. Before a release is deployed, the Chief Technical Officer and Clinical Safety Officer must approve the release. Clinical safety and security impacts are considered as part of any release to ensure ongoing compliance with NHS Digital DSPT, NHS Digital DCB0129, and Cyber Essentials Plus standards.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
Concentric is hosted on Linux VMs which receive automatic patch updates.
Application code runs within containers which depend upon a small number of official base images. As part of our regular release process, containers are continually rebuilt using updated base images.
Automatic pull requests are created and reviewed for all application code dependency updates. Security updates are sent to designated individuals. Our policy is to deploy security-related updates within 2 weeks, or sooner if deemed necessary by our Chief Technical Officer.
Security vulnerabilities may be responsibly disclosed to security@concentric.health.
Independent penetration testing is done annually to assess for potential threats. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
Log data is collected centrally and monitored for signs of unusual activity.
Application logging is carefully designed to log unusual activity at warn level or above. The rate of such logs is monitored to provide an early warning signal.
Internally services are designed along zero-trust principles. This prevents a single compromised component from allowing access to other information.
Internal authentication is by way of signed authentication tokens. The private keys underlying these tokens can be replaced in case of a suspected breach which will invalidate all existing tokens and cause all users to become immediately logged out. - Incident management type
- Supplier-defined controls
- Incident management approach
-
Concentric Health is committed to managing and reporting incidents in a transparent and robust way.
Periodic monitoring of the system results in automatic notification to a human in the case of over 5 minutes of system unavailability. System status is reported in real-time and notification of any status updates is sent to all subscribers with incident details.
Tenants are provided with a company operational and technical contact for use in an emergency, with emergency support available 24/7. Root cause analysis investigations are undertaken in response to failure.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
As an organisation, we are committed to supporting net zero efforts both in our activities as a company and through the impact of the products we develop.
We are involved in a specific NHS/SBRI-backed project to support the NHS to reach net zero by 2040 (with an ambition to reach an 80% reduction by 2028 to 2032). The project explores the feasibility of introducing carbon data to support patient-clinician shared decision making conversations.
The report for this project is available in our insight toolkit (https://concentric.health/assets/img/resources/net-zero-insight-toolkit.pdf), while the key findings were published in The Bulletin of the Royal College of Surgeons of England.
The core Concentric product reduces the carbon impact of healthcare, both by remote consent functionality reducing the number of in-person outpatient appointments required and the removal of paper use in the consent process.
Where possible, we use carbon-neutral providers in our supply chain, such as Google, for our cloud hosting. Google is carbon neutral today, but aiming higher: their goal is to run on carbon-free energy, 24/7, at all their data centres by 2030.Covid-19 recovery
Digital-first elective care pathways are crucial for healthcare organisations recovering from the COVID-19 pandemic, particularly concerning the surgical backlog. Concentric and other digital consent / econsent applications are vital in enabling digital-first elective care pathways, particularly with remote consent. The NHS features Concentric as a tool to support COVID-19 recovery.
We have been responsive to the needs of our partner organisations during the pandemic and secured Welsh Government and Innovate UK grant funding to deliver projects to support the initial response to and recovery from the pandemic.Tackling economic inequality
Concentric Health is a health technology startup / SME (small/medium-sized enterprise) based in Wales. Founded and based in Wales, the Company has created job opportunities in Wales and has led to international inward investment.
Since 2019, Concentric Health has been hiring team members in the high-growth digital health sector. Our recruitment practices and employment conditions aim to follow the Good Work Plan’s foundational principles of quality work: fair pay, participation and progression, voice and autonomy. We support workforce development by training existing employees and medical and technical student placements with Cardiff University.
We aim to support other SMEs across the UK and, by doing so, increase supply chain resilience and capacity. Examples include our use of co-working spaces across the UK and our Cyber security partner Pen Test Partners.
We are willing to commit 1% of any Concentric Health contract revenue to support communities local to the contracting healthcare organisation. Support decisions will be made collaboratively with the healthcare organisation.Equal opportunity
Concentric Health is committed to encouraging equality, diversity and inclusion among our workforce, and eliminating unlawful discrimination. The aim is for our workforce to be truly representative of all sections of society and our customers, and for each employee to feel respected and able to give their best. The organisation - in providing goods and/or services and/or facilities - is also committed against unlawful discrimination of customers or the public.
We publicly commit to:
(a) Encourage equality, diversity and inclusion in the workplace as they are good practice and make business sense.
(b) Create a working environment free of bullying, harassment, victimisation and unlawful discrimination, promoting dignity and respect for all, and where individual differences and the contributions of all staff are recognised and valued.
(c) Take seriously complaints of bullying, harassment, victimisation and unlawful discrimination by fellow employees, customers, suppliers, visitors, the public and any others in the course of the organisation’s work activities.
(d) Make opportunities for training, development and progress available to all staff, who will be helped and encouraged to develop their full potential, so their talents and resources can be fully utilised to maximise the efficiency of the organisation.
(e) Make decisions concerning staff being based on merit (apart from in any necessary and limited exemptions and exceptions allowed under the Equality Act).
(f) Review employment practices and procedures when necessary to ensure fairness, and also update them and the policy to take account of changes in the law.
(g) Monitor the make-up of the workforce regarding information such as age, sex, ethnic background, sexual orientation, religion or belief, and disability in encouraging equality, diversity and inclusion, and in meeting the aims and commitments set out in the equality, diversity and inclusion policy.Wellbeing
We are committed to supporting mental health in the workplace, implementing the six standards of the ‘Mental Health at Work commitment’:
(a) Prioritise mental health in the workplace by developing and delivering a systematic programme of activity.
(b) Proactively ensure work design and organisational culture drive positive mental health outcomes.
(c) Promote an open culture around mental health.
(d) Increase organisational confidence and capability.
(e) Provide mental health tools and support.
(f) Increase transparency and accountability through internal and external reporting.
In addition, we commit to providing paid-for volunteering time for all staff, to support community-led initiatives or good causes of significance to the individual.
Pricing
- Price
- £0.53 to £2.50 a unit
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- A free trial is offered to NHS organisations as per https://concentric.health/pricing/. This can be for up to 2,000 episodes over 12 months, includes full functionality and updates, and where demographic integrations can be completed using modern standards, demographic integration is included at no cost.
- Link to free trial
- https://concentric.health/pricing/