PHARMATELLIGENCE LIMITED

Livingstone

Livingstone is an online advanced analytical platform that automatically analyses electronic medical record data to produce scientifically robust replicable outputs.

Features

• Real time reporting
• Remote access
• Advanced analytics
• Instant epidemiology
• Software as a Service
• Electronic medical record
• Trusted Research Environment
• Automated analysis of real-world data
• Statistical

Benefits

• Quickly analyse electronic medical record data
• Expedite study timelines
• Actionable insight in minutes
• Robust replicable reports
• Enables non-technical users to run complex queries with confidence
• Accessible technology

£250,000 a licence a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at stephen.vaughan@humandatasciences.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

272864819725352

Contact

Stephen Vaughan
+442920782856
stephen.vaughan@humandatasciences.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: No
• System requirements:
  • Licence agreement between supplier and buyer
  • Internet connection
  • Access to browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response times are as outlined in our Service Level Agreement based on pre-defined Priority categories.; Priority 1 - within 4 normal business hours; Priority 2 - within 12 normal business hours; Priority 3 - within 24 normal business hours; Priority 4 - within 72 normal business hours; Normal business hours are Monday to Friday 9:00am - 5:30pm
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: The support levels provided are dependent on the subscription package level.; ; The provision of Support Services on a remote, off-site basis (such as over the telephone or by e-mail) within the Subscription Term shall be included in the Subscription Fees.; ; The provision of Support Services at the Customer's premises or the provision of Out-of-scope Services shall be charged for at the Supplier's standard rates then in force.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: User guide ; Online training
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Users cannot extract data
• End-of-contract process: Client is provided with the option to renew or cancel the contract.; ; Automated reports are delivered within the price. Consultancy is available at an additional fee.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Accessed via web service interface. No interface testing has been completed. Interface is not fully accessible.
• Accessibility standards: None or don’t know
• Description of accessibility: Accessed via web service interface. No interface testing has been completed. Interface is not fully accessible.
• Accessibility testing: N/A
• API: No
• Customisation available: No

Scaling

• Independence of resources: As a cloud native platform we provision new cloud resources for every job

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest: Other
• Other data at rest protection approach: Using the protect data at rest processes provided by the software service (Microsoft Azure)
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Livingstone enables analysis of data and production of output reports that can be exported to PDF. “Data” cannot be exported. Aggregate level summaries of data and/or statistics and user-defined codelists can be exported
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The Supplier shall use commercially reasonable endeavours to make the Services available 24 hours a day, seven days a week, except for:; a) planned maintenance carried out during the maintenance window of 6.00 pm to 6.00 am UK time; and; b) unscheduled maintenance performed outside Normal Business Hours, provided that the Supplier has used reasonable endeavours to give the Customer at least 24 hours notice in advance.
• Approach to resilience: Available on request
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Secure password control access. Role management. Audit logs.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Our information security policies and processes are compliant with ISO 27001:2013. This standard requires that the scope of our information security management system (ISMS) is defined. From this a security policy is created and a risk assessment carried out to determine existing and potential risks. Controls and processes to manage those risks were then put in place in accordance with Annex A of the ISO standard. Reporting is through the usual line management channels up to CEO level. Compliance with security policies and processes is monitored through regular management review meeting and audits (both internal and external). Where appropriate, electronic countermeasures are deployed in the network to ensure compliance with the controls and to prevent unauthorised access. Our ISMS is scrutinised regularly by both internal and external auditors and all nonconformities, opportunities for improvement and observations recorded in a Corrective Action Plan, the content of which is monitored and reviewed by our CEO in conjunction with the senior management team.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We use our vendors asset management and our own asset management spreadsheet. Additionally, we work with the vendors and internally assess the risks Further to this, our ISO Change Management process means that we evaluate every change to our IT infrastructure, both from a cost/benefit perspective and in terms of risk to information security. We also look at the fallback strategy required should the implementation of the change fail for any reason.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We use Sophos and best practices. If the patch is considered critical then we do an emergency change so patch will be applied asap and if not critical it falls under quarterly maintenance schedule; Our information about potential threats primarily comes from our; vendors with emphasis on Sophos who specialise in these matters.; Our internal team manages when patches are applied to our servers. Individuals are responsible for keeping their own laptop/PC up to date and this requirement is stated within our ISO Acceptable Use policy.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We primarily identify potential compromises from our vendors with emphasis on Sophos who specialise in this area.; ; Our response will depend on the threat, and we will always respond using industry best practices; ; We respond to incidents as quickly as possible. Within ISO we have an Incident Management process which we follow. If there is a breach of information as a consequence of a security incident, then there is checklist of who we must notify (e.g., the individual whose data has been disclosed, whether the ICO needs to be notified, etc.).
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Our approach is compliant with ISO 27001:2013 and include the following steps: ; ; Notification: An event that may affect the organization is detected. ; ; Classification: An incident notification is created and classified. ; ; Reporting: Interested/affected parties are informed (possibly the ICO too). ; ; Treatment: Once the incident is classified, and the severity and time agreed for its resolution are known, the necessary measures to resolve it are taken. ; ; Closure: Once the incident is resolved, all the information generated during its treatment is recorded. ; ; Knowledge base: All the information generated during the incident is recorded, both for future reference and for continuous improvement purposes.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Wellbeing

  Wellbeing

  At Human Data Sciences, we understand the critical role that technology plays in addressing societal challenges and advancing social value. Our cloud-based advanced analytics platform, Livingstone, has been designed to deliver tangible benefits across multiple dimensions of social value, particularly in the areas of wellbeing, equal opportunity, and Covid-19 recovery.; Livingstone contributes to improving the wellbeing of individuals and communities by accelerating the pace of healthcare research and decision-making. By automating the analysis of electronic medical record data, our platform enables healthcare providers and policymakers to gain timely insights into patient outcomes, disease trends, and treatment efficacy. This empowers them to make informed decisions that enhance patient care and public health outcomes, ultimately leading to improved wellbeing for all.; Through the democratization of access to advanced analytics capabilities, Livingstone promotes equal opportunity in healthcare research and innovation. Historically, the process of analyzing medical data has been time-consuming and resource-intensive, often limiting access to insights for organizations with significant financial and technical resources. By automating this process and delivering instant evidence and scientific reports, our platform levels the playing field, allowing organizations of all sizes and resource levels to access critical insights that drive healthcare advancements. This fosters a more equitable healthcare ecosystem where innovation and progress are not limited by financial constraints.; In the wake of the Covid-19 pandemic, rapid access to accurate data and evidence-based insights is paramount for effective response, recovery, and preparedness. Livingstone plays a crucial role in supporting Covid-19 recovery efforts by providing healthcare organizations and public health agencies with real-time analytics on disease spread, treatment effectiveness, and vaccination outcomes. By accelerating the generation of actionable insights, our platform facilitates evidence-based decision-making, enhances resource allocation, and strengthens healthcare systems' resilience in the face of future pandemics.

Pricing

• Price: £250,000 a licence a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at stephen.vaughan@humandatasciences.com. Tell them what format you need. It will help if you say what assistive technology you use.